From 4c22c5fad19b2a554bcb056ca25ca4cc2ef6a45c Mon Sep 17 00:00:00 2001 From: Robert Sloan Date: Fri, 1 Mar 2019 15:53:37 -0800 Subject: [PATCH] external/boringssl: Sync to c3889634a1aa52575c5d26497696238208fbd0f5. This includes the following changes: https://boringssl.googlesource.com/boringssl/+log/41c10e2b5f37edce8b9f292f7f3bacb7e30e25c4..c3889634a1aa52575c5d26497696238208fbd0f5 Test: atest CtsLibcoreTestCases Change-Id: Ia1c2941ccf58a9e0d736b3409a2d13c21603a205 --- BORINGSSL_REVISION | 2 +- crypto_test_data.cc | 8 +- err_data.c | 486 +- eureka.mk | 5 + ios-aarch64/crypto/test/trampoline-armv8.S | 684 + ios-arm/crypto/fipsmodule/bsaes-armv7.S | 1003 +- ios-arm/crypto/test/trampoline-armv4.S | 376 + linux-aarch64/crypto/test/trampoline-armv8.S | 686 + linux-arm/crypto/fipsmodule/bsaes-armv7.S | 999 +- linux-arm/crypto/test/trampoline-armv4.S | 378 + linux-x86/crypto/fipsmodule/aesni-x86.S | 634 +- linux-x86/crypto/fipsmodule/vpaes-x86.S | 66 +- linux-x86/crypto/test/trampoline-x86.S | 205 + linux-x86_64/crypto/chacha/chacha-x86_64.S | 34 + linux-x86_64/crypto/fipsmodule/aes-x86_64.S | 16 +- .../crypto/fipsmodule/aesni-gcm-x86_64.S | 7 + linux-x86_64/crypto/fipsmodule/aesni-x86_64.S | 2262 +- linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S | 13 + .../crypto/fipsmodule/ghash-ssse3-x86_64.S | 426 + linux-x86_64/crypto/fipsmodule/ghash-x86_64.S | 12 + linux-x86_64/crypto/fipsmodule/md5-x86_64.S | 18 + .../crypto/fipsmodule/p256-x86_64-asm.S | 36 + .../crypto/fipsmodule/p256_beeu-x86_64-asm.S | 21 +- .../crypto/fipsmodule/rdrand-x86_64.S | 12 +- linux-x86_64/crypto/fipsmodule/rsaz-avx2.S | 25 +- linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S | 41 + linux-x86_64/crypto/fipsmodule/x86_64-mont5.S | 21 + linux-x86_64/crypto/test/trampoline-x86_64.S | 517 + mac-x86/crypto/fipsmodule/aesni-x86.S | 634 +- mac-x86/crypto/fipsmodule/vpaes-x86.S | 66 +- mac-x86/crypto/test/trampoline-x86.S | 169 + mac-x86_64/crypto/chacha/chacha-x86_64.S | 28 + mac-x86_64/crypto/fipsmodule/aes-x86_64.S | 14 + .../crypto/fipsmodule/aesni-gcm-x86_64.S | 6 + mac-x86_64/crypto/fipsmodule/aesni-x86_64.S | 2245 +- mac-x86_64/crypto/fipsmodule/bsaes-x86_64.S | 12 + .../crypto/fipsmodule/ghash-ssse3-x86_64.S | 426 + mac-x86_64/crypto/fipsmodule/ghash-x86_64.S | 12 + mac-x86_64/crypto/fipsmodule/md5-x86_64.S | 13 + .../crypto/fipsmodule/p256-x86_64-asm.S | 36 + .../crypto/fipsmodule/p256_beeu-x86_64-asm.S | 8 +- mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S | 12 +- mac-x86_64/crypto/fipsmodule/rsaz-avx2.S | 24 +- mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S | 39 + mac-x86_64/crypto/fipsmodule/x86_64-mont5.S | 21 + mac-x86_64/crypto/test/trampoline-x86_64.S | 513 + sources.bp | 11 + sources.mk | 5 + src/.gitignore | 3 + src/BUILDING.md | 59 +- src/CMakeLists.txt | 56 + src/crypto/CMakeLists.txt | 15 +- src/crypto/abi_self_test.cc | 523 + src/crypto/bn_extra/convert.c | 8 + src/crypto/bytestring/bytestring_test.cc | 17 +- src/crypto/bytestring/cbb.c | 9 +- src/crypto/bytestring/cbs.c | 39 +- src/crypto/chacha/asm/chacha-x86_64.pl | 36 + src/crypto/chacha/chacha.c | 8 +- src/crypto/chacha/chacha_test.cc | 24 + src/crypto/chacha/internal.h | 10 + src/crypto/cipher_extra/cipher_extra.c | 8 + src/crypto/cipher_extra/e_aesccm.c | 3 +- src/crypto/cipher_extra/e_aesctrhmac.c | 4 +- src/crypto/cipher_extra/e_aesgcmsiv.c | 5 +- src/crypto/cipher_extra/e_tls.c | 6 + src/crypto/crypto.c | 13 +- src/crypto/digest_extra/digest_test.cc | 15 + src/crypto/err/ssl.errordata | 4 +- src/crypto/evp/evp_asn1.c | 41 + src/crypto/evp/evp_ctx.c | 55 +- src/crypto/evp/evp_extra_test.cc | 57 + src/crypto/evp/evp_test.cc | 10 + src/crypto/evp/internal.h | 6 +- src/crypto/evp/p_ec.c | 54 +- src/crypto/evp/p_ed25519.c | 1 + src/crypto/evp/p_rsa.c | 3 +- src/crypto/fipsmodule/CMakeLists.txt | 2 + src/crypto/fipsmodule/aes/aes.c | 43 +- src/crypto/fipsmodule/aes/aes_test.cc | 104 + src/crypto/fipsmodule/aes/asm/aes-x86_64.pl | 18 +- src/crypto/fipsmodule/aes/asm/aesni-x86.pl | 9 + src/crypto/fipsmodule/aes/asm/aesni-x86_64.pl | 95 +- src/crypto/fipsmodule/aes/asm/bsaes-armv7.pl | 28 +- src/crypto/fipsmodule/aes/asm/bsaes-x86_64.pl | 12 + src/crypto/fipsmodule/aes/asm/vpaes-x86.pl | 7 + src/crypto/fipsmodule/aes/asm/vpaes-x86_64.pl | 39 + src/crypto/fipsmodule/aes/internal.h | 136 +- src/crypto/fipsmodule/aes/mode_wrappers.c | 16 +- src/crypto/fipsmodule/bn/asm/armv8-mont.pl | 2 +- src/crypto/fipsmodule/bn/asm/rsaz-avx2.pl | 28 +- src/crypto/fipsmodule/bn/asm/x86_64-mont.pl | 4 +- src/crypto/fipsmodule/bn/asm/x86_64-mont5.pl | 21 + src/crypto/fipsmodule/bn/bn_test.cc | 108 + src/crypto/fipsmodule/bn/exponentiation.c | 30 +- src/crypto/fipsmodule/bn/internal.h | 58 +- src/crypto/fipsmodule/bn/montgomery.c | 7 - src/crypto/fipsmodule/bn/prime.c | 2 +- src/crypto/fipsmodule/bn/rsaz_exp.c | 35 +- src/crypto/fipsmodule/bn/rsaz_exp.h | 72 +- src/crypto/fipsmodule/cipher/e_aes.c | 198 +- src/crypto/fipsmodule/cipher/e_des.c | 4 + src/crypto/fipsmodule/cipher/internal.h | 7 +- .../fipsmodule/ec/asm/p256-x86_64-asm.pl | 36 +- .../fipsmodule/ec/asm/p256_beeu-x86_64-asm.pl | 8 +- src/crypto/fipsmodule/ec/ec.c | 24 +- src/crypto/fipsmodule/ec/ec_key.c | 29 +- .../fipsmodule/ec/make_p256-x86_64-table.go | 20 +- .../fipsmodule/ec/make_p256-x86_64-tests.go | 232 + src/crypto/fipsmodule/ec/p224-64.c | 2 +- src/crypto/fipsmodule/ec/p256-x86_64-table.h | 18948 ++++++++-------- src/crypto/fipsmodule/ec/p256-x86_64.c | 23 +- src/crypto/fipsmodule/ec/p256-x86_64.h | 4 +- src/crypto/fipsmodule/ec/p256-x86_64_test.cc | 95 +- .../fipsmodule/ec/p256-x86_64_tests.txt | 265 +- src/crypto/fipsmodule/md5/asm/md5-x86_64.pl | 13 + src/crypto/fipsmodule/md5/internal.h | 37 + src/crypto/fipsmodule/md5/md5.c | 7 +- src/crypto/fipsmodule/md5/md5_test.cc | 34 + .../fipsmodule/modes/asm/aesni-gcm-x86_64.pl | 6 + .../modes/asm/ghash-ssse3-x86_64.pl | 413 + .../fipsmodule/modes/asm/ghash-x86_64.pl | 12 + src/crypto/fipsmodule/modes/cbc.c | 110 +- src/crypto/fipsmodule/modes/cfb.c | 33 - src/crypto/fipsmodule/modes/ctr.c | 20 - src/crypto/fipsmodule/modes/gcm.c | 341 +- src/crypto/fipsmodule/modes/gcm_test.cc | 117 +- src/crypto/fipsmodule/modes/internal.h | 135 +- .../fipsmodule/rand/asm/rdrand-x86_64.pl | 42 +- src/crypto/fipsmodule/rand/ctrdrbg.c | 10 +- src/crypto/fipsmodule/rand/internal.h | 17 + src/crypto/fipsmodule/rand/rand.c | 243 +- src/crypto/fipsmodule/rand/urandom.c | 8 +- src/crypto/fipsmodule/rsa/padding.c | 3 + src/crypto/fipsmodule/rsa/rsa.c | 2 +- src/crypto/fipsmodule/rsa/rsa_impl.c | 14 + src/crypto/fipsmodule/sha/internal.h | 51 + src/crypto/fipsmodule/sha/sha1.c | 16 +- src/crypto/fipsmodule/sha/sha256.c | 11 +- src/crypto/fipsmodule/sha/sha512.c | 211 +- src/crypto/fipsmodule/sha/sha_test.cc | 60 + src/crypto/hrss/asm/poly_rq_mul.S | 6 + src/crypto/hrss/hrss.c | 356 +- src/crypto/hrss/hrss_test.cc | 464 +- src/crypto/hrss/internal.h | 12 + src/crypto/impl_dispatch_test.cc | 155 + src/crypto/internal.h | 27 +- src/crypto/perlasm/x86_64-xlate.pl | 33 +- src/crypto/perlasm/x86asm.pl | 20 + src/crypto/perlasm/x86gas.pl | 8 + src/crypto/perlasm/x86masm.pl | 8 + src/crypto/perlasm/x86nasm.pl | 8 + src/crypto/pool/internal.h | 2 +- src/crypto/rand_extra/rand_test.cc | 25 +- src/crypto/stack/stack.c | 9 +- src/crypto/test/CMakeLists.txt | 15 +- src/crypto/test/abi_test.cc | 786 + src/crypto/test/abi_test.h | 475 + src/crypto/test/asm/trampoline-armv4.pl | 182 + src/crypto/test/asm/trampoline-armv8.pl | 209 + src/crypto/test/asm/trampoline-x86.pl | 123 + src/crypto/test/asm/trampoline-x86_64.pl | 559 + src/crypto/test/gtest_main.cc | 30 +- src/decrepit/CMakeLists.txt | 8 +- src/decrepit/blowfish/blowfish.c | 148 +- src/decrepit/blowfish/blowfish_test.cc | 163 + src/decrepit/cast/cast.c | 76 +- src/decrepit/cast/cast_test.cc | 125 + src/decrepit/evp/evp_do_all.c | 28 +- src/decrepit/xts/xts.c | 20 - src/fipstools/CMakeLists.txt | 7 +- src/go.mod | 2 + src/include/openssl/blowfish.h | 6 +- src/include/openssl/bn.h | 6 + src/include/openssl/bytestring.h | 8 + src/include/openssl/cast.h | 4 +- src/include/openssl/cipher.h | 18 + src/include/openssl/cpu.h | 15 + src/include/openssl/ec.h | 9 + src/include/openssl/ec_key.h | 6 + src/include/openssl/evp.h | 46 +- src/include/openssl/hrss.h | 6 +- src/include/openssl/lhash.h | 2 +- src/include/openssl/mem.h | 4 + src/include/openssl/sha.h | 5 +- src/include/openssl/span.h | 4 +- src/include/openssl/ssl.h | 116 +- src/include/openssl/stack.h | 2 +- src/include/openssl/tls1.h | 4 + src/infra/config/README.md | 6 - src/infra/config/cq.cfg | 74 - src/ssl/CMakeLists.txt | 3 +- src/ssl/handshake.cc | 3 +- src/ssl/handshake_client.cc | 30 +- src/ssl/handshake_server.cc | 13 +- src/ssl/internal.h | 133 +- src/ssl/s3_both.cc | 20 +- src/ssl/s3_pkt.cc | 40 +- src/ssl/ssl_aead_ctx.cc | 11 +- src/ssl/ssl_cert.cc | 192 +- src/ssl/ssl_key_share.cc | 14 +- src/ssl/ssl_lib.cc | 65 +- src/ssl/ssl_privkey.cc | 32 +- src/ssl/ssl_test.cc | 34 +- src/ssl/ssl_versions.cc | 53 +- src/ssl/ssl_x509.cc | 5 +- src/ssl/t1_lib.cc | 79 +- src/ssl/test/CMakeLists.txt | 8 +- src/ssl/test/bssl_shim.cc | 6 + src/ssl/test/fuzzer.h | 17 +- src/ssl/test/fuzzer_tags.h | 7 +- src/ssl/test/runner/cipher_suites.go | 2 +- src/ssl/test/runner/common.go | 61 +- src/ssl/test/runner/conn.go | 15 +- src/ssl/test/runner/handshake_client.go | 82 +- src/ssl/test/runner/handshake_messages.go | 48 +- src/ssl/test/runner/handshake_server.go | 8 +- src/ssl/test/runner/key_agreement.go | 20 +- src/ssl/test/runner/runner.go | 3852 ++-- src/ssl/test/settings_writer.cc | 6 - src/ssl/test/test_config.cc | 45 +- src/ssl/test/test_config.h | 4 +- src/ssl/tls13_both.cc | 58 +- src/ssl/tls13_client.cc | 23 +- src/ssl/tls13_enc.cc | 85 +- src/ssl/tls13_server.cc | 64 +- .../android-cmake/AndroidNdkGdb.cmake | 96 - .../android-cmake/AndroidNdkModules.cmake | 58 - src/third_party/android-cmake/LICENSE | 30 - src/third_party/android-cmake/METADATA | 15 - src/third_party/android-cmake/README.md | 240 - .../android-cmake/android.toolchain.cmake | 1693 -- src/third_party/android-cmake/ndk_links.md | 211 - src/third_party/fiat/METADATA | 4 +- src/third_party/fiat/curve25519.c | 1562 +- src/third_party/fiat/curve25519_32.h | 905 + src/third_party/fiat/curve25519_64.h | 553 + src/third_party/fiat/p256.c | 830 +- src/third_party/fiat/p256_32.h | 3220 +++ src/third_party/fiat/p256_64.h | 1211 + src/tool/client.cc | 34 - src/tool/server.cc | 34 - src/tool/speed.cc | 127 +- src/util/all_tests.go | 9 +- src/util/bot/DEPS | 31 +- src/util/bot/UPDATING | 8 +- src/util/bot/go/bootstrap.py | 2 +- src/util/bot/sde-linux64.tar.bz2.sha1 | 2 +- src/util/bot/sde-win32.tar.bz2.sha1 | 1 + src/util/bot/update_clang.py | 4 +- src/util/fipstools/delocate/delocate.go | 5 + .../delocate/testdata/x86_64-BSS/out.s | 2 + .../delocate/testdata/x86_64-Basic/out.s | 2 + .../delocate/testdata/x86_64-GOTRewrite/out.s | 4 +- .../testdata/x86_64-LabelRewrite/out.s | 4 +- .../delocate/testdata/x86_64-Sections/out.s | 2 + src/util/generate_build_files.py | 3 +- win-x86/crypto/fipsmodule/aesni-x86.asm | 635 +- win-x86/crypto/fipsmodule/vpaes-x86.asm | 67 +- win-x86/crypto/test/trampoline-x86.asm | 164 + win-x86_64/crypto/chacha/chacha-x86_64.asm | 28 + win-x86_64/crypto/fipsmodule/aes-x86_64.asm | 14 + .../crypto/fipsmodule/aesni-gcm-x86_64.asm | 6 + win-x86_64/crypto/fipsmodule/aesni-x86_64.asm | 2429 +- win-x86_64/crypto/fipsmodule/bsaes-x86_64.asm | 12 + .../crypto/fipsmodule/ghash-ssse3-x86_64.asm | 495 + win-x86_64/crypto/fipsmodule/ghash-x86_64.asm | 12 + win-x86_64/crypto/fipsmodule/md5-x86_64.asm | 13 + .../crypto/fipsmodule/p256-x86_64-asm.asm | 36 + .../fipsmodule/p256_beeu-x86_64-asm.asm | 8 +- .../crypto/fipsmodule/rdrand-x86_64.asm | 43 +- win-x86_64/crypto/fipsmodule/rsaz-avx2.asm | 23 +- win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm | 39 + win-x86_64/crypto/fipsmodule/x86_64-mont5.asm | 21 + win-x86_64/crypto/test/trampoline-x86_64.asm | 682 + 275 files changed, 34099 insertions(+), 28214 deletions(-) create mode 100644 ios-aarch64/crypto/test/trampoline-armv8.S create mode 100644 ios-arm/crypto/test/trampoline-armv4.S create mode 100644 linux-aarch64/crypto/test/trampoline-armv8.S create mode 100644 linux-arm/crypto/test/trampoline-armv4.S create mode 100644 linux-x86/crypto/test/trampoline-x86.S create mode 100644 linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S create mode 100644 linux-x86_64/crypto/test/trampoline-x86_64.S create mode 100644 mac-x86/crypto/test/trampoline-x86.S create mode 100644 mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S create mode 100644 mac-x86_64/crypto/test/trampoline-x86_64.S create mode 100644 src/crypto/abi_self_test.cc create mode 100644 src/crypto/fipsmodule/ec/make_p256-x86_64-tests.go create mode 100644 src/crypto/fipsmodule/md5/internal.h create mode 100644 src/crypto/fipsmodule/md5/md5_test.cc create mode 100644 src/crypto/fipsmodule/modes/asm/ghash-ssse3-x86_64.pl create mode 100644 src/crypto/fipsmodule/sha/internal.h create mode 100644 src/crypto/fipsmodule/sha/sha_test.cc create mode 100644 src/crypto/impl_dispatch_test.cc create mode 100644 src/crypto/test/abi_test.cc create mode 100644 src/crypto/test/abi_test.h create mode 100755 src/crypto/test/asm/trampoline-armv4.pl create mode 100755 src/crypto/test/asm/trampoline-armv8.pl create mode 100755 src/crypto/test/asm/trampoline-x86.pl create mode 100755 src/crypto/test/asm/trampoline-x86_64.pl create mode 100644 src/decrepit/blowfish/blowfish_test.cc create mode 100644 src/decrepit/cast/cast_test.cc delete mode 100644 src/infra/config/README.md delete mode 100644 src/infra/config/cq.cfg delete mode 100644 src/third_party/android-cmake/AndroidNdkGdb.cmake delete mode 100644 src/third_party/android-cmake/AndroidNdkModules.cmake delete mode 100644 src/third_party/android-cmake/LICENSE delete mode 100644 src/third_party/android-cmake/METADATA delete mode 100644 src/third_party/android-cmake/README.md delete mode 100644 src/third_party/android-cmake/android.toolchain.cmake delete mode 100644 src/third_party/android-cmake/ndk_links.md create mode 100644 src/third_party/fiat/curve25519_32.h create mode 100644 src/third_party/fiat/curve25519_64.h create mode 100644 src/third_party/fiat/p256_32.h create mode 100644 src/third_party/fiat/p256_64.h create mode 100644 src/util/bot/sde-win32.tar.bz2.sha1 create mode 100644 win-x86/crypto/test/trampoline-x86.asm create mode 100644 win-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.asm create mode 100644 win-x86_64/crypto/test/trampoline-x86_64.asm diff --git a/BORINGSSL_REVISION b/BORINGSSL_REVISION index f3ca0a3..a336907 100644 --- a/BORINGSSL_REVISION +++ b/BORINGSSL_REVISION @@ -1 +1 @@ -41c10e2b5f37edce8b9f292f7f3bacb7e30e25c4 +c3889634a1aa52575c5d26497696238208fbd0f5 diff --git a/crypto_test_data.cc b/crypto_test_data.cc index 18bb8f2..c55a004 100644 --- a/crypto_test_data.cc +++ b/crypto_test_data.cc @@ -2642,7 +2642,7 @@ static const char *kData40[] = { "9642dd68d1a988bb828d895ed5d116d7f87032133e2949da6c395738534b93220fe2ad07f0b291adc92433ee2dee160709ed9985b0c\nY = 0177acd53b00c9f29f3ece28b4724f834f49606d3f34656a52ef5443c5d9216ae388b345b828c8b09a2b2e495cf2adcdd6b5886f4ded1741425ac31c832ba74eed38\n\nCurve = P-521\n# N = 29\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d\nX = 0174c644d6c94b68287db3c1fbfcb65a085ff9f45131e86265ec28bef38f7664a1305ca9bc06876d72914003ab8e847ffb9ef33d8595d51f6d962c3927618eda25dc\nY = 011af3a7c2f87f419e6805acc95b41b7b7820233ef8fcb6441fcb5cf5eb795ad34b7be0e21952ce0d90b50c2732d706d303f0679927c26ebbfbd187bbbc4821a0c30\n\nCurve = P-521\n# N = 30\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e\nX = 00d087d70d11074b36bb0b6913261570a6b33cf015e1f913a610ea52dbcbae2a3e4435573f35d14754c6352756cc169eac6bf7d9b10f1b0af5956117fab72ec4b081\nY = 00c4d07f8c3cafdc1636811d7b95a6ac2dcebcde1cd94afbdbd3e47015660d29f15354d5b99d1d7d4adaf279efee5d860be9069edd46ff01cfc7b64d6af6579dbed3\n\nCurve = P-521\n# N = 31\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f\nX = 00d8e9920cf30f0c6615006a58cdb7307b7db574589657c2a6617260a83ca5e7726cd65543a904c9d429fc14c1ac09cd6b220dcfb5e488e248122257d0e0c16a8803\nY = 0127b023b5454a663987df09c13a214a30ec8b5406328f10c8060aefb72cbed1aa30f76b8c3244d14790139a868cae4cc263aa1bd97c7b54318aca4677c739792d19\n\nCurve = P-521\n# N = 32\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020\nX = 0166ba3596d20a3a469443707af94ba15b343e3e16654e068038dba7ecefb9e5ebd6ea04a35dc73596ec67d69bd6ba5d1f949cf7475cd6c5c78247915ab876e56a9e\nY = 00477b0ff4d1940ab8111635e75ff3e08268ff7bd8bf5ff01967c1df01c65c2dd77de204cdb818cdd6b9b74de1c7ea0f36dfcd98c965ab96163695ca9a9914a156aa\n\nCurve = P-521\n# N = 33\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021\nX = 00284195f0978fb969e68c76eb4e3c76f58e52086d482be92613f381421a74236df0abdbea7e2b77ef1ae9a519a57aa53ac2a5ec59186b2ed12d5ea2e1fc649f308d\nY = 007e43eb08c656dc636b7b7a3bc869056d3a24d513abe063c6639e016769614ac5f2e7656ecbf3d138bf00bd7216c16deb3a88effd5c228b58f36be95a3dd3e11c4d\n\nCurve = P-521\n# N = 34\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022\nX = 0122f66451d0843fb59448c58962f5b7c130eb8db26b14dbf8bf0e7d84e588581cdea866a98b697d432cc1f1f8993db2173b55ac0435b8317a8ddfeab253d54e4d87\nY = 01bed137b942249932f3c1f12141aee1538aa373f5aee0a89a48d357d7c04965b0515097293e4f87a6a413184d9be8ea91406baa5223db7571bcda9dba82fd9a06dc\n\nCurve = P-521\n# N = 35\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023\nX = 00ddc300757549630a78398b62069e0ba392a267a642b593e0bfc4a780b56f97392bb4806c84fda74023ee4a618608f6b2cea92ff614b5dcc8d8dc1039c9ccd7d718\nY = 00c1bd2d07f6ac7fc5cc1b83431f0c30dbbfa510936cb5d85bcf462796591a31db509ab1178bd2c701425c212522ee69e797deba4db422640a4d3eb1d3ef241e07f4\n\nCurve = P-521\n# N = 36\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024\nX = 01ad81c98659bd21e082514d5e71894c417b2a25afe471eb8ad9e81a91dac8198aa9f385da9cc679bb96e724672821b585e05323bdc821e585edae56cbf798bd6ef0\nY = 01217026e6cf8e6fc4e761aeda5705b3c0f8ca7f475441227b9761285bc6dc8f01af1af50b0bb140013a75db963d8698121dd2c4ba1759a98b43ac7712f8455c99ef\n\nCurve = P-521\n# N = 37\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025\nX = 00944f64a6c21832b67139e798352ded5867c35c5d56c1d59e4229ed0ae6af9d5749bd445763a28856040e58e26ee0980df28c64e76ae4780273f1ac4d59b557a36f\nY = 0150b7ee1b02028ab7410c4b9624f26cb192fe4e6ff21865f85926317da6b7991305dcbdbc2471c83f81b85c564995a057c331a4be4056988296312bf98394fb2a03\n\nCurve = P-521\n# N = 38\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000026\nX = 0195aeb1530c7d932a18922563d71ef6e7449078207b610c2c77690815bcef8f312718413823ed8d4ba112ac2ecc9d4e688346f120cb19ae965d853028d72a5f4a8b\nY = 00e0c42d3cc093242000c0ec0975884bb0308611d8bd49b6090a06c5bdf7d0e1544851f9ba596291ef1ee3e3c9a002b7985ba29e51d193b701e0c87e1acd797bd130\n\nCurve = P-521\n# N = 39\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000027\nX = 0124a0b8f411fbad60755264126356a499029e9661a49b5b907238d9fd62359c6ea7256b0cc58626a1e2ac0bf434e5fa31795b4fa1d48083af670b704119ee33b77c\nY = 001029616edc7335dce3602a9a406bbd399c68937baa8796154cdc0b1240c690db4818dc59feb96825aaa3caf2415944e762f212e74b698e40abd8dcdc61228b61a6\n\nCurve = P-521\n# N = 40\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028\nX = 002efdef97e46cd544553a0c67f41886ad969f67883679409022c4ad6090a169b596f85d832dc9767b2bb513eb4d0d01e18f067fffb5ac53dbcfaf456a57824c9d93\nY = 00d88e2e3fdd283592d6c4c2a4687e65a6a823ffc6106dff96f75bb3141d0df516fe46a5357b21dc22404f4ef79e44aa97b22c101fec75d81e09b591f36738ae8e5c\n\nCurve = P-521\n# N = 41\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000029\nX = 0175a140ed79e85e24a763ebfd9d2883082552a523e4b28998a685b85f23864a60c816b931eaf495ccce4c08c3ddc8297bfaddfda1a522cc2af68e00ce952624381e\nY = 01b09696d71855e2d4ed36f21343ca399be7ab59e580e9ee563223de821b22c82111b39e0e11ecf327da052a6e551fa28ebdf75dd758e7f3a3ecebeb760ec1028ecf\n\nCurve = P-521\n# N = 42\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002a\nX = 0161960dcd7bd7263ed37a0a1c0aa146f918874f472a2a5de6f2f5633364979e0bda2868fa8595d78243ea20d4e83c72305e420bebfa3767dcd4b7902612a9491855\nY = 016ac1cfdd433815668a5c6ae0d1031bc121a00e6a6b58d1eec42da602f01cc43b7ef728d67c4e39de86324cba6a2c4cce08414fdd6ad7d0722338a50e352ad521ef\n\nCurve = P-521\n# N = 43\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002b\nX = 018c0148a165ec58e4fed55022d90544d8a070678aa2ec1419af8ef0f94438fea396fc66ad7aed7d37dda3a74e7a9b3d85ca51f0b62fdee07d20713e3083224f497e\nY = 010abbaa1f099e78869aebf7a83c7aa3bf242677e91db1d144cd7a3037819f1a0bec67fd6098879b1cf1932d602b547ce17a94edb92f76b688d2895829067683adbf\n\nCurve = P-521\n# N = 44\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002c\nX = 013fdb51df11f0b29b485f0c48a04cca16cfe1cecbe9fd57f6507c3cfcbef88c88cf761e3e73e6509ec7e77fffe912d2b367b25aa02cb1d33a5378f253cdcde738d2\nY = 01d14c8c184a7228a7034e4f65b3d0338f667aac908b39acf39c9ebedc0452b7c2f2a4460186aa2271d357733ea23d7284a8a123424f99a20b5242343b5cbafa661a\n\nCurve = P-521\n# N = 45\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002d\nX = 004969d186aca09e53b879596b8fff2bc0207a58f7f28c147cc07b2df5e3f197286779189b7df8a1f2d9dc8ea1ace5703f0fc2954607b66b70c4a32dec600fc95c1a\nY = 01e81ec9b50cd8d3847d4d6ac21f3149fc7b15862a423270884135584a1bbcdb40a9b8d5b2802eadae85e6ed9e879be328e13463f5d90b37564f9498a7cd000903a9\n\nCurve = P-521\n# N = 46\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002e\nX = 00bbdb162d8284a910021998e2d14f33a8c51a9cfb9a69a8fc5709f753aaf1c4d248a6ddb5626540f81d07c09231d2ec1549f672b6d2bd57d22f64f2ae8093e738a5\nY = 013b86f0d5921216efe01fe9c7cabc10b00ab81c9fbd9674149d2ece424b786f6c372a1831112f54132d7d3af42dc8cd7e17b7ec80b09fa59f0e42c142895961259a\n\nCurve = P-521\n# N = 47\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", "000000000000000000000000000000000000000002f\nX = 00afe31f8907048afd5f9cf5083ecc35882ce4e4fe2714033ff897233106c71dd0b2381864a0b9e922ac9cee75a3a9c4dd660a56a130d1ecbb672fda63c9abd59d11\nY = 0012f95dc8657275fe9db4290cbbb54ff69a605f079349209f88ecea7f3276f064979276080b904982a6ebb760f478d825e711ca41599f10673bd3065d2f1d90e1d6\n\nCurve = P-521\n# N = 48\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030\nX = 01fb35de3b21557462ac8158e5caec62c8ccae7d6d6672102c334b3cc8a5803e72f42da0980f3f6fbfacdedc21b10ff08ee6641752bd214aea2c87027d612ad879ad\nY = 018d34a5ac1587992deda855b9ec4bb3f5c176f27fc94d09e2cc871294f66cc2e1bae6214d64a1d97e37b7c142e0fb0e3c28596f24804841cae7b1958193d256d46b\n\nCurve = P-521\n# N = 49\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000031\nX = 00a5cb98fa3c0b8c1d57cba40a63bbaba0d39d45c347ae499839f581b8b111dea9eb6bc2a2df52f6284291d8c84e2e345fa87258dab1ac4c04ca0c8cb45049efc0ad\nY = 0015dc95654090d77b971409b01bf72e151b749ee467877e5b7eb072c39d9da8bf835dd9775543d575c20c10f2ceebb72bb44b963fbfb0b88b1d0b9bf46a2c8884b4\n\nCurve = P-521\n# N = 50\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000032\nX = 017176204957627b7a120baf0dbb1aa3f9ca5312b292e34a0cfbd8384cf1be365bc684804ab26d84fe02250a859beaced3f356b6ddab593aebf35386773de84d4766\nY = 01ac713d5c2ffb0e111983e07ea5f688b03dd3032d3a9450b50c5def1db4859b504caf8c1321bb6c8d5fad93d2e5b9d0e75336298e21939f704f3f16ac6addc84f8f\n\nCurve = P-521\n# N = 51\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000033\nX = 0168395ba51e278415a2025d93b68145f3ccfdf9f5bde34fe9ba3ba316cbf9beea26c2edfe6af07390df1321ae1b1054cbc0fba689ef1d7be2dda8d916fffbcc9504\nY = 0071cc10f3ca041a245639d9531942d3f57952dd878f21c480ce24e5b174adeb9b3c97bc2b68badb600c849c36096e3aeba50600aabed3a89e188eb9c45edd5c087b\n\nCurve = P-521\n# N = 52\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000034\nX = 001f32e875ce65d1e6d4c39a55b518749158a4dae03e0c1b4b4a58aef6be769f0693b9259354dcee33a4f00784311b6e5993955114f2afcab7a186177e368b29f6f3\nY = 005a3c8e76fb7849180b895ea8b22ee1a6fc2cbf93bbae0f4ad4a0c126d318c397911e73a061b8098a91112577769cd77ef2bd6b45f989f292da9301992d481b07f8\n\nCurve = P-521\n# N = 53\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035\nX = 0143f6e249195ee693f77b3d0ffd310306dff8688be916895fb727e82f6f948100c44e210e637209a78ed3af581fba4fe12b08153da9c98808166285684cccb69906\nY = 01053e8fcc9618eb2a74c5611a02575109877dc73fdde42c216935437e8053d10cb14fdf64f503cf3bb30f6a7a9de3b4cf8c040a3dfbc4abee6afd6ddaddd40c7861\n\nCurve = P-521\n# N = 54\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000036\nX = 01938e65f2a40e6899c6414997e998e0e3e1cb09728861ea138fc6d866fdc6c98505393cf55982451c97dac4214e4dbf052bf707cab63228fdfcf5ae2048a0ce100c\nY = 0163d556dd0941ce794e9c2868a692e89dbf943485186e2074e8222e0ed99fea4bd0c6069fa8017db8bec972b99ee0d7fcbc0f607d677492659bfa47b98bb8d1b411\n\nCurve = P-521\n# N = 55\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000037\nX = 004b52fc4b6d310ce7c4b551e4155c6daca97cb03e9fd9d0a79d6472d4028e8da1a18cca93917cad27e6be17486b1e0b549a7fe9ab4bda96ac4e84ad7ccebd470f5e\nY = 003585e54fe81461ae21385ea7907a1a7b2e619f44311a16a0b600fb114a7dbae15510aa85895c5a084cd69609e345b53586fa03a23006a096ea7a196cd230a36ef2\n\nCurve = P-521\n# N = 56\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000038\nX = 003cd775038527f32baf7e9056e95b0cbef7638c12398e4b8b019cc29b3435be97f601378e253fef51d25730e56267acca241df04ea2e96c1840b3f739d5ae2df998\nY = 00789bf7cf42095c5b1770e1a3561fc3e1232b0430e114f67a397c1e5b54987f4a28b52a737cbaa0ffa2c431863c1a8cbf15eba60fb5d8b4723dc10d9706f4083cba\n\nCurve = P-521\n# N = 57\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000039\nX = 00dc53c3e7fcf3c902e04463da75efb25ffa5a8defe72e6dbf85ef3c6d77a521b9f84af300bbde9118b2f66fd5bc64b8a5208372c8fff95c84503475330a4e9a13e2\nY = 0074e88fccd4fdbd992b68073ee6c4d4f8f7b13d0dd2caf9d989b62e7eb390dff3ea3482530d0d3bd86a4a3f82056a929f73a9493190c62a553233ad7f7fd9c4248f\n\nCurve = P-521\n# N = 58\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003a\nX = 008bc46df1c09851ab92d53b6ad821b5026be61385c801f5277c9871b54c6764d3fdb96a728ad56c650d342a03e174a3106a5479d3ccb04647ad0f583210d81ab70d\nY = 01d948ff92784e9946a27a4c58d40bfb0e0b765073f1f9a731aa52b53e4fe686134fee784bec8fca81a73b8ac3a45ca1b766cdec69190bf94d71fa08b29292c1205f\n\nCurve = P-521\n# N = 59\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b\nX = 0035aeb454ad31876773063c60342df29eadc7223c5d98901999aae5c2934c222920055693c9b1344c691a90342d64373a8acba8524ec347208863be8a26eb16686b\nY = 00187ecbec147e7e43b4db0b0ca0aff1ba7f15a48db3660903f4e22f2ef3cb6efd45b8cf8c44bc83d0b8c9fd5fddd64ffec3fd82c38cfaffe51acf4aa03c5381fa2e\n\nCurve = P-521\n# N = 60\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003c\nX = 00038a508e954435eff6ccb82b562ed32ff236f33caef52de9fdf79836e37bbe118392681661adc786c57fb6bf92d04b42fc051c3f6061c252749fd17ffbfca45bdc\nY = 008dbd87d8b1e7bd4d2adb7a7399b931e7169b0ecf8e37baa0e9997df1a529560a5a5edb1e7a605abfd04b1ccdfa683285b4d748f73799f3e5d4f8464ad3910e9522\n\nCurve = P-521\n# N = 61\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003d\nX = 0115544c4a011407425c92ca7c732a1c7d8f8b6cd17d5b660d1a4cd724b1be8b17177193c11a77dc0b39a5e7fce59a7b32d7952bad1671543c41cb53d8cfcfc376a1\nY = 01153df9c6c0ac6485b307996d2a399c872c79af485fef422cbfec097a3aed58c6a003f78d54b7f553a8a834ff603afa032b56f22ee9c3fe5e24b8eff8cd4a17604b\n\nCurve = P-521\n# N = 62\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003e\nX = 01f605dada534c5c8ae020f6ed49f27734e2378b0b7bc177aeaf943ae59581dd5885a38bf246fec516fd213f3fe32bfd4e19f0a8c971ef2a16969627fe31114dc85e\nY = 014ff96d82698b78d305a2252c7a4be38a37f2b0afd6935f4aaa50e685ccd164a2206284a831f6b296eacb156b6e7671eb7adda2d7e072a578a319f1002224aa57b5\n\nCurve = P-521\n# N = 63\nN = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f\nX = 01c132753b64640c457fe82f799acb0a6e8e1ca21b5affa0ddc1e7f54fe4d51b08453ae99661308e125ec63996847586265e75af7d025770ac8d0f5beb6fce8888e5\nY = 015347e184197a0538176d81ac89b205d7961a9e093286414006595e8c353aa2238005d3dbdcec1896bc13f78f82f0071283af657b5bf664a2ace9d15ad2a03dba15\n\nCurve = P-521\n# N = 64\nN = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040\nX = 01ab9aa17dce1112ecd14f3d7c0392fec2a67ebdbba81860bbacb614b9ccf8872d271bebd3c5efda3773a7c02c1603e7001df5aab8029a04fd41b53dc38ce320f742\nY = 00748d70eb848e920573aa10217c57b9586d9bb1cc8b2fb1dc1d0c63ba369e87ab8bac165ba1508d4b10f4a7b9e3af958043c1c1a5dba0653dd45af17058a5f8df5b\n\n", }; -static const size_t kLen41 = 64863; +static const size_t kLen41 = 65077; static const char *kData41[] = { "# Negation tests.\n#\n# The following tests satisfy A = -B (mod P).\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000000000000\nB = 0000000000000000000000000000000000000000000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000000000001\nB = ffffffff00000001000000000000000000000000fffffffffffffffffffffffe\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000000000003\nB = ffffffff00000001000000000000000000000000fffffffffffffffffffffffc\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000000000007\nB = ffffffff00000001000000000000000000000000fffffffffffffffffffffff8\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000000000000f\nB = ffffffff00000001000000000000000000000000fffffffffffffffffffffff0\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000000000001f\nB = ffffffff00000001000000000000000000000000ffffffffffffffffffffffe0\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000000000003f\nB = ffffffff00000001000000000000000000000000ffffffffffffffffffffffc0\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000000000007f\nB = ffffffff00000001000000000000000000000000ffffffffffffffffffffff80\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000000000000ff\nB = ffffffff00000001000000000000000000000000ffffffffffffffffffffff00\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000000000001ff\nB = ffffffff00000001000000000000000000000000fffffffffffffffffffffe00\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000000000003ff\nB = ffffffff00000001000000000000000000000000fffffffffffffffffffffc00\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000000000007ff\nB = ffffffff00000001000000000000000000000000fffffffffffffffffffff800\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000000000fff\nB = ffffffff00000001000000000000000000000000fffffffffffffffffffff000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000000001fff\nB = ffffffff00000001000000000000000000000000ffffffffffffffffffffe000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000000003fff\nB = ffffffff00000001000000000000000000000000ffffffffffffffffffffc000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000000007fff\nB = ffffffff00000001000000000000000000000000ffffffffffffffffffff8000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000000000ffff\nB = ffffffff00000001000000000000000000000000ffffffffffffffffffff0000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000000001ffff\nB = ffffffff00000001000000000000000000000000fffffffffffffffffffe0000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000000003ffff\nB = ffffffff00000001000000000000000000000000fffffffffffffffffffc0000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000000007ffff\nB = ffffffff00000001000000000000000000000000fffffffffffffffffff80000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000000000fffff\nB = ffffffff00000001000000000000000000000000fffffffffffffffffff00000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000000001fffff\nB = ffffffff00000001000000000000000000000000ffffffffffffffffffe00000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000000003fffff\nB = ffffffff00000001000000000000000000000000ffffffffffffffffffc00000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000000007fffff\nB = ffffffff00000001000000000000000000000000ffffffffffffffffff800000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000000ffffff\nB = ffffffff00000001000000000000000000000000ffffffffffffffffff000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000001ffffff\nB = ffffffff00000001000000000000000000000000fffffffffffffffffe000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000003ffffff\nB = ffffffff00000001000000000000000000000000fffffffffffffffffc000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000007ffffff\nB = ffffffff00000001000000000000000000000000fffffffffffffffff8000000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000000fffffff\nB = ffffffff00000001000000000000000000000000fffffffffffffffff0000000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000001fffffff\nB = ffffffff00000001000000000000000000000000ffffffffffffffffe0000000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000003fffffff\nB = ffffffff00000001000000000000000000000000ffffffffffffffffc0000000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000007fffffff\nB = ffffffff00000001000000000000000000000000ffffffffffffffff80000000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000000ffffffff\nB = ffffffff00000001000000000000000000000000ffffffffffffffff00000000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000001ffffffff\nB = ffffffff00000001000000000000000000000000fffffffffffffffe00000000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000003ffffffff\nB = ffffffff00000001000000000000000000000000fffffffffffffffc00000000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000007ffffffff\nB = ffffffff00000001000000000000000000000000fffffffffffffff800000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000000fffffffff\nB = ffffffff00000001000000000000000000000000fffffffffffffff000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000001fffffffff\nB = ffffffff00000001000000000000000000000000ffffffffffffffe000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000003fffffffff\nB = ffffffff00000001000000000000000000000000ffffffffffffffc000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000007fffffffff\nB = ffffffff00000001000000000000000000000000ffffffffffffff8000000000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000000ffffffffff\nB = ffffffff00000001000000000000000000000000ffffffffffffff0000000000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000001ffffffffff\nB = ffffffff00000001000000000000000000000000fffffffffffffe0000000000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000003ffffffffff\nB = ffffffff00000001000000000000000000000000fffffffffffffc0000000000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000007ffffffffff\nB = ffffffff00000001000000000000000000000000fffffffffffff80000000000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000000fffffffffff\nB = ffffffff00000001000000000000000000000000fffffffffffff00000000000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000001fffffffffff\nB = ffffffff00000001000000000000000000000000ffffffffffffe00000000000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000003fffffffffff\nB = ffffffff00000001000000000000000000000000ffffffffffffc00000000000\n\nTest = Negate\nA = 00000000000000000000000000000000000000000000000000007fffffffffff\nB = ffffffff00000001000000000000000000000000ffffffffffff800000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000000ffffffffffff\nB = ffffffff00000001000000000000000000000000ffffffffffff000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000001ffffffffffff\nB = ffffffff00000001000000000000000000000000fffffffffffe000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000003ffffffffffff\nB = ffffffff00000001000000000000000000000000fffffffffffc000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000000000000000007ffffffffffff\nB = ffffffff00000001000000000000000000000000fffffffffff8000000000000\n\nTest = Negate\nA = 000000000000000000000000000000000000000000000000000fffffffffffff\nB = ffffffff00000001000000000000000000000000fffffffffff0000000000000\n\nTest = Negate\nA ", @@ -2650,9 +2650,9 @@ static const char *kData41[] = { "0000fffffffffffffffffffffc01000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000000000000007ffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffffffff801000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000000fffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffffffff001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000001fffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffffffffe001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000003fffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffffffffc001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000007fffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffffffff8001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000000000000ffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffffffff0001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000000000001ffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffffffe0001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000000000003ffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffffffc0001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000000000007ffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffffff80001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000000000000fffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffffff00001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000000000001fffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffffffe00001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000000000003fffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffffffc00001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000000000007fffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffffff800001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000000ffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffffff000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000001ffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffffe000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000003ffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffffc000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000007ffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffff8000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000000000fffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffff0000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000000001fffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffffe0000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000000003fffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffffc0000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000000007fffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffff80000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000000000ffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffff00000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000000001ffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffe00000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000000003ffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffffc00000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000000007ffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffff800000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000000fffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffff000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000001fffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffe000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000003fffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffffc000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000007fffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffff8000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000000ffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffff0000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000001ffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffe0000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000003ffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffffc0000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000007ffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffff80000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000000fffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffff00000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000001fffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffe00000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000003fffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffffc00000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000007fffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffff800000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000000ffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffff000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000001ffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffe000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000003ffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffffc000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000007ffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffff8000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000000fffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffff0000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000001fffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffe0000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000003fffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffffc0000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000000007fffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffff80000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000000ffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffff00000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000001ffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffe00000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000003ffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffffc00000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000007ffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffff800000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000000fffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffff000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000001fffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffe000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000003fffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffffc000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000007fffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffff8000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000", "0000000000000ffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffff0000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000001ffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffe0000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000003ffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffffc0000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000007ffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffff80000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000000fffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffff00000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000001fffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffe00000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000003fffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffffc00000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000007fffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffff800000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000000ffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffff000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000001ffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffe000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000003ffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffffc000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000007ffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffff8000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000000fffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffff0000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000001fffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffe0000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000003fffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffffc0000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000007fffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffff80000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000000ffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffff00000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000001ffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffe00000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000003ffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fffc00000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000007ffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fff800000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000000fffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fff000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000001fffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffe000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000003fffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ffc000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000007fffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ff8000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000000ffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000ff0000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000001ffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fe0000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000003ffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000fc0000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000007ffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000f80000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000000fffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000f00000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000001fffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000e00000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000003fffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000c00000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000007fffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000800000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffff00000000000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000001ffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeffffffff000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000003ffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefffffffd000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000007ffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefffffff9000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000000fffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefffffff1000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000001fffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeffffffe1000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000003fffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeffffffc1000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000007fffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeffffff81000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000000ffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeffffff01000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000001ffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefffffe01000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000003ffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefffffc01000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000007ffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefffff801000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000000fffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefffff001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000001fffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeffffe001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000003fffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeffffc001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000007fffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeffff8001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeffff0001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000001ffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefffe0001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000003ffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefffc0001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000007ffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefff80001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000000fffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefff00001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000001fffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeffe00001000000000", "000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000003fffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeffc00001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000007fffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeff800001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffeff000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000001ffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefe000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000003ffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffefc000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000007ffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffef8000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffef0000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000001fffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffee0000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffec0000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000007fffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffe80000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffe00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000001ffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffd00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000003ffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffffb00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000007ffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffff700000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffef00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffdf00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000003fffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffffbf00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000007fffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffff7f00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffeff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffdff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000003ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffffbff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000007ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffff7ff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffefff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffdfff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00003fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffffbfff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00007fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffff7fff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffeffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffdffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0003ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fffbffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0007ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fff7ffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffefffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffdfffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 003fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ffbfffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 007fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = ff7fffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = feffffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fdffffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = fbffffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 07ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = f7ffffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = efffffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = dfffffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = bfffffff00000001000000000000000000000001000000000000000000000000\n\nTest = Negate\nA = 7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nB = 7fffffff00000001000000000000000000000001000000000000000000000000\n\n\n# Montgomery multiplication tests.\n#\n# The following tests satisfy A * B * 2^-256 = Result (mod P).\n\nTest = MulMont\nA = e762f095431b732ce33c4f4a6f41068ff7f78e37aad940166667d193bfc58039\nB = a43df383dd5df14d7c16737b781261473f9ffb76ee29562fbb5e5d390b882fb5\nResult = cf637a47dc5fb82aed80ed4c66b682a94bf0b76a2878acf483aad86c0db7cc19\n\nTest = MulMont\nA = 2e519e860cb3f8f32fc351861b022e9fc7bb073ca8767efb3d1027dd32a38bcb\nB = 466d035e4238d6a30613dd227b0daeacd6a8634fa60f5150d42dd20601794be4\nResult = 486e1abe0f79e107f8beca6e4653872f63a24dedb005def6aae75a2a51e73c76\n\nTest = MulMont\nA = 1763859541b5e2edee019c66699d0e12e349e6ee586d618ac20c679d2fa8cadd\nB = 56125872de888c5656dec17fbf9678d915ff9815da897df81f03fd9aa4f93654\nResult = 71ce584135a0aba8222ca0021bcefac5811d19100627f96726cf195ff2ac4aad\n\nTest = MulMont\nA = ea3be6295098e4995b93267dbd58f24fd9c18f7e89e9e5aeafdc34ca54e8ec4e\nB = 2735658978d620a4f76bffe94d9cd7d683b3bfd533aa6bb2b94f52122e83f7fc\nResult = 362f7ab3a12effe9bad069b84a7df5f108503c2457f83ddb05b57f19e6457989\n\nTest = MulMont\nA = f607f087ec5015b533df8802771dc60ef1487d86ce405e5bb18f8f06ca483f13\nB = 73ac532eb3f2356a96e668f167a1626a0f7b1fd2cd84ba6deeebd01af1d3897d\nResult = ce7045e69da157e62fb42508880f5734531c36948c704aedec42afa75cb9c2eb\n\nTest = MulMont\nA = 80ce8eb07601fd8e19ba08a9d21081b0324fd459f9c489ac7c871d406133c813\nB = 7ad28cef45b137ecc5426a44b6bce6d4329f5bd2b5e55d46edd5fbb295678a1b\nResult = 04068f8461d17b34c8d9c3eecf61dbaef9cd5a952bbcd9f84bb2044f2439da60\n\nTest = MulMont\nA = 17429caf63689e143c8ca77df69a11cbc02c272daadd75a66f3fa5f88828367e\nB = 5725bedc56a4b16e0f0ae55fa0beb1fdf3ff132ccb9803bab678d4ac7915d88c\nResult = a1da0fa68947e906287ea164b213bc7e80649b2ac3f97f203549d3b270de05a1\n\nTest = MulMont\nA = e7da43c0", - "e0fa7adeb972901bef3160c848e9651bfc810968afdb0cd598830370\nB = 08f03060cac1d3c15eea69623d5fb01da465b209e3e5e90fbb51053a1c5700eb\nResult = cda4ffaf8b1c3ac0d44bae6ea5154de11e14931747a65396531302c0cb1ed537\n\nTest = MulMont\nA = c7375c2b6666713cb33cfb741268fd3ccf703bcaa0b9b27f84a8cb970655da9c\nB = b0796ee4bb88b9bad895d9c25c34f43a3941e9585bda8e86ff4fa0bbb391ac61\nResult = fd1d557a9fb0031e462121bf7ca31804acfcfce822bb6ee6631b54c575380617\n\nTest = MulMont\nA = 72a87b13eb4a2e248214aa591c586df65790f9f750a1641b47581a4ee09be7e9\nB = 38e602844b9aaf737e8b1261110b86ba22806ccbbbfdc5305075429d7ce4f002\nResult = cb2d63ee829de8801759f0229d4c07139bacd804f0c815d35004747c65bffdf2\n\n# Test cases where A == B to test squaring.\n\nTest = MulMont\nA = 0000000000000000000000000000000000000000000000000000000000000000\nB = 0000000000000000000000000000000000000000000000000000000000000000\nResult = 0000000000000000000000000000000000000000000000000000000000000000\n\nTest = MulMont\nA = 579e9ce1ad00639b8b64d49546ff4f9c30ad12eaebe9e2ed91e97d55c3c5d847\nB = 579e9ce1ad00639b8b64d49546ff4f9c30ad12eaebe9e2ed91e97d55c3c5d847\nResult = 10c5e60c2d480d5d53f50c24fb771fd2dec208db04624dfd05d2847ca173a9aa\n\nTest = MulMont\nA = 501947209b121bcdedce8c895ee2ba310f2e561e97998eb8f3b99d1f924f36c1\nB = 501947209b121bcdedce8c895ee2ba310f2e561e97998eb8f3b99d1f924f36c1\nResult = 54d6d64566619b215910f1b9e467b22ef205ca3aaad37a00fcbd906357f9c179\n\nTest = MulMont\nA = e84ab9202722498baa2c9158f40d47b1f03df4d13976b0aec916a937e99f3a89\nB = e84ab9202722498baa2c9158f40d47b1f03df4d13976b0aec916a937e99f3a89\nResult = 9af01fa6947a60679b6f87efe9b6fba97baf5d55a19d5e91dd5da1da10caeebf\n\nTest = MulMont\nA = add67c61d8479570f45a59e9b04974f970b0c4c6c046056fea1bdf3f0e7d3152\nB = add67c61d8479570f45a59e9b04974f970b0c4c6c046056fea1bdf3f0e7d3152\nResult = c0c68b4327e3fe7e0522167a54b25aaa6f76085ce4f6550479c89f3f1c39dd18\n\nTest = MulMont\nA = 434ef0db5640a3ea63125f815bc3cb3c92d06dbc3b5cb484e01b5247b3b4bfe5\nB = 434ef0db5640a3ea63125f815bc3cb3c92d06dbc3b5cb484e01b5247b3b4bfe5\nResult = b5105d16b858279247ed31362a90260978d64e0492e84bffa7a0e13ee1541544\n\nTest = MulMont\nA = b1db42aa4b259d9c6104599aff622114f10c327d02c5640b74cf1742adff332d\nB = b1db42aa4b259d9c6104599aff622114f10c327d02c5640b74cf1742adff332d\nResult = 0c175e7f96fc62059864c561d99a8d90978c72757ba305cd8862ed6a5fadad59\n\nTest = MulMont\nA = 7610271796be25416b652badd3119938974b20d4fc92244aea76d23b80d178f0\nB = 7610271796be25416b652badd3119938974b20d4fc92244aea76d23b80d178f0\nResult = 67d76e4a7c8355bb362481a76a63b365ad79767cc672b174130e833d41ca5709\n\nTest = MulMont\nA = 3480d60b0ccafca89c86f22f78380cead81310241f27a815e6fd21c2060caed8\nB = 3480d60b0ccafca89c86f22f78380cead81310241f27a815e6fd21c2060caed8\nResult = 68bfb2652d3bf03d17b20b2c52c68e847b0006047ba4ea81d4b85af2e0a21f72\n\nTest = MulMont\nA = 8ad6fa8bf3fe56ece1d0970636c1429ed5dfc2441c3194928a6348b69490b537\nB = 8ad6fa8bf3fe56ece1d0970636c1429ed5dfc2441c3194928a6348b69490b537\nResult = f5cdccf29e09928722137fb5a5ec035d7f39580838e19b892a7a972866330318\n\nTest = MulMont\nA = 71c328ce472ae74b5028b21f9d1997e0f7dbcee979a8f9fdecfa5d37d359c835\nB = 71c328ce472ae74b5028b21f9d1997e0f7dbcee979a8f9fdecfa5d37d359c835\nResult = c3472fafd01fc3ed93a91ab65411cb852bd5839603a02ca6cdfbadcb9ac474a0\n\n\n# Montgomery conversion tests.\n#\n# The following tests satisfy A * 2^-256 = Result (mod P).\n\nTest = FromMont\nA = 0585a3dada9bb283fd8db4fc46c106d28f95b8cf159a405891196dbb9ce0b5cf\nResult = d198d054d25a069c40cdeeb968a5562a67c3ef659297169e4be872f234897dc0\n\nTest = FromMont\nA = 9ff49a4a3f810fd34ca6f37fb1b3c40e61bc0492227e91e41cbe06bd58ba65b8\nResult = 326a061b2047d9ba4eddaba9b1fe253d5b2a24e268e3f8810767bef8cda07643\n\nTest = FromMont\nA = 05a69f8f646494be65affbd44d0536ca098d6f3640e80b5e48764ab78928cf58\nResult = 5a6f9c7025d4063480c400fe6f271cf3a3d2c43f9e1ceac21a88208c28329731\n\nTest = FromMont\nA = 256481a9e52d692719330a6f1208d9eca4ddd919aee06e234cbbde77d245501b\nResult = fe9fc86a2ff61a0c981d5e86c5472248e071e9639521c5be43947bfffc7d5858\n\nTest = FromMont\nA = 2062ef333cadefc36ced52a2ea7e4215b1fca29283baa1e3be76e321f1b213f0\nResult = 961ce39c3bf1d699b4b61ded8a5beae6eb6185d21f1df435b079b1f6a79dc738\n\nTest = FromMont\nA = 97241c3651a8f9d2fc02730f15c3e09e48d2e645cfe927385cb81d3f454414fb\nResult = 2114225803efe7b6c7fbb290cb946da4e78697aad5624c2d3fe9fb568460b93c\n\nTest = FromMont\nA = 1aae0ad2c8ac988e11beda32ca7257f4d4de41f4b74452fa46f0a3bafb39262a\nResult = 77c884131c34a2c3acce8a69dc5cf55987b7999c70586a9ef3c0dfb634900296\n\nTest = FromMont\nA = 034de033e2d38cf8bec8a994414b64a2fce7c83c5d81efc3d21448225071e85d\nResult = 984fecbde84f393133fb602777b4395c56449d2cbbd7d8ae428b2ee6f82a2956\n\nTest = FromMont\nA = d2b296c2004b2761b6781311c924cbf5ff56dcc0900ed5cd24f5dd2e07f32633\nResult = ddcff6e031b859a814ce8f37b71c10cd5fb642af54af72deabb95adcb99307b1\n\nTest = FromMont\nA = 8f525e6af50a62fc176dec75bdf48f70ba8ab97323ba78c643ef07f6457ba070\nResult = 8fa95d57aae2fff79045654501478f7a394b27b8b54113a25ac74662606f767c\n\n\n# Point adding tests.\n#\n# The following tests satisfy Result = A + B, where Result is in affine\n# coordinates and A and B are in Jacobian coordinates in the Montgomery domain.\n\n# \xe2\x88\x9e + \xe2\x88\x9e = \xe2\x88\x9e.\nTest = PointAdd\nA.X = 0000000000000000000000000000000000000000000000000000000000000000\nA.Y = 0000000000000000000000000000000000000000000000000000000000000000\nA.Z = 0000000000000000000000000000000000000000000000000000000000000000\nB.X = 0000000000000000000000000000000000000000000000000000000000000000\nB.Y = 0000000000000000000000000000000000000000000000000000000000000000\nB.Z = 0000000000000000000000000000000000000000000000000000000000000000\nResult.X = 0000000000000000000000000000000000000000000000000000000000000000\nResult.Y = 0000000000000000000000000000000000000000000000000000000000000000\n\n# \xe2\x88\x9e + \xe2\x88\x9e = \xe2\x88\x9e, with an alternate representation of \xe2\x88\x9e.\nTest = PointAdd\nA.X = 2b11cb945c8cf152ffa4c9c2b1c965b019b35d0b7626919ef0ae6cb9d232f8af\nA.Y = 6d333da42e30f7011245b6281015ded14e0f100968e758a1b6c3c083afc14ea0\nA.Z = 0000000000000000000000000000000000000000000000000000000000000000\nB.X = 2b11cb945c8cf152ffa4c9c2b1c965b019b35d0b7626919ef0ae6cb9d232f8af\nB.Y = 6d333da42e30f7011245b6281015ded14e0f100968e758a1b6c3c083afc14ea0\nB.Z = 0000000000000000000000000000000000000000000000000000000000000000\nResult.X = 0000000000000000000000000000000000000000000000000000000000000000\nResult.Y = 0000000000000000000000000000000000000000000000000000000000000000\n\n# g + \xe2\x88\x9e = g.\nTest = PointAdd\nA.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nA.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 0000000000000000000000000000000000000000000000000000000000000000\nB.Y = 0000000000000000000000000000000000000000000000000000000000000000\nB.Z = 0000000000000000000000000000000000000000000000000000000000000000\nResult.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nResult.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a\n\n# g + \xe2\x88\x9e = g, with an alternate representation of \xe2\x88\x9e.\nTest = PointAdd\nA.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nA.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 2b11cb945c8cf152ffa4c9c2b1c965b019b35d0b7626919ef0ae6cb9d232f8af\nB.Y = 6d333da42e30f7011245b6281015ded14e0f100968e758a1b6c3c083afc14ea0\nB.Z = 0000000000000000000000000000000000000000000000000000000000000000\nResult.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nResult.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a\n\n# g + -g = \xe2\x88\x9e.\nTest = PointAdd\nA.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nA.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nB.Y = 7a8e00e6da77a27b2d17797722de0cda74b5471c45e61ba3220daca8316aa9f5\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = 0000000000000000000000000000000000000000000000000000000000000000\nResult.Y = 00000000000000000000000000000000000", - "00000000000000000000000000000\n\nTest = PointAdd\nA.X = bcba3eebf2b0af1174a4b874b155b4dc74bd5fb57c70214561aaabb105635580\nA.Y = 1dc33ce74f651305dd89263c1d314edd2773ef6dd043742a6f47f29542b9eb07\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = f9e0b98b1a87b6c49c4cc5fc47efd157e5f12cf5543d71cfa38187a3793d6791\nB.Y = 3b2de94df438554381037c9f9d2c21991c6975d83c0acd42ef1a8419a040436f\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = 6bd7b4e06d7862f749901a398417e941618c11c48dffcce719e4026220b77477\nResult.Y = 1e2ffd71e8c206acc19032d26a53ea275fefea51a2c90e4dd3c8b7c6acc51ab6\n\nTest = PointAdd\nA.X = d71c6da129f6e867bf525563e1d8bdbd2f90a9bac7de867a6ea2317a5d6cb507\nA.Y = 125e0cc1ba0c93caa19edb419a764f88d955289c4c6e77d02d90e4e31d47c9a2\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 334c2200ec08896808ab12a76820ff674fcdccff6d85afa2e586b31fc944de33\nB.Y = b5ee8cfa25896d4075588c60926a2582a099c7a5acbcfec78fba457c4886301c\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = 93e9d4e6f7736f80da1b00d221024ccfd17f2927d6b505a5bcefe0801fe6f0a9\nResult.Y = 4824eeb2d5da27d57e1d50c2dae000acdcddcbaf534d8b7e7d97854ed3dc939e\n\nTest = PointAdd\nA.X = 0daba41be2b418e7d160a363e6cbdcbff5d433f96b0d5be3812c0a7adfab8ed4\nA.Y = 3ae4dd97c4d2987a63df16c5fb8c494164e14b93eeebd5585d74bd26e2201499\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 87135fb06383ec8b282fdc028eb38fd447ac1ecc76922e37f0cc454febb11aee\nB.Y = 98ab966087531eb3eea1e5e36189271a02f7ee8e381f9c78d6f346a301f96f81\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = 2e096c2fabf06a5b838c7e07fda436d068dd1c4e3ff4f5704f89ab9df6b4be5b\nResult.Y = 59ca6304321ae1e41bfa30f52e7ef27fceeade8507f20837654383d70e8a41df\n\nTest = PointAdd\nA.X = 356db98c21c2169899b9b296edcacb7d531524f2572913b75edb7b73196f5682\nA.Y = 47a26c52b1b2f229109e8aca7f5b4af768baf053a15ff8f58051c7e4e1b7f818\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 56956f6d3bbbd4aece299f29bb4c537355f312f391c207c6ec6efe646362b288\nB.Y = a69fc73c0636c9928764cc9d6e1482577b6ca06f277c098f571108356a858cab\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = ca0ddd995a77173a1438473bf82734cb3a09fafe7050bda9bd592a1cf078fa38\nResult.Y = 379da87952d36c5396b934a2ce8b003ee8fc4155b3b488f2f550734e2a82ce7d\n\nTest = PointAdd\nA.X = 13764cccab4addf5cf4ef5fb4af60a93e08fa3a0a72653abf013e3427abbf82c\nA.Y = c3dc524745368a0dc4948f897402f4b5a280acbf74f5ea9180d038a483d4090a\nA.Z = 2903a04d6615ec23cd63ba46287be2e7a8eeee030bed49e7a94769386a46f209\nB.X = a5c5921f9a8c569f661693bfae1b167937987c2fe951956ef0e34c426965c648\nB.Y = f8a299605e690a78e583371e59cf2b848d475afc35bb1448981c53ad8c0a6581\nB.Z = 9c3fde73f1899a76eb40f055fce02ab9c1b1ce7d43b54c54f93ffe56830e3f83\nResult.X = 4073318e85bc2d7637fd0129fa8eb86b6ca20334542795f3bb1de54b90a16b69\nResult.Y = 9a1b1e7435d98287b244d2337f8bf0e9c87b40677bf1ea2a9dedbd07c5241ee0\n\nTest = PointAdd\nA.X = f72706b81fca2b1530238bdc2c0c454b5116ee54fdf156bc62bffea73f0645af\nA.Y = c6e66d9ae8fc5e164e6a985f866aae41f3c4e4281a0eea9173e4e77cb29e4bc7\nA.Z = 6a84f9c37634b8aefdae477e9efec66f20d2f6159575f40c7b21a1e0732e8c49\nB.X = bcf21b020cb8fb4b2ef7f639240d221dd96fc08d7fa575c2e7037fc84d8f03b2\nB.Y = abc500f82f06f0d69a920c8d80eef9dd2310cd09e0d89d80fc7397aa4e361dd1\nB.Z = 5031c46be15f9d4fa9a347be998c07f9cc7f754999fe0f9c3c8b38e0d85dda9f\nResult.X = 401b010df4dd21ed96f7c8babb401db74b3b6ee7f55c498803203855b5911de9\nResult.Y = 05e585cca569bc22855f7df32b20a4a45315a1ca5d98d2b94792eb748ec8744b\n\nTest = PointAdd\nA.X = 7b44b52e9fb1bc58c81a2adc9bfedcc42bba3cb34ec666e51cba8050d48fdb37\nA.Y = 2b7e629fef7b4e175f5eb30c421e60f26fefdf5f9fed743cad4a8e638c18696a\nA.Z = 68f31acd92bed56a4556e954b0c51f9f8f3b797bc853d1b2b01b228657bd317f\nB.X = 3d293c36fd065d1f054eb218932d60feb00d1bd4bee0236cb9788d9723df9571\nB.Y = c8b893b8e9ff935f2e060227334e32ba144f4046b1bd4961f4479ad3fef1c7d2\nB.Z = 9c072deacfe5c025c763efebb4feab79e954c47d3e86ef4abfbd1901f50d8495\nResult.X = 245582d32415c77a2e3abbf844cf1a40c31466c1418cd279747e5394744509be\nResult.Y = 5c2f80f947d2df7fb1f829d05c6175f6fce7cd2d7f79fd7aa865f930e910e9fd\n\nTest = PointAdd\nA.X = 75ab91b8a46a5a1abf827cb209373b28cbb8f83a06adf6a9b10ac76e22493ecc\nA.Y = abd989a78d1bcee7e63920d7e637f9763901da408a9d8c731e4e65a6fc52e1a1\nA.Z = 188a24145243ca066c35870e5a8835532ad512fbdcf5f5ae4033b262fa9aa6b8\nB.X = 5d6e885ec19069b2aa51a2723c98da1f03e8dbc344fe1de0bdb42910ba8bfe96\nB.Y = a1f86e66eacc38db7e47154a324a16031705b4803addf074037d3320b50dbef8\nB.Z = 5cff900a783687049a7d497b1f8cd837c479a61f3fef4b7ced180ea82770bc75\nResult.X = a4029333b9b9db434eea002bd6d4e0d9f3e5317c685511a30ecae351fc60d164\nResult.Y = 8e9302c77bc6f560c9bec473ef1ffb76b357c0d4794192696bda8e99651798ee\n\nTest = PointAdd\nA.X = 8d1867f890abaa26b634d5d5cdeb0f4abc7ebd16d807479f837fcece592dc0eb\nA.Y = fc68c801999c12070eddeb3169219c491f9e8fe29cdc4e3cb698ee8471934076\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 8d1867f890abaa26b634d5d5cdeb0f4abc7ebd16d807479f837fcece592dc0eb\nB.Y = fc68c801999c12070eddeb3169219c491f9e8fe29cdc4e3cb698ee8471934076\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = 8da53dc540c1450c73082ad3b799d0d18a69a747fcd81f847e9e60484dcf579a\nResult.Y = c20c398e99e0513a452b5e9b6331863d1ac3eee6fcf73021f505a0b62daf6f80\n\nTest = PointAdd\nA.X = 328b983f6490312e37e8eeb2121cd622cf85dbcf78af93df74fbca961ce3bfa2\nA.Y = 1c8a0aea2f2e540770644f48c41810bf7f9e1a782b2f6397712b17c88109fbce\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 328b983f6490312e37e8eeb2121cd622cf85dbcf78af93df74fbca961ce3bfa2\nB.Y = 1c8a0aea2f2e540770644f48c41810bf7f9e1a782b2f6397712b17c88109fbce\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = b6f3c548944862dfdea2314ca6d6a88780b08da41becf58384af80544aca4966\nResult.Y = 95afecb4ad3195485a2aad3cd14008c9a7c1e0c02656c3c2b7cd5f2e7f3a4474\n\nTest = PointAdd\nA.X = 3ae6b24cadd6a14612d24a1c094a35c6be56db8f53a6d526e0ede03923918443\nA.Y = de8a23105c5f5c88b77dbde74e30a56f8865d78a5ce9060cff9f2927dbd196b6\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 3ae6b24cadd6a14612d24a1c094a35c6be56db8f53a6d526e0ede03923918443\nB.Y = de8a23105c5f5c88b77dbde74e30a56f8865d78a5ce9060cff9f2927dbd196b6\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = 6f125b512c3c736f39781fcd89adb653e515b4ce1e1204505f08d0a8480052ef\nResult.Y = e1acfccf1b9950067adf0f06e0d9703a8b1ac1bbdbb35b08df28cd56c24ae5a0\n\nTest = PointAdd\nA.X = f317c6c02d9a6ff0799b3b4a22f83c95324831baad336ecd0c631ea04a5e11c8\nA.Y = b624e8057d411031f41b30cd02f56c24e89262e885007b7a1ed1861feb7ffcda\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = f317c6c02d9a6ff0799b3b4a22f83c95324831baad336ecd0c631ea04a5e11c8\nB.Y = b624e8057d411031f41b30cd02f56c24e89262e885007b7a1ed1861feb7ffcda\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = e805208c74602e54482d113f16fcf6e4600436f8af49705cdd05ecfb0e6d45fd\nResult.Y = baded898bfead1b4eb3ab3bbd0129837efc85823dabe82718a975bd603f96d9e\n\nTest = PointAdd\nA.X = 3a6802aeaebc67046a1e75152822fa8bab04c11ae2b816f42c073daee3f13274\nA.Y = d6522c882d18e32bc5ea1fa59efbce8ce2369f2154dcc00e6fb17500f50f8ebf\nA.Z = bea747d5bb1c6ee865249d7a22378f3c760916e163497f4b6ef4da8adcb5dfab\nB.X = 3a6802aeaebc67046a1e75152822fa8bab04c11ae2b816f42c073daee3f13274\nB.Y = d6522c882d18e32bc5ea1fa59efbce8ce2369f2154dcc00e6fb17500f50f8ebf\nB.Z = bea747d5bb1c6ee865249d7a22378f3c760916e163497f4b6ef4da8adcb5dfab\nResult.X = 5a2891dca746889d413d8dc1a69b715954baf692689fc32d9aa10b7431a5c149\nResult.Y = 91db7288536b4f6d78e5a787ecbb5094f6834515038cb070a7fa4870af8045f0\n\nTest = PointAdd\nA.X = c76ddbcb15bc63f82807804536a0d25fd7a639c71adf953ad6cc8f68d915f485\nA.Y = e3a4f830809f5e91b68699c05fa9faa7c3d1f9d1b1c982c282508fa18d695537\nA.Z = eb372f19c7b9466a116363ad9114a89ad287523da318d915f59ed5e558bd824e\nB.X = c76ddbcb15bc63f82807804536a0d25fd7a639c71adf953ad6cc8f68d915f485\nB.Y = e3a4f830809f5e91b68699c05fa9faa7c3d1f9d1b1c982c282508fa18d695537\nB.Z = eb372f19c7b9466a116363ad9114a89ad287523da318d915f", - "59ed5e558bd824e\nResult.X = c5485a3509f55c7cc33d098fb0bfe1b198a9f26ce0ebc29bec5baa29ef6f74a2\nResult.Y = 60e949a551aa94afc9a3efe411a3c63ecb851ef1738ed24c88f86cf85ec01020\n\nTest = PointAdd\nA.X = ca72936509631f09d2a3ac14fb786daabb15520ef01de4298c7fd71653e89194\nA.Y = 02aeb6b6f04cd8125887baa18e6e79ba2b0acfa9a2443e9eea36ca7715eb8eb3\nA.Z = 8b4ef1a52fa42c711445e0463003f2ed38ace6583bf08198e9a0b938b4589479\nB.X = ca72936509631f09d2a3ac14fb786daabb15520ef01de4298c7fd71653e89194\nB.Y = 02aeb6b6f04cd8125887baa18e6e79ba2b0acfa9a2443e9eea36ca7715eb8eb3\nB.Z = 8b4ef1a52fa42c711445e0463003f2ed38ace6583bf08198e9a0b938b4589479\nResult.X = 8d3b35c5661faafa83510ab9b3f1642bb121e7686ed4ae61323ddee2c7247f93\nResult.Y = 1a22ef5df156ca80235fe3cd1ca3152e21a3e17b2a34dd93b2003e3274a8a2fb\n\nTest = PointAdd\nA.X = db7b023fbe056819027fa09c5a2a0d777a53fb78c00bf4f31f46b63a7494bbfe\nA.Y = 59affcbf4628d572ee56b95087d30e765bb518b123e879b25df9960dab706a32\nA.Z = 1f7c7226d78e51478c683bbb6afe01abc2225dbfc773d0806d30ff5f827b76c8\nB.X = db7b023fbe056819027fa09c5a2a0d777a53fb78c00bf4f31f46b63a7494bbfe\nB.Y = 59affcbf4628d572ee56b95087d30e765bb518b123e879b25df9960dab706a32\nB.Z = 1f7c7226d78e51478c683bbb6afe01abc2225dbfc773d0806d30ff5f827b76c8\nResult.X = fba400ae656ec3103c5c5f531d2a0f7368031e01a48a91f1a4f3138d294b13be\nResult.Y = 160e358ad1f059eb62722df01a7440048a1db21ecaea8698efa9677db6e9ff97\n\n\n# Scalar montgomery multiplication tests.\n#\n# The following tests satisfy A * B * 2^-256 = Result (mod N).\n\nTest = OrdMulMont\nA = 0000000000000000000000000000000000000000000000000000000000000000\nB = b4e9b0aea84aa5ed86964a22881a4d0e58f88e9225f30990c18751e7d4b9ec95\nResult = 0000000000000000000000000000000000000000000000000000000000000000\n\nTest = OrdMulMont\nA = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf\nB = 5d24e62244973fbd829573d5a579b4e89a6512933a2c3d255bbdbc1c89028323\nResult = 5d24e62244973fbd829573d5a579b4e89a6512933a2c3d255bbdbc1c89028323\n\nTest = OrdMulMont\nA = ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550\nB = abafdc695e4c2c850f8fc60f1efdbf7406a3cd2c6c59bb7e608985723896c187\nResult = 917b1214c7b31a7ee7e53be0b41a139e435ff576b51ec6af1e1a944412bea38b\n\nTest = OrdMulMont\nA = cf0f01b83670a1c79154ea16f3574ca2d4c688a3c3b6017795cbe54854418904\nB = c5ec4d3b00fb2e11fb3b1aa09e60f7d187f7c515977d1343dab9745961fcbb43\nResult = 7aaddcee32e3b340af5ad06f854284cbbce5a1ab919e9b7771c3b0e937093438\n\nTest = OrdMulMont\nA = 50023f9913879ac4020bc45a89a0ea89082db6265b96b851af29969dd8a9661c\nB = 7c165b1cba80808db114441563aa0fbfba41b9e8acff77312a2dd2138b74ef89\nResult = 3d2ca1705d8d38cbc76a5409c6535044733cafcb95d12654af1d14de177978b5\n\nTest = OrdMulMont\nA = 4d5341ea735e53d2e4f2934755642adee209bd0e5a1506206513227f3c48b270\nB = 6e48f2b60eb8fb86760134abaf3d61692557862924069c599ceb31309ea18704\nResult = 37cde3e35c814d4287bd345b910d687983929907b7a08afa2acd8596832ea86c\n\nTest = OrdMulMont\nA = 33d06c3f5a595a41a6f9c4356f8ab2b8c550d4c64b806eab5560af247c5fa9ed\nB = 0e52f34adf5754343bcf3529d652620da3c05b5dd9cdcddfb08b674a1ad21a09\nResult = 9dc64d7b4c1bc33b930e0daee2a24fc41f770378659ee71b846d2239b0fea8ea\n\nTest = OrdMulMont\nA = 8f211780cce4f93b7193b9378e6f83e1147fb3602b052eef782de8cc833e54ab\nB = e1e4f7f1feb15be64292cff86b47cd9730bcb15b133340022b824d591a660cdf\nResult = dfa2b683b1ae23027c7c109e0abb40a1366eda027ad2cad1a09061a57bee391f\n\nTest = OrdMulMont\nA = 803c279c7e4c11a5568290c0a5789ceab6860f51a942bf646501a45e1ec0a6bf\nB = c0a1145a12037129c571f5f939bf16ea0b8b480f08ec774c045d059841f7d5ed\nResult = ab48fa3b4aa692a7c077cc55ee3c3fff895118a23728c2fa5f361b30730d955a\n\nTest = OrdMulMont\nA = 0e5c95158297d75dbf0b02c3090730f65bf14704495b14837dd907af569407f1\nB = 5a03e3787c8772b2fb7ab07d7fe7fe653a58bdae7fde3174c6ed305e524f5728\nResult = 71296d305dcf9ce39010ea4f4bbf9f7c1064a413597bdc7574c13dea3fa514dc\n\nTest = OrdMulMont\nA = 366299be07886f7846fc74231db624b169360e3c8f60196a1afc9f2101e03922\nB = d6d7c830a6edb6861868b964519a6b68f6f24f7c09d66003f3f88eadd1e00158\nResult = 0b89596bf5054ebe95a39dab6e975b58190160610b09b2a4f93331ecc0e79fd3\n\nTest = OrdMulMont\nA = 8f36f0ef275a72192c3b7388e84df2b8acf66fc53aaf556e3be05c76b3f782c0\nB = 704e519363d44e8df8d91f5f347eb61e8d3e85c8fc1b82980c370a379b2bc81c\nResult = b70a392e3ce5e85b5efbbded9b8c16a3068ba9b93b4cbed9a9a71dffaad6b58a\n\nTest = OrdMulMont\nA = bf4466ef4dea9f06f0f3b4f14e01140a774262c7e0706584f4d7dac19be46d58\nB = 4af12d528b2cef0f6714961bca2ab682f8abaa97600ea8181f71563d56f8a9f5\nResult = 7b6827c0881b9846e32499e13277efb07917cf4b8c8c72bfb3daa8c1786a8e15\n\n\n# Test cases where A == B to test squaring.\n\nTest = OrdMulMont\nA = 0000000000000000000000000000000000000000000000000000000000000000\nB = 0000000000000000000000000000000000000000000000000000000000000000\nResult = 0000000000000000000000000000000000000000000000000000000000000000\n\nTest = OrdMulMont\nA = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf\nB = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf\nResult = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf\n\nTest = OrdMulMont\nA = ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550\nB = ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550\nResult = 60d066334905c1e907f8b6041e607725badef3e243566fafce1bc8f79c197c79\n\nTest = OrdMulMont\nA = da43b8dd7fe8830a4fe8980ec585ccbe903a2965a695cdff398200b74b2ede41\nB = da43b8dd7fe8830a4fe8980ec585ccbe903a2965a695cdff398200b74b2ede41\nResult = 5ec68604412205b380e26ee4e4081eccc10ac7d1417b09cd534f8517b0de81ec\n\nTest = OrdMulMont\nA = a82a2b8bdbf8a37dc7cb5799691494a8c9fbf649686a4d250dc30697feb0fa47\nB = a82a2b8bdbf8a37dc7cb5799691494a8c9fbf649686a4d250dc30697feb0fa47\nResult = 552c094a8841621d6cc26b3b54ce5da5664283888445196a6433d3cfdcad3aee\n\nTest = OrdMulMont\nA = d785006e250410d9dcc6d7740795a7374c25b00b9c9a37b8285694a07307eacd\nB = d785006e250410d9dcc6d7740795a7374c25b00b9c9a37b8285694a07307eacd\nResult = 971aaa9e70ad082cf43725f2e65bc73f4bf762459cee13167545072ec7bdcaf8\n\nTest = OrdMulMont\nA = 69d6d9f5417e87d603a3fb6acafa0d1f974abf94ca57ce58d718a0ad5d02a496\nB = 69d6d9f5417e87d603a3fb6acafa0d1f974abf94ca57ce58d718a0ad5d02a496\nResult = eb3284e5799fbe93171f08e6de9f792cd17f036b3a17671b0310e49b48e589b3\n\nTest = OrdMulMont\nA = 1c28f742c3e26e74901d0425f2eb4d5272524668d2405875b32cf6433f212900\nB = 1c28f742c3e26e74901d0425f2eb4d5272524668d2405875b32cf6433f212900\nResult = 74f70a95399b7ad061a2200fa50528d68eee4654341c8158101e1e3f8f16e642\n\nTest = OrdMulMont\nA = 026b2f69f0259d221920b2f358b378a79826f0332ee36afa257765043e3d6732\nB = 026b2f69f0259d221920b2f358b378a79826f0332ee36afa257765043e3d6732\nResult = e1e9cfa4724995bb50971ca22f3c028cd31cb51fbef8a37c31f10fd1d468f13b\n\nTest = OrdMulMont\nA = 376ed4fadcc1c6c4160a0c9c2ab7c62260367968b08d304d47c65f25625d7d60\nB = 376ed4fadcc1c6c4160a0c9c2ab7c62260367968b08d304d47c65f25625d7d60\nResult = b9ccb67f377e1278f1d2eeda26e5eed76f32406c9deed9764fc0aa346d91e02b\n\nTest = OrdMulMont\nA = 50f66867d0a4ef389678d760d2a4db886583b4c068d0e240f7ddf3472c871304\nB = 50f66867d0a4ef389678d760d2a4db886583b4c068d0e240f7ddf3472c871304\nResult = 82c3467bc5f7ca8b45f4ee61546745e2f53755a02e87f65f572418d60e471c8b\n\nTest = OrdMulMont\nA = 5b8bd82b37206d2b727f19ad2d02f63773470074dde7d43d2a77c448ddf2f978\nB = 5b8bd82b37206d2b727f19ad2d02f63773470074dde7d43d2a77c448ddf2f978\nResult = dbf3c2fc67a0688c3b5ff12cab1739d50b6093c5d98943d388652b1207e4a0f2\n\nTest = OrdMulMont\nA = bed7b3a4dada0e16984eb59ee239005ab212e5b1772cdd5d240c8ee268f65c81\nB = bed7b3a4dada0e16984eb59ee239005ab212e5b1772cdd5d240c8ee268f65c81\nResult = 9232aa2759ca9c5efbaefb0cf45cc6bc9c89def8c25e5c169fe623f30787df36\n", + "e0fa7adeb972901bef3160c848e9651bfc810968afdb0cd598830370\nB = 08f03060cac1d3c15eea69623d5fb01da465b209e3e5e90fbb51053a1c5700eb\nResult = cda4ffaf8b1c3ac0d44bae6ea5154de11e14931747a65396531302c0cb1ed537\n\nTest = MulMont\nA = c7375c2b6666713cb33cfb741268fd3ccf703bcaa0b9b27f84a8cb970655da9c\nB = b0796ee4bb88b9bad895d9c25c34f43a3941e9585bda8e86ff4fa0bbb391ac61\nResult = fd1d557a9fb0031e462121bf7ca31804acfcfce822bb6ee6631b54c575380617\n\nTest = MulMont\nA = 72a87b13eb4a2e248214aa591c586df65790f9f750a1641b47581a4ee09be7e9\nB = 38e602844b9aaf737e8b1261110b86ba22806ccbbbfdc5305075429d7ce4f002\nResult = cb2d63ee829de8801759f0229d4c07139bacd804f0c815d35004747c65bffdf2\n\n# Test cases where A == B to test squaring.\n\nTest = MulMont\nA = 0000000000000000000000000000000000000000000000000000000000000000\nB = 0000000000000000000000000000000000000000000000000000000000000000\nResult = 0000000000000000000000000000000000000000000000000000000000000000\n\nTest = MulMont\nA = 579e9ce1ad00639b8b64d49546ff4f9c30ad12eaebe9e2ed91e97d55c3c5d847\nB = 579e9ce1ad00639b8b64d49546ff4f9c30ad12eaebe9e2ed91e97d55c3c5d847\nResult = 10c5e60c2d480d5d53f50c24fb771fd2dec208db04624dfd05d2847ca173a9aa\n\nTest = MulMont\nA = 501947209b121bcdedce8c895ee2ba310f2e561e97998eb8f3b99d1f924f36c1\nB = 501947209b121bcdedce8c895ee2ba310f2e561e97998eb8f3b99d1f924f36c1\nResult = 54d6d64566619b215910f1b9e467b22ef205ca3aaad37a00fcbd906357f9c179\n\nTest = MulMont\nA = e84ab9202722498baa2c9158f40d47b1f03df4d13976b0aec916a937e99f3a89\nB = e84ab9202722498baa2c9158f40d47b1f03df4d13976b0aec916a937e99f3a89\nResult = 9af01fa6947a60679b6f87efe9b6fba97baf5d55a19d5e91dd5da1da10caeebf\n\nTest = MulMont\nA = add67c61d8479570f45a59e9b04974f970b0c4c6c046056fea1bdf3f0e7d3152\nB = add67c61d8479570f45a59e9b04974f970b0c4c6c046056fea1bdf3f0e7d3152\nResult = c0c68b4327e3fe7e0522167a54b25aaa6f76085ce4f6550479c89f3f1c39dd18\n\nTest = MulMont\nA = 434ef0db5640a3ea63125f815bc3cb3c92d06dbc3b5cb484e01b5247b3b4bfe5\nB = 434ef0db5640a3ea63125f815bc3cb3c92d06dbc3b5cb484e01b5247b3b4bfe5\nResult = b5105d16b858279247ed31362a90260978d64e0492e84bffa7a0e13ee1541544\n\nTest = MulMont\nA = b1db42aa4b259d9c6104599aff622114f10c327d02c5640b74cf1742adff332d\nB = b1db42aa4b259d9c6104599aff622114f10c327d02c5640b74cf1742adff332d\nResult = 0c175e7f96fc62059864c561d99a8d90978c72757ba305cd8862ed6a5fadad59\n\nTest = MulMont\nA = 7610271796be25416b652badd3119938974b20d4fc92244aea76d23b80d178f0\nB = 7610271796be25416b652badd3119938974b20d4fc92244aea76d23b80d178f0\nResult = 67d76e4a7c8355bb362481a76a63b365ad79767cc672b174130e833d41ca5709\n\nTest = MulMont\nA = 3480d60b0ccafca89c86f22f78380cead81310241f27a815e6fd21c2060caed8\nB = 3480d60b0ccafca89c86f22f78380cead81310241f27a815e6fd21c2060caed8\nResult = 68bfb2652d3bf03d17b20b2c52c68e847b0006047ba4ea81d4b85af2e0a21f72\n\nTest = MulMont\nA = 8ad6fa8bf3fe56ece1d0970636c1429ed5dfc2441c3194928a6348b69490b537\nB = 8ad6fa8bf3fe56ece1d0970636c1429ed5dfc2441c3194928a6348b69490b537\nResult = f5cdccf29e09928722137fb5a5ec035d7f39580838e19b892a7a972866330318\n\nTest = MulMont\nA = 71c328ce472ae74b5028b21f9d1997e0f7dbcee979a8f9fdecfa5d37d359c835\nB = 71c328ce472ae74b5028b21f9d1997e0f7dbcee979a8f9fdecfa5d37d359c835\nResult = c3472fafd01fc3ed93a91ab65411cb852bd5839603a02ca6cdfbadcb9ac474a0\n\n\n# Montgomery conversion tests.\n#\n# The following tests satisfy A * 2^-256 = Result (mod P).\n\nTest = FromMont\nA = 0585a3dada9bb283fd8db4fc46c106d28f95b8cf159a405891196dbb9ce0b5cf\nResult = d198d054d25a069c40cdeeb968a5562a67c3ef659297169e4be872f234897dc0\n\nTest = FromMont\nA = 9ff49a4a3f810fd34ca6f37fb1b3c40e61bc0492227e91e41cbe06bd58ba65b8\nResult = 326a061b2047d9ba4eddaba9b1fe253d5b2a24e268e3f8810767bef8cda07643\n\nTest = FromMont\nA = 05a69f8f646494be65affbd44d0536ca098d6f3640e80b5e48764ab78928cf58\nResult = 5a6f9c7025d4063480c400fe6f271cf3a3d2c43f9e1ceac21a88208c28329731\n\nTest = FromMont\nA = 256481a9e52d692719330a6f1208d9eca4ddd919aee06e234cbbde77d245501b\nResult = fe9fc86a2ff61a0c981d5e86c5472248e071e9639521c5be43947bfffc7d5858\n\nTest = FromMont\nA = 2062ef333cadefc36ced52a2ea7e4215b1fca29283baa1e3be76e321f1b213f0\nResult = 961ce39c3bf1d699b4b61ded8a5beae6eb6185d21f1df435b079b1f6a79dc738\n\nTest = FromMont\nA = 97241c3651a8f9d2fc02730f15c3e09e48d2e645cfe927385cb81d3f454414fb\nResult = 2114225803efe7b6c7fbb290cb946da4e78697aad5624c2d3fe9fb568460b93c\n\nTest = FromMont\nA = 1aae0ad2c8ac988e11beda32ca7257f4d4de41f4b74452fa46f0a3bafb39262a\nResult = 77c884131c34a2c3acce8a69dc5cf55987b7999c70586a9ef3c0dfb634900296\n\nTest = FromMont\nA = 034de033e2d38cf8bec8a994414b64a2fce7c83c5d81efc3d21448225071e85d\nResult = 984fecbde84f393133fb602777b4395c56449d2cbbd7d8ae428b2ee6f82a2956\n\nTest = FromMont\nA = d2b296c2004b2761b6781311c924cbf5ff56dcc0900ed5cd24f5dd2e07f32633\nResult = ddcff6e031b859a814ce8f37b71c10cd5fb642af54af72deabb95adcb99307b1\n\nTest = FromMont\nA = 8f525e6af50a62fc176dec75bdf48f70ba8ab97323ba78c643ef07f6457ba070\nResult = 8fa95d57aae2fff79045654501478f7a394b27b8b54113a25ac74662606f767c\n\n\n# Point adding tests.\n#\n# The following tests satisfy Result = A + B. Result is in affine coordinates,\n# with infinity represented as (0, 0). A and B are in Jacobian coordinates. All\n# field elements are fully reduced and in the Montgomery domain.\n\n# \xe2\x88\x9e + \xe2\x88\x9e = \xe2\x88\x9e.\nTest = PointAdd\nA.X = 0000000000000000000000000000000000000000000000000000000000000000\nA.Y = 0000000000000000000000000000000000000000000000000000000000000000\nA.Z = 0000000000000000000000000000000000000000000000000000000000000000\nB.X = 0000000000000000000000000000000000000000000000000000000000000000\nB.Y = 0000000000000000000000000000000000000000000000000000000000000000\nB.Z = 0000000000000000000000000000000000000000000000000000000000000000\nResult.X = 0000000000000000000000000000000000000000000000000000000000000000\nResult.Y = 0000000000000000000000000000000000000000000000000000000000000000\n\n# \xe2\x88\x9e + \xe2\x88\x9e = \xe2\x88\x9e, with an alternate representation of \xe2\x88\x9e.\nTest = PointAdd\nA.X = 33c0d6224957b40403366bcf638f29928c2b9bcc74a0bac58808b02040781420\nA.Y = f9698d488fd517306a66a397e92542d435a7ee54e978c2b4782da38fcf613c6e\nA.Z = 0000000000000000000000000000000000000000000000000000000000000000\nB.X = 5dd08e3206a651cf2320dc98a3a173baef07fbd04bdc6eee2d79ddb13c63ac2e\nB.Y = 2270fd1d5dde52ec8f1e53816c2a0fcc9836d990894106894d8f99e89edbc335\nB.Z = 0000000000000000000000000000000000000000000000000000000000000000\nResult.X = 0000000000000000000000000000000000000000000000000000000000000000\nResult.Y = 0000000000000000000000000000000000000000000000000000000000000000\n\n# g + \xe2\x88\x9e = g.\nTest = PointAdd\nA.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nA.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 0000000000000000000000000000000000000000000000000000000000000000\nB.Y = 0000000000000000000000000000000000000000000000000000000000000000\nB.Z = 0000000000000000000000000000000000000000000000000000000000000000\nResult.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nResult.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a\n\n# g + \xe2\x88\x9e = g, with an alternate representation of \xe2\x88\x9e.\nTest = PointAdd\nA.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nA.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = edc21713cc3b51b9632b37925b5369a13aa3eab989f2d9a720154c1786eca076\nB.Y = 8da43525eb9de2a56c5a3fd7447258d96ccb60337e474b830d1fa37c0da1da8f\nB.Z = 0000000000000000000000000000000000000000000000000000000000000000\nResult.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nResult.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a\n\n# g + -g = \xe2\x88\x9e.\nTest = PointAdd\nA.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nA.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c\nB.Y = 7a8e00e6da77a27b2d17797722de0cda74b5471c45e61ba3220daca8316aa9f5\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = 000000000000000000000000000000000000000", + "0000000000000000000000000\nResult.Y = 0000000000000000000000000000000000000000000000000000000000000000\n\n# Test some random Jacobian sums.\nTest = PointAdd\nA.X = cb8dea3327057fe69b5159e0323e60486cda3400545f7e2c60559ac7c8d0d89d\nA.Y = 553de89b31719830c3c3300aa8ad50ea81f40762a4f33ccf81a2d3bcc93a2d53\nA.Z = 4589e40df2efc546b2572c1f45eda26fc191b8d56376f2063fd9470fb277d181\nB.X = 32ad56497c6c6e8399de6814efd21b3eb949bb80dab578073cf0b0aa92054341\nB.Y = 57b33b7acfeee75ef6a31eb7ca0244b375f2d0962a3ce65c06afaa02688399e0\nB.Z = 337d5e1ec2fc711b12fd6c7a51a2f474a922cb107f592b657617d2e0b4f1d35f\nResult.X = 120c6ddd6f8ebc798c5740005bad5a2586575202df9cc3dd07401fe84d8cfdd4\nResult.Y = 966bc89126349ce41738be691f32c1a068e54a654ab2cb0eac39ef15ee17f0df\n\nTest = PointAdd\nA.X = a858b5249026ccc4d25fbd85db17826afa3c5963c26815cbf8511d84dce62a25\nA.Y = bd753e125579388da968036d50067fe0e8eccb531c4d6f1a69c61bc8259c6d76\nA.Z = 82f9cdd9abf991ac27f0caa494b7b7b2851cc6591c6362ef02d1bd2c33fd116c\nB.X = 3e5790fd7ff28a376586c8ef5625b906f2d5d7e6656191f5a530154eecd4c988\nB.Y = 6e6c91011cc5996a7db4e5539eee635ce84780a85a17778da06353048fdf6bd3\nB.Z = a9ef3402e9f15e7a91aef4a53431b2b2068914e4a09ebdafc8aa654351f32331\nResult.X = de9d6bb4dfdee64193d3eaebb9208a86e764b80e1459fd10a2e01c202e33c5e2\nResult.Y = 370e67dbb7cfa6b79adaeec48b1535f0c329856401102d546c695d0dfe1d0db5\n\nTest = PointAdd\nA.X = a2d85e21bf520691b397ac9e0c1360218cef96a8a6f4c2b24d21791360ce4d9e\nA.Y = 0cc1c5493edf586cd24f7a9f40185c1ceefa727369ed159a9fc09b700ba64f78\nA.Z = ad3083a5bd23ee1fdbd3a25abdee815052209bb1a8b22d3f7d8600442b760a61\nB.X = 7d8850dafe2c48d86b6c3f3f44453670aa7169712238d024dbd08cb4e95b9cc1\nB.Y = 6a2698c143609306fe2c402acdf26e3b42874f5ae3ea2e95898c305e791984b8\nB.Z = c81bc8988c6edabf4a03fcc456ce0c445e225c33b76a79552af0b818350ad6b0\nResult.X = 67c5f8af069b5a5636647eee50da847dff8f5f6ef71780a5d1330453db5c8a04\nResult.Y = cec9200fa541b602d94c694f1289d1d073e64f47054baa40a9921c20ca090643\n\nTest = PointAdd\nA.X = 4f9a035ffeddcc36846906cacc812ffae7f3110fe46bf7da12d0b19ec54c3873\nA.Y = 73539ed620938543f94c358dba87319dca40ae4d13d0a888527f007d26d73d74\nA.Z = 922e97056fbf12d89984346368087375560990c3fb2f337d9f46429f2022d634\nB.X = de6fa333804b1da9f046896634e498d5f456288f8f03cc41fc7ba4b1e978429a\nB.Y = fd45f1d5e905c448b947fd65bc2897928d6014425c8c502a1b2838ba882f5813\nB.Z = 50bb4c98bce36b8aad5662b8db35428bb5c1f298e17347caa5d4f542f278a1d9\nResult.X = 5c3cb05b52ec59f3cbb666b0059163afae885676cf81d64cadc943a1c0bb3a86\nResult.Y = 2871d088271faa9258e60ff28115f72294b938ef3d7b927e59177f9b41d5747e\n\n# Test some random Jacobian doublings.\nTest = PointAdd\nA.X = 75da62f76d1887e18a06483bb6b53c3ec42879ed73b7851ed4748e307653714c\nA.Y = a6f0d0d3bb492bf488d99d549aff3f0c3a48f0c35a5931578fe697b8c5f486f7\nA.Z = 6d6a50229164869f24865148a19a24d57d94ebd09dc06b5e4fc3946a95f9124f\nB.X = 3b225af8c7b6155d66061c75a03d23d94e01a2167fa7f44c5bd1e9d9c48c7421\nB.Y = af58b0e38531d1e08187c61a36b33693ef534ecae23dca4542667d93f1844d75\nB.Z = 86ed2be859c4af1d5cf99041840f3bcb7c9b8e8986811393c96e8bf57fcad872\nResult.X = ab0f931fb86a621102e67336eadcf01afe3127aeaf5b4f89e8f34628c8e1afd9\nResult.Y = 52c50e2783d69dde29d6bc75fa359ffe72e7115c2fc89a9699a499cac25e3383\n\nTest = PointAdd\nA.X = f0d499f2e3775de88ed997feeb4589506f061f93766abb0c1251d25630c4c24d\nA.Y = e8de27c3369ba718adbab5597fbaad9581f5b59ae3b758e7d664bae81d895be4\nA.Z = c62dc820a597f75518734f12b2d3c076e5b872303e37b3663636912ade79c058\nB.X = c2845b3faaa995eb88e13a44b08d8a6fdb37103f7bbcc585302c9d090be3fc5b\nB.Y = 733e5ef1b0314754b70b5b98da63cbb7475918ddb85a715e21aade0c2f2e5611\nB.Z = b8505e4a057d108b49f5d0b20884674be18bba48bbc37f765c2c32c5cc4aba5d\nResult.X = 266f2961b9352b44e61902a235b33f766f82f8199c176920dae25ad2cbad5cc9\nResult.Y = 8560e62047908b13c4247b7e4d2657f2bdecab41e73c846ba18523e5f2918a9b\n\nTest = PointAdd\nA.X = f0ca07297738d8687bffcd3f1433966241f437fa1c3381cf2d13f0fc714bc83a\nA.Y = 1181b9d61c6982e743f1c32de5d14da745290ecaf27297c36ff3ef20a7526a55\nA.Z = 93159618ca5a9f9240df7016ddc983e046126d1290e14478dfcc6a4bae9090bd\nB.X = 3a2d75803ccad665f6b785c828eaa96821cb0e81979641b9e59b5fd488fcc755\nB.Y = 99e7f820abdbcdda23d90a88788e30d67303dac86987816dbbed447431e33f3f\nB.Z = a870186c8137cdbd247d16f3aa18782de1e4c5848f49da3437223eb13d7a9ae2\nResult.X = 36a104368d39214d5a3a1a348a1de1389d1aa23009aee37464b5b3256ed4b28c\nResult.Y = da5b14dbd75f6c333929bdff88e53af7253c27e166e15ead6d778631036b7d38\n\nTest = PointAdd\nA.X = a6256508926caca56a31414aba2d5f5b04dcabdb065352a572e215b043df6e01\nA.Y = e6567d330ffb11a86ec29b406b8e3d5cce8ca46f55f38515d842dd856d6852dd\nA.Z = ec172618c8cdbfc0f4fd6dffb77858bb292f229e6d10b5c70d0d9ba75fa3ab44\nB.X = 0251f6715dbba02e6072c12ab1f89a562d35ed0ff68e021b3b5276b9faf57c52\nB.Y = d2d74ff4740ad968fa7e816bc2178458efee797669bef2e634e2857de1658e62\nB.Z = abbecea633d31f569297a4a9ec28f708c7a097cb2423ebaca66ac0e42b1c8ee4\nResult.X = d2a071d4dd72ad7e63834b58b23c4a034ed7950f5c80fad51bf96959b535d55b\nResult.Y = 3cb8dcbe25f49099b9d8dd1a9cb6073368bf6556130f2aa02637dfcff430e869\n\n# Test some random affine sums.\nTest = PointAdd\nA.X = fabada657e477f088883b2987042e595559d669de3a047b27e3ad339fb3fa5f0\nA.Y = 0551992531a68d55a8409d8466034f02808637610ce6d6bcd9cfceb8da1c3e85\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 3a831cf2b316ce371994a5622e31749407fdf59660dc88322d14c37ebb2d68d2\nB.Y = 849c511908abdfa2bcadc43f9beae88052fdb00573c783fbb1b34b99687b9a6b\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = d5dc9241b457d33b9bda849fb7aba8baaff8b6eea92974a8adf4b95fbfa849f0\nResult.Y = 089a66780811a8ce455c139c4bea6c5c16234c095a41b9e31c617689bdc6bd0f\n\nTest = PointAdd\nA.X = 9dfe6299e62453bb943356b6f7d90c8b6c646728ba3550bb7c1548f2ba5920cb\nA.Y = 60a4e342a89837c0e7d61c0e3e88a943633028f5260eff6af5ae8a6063f7a5da\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 924d7305f867afecd3cc550f4c05c83a2b4c981ba0e7ff20fd2035fabe2ccc92\nB.Y = 73934620746c23be03a40edb0662c09ef1776506bd50d6397c2654d340629bf5\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = 7384f658ccbe08afcf6b423bfdd092a8a95b03d81254a519b31517b9b9670155\nResult.Y = e922a56146b94776f805a0fbdee9084dd87be1df54f76145bf83e07cd31a083a\n\nTest = PointAdd\nA.X = 9b6642b661f06c5b3ef2a0950b3c03d35f42d3d0dcbe105a895f40132c40bd9e\nA.Y = 90cbe0ed40e47923257f064886f1e309a310cb82fc21282f8e8fa4f6c975aed6\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 587f6b4c4bb3ab3d59ba8d31457615b3df9f9f9466df3563f4419db731f494ea\nB.Y = 38135b314572346439c8d4535b892a26e5da650ae1dc9ac2d5aeb85ade24174f\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = 97e94b6d485f8de6779e4ad19cc7bede6d70ff4853a56eb6d5fd4e5caac60858\nResult.Y = 303bf4d62cf569370ae5393fac46b64efe98ee8222b9982bc3dc61b8e32411c5\n\nTest = PointAdd\nA.X = da49658b6c64fc7a7441b177987abbbdbfcfc3c2c569ed97696d706f7af91ca0\nA.Y = 9a66906a6e313603e9d78f99fbbda837e521e75bbbad9455ffd43f51f5e30ee5\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = fe32e5885d0005fa1962166142d2aea201af9c4ca41cdddc5446dc2472f71f42\nB.Y = a2f9b4d35ea19303a101034e96870a7caed371a980965bf86291b03b5c85af60\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = 5375c5ea3e33c1862ca5f09322ce2012c2b4fbee9a299b66e4882e016908cc2a\nResult.Y = 936e4f12ed144cf6fcd0ab085a4929e5e3e7c28641692b1fc2ad9a3b3d447b31\n\n# Test some random affine doublings.\nTest = PointAdd\nA.X = b148cad109d4b24342eb3a03ccaa10dfd6101edf9548b1d1442b61982a4e332c\nA.Y = 7daac293162a8ee2592529630f5bd1eae96659d27c045898d33833999cd076ba\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = b148cad109d4b24342eb3a03ccaa10dfd6101edf9548b1d1442b61982a4e332c\nB.Y = 7daac293162a8ee2592529630f5bd1eae96659d27c045898d33833999cd076ba\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = ad00fae6ab0898f7d5eeeffe8c94b302060fba2b191a2d342a8a302998ebe566\nResult.Y = 9ee46ba864901cad75169cdea023d7e64da39315e2fec1703fad6b613eb24006\n\nTest = PointAdd\nA.X = f21318618205f4967c4f47c9bc3cea41e144dc01830d087414da8dcb16d37cb3\nA.Y = 76cebf81ecc696024fe949191dc49b245ef8cc0d55ada88abf481ddad9eb6129\nA.Z = 00000000fffffffeffffffffffffffffffffffff00000000", + "0000000000000001\nB.X = f21318618205f4967c4f47c9bc3cea41e144dc01830d087414da8dcb16d37cb3\nB.Y = 76cebf81ecc696024fe949191dc49b245ef8cc0d55ada88abf481ddad9eb6129\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = ad8e13b721bcbfc0fe629465cda5fee3494785d51dbe65f1e13429f52c83f03e\nResult.Y = 85722e168d89543dce293428e75d52765d0935bde2ef5c45a088222db0dbbeb5\n\nTest = PointAdd\nA.X = 8797ff95334b238dadf0cb3d4dc9350678f4c7fc520089ecb70ab419510f2331\nA.Y = 326c7583d54dde377fa9193c8588912c4db2219e1bb383ab13902187e5ef76ce\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 8797ff95334b238dadf0cb3d4dc9350678f4c7fc520089ecb70ab419510f2331\nB.Y = 326c7583d54dde377fa9193c8588912c4db2219e1bb383ab13902187e5ef76ce\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = e91c8ec9611de8e44e0d882df59f4fae8d15e3867858fb155256a4a2f154bbc4\nResult.Y = c12be21033c6dcea7e7d7262c47876d099aead75d8b025e45ce7986193fc6f8a\n\nTest = PointAdd\nA.X = 2f4cba9543c9537e393f126e31bedb521dc0a74a940e731800e5e39cdece355d\nA.Y = 1a0957898b746b7dbc9245acd0c6df9e6adca4d8537454c9f318a8ce7c3875c4\nA.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nB.X = 2f4cba9543c9537e393f126e31bedb521dc0a74a940e731800e5e39cdece355d\nB.Y = 1a0957898b746b7dbc9245acd0c6df9e6adca4d8537454c9f318a8ce7c3875c4\nB.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001\nResult.X = 5cdc40808120b68e3131bd6ed70a5ce6618f960e4d540baa582afc71be97c65d\nResult.Y = 1926a2c9f5b2d3d1dff784623fe6efe2ac629395101d38db0eff5e540bfeacb0\n\n\n# Scalar montgomery multiplication tests.\n#\n# The following tests satisfy A * B * 2^-256 = Result (mod N).\n\nTest = OrdMulMont\nA = 0000000000000000000000000000000000000000000000000000000000000000\nB = b4e9b0aea84aa5ed86964a22881a4d0e58f88e9225f30990c18751e7d4b9ec95\nResult = 0000000000000000000000000000000000000000000000000000000000000000\n\nTest = OrdMulMont\nA = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf\nB = 5d24e62244973fbd829573d5a579b4e89a6512933a2c3d255bbdbc1c89028323\nResult = 5d24e62244973fbd829573d5a579b4e89a6512933a2c3d255bbdbc1c89028323\n\nTest = OrdMulMont\nA = ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550\nB = abafdc695e4c2c850f8fc60f1efdbf7406a3cd2c6c59bb7e608985723896c187\nResult = 917b1214c7b31a7ee7e53be0b41a139e435ff576b51ec6af1e1a944412bea38b\n\nTest = OrdMulMont\nA = cf0f01b83670a1c79154ea16f3574ca2d4c688a3c3b6017795cbe54854418904\nB = c5ec4d3b00fb2e11fb3b1aa09e60f7d187f7c515977d1343dab9745961fcbb43\nResult = 7aaddcee32e3b340af5ad06f854284cbbce5a1ab919e9b7771c3b0e937093438\n\nTest = OrdMulMont\nA = 50023f9913879ac4020bc45a89a0ea89082db6265b96b851af29969dd8a9661c\nB = 7c165b1cba80808db114441563aa0fbfba41b9e8acff77312a2dd2138b74ef89\nResult = 3d2ca1705d8d38cbc76a5409c6535044733cafcb95d12654af1d14de177978b5\n\nTest = OrdMulMont\nA = 4d5341ea735e53d2e4f2934755642adee209bd0e5a1506206513227f3c48b270\nB = 6e48f2b60eb8fb86760134abaf3d61692557862924069c599ceb31309ea18704\nResult = 37cde3e35c814d4287bd345b910d687983929907b7a08afa2acd8596832ea86c\n\nTest = OrdMulMont\nA = 33d06c3f5a595a41a6f9c4356f8ab2b8c550d4c64b806eab5560af247c5fa9ed\nB = 0e52f34adf5754343bcf3529d652620da3c05b5dd9cdcddfb08b674a1ad21a09\nResult = 9dc64d7b4c1bc33b930e0daee2a24fc41f770378659ee71b846d2239b0fea8ea\n\nTest = OrdMulMont\nA = 8f211780cce4f93b7193b9378e6f83e1147fb3602b052eef782de8cc833e54ab\nB = e1e4f7f1feb15be64292cff86b47cd9730bcb15b133340022b824d591a660cdf\nResult = dfa2b683b1ae23027c7c109e0abb40a1366eda027ad2cad1a09061a57bee391f\n\nTest = OrdMulMont\nA = 803c279c7e4c11a5568290c0a5789ceab6860f51a942bf646501a45e1ec0a6bf\nB = c0a1145a12037129c571f5f939bf16ea0b8b480f08ec774c045d059841f7d5ed\nResult = ab48fa3b4aa692a7c077cc55ee3c3fff895118a23728c2fa5f361b30730d955a\n\nTest = OrdMulMont\nA = 0e5c95158297d75dbf0b02c3090730f65bf14704495b14837dd907af569407f1\nB = 5a03e3787c8772b2fb7ab07d7fe7fe653a58bdae7fde3174c6ed305e524f5728\nResult = 71296d305dcf9ce39010ea4f4bbf9f7c1064a413597bdc7574c13dea3fa514dc\n\nTest = OrdMulMont\nA = 366299be07886f7846fc74231db624b169360e3c8f60196a1afc9f2101e03922\nB = d6d7c830a6edb6861868b964519a6b68f6f24f7c09d66003f3f88eadd1e00158\nResult = 0b89596bf5054ebe95a39dab6e975b58190160610b09b2a4f93331ecc0e79fd3\n\nTest = OrdMulMont\nA = 8f36f0ef275a72192c3b7388e84df2b8acf66fc53aaf556e3be05c76b3f782c0\nB = 704e519363d44e8df8d91f5f347eb61e8d3e85c8fc1b82980c370a379b2bc81c\nResult = b70a392e3ce5e85b5efbbded9b8c16a3068ba9b93b4cbed9a9a71dffaad6b58a\n\nTest = OrdMulMont\nA = bf4466ef4dea9f06f0f3b4f14e01140a774262c7e0706584f4d7dac19be46d58\nB = 4af12d528b2cef0f6714961bca2ab682f8abaa97600ea8181f71563d56f8a9f5\nResult = 7b6827c0881b9846e32499e13277efb07917cf4b8c8c72bfb3daa8c1786a8e15\n\n\n# Test cases where A == B to test squaring.\n\nTest = OrdMulMont\nA = 0000000000000000000000000000000000000000000000000000000000000000\nB = 0000000000000000000000000000000000000000000000000000000000000000\nResult = 0000000000000000000000000000000000000000000000000000000000000000\n\nTest = OrdMulMont\nA = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf\nB = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf\nResult = 00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf\n\nTest = OrdMulMont\nA = ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550\nB = ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550\nResult = 60d066334905c1e907f8b6041e607725badef3e243566fafce1bc8f79c197c79\n\nTest = OrdMulMont\nA = da43b8dd7fe8830a4fe8980ec585ccbe903a2965a695cdff398200b74b2ede41\nB = da43b8dd7fe8830a4fe8980ec585ccbe903a2965a695cdff398200b74b2ede41\nResult = 5ec68604412205b380e26ee4e4081eccc10ac7d1417b09cd534f8517b0de81ec\n\nTest = OrdMulMont\nA = a82a2b8bdbf8a37dc7cb5799691494a8c9fbf649686a4d250dc30697feb0fa47\nB = a82a2b8bdbf8a37dc7cb5799691494a8c9fbf649686a4d250dc30697feb0fa47\nResult = 552c094a8841621d6cc26b3b54ce5da5664283888445196a6433d3cfdcad3aee\n\nTest = OrdMulMont\nA = d785006e250410d9dcc6d7740795a7374c25b00b9c9a37b8285694a07307eacd\nB = d785006e250410d9dcc6d7740795a7374c25b00b9c9a37b8285694a07307eacd\nResult = 971aaa9e70ad082cf43725f2e65bc73f4bf762459cee13167545072ec7bdcaf8\n\nTest = OrdMulMont\nA = 69d6d9f5417e87d603a3fb6acafa0d1f974abf94ca57ce58d718a0ad5d02a496\nB = 69d6d9f5417e87d603a3fb6acafa0d1f974abf94ca57ce58d718a0ad5d02a496\nResult = eb3284e5799fbe93171f08e6de9f792cd17f036b3a17671b0310e49b48e589b3\n\nTest = OrdMulMont\nA = 1c28f742c3e26e74901d0425f2eb4d5272524668d2405875b32cf6433f212900\nB = 1c28f742c3e26e74901d0425f2eb4d5272524668d2405875b32cf6433f212900\nResult = 74f70a95399b7ad061a2200fa50528d68eee4654341c8158101e1e3f8f16e642\n\nTest = OrdMulMont\nA = 026b2f69f0259d221920b2f358b378a79826f0332ee36afa257765043e3d6732\nB = 026b2f69f0259d221920b2f358b378a79826f0332ee36afa257765043e3d6732\nResult = e1e9cfa4724995bb50971ca22f3c028cd31cb51fbef8a37c31f10fd1d468f13b\n\nTest = OrdMulMont\nA = 376ed4fadcc1c6c4160a0c9c2ab7c62260367968b08d304d47c65f25625d7d60\nB = 376ed4fadcc1c6c4160a0c9c2ab7c62260367968b08d304d47c65f25625d7d60\nResult = b9ccb67f377e1278f1d2eeda26e5eed76f32406c9deed9764fc0aa346d91e02b\n\nTest = OrdMulMont\nA = 50f66867d0a4ef389678d760d2a4db886583b4c068d0e240f7ddf3472c871304\nB = 50f66867d0a4ef389678d760d2a4db886583b4c068d0e240f7ddf3472c871304\nResult = 82c3467bc5f7ca8b45f4ee61546745e2f53755a02e87f65f572418d60e471c8b\n\nTest = OrdMulMont\nA = 5b8bd82b37206d2b727f19ad2d02f63773470074dde7d43d2a77c448ddf2f978\nB = 5b8bd82b37206d2b727f19ad2d02f63773470074dde7d43d2a77c448ddf2f978\nResult = dbf3c2fc67a0688c3b5ff12cab1739d50b6093c5d98943d388652b1207e4a0f2\n\nTest = OrdMulMont\nA = bed7b3a4dada0e16984eb59ee239005ab212e5b1772cdd5d240c8ee268f65c81\nB = bed7b3a4dada0e16984eb59ee239005ab212e5b1772cdd5d240c8ee268f65c81\nResult = 9232aa2759ca9c5efbaefb0cf45cc6bc9c89def8c25e5c169fe623f30787df36\n", }; static const size_t kLen42 = 169648; diff --git a/err_data.c b/err_data.c index 9546ad2..f244bc7 100644 --- a/err_data.c +++ b/err_data.c @@ -187,44 +187,44 @@ const uint32_t kOpenSSLReasonValues[] = { 0x28340c60, 0x283480ac, 0x283500ea, - 0x2c322e92, + 0x2c322ec7, 0x2c3292bd, - 0x2c332ea0, - 0x2c33aeb2, - 0x2c342ec6, - 0x2c34aed8, - 0x2c352ef3, - 0x2c35af05, - 0x2c362f18, + 0x2c332ed5, + 0x2c33aee7, + 0x2c342efb, + 0x2c34af0d, + 0x2c352f28, + 0x2c35af3a, + 0x2c362f4d, 0x2c36832d, - 0x2c372f25, - 0x2c37af37, - 0x2c382f5c, - 0x2c38af73, - 0x2c392f81, - 0x2c39af91, - 0x2c3a2fa3, - 0x2c3aafb7, - 0x2c3b2fc8, - 0x2c3bafe7, + 0x2c372f5a, + 0x2c37af6c, + 0x2c382f91, + 0x2c38afa8, + 0x2c392fb6, + 0x2c39afc6, + 0x2c3a2fd8, + 0x2c3aafec, + 0x2c3b2ffd, + 0x2c3bb01c, 0x2c3c12cf, 0x2c3c92e5, - 0x2c3d2ffb, + 0x2c3d3030, 0x2c3d92fe, - 0x2c3e3018, - 0x2c3eb026, - 0x2c3f303e, - 0x2c3fb056, - 0x2c403080, + 0x2c3e304d, + 0x2c3eb05b, + 0x2c3f3073, + 0x2c3fb08b, + 0x2c4030b5, 0x2c4091d0, - 0x2c413091, - 0x2c41b0a4, + 0x2c4130c6, + 0x2c41b0d9, 0x2c421196, - 0x2c42b0b5, + 0x2c42b0ea, 0x2c430722, - 0x2c43afd9, - 0x2c442f4a, - 0x2c44b063, + 0x2c43b00e, + 0x2c442f7f, + 0x2c44b098, 0x30320000, 0x30328015, 0x3033001f, @@ -418,179 +418,181 @@ const uint32_t kOpenSSLReasonValues[] = { 0x404e1f0f, 0x404e9f1c, 0x404f1f49, - 0x404f9f72, - 0x40501fc9, - 0x40509fdd, - 0x40511ff8, - 0x40522008, - 0x4052a02c, - 0x40532044, - 0x4053a057, - 0x4054206c, - 0x4054a08f, - 0x4055209d, - 0x4055a0da, - 0x405620e7, - 0x4056a100, - 0x40572118, - 0x4057a12b, - 0x40582140, - 0x4058a167, - 0x40592196, - 0x4059a1c3, - 0x405a21d7, - 0x405aa1e7, - 0x405b21ff, - 0x405ba210, - 0x405c2223, - 0x405ca262, - 0x405d226f, - 0x405da294, - 0x405e22d2, + 0x404f9f8f, + 0x40501fe6, + 0x40509ffa, + 0x4051202d, + 0x4052203d, + 0x4052a061, + 0x40532079, + 0x4053a08c, + 0x405420a1, + 0x4054a0c4, + 0x405520d2, + 0x4055a10f, + 0x4056211c, + 0x4056a135, + 0x4057214d, + 0x4057a160, + 0x40582175, + 0x4058a19c, + 0x405921cb, + 0x4059a1f8, + 0x405a220c, + 0x405aa21c, + 0x405b2234, + 0x405ba245, + 0x405c2258, + 0x405ca297, + 0x405d22a4, + 0x405da2c9, + 0x405e2307, 0x405e8ab3, - 0x405f22f3, - 0x405fa300, - 0x4060230e, - 0x4060a330, - 0x40612391, - 0x4061a3c9, - 0x406223e0, - 0x4062a3f1, - 0x40632416, - 0x4063a42b, - 0x40642442, - 0x4064a46e, - 0x40652489, - 0x4065a4a0, - 0x406624b8, - 0x4066a4e2, - 0x4067250d, - 0x4067a552, - 0x4068259a, - 0x4068a5bb, - 0x406925ed, - 0x4069a61b, - 0x406a263c, - 0x406aa65c, - 0x406b27e4, - 0x406ba807, - 0x406c281d, - 0x406caac0, - 0x406d2aef, - 0x406dab17, - 0x406e2b45, - 0x406eab92, - 0x406f2bcd, - 0x406fac05, - 0x40702c18, - 0x4070ac35, + 0x405f2328, + 0x405fa335, + 0x40602343, + 0x4060a365, + 0x406123c6, + 0x4061a3fe, + 0x40622415, + 0x4062a426, + 0x4063244b, + 0x4063a460, + 0x40642477, + 0x4064a4a3, + 0x406524be, + 0x4065a4d5, + 0x406624ed, + 0x4066a517, + 0x40672542, + 0x4067a587, + 0x406825cf, + 0x4068a5f0, + 0x40692622, + 0x4069a650, + 0x406a2671, + 0x406aa691, + 0x406b2819, + 0x406ba83c, + 0x406c2852, + 0x406caaf5, + 0x406d2b24, + 0x406dab4c, + 0x406e2b7a, + 0x406eabc7, + 0x406f2c02, + 0x406fac3a, + 0x40702c4d, + 0x4070ac6a, 0x40710802, - 0x4071ac47, - 0x40722c5a, - 0x4072ac90, - 0x40732ca8, + 0x4071ac7c, + 0x40722c8f, + 0x4072acc5, + 0x40732cdd, 0x407394cf, - 0x40742cbc, - 0x4074acd6, - 0x40752ce7, - 0x4075acfb, - 0x40762d09, + 0x40742cf1, + 0x4074ad0b, + 0x40752d1c, + 0x4075ad30, + 0x40762d3e, 0x40769293, - 0x40772d2e, - 0x4077ad50, - 0x40782d6b, - 0x4078ada4, - 0x40792dbb, - 0x4079add1, - 0x407a2dfd, - 0x407aae10, - 0x407b2e25, - 0x407bae37, - 0x407c2e68, - 0x407cae71, - 0x407d25d6, - 0x407d9f82, - 0x407e2d80, - 0x407ea177, + 0x40772d63, + 0x4077ad85, + 0x40782da0, + 0x4078add9, + 0x40792df0, + 0x4079ae06, + 0x407a2e32, + 0x407aae45, + 0x407b2e5a, + 0x407bae6c, + 0x407c2e9d, + 0x407caea6, + 0x407d260b, + 0x407d9f9f, + 0x407e2db5, + 0x407ea1ac, 0x407f1d2d, 0x407f9ad3, 0x40801f59, 0x40809d55, - 0x4081201a, + 0x4081204f, 0x40819f33, - 0x40822b30, + 0x40822b65, 0x40829ab9, - 0x40832152, - 0x4083a453, + 0x40832187, + 0x4083a488, 0x40841d69, - 0x4084a1af, - 0x40852234, - 0x4085a358, - 0x408622b4, - 0x40869f9c, - 0x40872b76, - 0x4087a3a6, + 0x4084a1e4, + 0x40852269, + 0x4085a38d, + 0x408622e9, + 0x40869fb9, + 0x40872bab, + 0x4087a3db, 0x40881b1a, - 0x4088a565, + 0x4088a59a, 0x40891b69, 0x40899af6, - 0x408a2855, + 0x408a288a, 0x408a98e7, - 0x408b2e4c, - 0x408babe2, - 0x408c2244, + 0x408b2e81, + 0x408bac17, + 0x408c2279, 0x408c9903, 0x408d1dca, 0x408d9d9b, 0x408e1ee4, - 0x408ea0ba, - 0x408f2579, - 0x408fa374, - 0x4090252e, - 0x4090a286, - 0x4091283d, + 0x408ea0ef, + 0x408f25ae, + 0x408fa3a9, + 0x40902563, + 0x4090a2bb, + 0x40912872, 0x40919929, 0x40921bb6, - 0x4092abb1, - 0x40932c73, - 0x40939fad, + 0x4092abe6, + 0x40932ca8, + 0x40939fca, 0x40941d7d, - 0x4094a86e, - 0x40952402, - 0x4095addd, - 0x41f4270f, - 0x41f927a1, - 0x41fe2694, - 0x41fea8b1, - 0x41ff29a2, - 0x42032728, - 0x4208274a, - 0x4208a786, - 0x42092678, - 0x4209a7c0, - 0x420a26cf, - 0x420aa6af, - 0x420b26ef, - 0x420ba768, - 0x420c29be, - 0x420ca87e, - 0x420d2898, - 0x420da8cf, - 0x421228e9, - 0x42172985, - 0x4217a92b, - 0x421c294d, - 0x421f2908, - 0x422129d5, - 0x42262968, - 0x422b2aa4, - 0x422baa52, - 0x422c2a8c, - 0x422caa11, - 0x422d29f0, - 0x422daa71, - 0x422e2a37, - 0x422eab5d, + 0x4094a8a3, + 0x40952437, + 0x4095ae12, + 0x40962b92, + 0x40969f72, + 0x40972015, + 0x41f42744, + 0x41f927d6, + 0x41fe26c9, + 0x41fea8e6, + 0x41ff29d7, + 0x4203275d, + 0x4208277f, + 0x4208a7bb, + 0x420926ad, + 0x4209a7f5, + 0x420a2704, + 0x420aa6e4, + 0x420b2724, + 0x420ba79d, + 0x420c29f3, + 0x420ca8b3, + 0x420d28cd, + 0x420da904, + 0x4212291e, + 0x421729ba, + 0x4217a960, + 0x421c2982, + 0x421f293d, + 0x42212a0a, + 0x4226299d, + 0x422b2ad9, + 0x422baa87, + 0x422c2ac1, + 0x422caa46, + 0x422d2a25, + 0x422daaa6, + 0x422e2a6c, 0x4432072d, 0x4432873c, 0x44330748, @@ -645,69 +647,69 @@ const uint32_t kOpenSSLReasonValues[] = { 0x4c41152c, 0x4c4193af, 0x4c421518, - 0x503230c7, - 0x5032b0d6, - 0x503330e1, - 0x5033b0f1, - 0x5034310a, - 0x5034b124, - 0x50353132, - 0x5035b148, - 0x5036315a, - 0x5036b170, - 0x50373189, - 0x5037b19c, - 0x503831b4, - 0x5038b1c5, - 0x503931da, - 0x5039b1ee, - 0x503a320e, - 0x503ab224, - 0x503b323c, - 0x503bb24e, - 0x503c326a, - 0x503cb281, - 0x503d329a, - 0x503db2b0, - 0x503e32bd, - 0x503eb2d3, - 0x503f32e5, + 0x503230fc, + 0x5032b10b, + 0x50333116, + 0x5033b126, + 0x5034313f, + 0x5034b159, + 0x50353167, + 0x5035b17d, + 0x5036318f, + 0x5036b1a5, + 0x503731be, + 0x5037b1d1, + 0x503831e9, + 0x5038b1fa, + 0x5039320f, + 0x5039b223, + 0x503a3243, + 0x503ab259, + 0x503b3271, + 0x503bb283, + 0x503c329f, + 0x503cb2b6, + 0x503d32cf, + 0x503db2e5, + 0x503e32f2, + 0x503eb308, + 0x503f331a, 0x503f837b, - 0x504032f8, - 0x5040b308, - 0x50413322, - 0x5041b331, - 0x5042334b, - 0x5042b368, - 0x50433378, - 0x5043b388, - 0x50443397, + 0x5040332d, + 0x5040b33d, + 0x50413357, + 0x5041b366, + 0x50423380, + 0x5042b39d, + 0x504333ad, + 0x5043b3bd, + 0x504433cc, 0x50448431, - 0x504533ab, - 0x5045b3c9, - 0x504633dc, - 0x5046b3f2, - 0x50473404, - 0x5047b419, - 0x5048343f, - 0x5048b44d, - 0x50493460, - 0x5049b475, - 0x504a348b, - 0x504ab49b, - 0x504b34bb, - 0x504bb4ce, - 0x504c34f1, - 0x504cb51f, - 0x504d3531, - 0x504db54e, - 0x504e3569, - 0x504eb585, - 0x504f3597, - 0x504fb5ae, - 0x505035bd, + 0x504533e0, + 0x5045b3fe, + 0x50463411, + 0x5046b427, + 0x50473439, + 0x5047b44e, + 0x50483474, + 0x5048b482, + 0x50493495, + 0x5049b4aa, + 0x504a34c0, + 0x504ab4d0, + 0x504b34f0, + 0x504bb503, + 0x504c3526, + 0x504cb554, + 0x504d3566, + 0x504db583, + 0x504e359e, + 0x504eb5ba, + 0x504f35cc, + 0x504fb5e3, + 0x505035f2, 0x505086f1, - 0x505135d0, + 0x50513605, 0x58320f52, 0x68320f14, 0x68328c6c, @@ -1151,12 +1153,14 @@ const char kOpenSSLReasonStringData[] = "INVALID_ALPN_PROTOCOL\0" "INVALID_COMMAND\0" "INVALID_COMPRESSION_LIST\0" + "INVALID_DELEGATED_CREDENTIAL\0" "INVALID_MESSAGE\0" "INVALID_OUTER_RECORD_TYPE\0" "INVALID_SCT_LIST\0" "INVALID_SIGNATURE_ALGORITHM\0" "INVALID_SSL_SESSION\0" "INVALID_TICKET_KEYS_LENGTH\0" + "KEY_USAGE_BIT_INCORRECT\0" "LENGTH_MISMATCH\0" "MISSING_EXTENSION\0" "MISSING_KEY_SHARE\0" diff --git a/eureka.mk b/eureka.mk index 5cb01dc..6b3a671 100644 --- a/eureka.mk +++ b/eureka.mk @@ -302,6 +302,7 @@ linux_aarch64_sources := \ linux-aarch64/crypto/fipsmodule/sha1-armv8.S\ linux-aarch64/crypto/fipsmodule/sha256-armv8.S\ linux-aarch64/crypto/fipsmodule/sha512-armv8.S\ + linux-aarch64/crypto/test/trampoline-armv8.S\ linux_arm_sources := \ linux-arm/crypto/chacha/chacha-armv4.S\ @@ -314,6 +315,7 @@ linux_arm_sources := \ linux-arm/crypto/fipsmodule/sha1-armv4-large.S\ linux-arm/crypto/fipsmodule/sha256-armv4.S\ linux-arm/crypto/fipsmodule/sha512-armv4.S\ + linux-arm/crypto/test/trampoline-armv4.S\ src/crypto/curve25519/asm/x25519-asm-arm.S\ src/crypto/poly1305/poly1305_arm_asm.S\ @@ -334,6 +336,7 @@ linux_x86_sources := \ linux-x86/crypto/fipsmodule/sha512-586.S\ linux-x86/crypto/fipsmodule/vpaes-x86.S\ linux-x86/crypto/fipsmodule/x86-mont.S\ + linux-x86/crypto/test/trampoline-x86.S\ linux_x86_64_sources := \ linux-x86_64/crypto/chacha/chacha-x86_64.S\ @@ -343,6 +346,7 @@ linux_x86_64_sources := \ linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S\ linux-x86_64/crypto/fipsmodule/aesni-x86_64.S\ linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S\ + linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S\ linux-x86_64/crypto/fipsmodule/ghash-x86_64.S\ linux-x86_64/crypto/fipsmodule/md5-x86_64.S\ linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S\ @@ -355,5 +359,6 @@ linux_x86_64_sources := \ linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S\ linux-x86_64/crypto/fipsmodule/x86_64-mont.S\ linux-x86_64/crypto/fipsmodule/x86_64-mont5.S\ + linux-x86_64/crypto/test/trampoline-x86_64.S\ src/crypto/hrss/asm/poly_rq_mul.S\ diff --git a/ios-aarch64/crypto/test/trampoline-armv8.S b/ios-aarch64/crypto/test/trampoline-armv8.S new file mode 100644 index 0000000..95a41fe --- /dev/null +++ b/ios-aarch64/crypto/test/trampoline-armv8.S @@ -0,0 +1,684 @@ +// This file is generated from a similarly-named Perl script in the BoringSSL +// source tree. Do not edit by hand. + +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + +#if !defined(OPENSSL_NO_ASM) +#if defined(BORINGSSL_PREFIX) +#include +#endif +.text + +// abi_test_trampoline loads callee-saved registers from |state|, calls |func| +// with |argv|, then saves the callee-saved registers into |state|. It returns +// the result of |func|. The |unwind| argument is unused. +// uint64_t abi_test_trampoline(void (*func)(...), CallerState *state, +// const uint64_t *argv, size_t argc, +// uint64_t unwind); + +.globl _abi_test_trampoline +.private_extern _abi_test_trampoline +.align 4 +_abi_test_trampoline: +Labi_test_trampoline_begin: + // Stack layout (low to high addresses) + // x29,x30 (16 bytes) + // d8-d15 (64 bytes) + // x19-x28 (80 bytes) + // x1 (8 bytes) + // padding (8 bytes) + stp x29, x30, [sp, #-176]! + mov x29, sp + + // Saved callee-saved registers and |state|. + stp d8, d9, [sp, #16] + stp d10, d11, [sp, #32] + stp d12, d13, [sp, #48] + stp d14, d15, [sp, #64] + stp x19, x20, [sp, #80] + stp x21, x22, [sp, #96] + stp x23, x24, [sp, #112] + stp x25, x26, [sp, #128] + stp x27, x28, [sp, #144] + str x1, [sp, #160] + + // Load registers from |state|, with the exception of x29. x29 is the + // frame pointer and also callee-saved, but AAPCS64 allows platforms to + // mandate that x29 always point to a frame. iOS64 does so, which means + // we cannot fill x29 with entropy without violating ABI rules + // ourselves. x29 is tested separately below. + ldp d8, d9, [x1], #16 + ldp d10, d11, [x1], #16 + ldp d12, d13, [x1], #16 + ldp d14, d15, [x1], #16 + ldp x19, x20, [x1], #16 + ldp x21, x22, [x1], #16 + ldp x23, x24, [x1], #16 + ldp x25, x26, [x1], #16 + ldp x27, x28, [x1], #16 + + // Move parameters into temporary registers. + mov x9, x0 + mov x10, x2 + mov x11, x3 + + // Load parameters into registers. + cbz x11, Largs_done + ldr x0, [x10], #8 + subs x11, x11, #1 + b.eq Largs_done + ldr x1, [x10], #8 + subs x11, x11, #1 + b.eq Largs_done + ldr x2, [x10], #8 + subs x11, x11, #1 + b.eq Largs_done + ldr x3, [x10], #8 + subs x11, x11, #1 + b.eq Largs_done + ldr x4, [x10], #8 + subs x11, x11, #1 + b.eq Largs_done + ldr x5, [x10], #8 + subs x11, x11, #1 + b.eq Largs_done + ldr x6, [x10], #8 + subs x11, x11, #1 + b.eq Largs_done + ldr x7, [x10], #8 + +Largs_done: + blr x9 + + // Reload |state| and store registers. + ldr x1, [sp, #160] + stp d8, d9, [x1], #16 + stp d10, d11, [x1], #16 + stp d12, d13, [x1], #16 + stp d14, d15, [x1], #16 + stp x19, x20, [x1], #16 + stp x21, x22, [x1], #16 + stp x23, x24, [x1], #16 + stp x25, x26, [x1], #16 + stp x27, x28, [x1], #16 + + // |func| is required to preserve x29, the frame pointer. We cannot load + // random values into x29 (see comment above), so compare it against the + // expected value and zero the field of |state| if corrupted. + mov x9, sp + cmp x29, x9 + b.eq Lx29_ok + str xzr, [x1] + +Lx29_ok: + // Restore callee-saved registers. + ldp d8, d9, [sp, #16] + ldp d10, d11, [sp, #32] + ldp d12, d13, [sp, #48] + ldp d14, d15, [sp, #64] + ldp x19, x20, [sp, #80] + ldp x21, x22, [sp, #96] + ldp x23, x24, [sp, #112] + ldp x25, x26, [sp, #128] + ldp x27, x28, [sp, #144] + + ldp x29, x30, [sp], #176 + ret + + +.globl _abi_test_clobber_x0 +.private_extern _abi_test_clobber_x0 +.align 4 +_abi_test_clobber_x0: + mov x0, xzr + ret + + +.globl _abi_test_clobber_x1 +.private_extern _abi_test_clobber_x1 +.align 4 +_abi_test_clobber_x1: + mov x1, xzr + ret + + +.globl _abi_test_clobber_x2 +.private_extern _abi_test_clobber_x2 +.align 4 +_abi_test_clobber_x2: + mov x2, xzr + ret + + +.globl _abi_test_clobber_x3 +.private_extern _abi_test_clobber_x3 +.align 4 +_abi_test_clobber_x3: + mov x3, xzr + ret + + +.globl _abi_test_clobber_x4 +.private_extern _abi_test_clobber_x4 +.align 4 +_abi_test_clobber_x4: + mov x4, xzr + ret + + +.globl _abi_test_clobber_x5 +.private_extern _abi_test_clobber_x5 +.align 4 +_abi_test_clobber_x5: + mov x5, xzr + ret + + +.globl _abi_test_clobber_x6 +.private_extern _abi_test_clobber_x6 +.align 4 +_abi_test_clobber_x6: + mov x6, xzr + ret + + +.globl _abi_test_clobber_x7 +.private_extern _abi_test_clobber_x7 +.align 4 +_abi_test_clobber_x7: + mov x7, xzr + ret + + +.globl _abi_test_clobber_x8 +.private_extern _abi_test_clobber_x8 +.align 4 +_abi_test_clobber_x8: + mov x8, xzr + ret + + +.globl _abi_test_clobber_x9 +.private_extern _abi_test_clobber_x9 +.align 4 +_abi_test_clobber_x9: + mov x9, xzr + ret + + +.globl _abi_test_clobber_x10 +.private_extern _abi_test_clobber_x10 +.align 4 +_abi_test_clobber_x10: + mov x10, xzr + ret + + +.globl _abi_test_clobber_x11 +.private_extern _abi_test_clobber_x11 +.align 4 +_abi_test_clobber_x11: + mov x11, xzr + ret + + +.globl _abi_test_clobber_x12 +.private_extern _abi_test_clobber_x12 +.align 4 +_abi_test_clobber_x12: + mov x12, xzr + ret + + +.globl _abi_test_clobber_x13 +.private_extern _abi_test_clobber_x13 +.align 4 +_abi_test_clobber_x13: + mov x13, xzr + ret + + +.globl _abi_test_clobber_x14 +.private_extern _abi_test_clobber_x14 +.align 4 +_abi_test_clobber_x14: + mov x14, xzr + ret + + +.globl _abi_test_clobber_x15 +.private_extern _abi_test_clobber_x15 +.align 4 +_abi_test_clobber_x15: + mov x15, xzr + ret + + +.globl _abi_test_clobber_x16 +.private_extern _abi_test_clobber_x16 +.align 4 +_abi_test_clobber_x16: + mov x16, xzr + ret + + +.globl _abi_test_clobber_x17 +.private_extern _abi_test_clobber_x17 +.align 4 +_abi_test_clobber_x17: + mov x17, xzr + ret + + +.globl _abi_test_clobber_x19 +.private_extern _abi_test_clobber_x19 +.align 4 +_abi_test_clobber_x19: + mov x19, xzr + ret + + +.globl _abi_test_clobber_x20 +.private_extern _abi_test_clobber_x20 +.align 4 +_abi_test_clobber_x20: + mov x20, xzr + ret + + +.globl _abi_test_clobber_x21 +.private_extern _abi_test_clobber_x21 +.align 4 +_abi_test_clobber_x21: + mov x21, xzr + ret + + +.globl _abi_test_clobber_x22 +.private_extern _abi_test_clobber_x22 +.align 4 +_abi_test_clobber_x22: + mov x22, xzr + ret + + +.globl _abi_test_clobber_x23 +.private_extern _abi_test_clobber_x23 +.align 4 +_abi_test_clobber_x23: + mov x23, xzr + ret + + +.globl _abi_test_clobber_x24 +.private_extern _abi_test_clobber_x24 +.align 4 +_abi_test_clobber_x24: + mov x24, xzr + ret + + +.globl _abi_test_clobber_x25 +.private_extern _abi_test_clobber_x25 +.align 4 +_abi_test_clobber_x25: + mov x25, xzr + ret + + +.globl _abi_test_clobber_x26 +.private_extern _abi_test_clobber_x26 +.align 4 +_abi_test_clobber_x26: + mov x26, xzr + ret + + +.globl _abi_test_clobber_x27 +.private_extern _abi_test_clobber_x27 +.align 4 +_abi_test_clobber_x27: + mov x27, xzr + ret + + +.globl _abi_test_clobber_x28 +.private_extern _abi_test_clobber_x28 +.align 4 +_abi_test_clobber_x28: + mov x28, xzr + ret + + +.globl _abi_test_clobber_x29 +.private_extern _abi_test_clobber_x29 +.align 4 +_abi_test_clobber_x29: + mov x29, xzr + ret + + +.globl _abi_test_clobber_d0 +.private_extern _abi_test_clobber_d0 +.align 4 +_abi_test_clobber_d0: + fmov d0, xzr + ret + + +.globl _abi_test_clobber_d1 +.private_extern _abi_test_clobber_d1 +.align 4 +_abi_test_clobber_d1: + fmov d1, xzr + ret + + +.globl _abi_test_clobber_d2 +.private_extern _abi_test_clobber_d2 +.align 4 +_abi_test_clobber_d2: + fmov d2, xzr + ret + + +.globl _abi_test_clobber_d3 +.private_extern _abi_test_clobber_d3 +.align 4 +_abi_test_clobber_d3: + fmov d3, xzr + ret + + +.globl _abi_test_clobber_d4 +.private_extern _abi_test_clobber_d4 +.align 4 +_abi_test_clobber_d4: + fmov d4, xzr + ret + + +.globl _abi_test_clobber_d5 +.private_extern _abi_test_clobber_d5 +.align 4 +_abi_test_clobber_d5: + fmov d5, xzr + ret + + +.globl _abi_test_clobber_d6 +.private_extern _abi_test_clobber_d6 +.align 4 +_abi_test_clobber_d6: + fmov d6, xzr + ret + + +.globl _abi_test_clobber_d7 +.private_extern _abi_test_clobber_d7 +.align 4 +_abi_test_clobber_d7: + fmov d7, xzr + ret + + +.globl _abi_test_clobber_d8 +.private_extern _abi_test_clobber_d8 +.align 4 +_abi_test_clobber_d8: + fmov d8, xzr + ret + + +.globl _abi_test_clobber_d9 +.private_extern _abi_test_clobber_d9 +.align 4 +_abi_test_clobber_d9: + fmov d9, xzr + ret + + +.globl _abi_test_clobber_d10 +.private_extern _abi_test_clobber_d10 +.align 4 +_abi_test_clobber_d10: + fmov d10, xzr + ret + + +.globl _abi_test_clobber_d11 +.private_extern _abi_test_clobber_d11 +.align 4 +_abi_test_clobber_d11: + fmov d11, xzr + ret + + +.globl _abi_test_clobber_d12 +.private_extern _abi_test_clobber_d12 +.align 4 +_abi_test_clobber_d12: + fmov d12, xzr + ret + + +.globl _abi_test_clobber_d13 +.private_extern _abi_test_clobber_d13 +.align 4 +_abi_test_clobber_d13: + fmov d13, xzr + ret + + +.globl _abi_test_clobber_d14 +.private_extern _abi_test_clobber_d14 +.align 4 +_abi_test_clobber_d14: + fmov d14, xzr + ret + + +.globl _abi_test_clobber_d15 +.private_extern _abi_test_clobber_d15 +.align 4 +_abi_test_clobber_d15: + fmov d15, xzr + ret + + +.globl _abi_test_clobber_d16 +.private_extern _abi_test_clobber_d16 +.align 4 +_abi_test_clobber_d16: + fmov d16, xzr + ret + + +.globl _abi_test_clobber_d17 +.private_extern _abi_test_clobber_d17 +.align 4 +_abi_test_clobber_d17: + fmov d17, xzr + ret + + +.globl _abi_test_clobber_d18 +.private_extern _abi_test_clobber_d18 +.align 4 +_abi_test_clobber_d18: + fmov d18, xzr + ret + + +.globl _abi_test_clobber_d19 +.private_extern _abi_test_clobber_d19 +.align 4 +_abi_test_clobber_d19: + fmov d19, xzr + ret + + +.globl _abi_test_clobber_d20 +.private_extern _abi_test_clobber_d20 +.align 4 +_abi_test_clobber_d20: + fmov d20, xzr + ret + + +.globl _abi_test_clobber_d21 +.private_extern _abi_test_clobber_d21 +.align 4 +_abi_test_clobber_d21: + fmov d21, xzr + ret + + +.globl _abi_test_clobber_d22 +.private_extern _abi_test_clobber_d22 +.align 4 +_abi_test_clobber_d22: + fmov d22, xzr + ret + + +.globl _abi_test_clobber_d23 +.private_extern _abi_test_clobber_d23 +.align 4 +_abi_test_clobber_d23: + fmov d23, xzr + ret + + +.globl _abi_test_clobber_d24 +.private_extern _abi_test_clobber_d24 +.align 4 +_abi_test_clobber_d24: + fmov d24, xzr + ret + + +.globl _abi_test_clobber_d25 +.private_extern _abi_test_clobber_d25 +.align 4 +_abi_test_clobber_d25: + fmov d25, xzr + ret + + +.globl _abi_test_clobber_d26 +.private_extern _abi_test_clobber_d26 +.align 4 +_abi_test_clobber_d26: + fmov d26, xzr + ret + + +.globl _abi_test_clobber_d27 +.private_extern _abi_test_clobber_d27 +.align 4 +_abi_test_clobber_d27: + fmov d27, xzr + ret + + +.globl _abi_test_clobber_d28 +.private_extern _abi_test_clobber_d28 +.align 4 +_abi_test_clobber_d28: + fmov d28, xzr + ret + + +.globl _abi_test_clobber_d29 +.private_extern _abi_test_clobber_d29 +.align 4 +_abi_test_clobber_d29: + fmov d29, xzr + ret + + +.globl _abi_test_clobber_d30 +.private_extern _abi_test_clobber_d30 +.align 4 +_abi_test_clobber_d30: + fmov d30, xzr + ret + + +.globl _abi_test_clobber_d31 +.private_extern _abi_test_clobber_d31 +.align 4 +_abi_test_clobber_d31: + fmov d31, xzr + ret + + +.globl _abi_test_clobber_v8_upper +.private_extern _abi_test_clobber_v8_upper +.align 4 +_abi_test_clobber_v8_upper: + fmov v8.d[1], xzr + ret + + +.globl _abi_test_clobber_v9_upper +.private_extern _abi_test_clobber_v9_upper +.align 4 +_abi_test_clobber_v9_upper: + fmov v9.d[1], xzr + ret + + +.globl _abi_test_clobber_v10_upper +.private_extern _abi_test_clobber_v10_upper +.align 4 +_abi_test_clobber_v10_upper: + fmov v10.d[1], xzr + ret + + +.globl _abi_test_clobber_v11_upper +.private_extern _abi_test_clobber_v11_upper +.align 4 +_abi_test_clobber_v11_upper: + fmov v11.d[1], xzr + ret + + +.globl _abi_test_clobber_v12_upper +.private_extern _abi_test_clobber_v12_upper +.align 4 +_abi_test_clobber_v12_upper: + fmov v12.d[1], xzr + ret + + +.globl _abi_test_clobber_v13_upper +.private_extern _abi_test_clobber_v13_upper +.align 4 +_abi_test_clobber_v13_upper: + fmov v13.d[1], xzr + ret + + +.globl _abi_test_clobber_v14_upper +.private_extern _abi_test_clobber_v14_upper +.align 4 +_abi_test_clobber_v14_upper: + fmov v14.d[1], xzr + ret + + +.globl _abi_test_clobber_v15_upper +.private_extern _abi_test_clobber_v15_upper +.align 4 +_abi_test_clobber_v15_upper: + fmov v15.d[1], xzr + ret + +#endif // !OPENSSL_NO_ASM diff --git a/ios-arm/crypto/fipsmodule/bsaes-armv7.S b/ios-arm/crypto/fipsmodule/bsaes-armv7.S index d997c6c..4d4b7cc 100644 --- a/ios-arm/crypto/fipsmodule/bsaes-armv7.S +++ b/ios-arm/crypto/fipsmodule/bsaes-armv7.S @@ -1086,6 +1086,9 @@ Lkey_loop: @ don't save last round key bx lr +@ TODO(davidben): This should be aes_nohw_cbc_encrypt, but that function does +@ not exist. Rather than add it, patch this fallback out. See +@ https://crbug.com/boringssl/256. @@ -1336,7 +1339,7 @@ Lcbc_dec_one: mov r2, r3 vmov q4,q15 @ just in case ensure that IV vmov q5,q0 @ and input are preserved - bl _AES_decrypt + bl _aes_nohw_decrypt vld1.8 {q0}, [r9] @ load result veor q0, q0, q4 @ ^= IV vmov q15, q5 @ q5 holds input @@ -1567,7 +1570,7 @@ Lctr_enc_short_loop: mov r1, sp @ output on the stack mov r2, r7 @ key - bl _AES_encrypt + bl _aes_nohw_encrypt vld1.8 {q0}, [r4]! @ load input vld1.8 {q1}, [sp] @ load encrypted counter @@ -1589,1001 +1592,5 @@ Lctr_enc_short_loop: ldmia sp!, {r4,r5,r6,r7,r8, pc} -.globl _bsaes_xts_encrypt -.private_extern _bsaes_xts_encrypt -#ifdef __thumb2__ -.thumb_func _bsaes_xts_encrypt -#endif -.align 4 -_bsaes_xts_encrypt: - mov ip, sp - stmdb sp!, {r4,r5,r6,r7,r8,r9,r10, lr} @ 0x20 - VFP_ABI_PUSH - mov r6, sp @ future r3 - - mov r7, r0 - mov r8, r1 - mov r9, r2 - mov r10, r3 - - sub r0, sp, #0x10 @ 0x10 - bic r0, #0xf @ align at 16 bytes - mov sp, r0 - -#ifdef XTS_CHAIN_TWEAK - ldr r0, [ip] @ pointer to input tweak -#else - @ generate initial tweak - ldr r0, [ip, #4] @ iv[] - mov r1, sp - ldr r2, [ip, #0] @ key2 - bl _AES_encrypt - mov r0,sp @ pointer to initial tweak -#endif - - ldr r1, [r10, #240] @ get # of rounds - mov r3, r6 -#ifndef BSAES_ASM_EXTENDED_KEY - @ allocate the key schedule on the stack - sub r12, sp, r1, lsl#7 @ 128 bytes per inner round key - @ add r12, #96 @ size of bit-sliced key schedule - sub r12, #48 @ place for tweak[9] - - @ populate the key schedule - mov r4, r10 @ pass key - mov r5, r1 @ pass # of rounds - mov sp, r12 - add r12, #0x90 @ pass key schedule - bl _bsaes_key_convert - veor q7, q7, q15 @ fix up last round key - vstmia r12, {q7} @ save last round key -#else - ldr r12, [r10, #244] - eors r12, #1 - beq 0f - - str r12, [r10, #244] - mov r4, r10 @ pass key - mov r5, r1 @ pass # of rounds - add r12, r10, #248 @ pass key schedule - bl _bsaes_key_convert - veor q7, q7, q15 @ fix up last round key - vstmia r12, {q7} - -.align 2 - sub sp, #0x90 @ place for tweak[9] -#endif - - vld1.8 {q8}, [r0] @ initial tweak - adr r2, Lxts_magic - - subs r9, #0x80 - blo Lxts_enc_short - b Lxts_enc_loop - -.align 4 -Lxts_enc_loop: - vldmia r2, {q5} @ load XTS magic - vshr.s64 q6, q8, #63 - mov r0, sp - vand q6, q6, q5 - vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q9, #63 - veor q9, q9, q6 - vand q7, q7, q5 - vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q10, #63 - veor q10, q10, q7 - vand q6, q6, q5 - vld1.8 {q0}, [r7]! - vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q11, #63 - veor q11, q11, q6 - vand q7, q7, q5 - vld1.8 {q1}, [r7]! - veor q0, q0, q8 - vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q12, #63 - veor q12, q12, q7 - vand q6, q6, q5 - vld1.8 {q2}, [r7]! - veor q1, q1, q9 - vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q13, #63 - veor q13, q13, q6 - vand q7, q7, q5 - vld1.8 {q3}, [r7]! - veor q2, q2, q10 - vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q14, #63 - veor q14, q14, q7 - vand q6, q6, q5 - vld1.8 {q4}, [r7]! - veor q3, q3, q11 - vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q15, #63 - veor q15, q15, q6 - vand q7, q7, q5 - vld1.8 {q5}, [r7]! - veor q4, q4, q12 - vadd.u64 q8, q15, q15 - vst1.64 {q15}, [r0,:128]! - vswp d15,d14 - veor q8, q8, q7 - vst1.64 {q8}, [r0,:128] @ next round tweak - - vld1.8 {q6,q7}, [r7]! - veor q5, q5, q13 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - veor q7, q7, q15 - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q6, q11 - vld1.64 {q14,q15}, [r0,:128]! - veor q10, q3, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - veor q12, q2, q14 - vst1.8 {q10,q11}, [r8]! - veor q13, q5, q15 - vst1.8 {q12,q13}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - - subs r9, #0x80 - bpl Lxts_enc_loop - -Lxts_enc_short: - adds r9, #0x70 - bmi Lxts_enc_done - - vldmia r2, {q5} @ load XTS magic - vshr.s64 q7, q8, #63 - mov r0, sp - vand q7, q7, q5 - vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q9, #63 - veor q9, q9, q7 - vand q6, q6, q5 - vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q10, #63 - veor q10, q10, q6 - vand q7, q7, q5 - vld1.8 {q0}, [r7]! - subs r9, #0x10 - bmi Lxts_enc_1 - vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q11, #63 - veor q11, q11, q7 - vand q6, q6, q5 - vld1.8 {q1}, [r7]! - subs r9, #0x10 - bmi Lxts_enc_2 - veor q0, q0, q8 - vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q12, #63 - veor q12, q12, q6 - vand q7, q7, q5 - vld1.8 {q2}, [r7]! - subs r9, #0x10 - bmi Lxts_enc_3 - veor q1, q1, q9 - vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q13, #63 - veor q13, q13, q7 - vand q6, q6, q5 - vld1.8 {q3}, [r7]! - subs r9, #0x10 - bmi Lxts_enc_4 - veor q2, q2, q10 - vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q14, #63 - veor q14, q14, q6 - vand q7, q7, q5 - vld1.8 {q4}, [r7]! - subs r9, #0x10 - bmi Lxts_enc_5 - veor q3, q3, q11 - vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q15, #63 - veor q15, q15, q7 - vand q6, q6, q5 - vld1.8 {q5}, [r7]! - subs r9, #0x10 - bmi Lxts_enc_6 - veor q4, q4, q12 - sub r9, #0x10 - vst1.64 {q15}, [r0,:128] @ next round tweak - - vld1.8 {q6}, [r7]! - veor q5, q5, q13 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q6, q11 - vld1.64 {q14}, [r0,:128]! - veor q10, q3, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - veor q12, q2, q14 - vst1.8 {q10,q11}, [r8]! - vst1.8 {q12}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_enc_done -.align 4 -Lxts_enc_6: - veor q4, q4, q12 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q5, q5, q13 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q6, q11 - veor q10, q3, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - vst1.8 {q10,q11}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_enc_done - -@ put this in range for both ARM and Thumb mode adr instructions -.align 5 -Lxts_magic: -.quad 1, 0x87 - -.align 5 -Lxts_enc_5: - veor q3, q3, q11 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q4, q4, q12 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q6, q11 - veor q10, q3, q12 - vst1.8 {q8,q9}, [r8]! - vst1.8 {q10}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_enc_done -.align 4 -Lxts_enc_4: - veor q2, q2, q10 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q3, q3, q11 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q6, q11 - vst1.8 {q8,q9}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_enc_done -.align 4 -Lxts_enc_3: - veor q1, q1, q9 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q2, q2, q10 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - vst1.8 {q8}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_enc_done -.align 4 -Lxts_enc_2: - veor q0, q0, q8 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q1, q1, q9 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - vst1.8 {q0,q1}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_enc_done -.align 4 -Lxts_enc_1: - mov r0, sp - veor q0, q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - mov r4, r3 @ preserve fp - - bl _AES_encrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r8]! - mov r3, r4 - - vmov q8, q9 @ next round tweak - -Lxts_enc_done: -#ifndef XTS_CHAIN_TWEAK - adds r9, #0x10 - beq Lxts_enc_ret - sub r6, r8, #0x10 - -Lxts_enc_steal: - ldrb r0, [r7], #1 - ldrb r1, [r8, #-0x10] - strb r0, [r8, #-0x10] - strb r1, [r8], #1 - - subs r9, #1 - bhi Lxts_enc_steal - - vld1.8 {q0}, [r6] - mov r0, sp - veor q0, q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - mov r4, r3 @ preserve fp - - bl _AES_encrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r6] - mov r3, r4 -#endif - -Lxts_enc_ret: - bic r0, r3, #0xf - vmov.i32 q0, #0 - vmov.i32 q1, #0 -#ifdef XTS_CHAIN_TWEAK - ldr r1, [r3, #0x20+VFP_ABI_FRAME] @ chain tweak -#endif -Lxts_enc_bzero:@ wipe key schedule [if any] - vstmia sp!, {q0,q1} - cmp sp, r0 - bne Lxts_enc_bzero - - mov sp, r3 -#ifdef XTS_CHAIN_TWEAK - vst1.8 {q8}, [r1] -#endif - VFP_ABI_POP - ldmia sp!, {r4,r5,r6,r7,r8,r9,r10, pc} @ return - - - -.globl _bsaes_xts_decrypt -.private_extern _bsaes_xts_decrypt -#ifdef __thumb2__ -.thumb_func _bsaes_xts_decrypt -#endif -.align 4 -_bsaes_xts_decrypt: - mov ip, sp - stmdb sp!, {r4,r5,r6,r7,r8,r9,r10, lr} @ 0x20 - VFP_ABI_PUSH - mov r6, sp @ future r3 - - mov r7, r0 - mov r8, r1 - mov r9, r2 - mov r10, r3 - - sub r0, sp, #0x10 @ 0x10 - bic r0, #0xf @ align at 16 bytes - mov sp, r0 - -#ifdef XTS_CHAIN_TWEAK - ldr r0, [ip] @ pointer to input tweak -#else - @ generate initial tweak - ldr r0, [ip, #4] @ iv[] - mov r1, sp - ldr r2, [ip, #0] @ key2 - bl _AES_encrypt - mov r0, sp @ pointer to initial tweak -#endif - - ldr r1, [r10, #240] @ get # of rounds - mov r3, r6 -#ifndef BSAES_ASM_EXTENDED_KEY - @ allocate the key schedule on the stack - sub r12, sp, r1, lsl#7 @ 128 bytes per inner round key - @ add r12, #96 @ size of bit-sliced key schedule - sub r12, #48 @ place for tweak[9] - - @ populate the key schedule - mov r4, r10 @ pass key - mov r5, r1 @ pass # of rounds - mov sp, r12 - add r12, #0x90 @ pass key schedule - bl _bsaes_key_convert - add r4, sp, #0x90 - vldmia r4, {q6} - vstmia r12, {q15} @ save last round key - veor q7, q7, q6 @ fix up round 0 key - vstmia r4, {q7} -#else - ldr r12, [r10, #244] - eors r12, #1 - beq 0f - - str r12, [r10, #244] - mov r4, r10 @ pass key - mov r5, r1 @ pass # of rounds - add r12, r10, #248 @ pass key schedule - bl _bsaes_key_convert - add r4, r10, #248 - vldmia r4, {q6} - vstmia r12, {q15} @ save last round key - veor q7, q7, q6 @ fix up round 0 key - vstmia r4, {q7} - -.align 2 - sub sp, #0x90 @ place for tweak[9] -#endif - vld1.8 {q8}, [r0] @ initial tweak - adr r2, Lxts_magic - -#ifndef XTS_CHAIN_TWEAK - tst r9, #0xf @ if not multiple of 16 - it ne @ Thumb2 thing, sanity check in ARM - subne r9, #0x10 @ subtract another 16 bytes -#endif - subs r9, #0x80 - - blo Lxts_dec_short - b Lxts_dec_loop - -.align 4 -Lxts_dec_loop: - vldmia r2, {q5} @ load XTS magic - vshr.s64 q6, q8, #63 - mov r0, sp - vand q6, q6, q5 - vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q9, #63 - veor q9, q9, q6 - vand q7, q7, q5 - vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q10, #63 - veor q10, q10, q7 - vand q6, q6, q5 - vld1.8 {q0}, [r7]! - vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q11, #63 - veor q11, q11, q6 - vand q7, q7, q5 - vld1.8 {q1}, [r7]! - veor q0, q0, q8 - vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q12, #63 - veor q12, q12, q7 - vand q6, q6, q5 - vld1.8 {q2}, [r7]! - veor q1, q1, q9 - vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q13, #63 - veor q13, q13, q6 - vand q7, q7, q5 - vld1.8 {q3}, [r7]! - veor q2, q2, q10 - vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q14, #63 - veor q14, q14, q7 - vand q6, q6, q5 - vld1.8 {q4}, [r7]! - veor q3, q3, q11 - vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q15, #63 - veor q15, q15, q6 - vand q7, q7, q5 - vld1.8 {q5}, [r7]! - veor q4, q4, q12 - vadd.u64 q8, q15, q15 - vst1.64 {q15}, [r0,:128]! - vswp d15,d14 - veor q8, q8, q7 - vst1.64 {q8}, [r0,:128] @ next round tweak - - vld1.8 {q6,q7}, [r7]! - veor q5, q5, q13 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - veor q7, q7, q15 - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q4, q11 - vld1.64 {q14,q15}, [r0,:128]! - veor q10, q2, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - veor q12, q3, q14 - vst1.8 {q10,q11}, [r8]! - veor q13, q5, q15 - vst1.8 {q12,q13}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - - subs r9, #0x80 - bpl Lxts_dec_loop - -Lxts_dec_short: - adds r9, #0x70 - bmi Lxts_dec_done - - vldmia r2, {q5} @ load XTS magic - vshr.s64 q7, q8, #63 - mov r0, sp - vand q7, q7, q5 - vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q9, #63 - veor q9, q9, q7 - vand q6, q6, q5 - vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q10, #63 - veor q10, q10, q6 - vand q7, q7, q5 - vld1.8 {q0}, [r7]! - subs r9, #0x10 - bmi Lxts_dec_1 - vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q11, #63 - veor q11, q11, q7 - vand q6, q6, q5 - vld1.8 {q1}, [r7]! - subs r9, #0x10 - bmi Lxts_dec_2 - veor q0, q0, q8 - vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q12, #63 - veor q12, q12, q6 - vand q7, q7, q5 - vld1.8 {q2}, [r7]! - subs r9, #0x10 - bmi Lxts_dec_3 - veor q1, q1, q9 - vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q13, #63 - veor q13, q13, q7 - vand q6, q6, q5 - vld1.8 {q3}, [r7]! - subs r9, #0x10 - bmi Lxts_dec_4 - veor q2, q2, q10 - vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q14, #63 - veor q14, q14, q6 - vand q7, q7, q5 - vld1.8 {q4}, [r7]! - subs r9, #0x10 - bmi Lxts_dec_5 - veor q3, q3, q11 - vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q15, #63 - veor q15, q15, q7 - vand q6, q6, q5 - vld1.8 {q5}, [r7]! - subs r9, #0x10 - bmi Lxts_dec_6 - veor q4, q4, q12 - sub r9, #0x10 - vst1.64 {q15}, [r0,:128] @ next round tweak - - vld1.8 {q6}, [r7]! - veor q5, q5, q13 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q4, q11 - vld1.64 {q14}, [r0,:128]! - veor q10, q2, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - veor q12, q3, q14 - vst1.8 {q10,q11}, [r8]! - vst1.8 {q12}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_dec_done -.align 4 -Lxts_dec_6: - vst1.64 {q14}, [r0,:128] @ next round tweak - - veor q4, q4, q12 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q5, q5, q13 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q4, q11 - veor q10, q2, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - vst1.8 {q10,q11}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_dec_done -.align 4 -Lxts_dec_5: - veor q3, q3, q11 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q4, q4, q12 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q4, q11 - veor q10, q2, q12 - vst1.8 {q8,q9}, [r8]! - vst1.8 {q10}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_dec_done -.align 4 -Lxts_dec_4: - veor q2, q2, q10 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q3, q3, q11 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q4, q11 - vst1.8 {q8,q9}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_dec_done -.align 4 -Lxts_dec_3: - veor q1, q1, q9 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q2, q2, q10 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - vst1.8 {q8}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_dec_done -.align 4 -Lxts_dec_2: - veor q0, q0, q8 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q1, q1, q9 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - vst1.8 {q0,q1}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b Lxts_dec_done -.align 4 -Lxts_dec_1: - mov r0, sp - veor q0, q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r5, r2 @ preserve magic - mov r2, r10 - mov r4, r3 @ preserve fp - - bl _AES_decrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r8]! - mov r3, r4 - mov r2, r5 - - vmov q8, q9 @ next round tweak - -Lxts_dec_done: -#ifndef XTS_CHAIN_TWEAK - adds r9, #0x10 - beq Lxts_dec_ret - - @ calculate one round of extra tweak for the stolen ciphertext - vldmia r2, {q5} - vshr.s64 q6, q8, #63 - vand q6, q6, q5 - vadd.u64 q9, q8, q8 - vswp d13,d12 - veor q9, q9, q6 - - @ perform the final decryption with the last tweak value - vld1.8 {q0}, [r7]! - mov r0, sp - veor q0, q0, q9 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - mov r4, r3 @ preserve fp - - bl _AES_decrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q9 - vst1.8 {q0}, [r8] - - mov r6, r8 -Lxts_dec_steal: - ldrb r1, [r8] - ldrb r0, [r7], #1 - strb r1, [r8, #0x10] - strb r0, [r8], #1 - - subs r9, #1 - bhi Lxts_dec_steal - - vld1.8 {q0}, [r6] - mov r0, sp - veor q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - - bl _AES_decrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r6] - mov r3, r4 -#endif - -Lxts_dec_ret: - bic r0, r3, #0xf - vmov.i32 q0, #0 - vmov.i32 q1, #0 -#ifdef XTS_CHAIN_TWEAK - ldr r1, [r3, #0x20+VFP_ABI_FRAME] @ chain tweak -#endif -Lxts_dec_bzero:@ wipe key schedule [if any] - vstmia sp!, {q0,q1} - cmp sp, r0 - bne Lxts_dec_bzero - - mov sp, r3 -#ifdef XTS_CHAIN_TWEAK - vst1.8 {q8}, [r1] -#endif - VFP_ABI_POP - ldmia sp!, {r4,r5,r6,r7,r8,r9,r10, pc} @ return - - #endif #endif // !OPENSSL_NO_ASM diff --git a/ios-arm/crypto/test/trampoline-armv4.S b/ios-arm/crypto/test/trampoline-armv4.S new file mode 100644 index 0000000..b8e851f --- /dev/null +++ b/ios-arm/crypto/test/trampoline-armv4.S @@ -0,0 +1,376 @@ +// This file is generated from a similarly-named Perl script in the BoringSSL +// source tree. Do not edit by hand. + +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + +#if !defined(OPENSSL_NO_ASM) +#if defined(BORINGSSL_PREFIX) +#include +#endif +.syntax unified + + + + +.text + +@ abi_test_trampoline loads callee-saved registers from |state|, calls |func| +@ with |argv|, then saves the callee-saved registers into |state|. It returns +@ the result of |func|. The |unwind| argument is unused. +@ uint32_t abi_test_trampoline(void (*func)(...), CallerState *state, +@ const uint32_t *argv, size_t argc, +@ int unwind); + +.globl _abi_test_trampoline +.private_extern _abi_test_trampoline +.align 4 +_abi_test_trampoline: +Labi_test_trampoline_begin: + @ Save parameters and all callee-saved registers. For convenience, we + @ save r9 on iOS even though it's volatile. + vstmdb sp!, {d8,d9,d10,d11,d12,d13,d14,d15} + stmdb sp!, {r0,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,r11,lr} + + @ Reserve stack space for six (10-4) stack parameters, plus an extra 4 + @ bytes to keep it 8-byte-aligned (see AAPCS, section 5.3). + sub sp, sp, #28 + + @ Every register in AAPCS is either non-volatile or a parameter (except + @ r9 on iOS), so this code, by the actual call, loses all its scratch + @ registers. First fill in stack parameters while there are registers + @ to spare. + cmp r3, #4 + bls Lstack_args_done + mov r4, sp @ r4 is the output pointer. + add r5, r2, r3, lsl #2 @ Set r5 to the end of argv. + add r2, r2, #16 @ Skip four arguments. +Lstack_args_loop: + ldr r6, [r2], #4 + cmp r2, r5 + str r6, [r4], #4 + bne Lstack_args_loop + +Lstack_args_done: + @ Load registers from |r1|. + vldmia r1!, {d8,d9,d10,d11,d12,d13,d14,d15} +#if defined(__APPLE__) + @ r9 is not volatile on iOS. + ldmia r1!, {r4,r5,r6,r7,r8,r10-r11} +#else + ldmia r1!, {r4,r5,r6,r7,r8,r9,r10,r11} +#endif + + @ Load register parameters. This uses up our remaining registers, so we + @ repurpose lr as scratch space. + ldr r3, [sp, #40] @ Reload argc. + ldr lr, [sp, #36] @ Load argv into lr. + cmp r3, #3 + bhi Larg_r3 + beq Larg_r2 + cmp r3, #1 + bhi Larg_r1 + beq Larg_r0 + b Largs_done + +Larg_r3: + ldr r3, [lr, #12] @ argv[3] +Larg_r2: + ldr r2, [lr, #8] @ argv[2] +Larg_r1: + ldr r1, [lr, #4] @ argv[1] +Larg_r0: + ldr r0, [lr] @ argv[0] +Largs_done: + + @ With every other register in use, load the function pointer into lr + @ and call the function. + ldr lr, [sp, #28] + blx lr + + @ r1-r3 are free for use again. The trampoline only supports + @ single-return functions. Pass r4-r11 to the caller. + ldr r1, [sp, #32] + vstmia r1!, {d8,d9,d10,d11,d12,d13,d14,d15} +#if defined(__APPLE__) + @ r9 is not volatile on iOS. + stmia r1!, {r4,r5,r6,r7,r8,r10-r11} +#else + stmia r1!, {r4,r5,r6,r7,r8,r9,r10,r11} +#endif + + @ Unwind the stack and restore registers. + add sp, sp, #44 @ 44 = 28+16 + ldmia sp!, {r4,r5,r6,r7,r8,r9,r10,r11,lr} @ Skip r0-r3 (see +16 above). + vldmia sp!, {d8,d9,d10,d11,d12,d13,d14,d15} + + bx lr + + +.globl _abi_test_clobber_r0 +.private_extern _abi_test_clobber_r0 +.align 4 +_abi_test_clobber_r0: + mov r0, #0 + bx lr + + +.globl _abi_test_clobber_r1 +.private_extern _abi_test_clobber_r1 +.align 4 +_abi_test_clobber_r1: + mov r1, #0 + bx lr + + +.globl _abi_test_clobber_r2 +.private_extern _abi_test_clobber_r2 +.align 4 +_abi_test_clobber_r2: + mov r2, #0 + bx lr + + +.globl _abi_test_clobber_r3 +.private_extern _abi_test_clobber_r3 +.align 4 +_abi_test_clobber_r3: + mov r3, #0 + bx lr + + +.globl _abi_test_clobber_r4 +.private_extern _abi_test_clobber_r4 +.align 4 +_abi_test_clobber_r4: + mov r4, #0 + bx lr + + +.globl _abi_test_clobber_r5 +.private_extern _abi_test_clobber_r5 +.align 4 +_abi_test_clobber_r5: + mov r5, #0 + bx lr + + +.globl _abi_test_clobber_r6 +.private_extern _abi_test_clobber_r6 +.align 4 +_abi_test_clobber_r6: + mov r6, #0 + bx lr + + +.globl _abi_test_clobber_r7 +.private_extern _abi_test_clobber_r7 +.align 4 +_abi_test_clobber_r7: + mov r7, #0 + bx lr + + +.globl _abi_test_clobber_r8 +.private_extern _abi_test_clobber_r8 +.align 4 +_abi_test_clobber_r8: + mov r8, #0 + bx lr + + +.globl _abi_test_clobber_r9 +.private_extern _abi_test_clobber_r9 +.align 4 +_abi_test_clobber_r9: + mov r9, #0 + bx lr + + +.globl _abi_test_clobber_r10 +.private_extern _abi_test_clobber_r10 +.align 4 +_abi_test_clobber_r10: + mov r10, #0 + bx lr + + +.globl _abi_test_clobber_r11 +.private_extern _abi_test_clobber_r11 +.align 4 +_abi_test_clobber_r11: + mov r11, #0 + bx lr + + +.globl _abi_test_clobber_r12 +.private_extern _abi_test_clobber_r12 +.align 4 +_abi_test_clobber_r12: + mov r12, #0 + bx lr + + +.globl _abi_test_clobber_d0 +.private_extern _abi_test_clobber_d0 +.align 4 +_abi_test_clobber_d0: + mov r0, #0 + vmov s0, r0 + vmov s1, r0 + bx lr + + +.globl _abi_test_clobber_d1 +.private_extern _abi_test_clobber_d1 +.align 4 +_abi_test_clobber_d1: + mov r0, #0 + vmov s2, r0 + vmov s3, r0 + bx lr + + +.globl _abi_test_clobber_d2 +.private_extern _abi_test_clobber_d2 +.align 4 +_abi_test_clobber_d2: + mov r0, #0 + vmov s4, r0 + vmov s5, r0 + bx lr + + +.globl _abi_test_clobber_d3 +.private_extern _abi_test_clobber_d3 +.align 4 +_abi_test_clobber_d3: + mov r0, #0 + vmov s6, r0 + vmov s7, r0 + bx lr + + +.globl _abi_test_clobber_d4 +.private_extern _abi_test_clobber_d4 +.align 4 +_abi_test_clobber_d4: + mov r0, #0 + vmov s8, r0 + vmov s9, r0 + bx lr + + +.globl _abi_test_clobber_d5 +.private_extern _abi_test_clobber_d5 +.align 4 +_abi_test_clobber_d5: + mov r0, #0 + vmov s10, r0 + vmov s11, r0 + bx lr + + +.globl _abi_test_clobber_d6 +.private_extern _abi_test_clobber_d6 +.align 4 +_abi_test_clobber_d6: + mov r0, #0 + vmov s12, r0 + vmov s13, r0 + bx lr + + +.globl _abi_test_clobber_d7 +.private_extern _abi_test_clobber_d7 +.align 4 +_abi_test_clobber_d7: + mov r0, #0 + vmov s14, r0 + vmov s15, r0 + bx lr + + +.globl _abi_test_clobber_d8 +.private_extern _abi_test_clobber_d8 +.align 4 +_abi_test_clobber_d8: + mov r0, #0 + vmov s16, r0 + vmov s17, r0 + bx lr + + +.globl _abi_test_clobber_d9 +.private_extern _abi_test_clobber_d9 +.align 4 +_abi_test_clobber_d9: + mov r0, #0 + vmov s18, r0 + vmov s19, r0 + bx lr + + +.globl _abi_test_clobber_d10 +.private_extern _abi_test_clobber_d10 +.align 4 +_abi_test_clobber_d10: + mov r0, #0 + vmov s20, r0 + vmov s21, r0 + bx lr + + +.globl _abi_test_clobber_d11 +.private_extern _abi_test_clobber_d11 +.align 4 +_abi_test_clobber_d11: + mov r0, #0 + vmov s22, r0 + vmov s23, r0 + bx lr + + +.globl _abi_test_clobber_d12 +.private_extern _abi_test_clobber_d12 +.align 4 +_abi_test_clobber_d12: + mov r0, #0 + vmov s24, r0 + vmov s25, r0 + bx lr + + +.globl _abi_test_clobber_d13 +.private_extern _abi_test_clobber_d13 +.align 4 +_abi_test_clobber_d13: + mov r0, #0 + vmov s26, r0 + vmov s27, r0 + bx lr + + +.globl _abi_test_clobber_d14 +.private_extern _abi_test_clobber_d14 +.align 4 +_abi_test_clobber_d14: + mov r0, #0 + vmov s28, r0 + vmov s29, r0 + bx lr + + +.globl _abi_test_clobber_d15 +.private_extern _abi_test_clobber_d15 +.align 4 +_abi_test_clobber_d15: + mov r0, #0 + vmov s30, r0 + vmov s31, r0 + bx lr + +#endif // !OPENSSL_NO_ASM diff --git a/linux-aarch64/crypto/test/trampoline-armv8.S b/linux-aarch64/crypto/test/trampoline-armv8.S new file mode 100644 index 0000000..56c79c4 --- /dev/null +++ b/linux-aarch64/crypto/test/trampoline-armv8.S @@ -0,0 +1,686 @@ +// This file is generated from a similarly-named Perl script in the BoringSSL +// source tree. Do not edit by hand. + +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + +#if !defined(OPENSSL_NO_ASM) +#if defined(__aarch64__) +#if defined(BORINGSSL_PREFIX) +#include +#endif +.text + +// abi_test_trampoline loads callee-saved registers from |state|, calls |func| +// with |argv|, then saves the callee-saved registers into |state|. It returns +// the result of |func|. The |unwind| argument is unused. +// uint64_t abi_test_trampoline(void (*func)(...), CallerState *state, +// const uint64_t *argv, size_t argc, +// uint64_t unwind); +.type abi_test_trampoline, %function +.globl abi_test_trampoline +.hidden abi_test_trampoline +.align 4 +abi_test_trampoline: +.Labi_test_trampoline_begin: + // Stack layout (low to high addresses) + // x29,x30 (16 bytes) + // d8-d15 (64 bytes) + // x19-x28 (80 bytes) + // x1 (8 bytes) + // padding (8 bytes) + stp x29, x30, [sp, #-176]! + mov x29, sp + + // Saved callee-saved registers and |state|. + stp d8, d9, [sp, #16] + stp d10, d11, [sp, #32] + stp d12, d13, [sp, #48] + stp d14, d15, [sp, #64] + stp x19, x20, [sp, #80] + stp x21, x22, [sp, #96] + stp x23, x24, [sp, #112] + stp x25, x26, [sp, #128] + stp x27, x28, [sp, #144] + str x1, [sp, #160] + + // Load registers from |state|, with the exception of x29. x29 is the + // frame pointer and also callee-saved, but AAPCS64 allows platforms to + // mandate that x29 always point to a frame. iOS64 does so, which means + // we cannot fill x29 with entropy without violating ABI rules + // ourselves. x29 is tested separately below. + ldp d8, d9, [x1], #16 + ldp d10, d11, [x1], #16 + ldp d12, d13, [x1], #16 + ldp d14, d15, [x1], #16 + ldp x19, x20, [x1], #16 + ldp x21, x22, [x1], #16 + ldp x23, x24, [x1], #16 + ldp x25, x26, [x1], #16 + ldp x27, x28, [x1], #16 + + // Move parameters into temporary registers. + mov x9, x0 + mov x10, x2 + mov x11, x3 + + // Load parameters into registers. + cbz x11, .Largs_done + ldr x0, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x1, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x2, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x3, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x4, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x5, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x6, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x7, [x10], #8 + +.Largs_done: + blr x9 + + // Reload |state| and store registers. + ldr x1, [sp, #160] + stp d8, d9, [x1], #16 + stp d10, d11, [x1], #16 + stp d12, d13, [x1], #16 + stp d14, d15, [x1], #16 + stp x19, x20, [x1], #16 + stp x21, x22, [x1], #16 + stp x23, x24, [x1], #16 + stp x25, x26, [x1], #16 + stp x27, x28, [x1], #16 + + // |func| is required to preserve x29, the frame pointer. We cannot load + // random values into x29 (see comment above), so compare it against the + // expected value and zero the field of |state| if corrupted. + mov x9, sp + cmp x29, x9 + b.eq .Lx29_ok + str xzr, [x1] + +.Lx29_ok: + // Restore callee-saved registers. + ldp d8, d9, [sp, #16] + ldp d10, d11, [sp, #32] + ldp d12, d13, [sp, #48] + ldp d14, d15, [sp, #64] + ldp x19, x20, [sp, #80] + ldp x21, x22, [sp, #96] + ldp x23, x24, [sp, #112] + ldp x25, x26, [sp, #128] + ldp x27, x28, [sp, #144] + + ldp x29, x30, [sp], #176 + ret +.size abi_test_trampoline,.-abi_test_trampoline +.type abi_test_clobber_x0, %function +.globl abi_test_clobber_x0 +.hidden abi_test_clobber_x0 +.align 4 +abi_test_clobber_x0: + mov x0, xzr + ret +.size abi_test_clobber_x0,.-abi_test_clobber_x0 +.type abi_test_clobber_x1, %function +.globl abi_test_clobber_x1 +.hidden abi_test_clobber_x1 +.align 4 +abi_test_clobber_x1: + mov x1, xzr + ret +.size abi_test_clobber_x1,.-abi_test_clobber_x1 +.type abi_test_clobber_x2, %function +.globl abi_test_clobber_x2 +.hidden abi_test_clobber_x2 +.align 4 +abi_test_clobber_x2: + mov x2, xzr + ret +.size abi_test_clobber_x2,.-abi_test_clobber_x2 +.type abi_test_clobber_x3, %function +.globl abi_test_clobber_x3 +.hidden abi_test_clobber_x3 +.align 4 +abi_test_clobber_x3: + mov x3, xzr + ret +.size abi_test_clobber_x3,.-abi_test_clobber_x3 +.type abi_test_clobber_x4, %function +.globl abi_test_clobber_x4 +.hidden abi_test_clobber_x4 +.align 4 +abi_test_clobber_x4: + mov x4, xzr + ret +.size abi_test_clobber_x4,.-abi_test_clobber_x4 +.type abi_test_clobber_x5, %function +.globl abi_test_clobber_x5 +.hidden abi_test_clobber_x5 +.align 4 +abi_test_clobber_x5: + mov x5, xzr + ret +.size abi_test_clobber_x5,.-abi_test_clobber_x5 +.type abi_test_clobber_x6, %function +.globl abi_test_clobber_x6 +.hidden abi_test_clobber_x6 +.align 4 +abi_test_clobber_x6: + mov x6, xzr + ret +.size abi_test_clobber_x6,.-abi_test_clobber_x6 +.type abi_test_clobber_x7, %function +.globl abi_test_clobber_x7 +.hidden abi_test_clobber_x7 +.align 4 +abi_test_clobber_x7: + mov x7, xzr + ret +.size abi_test_clobber_x7,.-abi_test_clobber_x7 +.type abi_test_clobber_x8, %function +.globl abi_test_clobber_x8 +.hidden abi_test_clobber_x8 +.align 4 +abi_test_clobber_x8: + mov x8, xzr + ret +.size abi_test_clobber_x8,.-abi_test_clobber_x8 +.type abi_test_clobber_x9, %function +.globl abi_test_clobber_x9 +.hidden abi_test_clobber_x9 +.align 4 +abi_test_clobber_x9: + mov x9, xzr + ret +.size abi_test_clobber_x9,.-abi_test_clobber_x9 +.type abi_test_clobber_x10, %function +.globl abi_test_clobber_x10 +.hidden abi_test_clobber_x10 +.align 4 +abi_test_clobber_x10: + mov x10, xzr + ret +.size abi_test_clobber_x10,.-abi_test_clobber_x10 +.type abi_test_clobber_x11, %function +.globl abi_test_clobber_x11 +.hidden abi_test_clobber_x11 +.align 4 +abi_test_clobber_x11: + mov x11, xzr + ret +.size abi_test_clobber_x11,.-abi_test_clobber_x11 +.type abi_test_clobber_x12, %function +.globl abi_test_clobber_x12 +.hidden abi_test_clobber_x12 +.align 4 +abi_test_clobber_x12: + mov x12, xzr + ret +.size abi_test_clobber_x12,.-abi_test_clobber_x12 +.type abi_test_clobber_x13, %function +.globl abi_test_clobber_x13 +.hidden abi_test_clobber_x13 +.align 4 +abi_test_clobber_x13: + mov x13, xzr + ret +.size abi_test_clobber_x13,.-abi_test_clobber_x13 +.type abi_test_clobber_x14, %function +.globl abi_test_clobber_x14 +.hidden abi_test_clobber_x14 +.align 4 +abi_test_clobber_x14: + mov x14, xzr + ret +.size abi_test_clobber_x14,.-abi_test_clobber_x14 +.type abi_test_clobber_x15, %function +.globl abi_test_clobber_x15 +.hidden abi_test_clobber_x15 +.align 4 +abi_test_clobber_x15: + mov x15, xzr + ret +.size abi_test_clobber_x15,.-abi_test_clobber_x15 +.type abi_test_clobber_x16, %function +.globl abi_test_clobber_x16 +.hidden abi_test_clobber_x16 +.align 4 +abi_test_clobber_x16: + mov x16, xzr + ret +.size abi_test_clobber_x16,.-abi_test_clobber_x16 +.type abi_test_clobber_x17, %function +.globl abi_test_clobber_x17 +.hidden abi_test_clobber_x17 +.align 4 +abi_test_clobber_x17: + mov x17, xzr + ret +.size abi_test_clobber_x17,.-abi_test_clobber_x17 +.type abi_test_clobber_x19, %function +.globl abi_test_clobber_x19 +.hidden abi_test_clobber_x19 +.align 4 +abi_test_clobber_x19: + mov x19, xzr + ret +.size abi_test_clobber_x19,.-abi_test_clobber_x19 +.type abi_test_clobber_x20, %function +.globl abi_test_clobber_x20 +.hidden abi_test_clobber_x20 +.align 4 +abi_test_clobber_x20: + mov x20, xzr + ret +.size abi_test_clobber_x20,.-abi_test_clobber_x20 +.type abi_test_clobber_x21, %function +.globl abi_test_clobber_x21 +.hidden abi_test_clobber_x21 +.align 4 +abi_test_clobber_x21: + mov x21, xzr + ret +.size abi_test_clobber_x21,.-abi_test_clobber_x21 +.type abi_test_clobber_x22, %function +.globl abi_test_clobber_x22 +.hidden abi_test_clobber_x22 +.align 4 +abi_test_clobber_x22: + mov x22, xzr + ret +.size abi_test_clobber_x22,.-abi_test_clobber_x22 +.type abi_test_clobber_x23, %function +.globl abi_test_clobber_x23 +.hidden abi_test_clobber_x23 +.align 4 +abi_test_clobber_x23: + mov x23, xzr + ret +.size abi_test_clobber_x23,.-abi_test_clobber_x23 +.type abi_test_clobber_x24, %function +.globl abi_test_clobber_x24 +.hidden abi_test_clobber_x24 +.align 4 +abi_test_clobber_x24: + mov x24, xzr + ret +.size abi_test_clobber_x24,.-abi_test_clobber_x24 +.type abi_test_clobber_x25, %function +.globl abi_test_clobber_x25 +.hidden abi_test_clobber_x25 +.align 4 +abi_test_clobber_x25: + mov x25, xzr + ret +.size abi_test_clobber_x25,.-abi_test_clobber_x25 +.type abi_test_clobber_x26, %function +.globl abi_test_clobber_x26 +.hidden abi_test_clobber_x26 +.align 4 +abi_test_clobber_x26: + mov x26, xzr + ret +.size abi_test_clobber_x26,.-abi_test_clobber_x26 +.type abi_test_clobber_x27, %function +.globl abi_test_clobber_x27 +.hidden abi_test_clobber_x27 +.align 4 +abi_test_clobber_x27: + mov x27, xzr + ret +.size abi_test_clobber_x27,.-abi_test_clobber_x27 +.type abi_test_clobber_x28, %function +.globl abi_test_clobber_x28 +.hidden abi_test_clobber_x28 +.align 4 +abi_test_clobber_x28: + mov x28, xzr + ret +.size abi_test_clobber_x28,.-abi_test_clobber_x28 +.type abi_test_clobber_x29, %function +.globl abi_test_clobber_x29 +.hidden abi_test_clobber_x29 +.align 4 +abi_test_clobber_x29: + mov x29, xzr + ret +.size abi_test_clobber_x29,.-abi_test_clobber_x29 +.type abi_test_clobber_d0, %function +.globl abi_test_clobber_d0 +.hidden abi_test_clobber_d0 +.align 4 +abi_test_clobber_d0: + fmov d0, xzr + ret +.size abi_test_clobber_d0,.-abi_test_clobber_d0 +.type abi_test_clobber_d1, %function +.globl abi_test_clobber_d1 +.hidden abi_test_clobber_d1 +.align 4 +abi_test_clobber_d1: + fmov d1, xzr + ret +.size abi_test_clobber_d1,.-abi_test_clobber_d1 +.type abi_test_clobber_d2, %function +.globl abi_test_clobber_d2 +.hidden abi_test_clobber_d2 +.align 4 +abi_test_clobber_d2: + fmov d2, xzr + ret +.size abi_test_clobber_d2,.-abi_test_clobber_d2 +.type abi_test_clobber_d3, %function +.globl abi_test_clobber_d3 +.hidden abi_test_clobber_d3 +.align 4 +abi_test_clobber_d3: + fmov d3, xzr + ret +.size abi_test_clobber_d3,.-abi_test_clobber_d3 +.type abi_test_clobber_d4, %function +.globl abi_test_clobber_d4 +.hidden abi_test_clobber_d4 +.align 4 +abi_test_clobber_d4: + fmov d4, xzr + ret +.size abi_test_clobber_d4,.-abi_test_clobber_d4 +.type abi_test_clobber_d5, %function +.globl abi_test_clobber_d5 +.hidden abi_test_clobber_d5 +.align 4 +abi_test_clobber_d5: + fmov d5, xzr + ret +.size abi_test_clobber_d5,.-abi_test_clobber_d5 +.type abi_test_clobber_d6, %function +.globl abi_test_clobber_d6 +.hidden abi_test_clobber_d6 +.align 4 +abi_test_clobber_d6: + fmov d6, xzr + ret +.size abi_test_clobber_d6,.-abi_test_clobber_d6 +.type abi_test_clobber_d7, %function +.globl abi_test_clobber_d7 +.hidden abi_test_clobber_d7 +.align 4 +abi_test_clobber_d7: + fmov d7, xzr + ret +.size abi_test_clobber_d7,.-abi_test_clobber_d7 +.type abi_test_clobber_d8, %function +.globl abi_test_clobber_d8 +.hidden abi_test_clobber_d8 +.align 4 +abi_test_clobber_d8: + fmov d8, xzr + ret +.size abi_test_clobber_d8,.-abi_test_clobber_d8 +.type abi_test_clobber_d9, %function +.globl abi_test_clobber_d9 +.hidden abi_test_clobber_d9 +.align 4 +abi_test_clobber_d9: + fmov d9, xzr + ret +.size abi_test_clobber_d9,.-abi_test_clobber_d9 +.type abi_test_clobber_d10, %function +.globl abi_test_clobber_d10 +.hidden abi_test_clobber_d10 +.align 4 +abi_test_clobber_d10: + fmov d10, xzr + ret +.size abi_test_clobber_d10,.-abi_test_clobber_d10 +.type abi_test_clobber_d11, %function +.globl abi_test_clobber_d11 +.hidden abi_test_clobber_d11 +.align 4 +abi_test_clobber_d11: + fmov d11, xzr + ret +.size abi_test_clobber_d11,.-abi_test_clobber_d11 +.type abi_test_clobber_d12, %function +.globl abi_test_clobber_d12 +.hidden abi_test_clobber_d12 +.align 4 +abi_test_clobber_d12: + fmov d12, xzr + ret +.size abi_test_clobber_d12,.-abi_test_clobber_d12 +.type abi_test_clobber_d13, %function +.globl abi_test_clobber_d13 +.hidden abi_test_clobber_d13 +.align 4 +abi_test_clobber_d13: + fmov d13, xzr + ret +.size abi_test_clobber_d13,.-abi_test_clobber_d13 +.type abi_test_clobber_d14, %function +.globl abi_test_clobber_d14 +.hidden abi_test_clobber_d14 +.align 4 +abi_test_clobber_d14: + fmov d14, xzr + ret +.size abi_test_clobber_d14,.-abi_test_clobber_d14 +.type abi_test_clobber_d15, %function +.globl abi_test_clobber_d15 +.hidden abi_test_clobber_d15 +.align 4 +abi_test_clobber_d15: + fmov d15, xzr + ret +.size abi_test_clobber_d15,.-abi_test_clobber_d15 +.type abi_test_clobber_d16, %function +.globl abi_test_clobber_d16 +.hidden abi_test_clobber_d16 +.align 4 +abi_test_clobber_d16: + fmov d16, xzr + ret +.size abi_test_clobber_d16,.-abi_test_clobber_d16 +.type abi_test_clobber_d17, %function +.globl abi_test_clobber_d17 +.hidden abi_test_clobber_d17 +.align 4 +abi_test_clobber_d17: + fmov d17, xzr + ret +.size abi_test_clobber_d17,.-abi_test_clobber_d17 +.type abi_test_clobber_d18, %function +.globl abi_test_clobber_d18 +.hidden abi_test_clobber_d18 +.align 4 +abi_test_clobber_d18: + fmov d18, xzr + ret +.size abi_test_clobber_d18,.-abi_test_clobber_d18 +.type abi_test_clobber_d19, %function +.globl abi_test_clobber_d19 +.hidden abi_test_clobber_d19 +.align 4 +abi_test_clobber_d19: + fmov d19, xzr + ret +.size abi_test_clobber_d19,.-abi_test_clobber_d19 +.type abi_test_clobber_d20, %function +.globl abi_test_clobber_d20 +.hidden abi_test_clobber_d20 +.align 4 +abi_test_clobber_d20: + fmov d20, xzr + ret +.size abi_test_clobber_d20,.-abi_test_clobber_d20 +.type abi_test_clobber_d21, %function +.globl abi_test_clobber_d21 +.hidden abi_test_clobber_d21 +.align 4 +abi_test_clobber_d21: + fmov d21, xzr + ret +.size abi_test_clobber_d21,.-abi_test_clobber_d21 +.type abi_test_clobber_d22, %function +.globl abi_test_clobber_d22 +.hidden abi_test_clobber_d22 +.align 4 +abi_test_clobber_d22: + fmov d22, xzr + ret +.size abi_test_clobber_d22,.-abi_test_clobber_d22 +.type abi_test_clobber_d23, %function +.globl abi_test_clobber_d23 +.hidden abi_test_clobber_d23 +.align 4 +abi_test_clobber_d23: + fmov d23, xzr + ret +.size abi_test_clobber_d23,.-abi_test_clobber_d23 +.type abi_test_clobber_d24, %function +.globl abi_test_clobber_d24 +.hidden abi_test_clobber_d24 +.align 4 +abi_test_clobber_d24: + fmov d24, xzr + ret +.size abi_test_clobber_d24,.-abi_test_clobber_d24 +.type abi_test_clobber_d25, %function +.globl abi_test_clobber_d25 +.hidden abi_test_clobber_d25 +.align 4 +abi_test_clobber_d25: + fmov d25, xzr + ret +.size abi_test_clobber_d25,.-abi_test_clobber_d25 +.type abi_test_clobber_d26, %function +.globl abi_test_clobber_d26 +.hidden abi_test_clobber_d26 +.align 4 +abi_test_clobber_d26: + fmov d26, xzr + ret +.size abi_test_clobber_d26,.-abi_test_clobber_d26 +.type abi_test_clobber_d27, %function +.globl abi_test_clobber_d27 +.hidden abi_test_clobber_d27 +.align 4 +abi_test_clobber_d27: + fmov d27, xzr + ret +.size abi_test_clobber_d27,.-abi_test_clobber_d27 +.type abi_test_clobber_d28, %function +.globl abi_test_clobber_d28 +.hidden abi_test_clobber_d28 +.align 4 +abi_test_clobber_d28: + fmov d28, xzr + ret +.size abi_test_clobber_d28,.-abi_test_clobber_d28 +.type abi_test_clobber_d29, %function +.globl abi_test_clobber_d29 +.hidden abi_test_clobber_d29 +.align 4 +abi_test_clobber_d29: + fmov d29, xzr + ret +.size abi_test_clobber_d29,.-abi_test_clobber_d29 +.type abi_test_clobber_d30, %function +.globl abi_test_clobber_d30 +.hidden abi_test_clobber_d30 +.align 4 +abi_test_clobber_d30: + fmov d30, xzr + ret +.size abi_test_clobber_d30,.-abi_test_clobber_d30 +.type abi_test_clobber_d31, %function +.globl abi_test_clobber_d31 +.hidden abi_test_clobber_d31 +.align 4 +abi_test_clobber_d31: + fmov d31, xzr + ret +.size abi_test_clobber_d31,.-abi_test_clobber_d31 +.type abi_test_clobber_v8_upper, %function +.globl abi_test_clobber_v8_upper +.hidden abi_test_clobber_v8_upper +.align 4 +abi_test_clobber_v8_upper: + fmov v8.d[1], xzr + ret +.size abi_test_clobber_v8_upper,.-abi_test_clobber_v8_upper +.type abi_test_clobber_v9_upper, %function +.globl abi_test_clobber_v9_upper +.hidden abi_test_clobber_v9_upper +.align 4 +abi_test_clobber_v9_upper: + fmov v9.d[1], xzr + ret +.size abi_test_clobber_v9_upper,.-abi_test_clobber_v9_upper +.type abi_test_clobber_v10_upper, %function +.globl abi_test_clobber_v10_upper +.hidden abi_test_clobber_v10_upper +.align 4 +abi_test_clobber_v10_upper: + fmov v10.d[1], xzr + ret +.size abi_test_clobber_v10_upper,.-abi_test_clobber_v10_upper +.type abi_test_clobber_v11_upper, %function +.globl abi_test_clobber_v11_upper +.hidden abi_test_clobber_v11_upper +.align 4 +abi_test_clobber_v11_upper: + fmov v11.d[1], xzr + ret +.size abi_test_clobber_v11_upper,.-abi_test_clobber_v11_upper +.type abi_test_clobber_v12_upper, %function +.globl abi_test_clobber_v12_upper +.hidden abi_test_clobber_v12_upper +.align 4 +abi_test_clobber_v12_upper: + fmov v12.d[1], xzr + ret +.size abi_test_clobber_v12_upper,.-abi_test_clobber_v12_upper +.type abi_test_clobber_v13_upper, %function +.globl abi_test_clobber_v13_upper +.hidden abi_test_clobber_v13_upper +.align 4 +abi_test_clobber_v13_upper: + fmov v13.d[1], xzr + ret +.size abi_test_clobber_v13_upper,.-abi_test_clobber_v13_upper +.type abi_test_clobber_v14_upper, %function +.globl abi_test_clobber_v14_upper +.hidden abi_test_clobber_v14_upper +.align 4 +abi_test_clobber_v14_upper: + fmov v14.d[1], xzr + ret +.size abi_test_clobber_v14_upper,.-abi_test_clobber_v14_upper +.type abi_test_clobber_v15_upper, %function +.globl abi_test_clobber_v15_upper +.hidden abi_test_clobber_v15_upper +.align 4 +abi_test_clobber_v15_upper: + fmov v15.d[1], xzr + ret +.size abi_test_clobber_v15_upper,.-abi_test_clobber_v15_upper +#endif +#endif // !OPENSSL_NO_ASM diff --git a/linux-arm/crypto/fipsmodule/bsaes-armv7.S b/linux-arm/crypto/fipsmodule/bsaes-armv7.S index 38a0290..20b9bb0 100644 --- a/linux-arm/crypto/fipsmodule/bsaes-armv7.S +++ b/linux-arm/crypto/fipsmodule/bsaes-armv7.S @@ -1081,6 +1081,9 @@ _bsaes_key_convert: @ don't save last round key bx lr .size _bsaes_key_convert,.-_bsaes_key_convert +@ TODO(davidben): This should be aes_nohw_cbc_encrypt, but that function does +@ not exist. Rather than add it, patch this fallback out. See +@ https://crbug.com/boringssl/256. @@ -1329,7 +1332,7 @@ bsaes_cbc_encrypt: mov r2, r3 vmov q4,q15 @ just in case ensure that IV vmov q5,q0 @ and input are preserved - bl AES_decrypt + bl aes_nohw_decrypt vld1.8 {q0}, [r9] @ load result veor q0, q0, q4 @ ^= IV vmov q15, q5 @ q5 holds input @@ -1558,7 +1561,7 @@ bsaes_ctr32_encrypt_blocks: mov r1, sp @ output on the stack mov r2, r7 @ key - bl AES_encrypt + bl aes_nohw_encrypt vld1.8 {q0}, [r4]! @ load input vld1.8 {q1}, [sp] @ load encrypted counter @@ -1580,998 +1583,6 @@ bsaes_ctr32_encrypt_blocks: ldmia sp!, {r4,r5,r6,r7,r8, pc} .size bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks -.globl bsaes_xts_encrypt -.hidden bsaes_xts_encrypt -.type bsaes_xts_encrypt,%function -.align 4 -bsaes_xts_encrypt: - mov ip, sp - stmdb sp!, {r4,r5,r6,r7,r8,r9,r10, lr} @ 0x20 - VFP_ABI_PUSH - mov r6, sp @ future r3 - - mov r7, r0 - mov r8, r1 - mov r9, r2 - mov r10, r3 - - sub r0, sp, #0x10 @ 0x10 - bic r0, #0xf @ align at 16 bytes - mov sp, r0 - -#ifdef XTS_CHAIN_TWEAK - ldr r0, [ip] @ pointer to input tweak -#else - @ generate initial tweak - ldr r0, [ip, #4] @ iv[] - mov r1, sp - ldr r2, [ip, #0] @ key2 - bl AES_encrypt - mov r0,sp @ pointer to initial tweak -#endif - - ldr r1, [r10, #240] @ get # of rounds - mov r3, r6 -#ifndef BSAES_ASM_EXTENDED_KEY - @ allocate the key schedule on the stack - sub r12, sp, r1, lsl#7 @ 128 bytes per inner round key - @ add r12, #96 @ size of bit-sliced key schedule - sub r12, #48 @ place for tweak[9] - - @ populate the key schedule - mov r4, r10 @ pass key - mov r5, r1 @ pass # of rounds - mov sp, r12 - add r12, #0x90 @ pass key schedule - bl _bsaes_key_convert - veor q7, q7, q15 @ fix up last round key - vstmia r12, {q7} @ save last round key -#else - ldr r12, [r10, #244] - eors r12, #1 - beq 0f - - str r12, [r10, #244] - mov r4, r10 @ pass key - mov r5, r1 @ pass # of rounds - add r12, r10, #248 @ pass key schedule - bl _bsaes_key_convert - veor q7, q7, q15 @ fix up last round key - vstmia r12, {q7} - -.align 2 - sub sp, #0x90 @ place for tweak[9] -#endif - - vld1.8 {q8}, [r0] @ initial tweak - adr r2, .Lxts_magic - - subs r9, #0x80 - blo .Lxts_enc_short - b .Lxts_enc_loop - -.align 4 -.Lxts_enc_loop: - vldmia r2, {q5} @ load XTS magic - vshr.s64 q6, q8, #63 - mov r0, sp - vand q6, q6, q5 - vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q9, #63 - veor q9, q9, q6 - vand q7, q7, q5 - vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q10, #63 - veor q10, q10, q7 - vand q6, q6, q5 - vld1.8 {q0}, [r7]! - vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q11, #63 - veor q11, q11, q6 - vand q7, q7, q5 - vld1.8 {q1}, [r7]! - veor q0, q0, q8 - vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q12, #63 - veor q12, q12, q7 - vand q6, q6, q5 - vld1.8 {q2}, [r7]! - veor q1, q1, q9 - vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q13, #63 - veor q13, q13, q6 - vand q7, q7, q5 - vld1.8 {q3}, [r7]! - veor q2, q2, q10 - vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q14, #63 - veor q14, q14, q7 - vand q6, q6, q5 - vld1.8 {q4}, [r7]! - veor q3, q3, q11 - vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q15, #63 - veor q15, q15, q6 - vand q7, q7, q5 - vld1.8 {q5}, [r7]! - veor q4, q4, q12 - vadd.u64 q8, q15, q15 - vst1.64 {q15}, [r0,:128]! - vswp d15,d14 - veor q8, q8, q7 - vst1.64 {q8}, [r0,:128] @ next round tweak - - vld1.8 {q6,q7}, [r7]! - veor q5, q5, q13 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - veor q7, q7, q15 - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q6, q11 - vld1.64 {q14,q15}, [r0,:128]! - veor q10, q3, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - veor q12, q2, q14 - vst1.8 {q10,q11}, [r8]! - veor q13, q5, q15 - vst1.8 {q12,q13}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - - subs r9, #0x80 - bpl .Lxts_enc_loop - -.Lxts_enc_short: - adds r9, #0x70 - bmi .Lxts_enc_done - - vldmia r2, {q5} @ load XTS magic - vshr.s64 q7, q8, #63 - mov r0, sp - vand q7, q7, q5 - vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q9, #63 - veor q9, q9, q7 - vand q6, q6, q5 - vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q10, #63 - veor q10, q10, q6 - vand q7, q7, q5 - vld1.8 {q0}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_1 - vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q11, #63 - veor q11, q11, q7 - vand q6, q6, q5 - vld1.8 {q1}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_2 - veor q0, q0, q8 - vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q12, #63 - veor q12, q12, q6 - vand q7, q7, q5 - vld1.8 {q2}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_3 - veor q1, q1, q9 - vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q13, #63 - veor q13, q13, q7 - vand q6, q6, q5 - vld1.8 {q3}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_4 - veor q2, q2, q10 - vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q14, #63 - veor q14, q14, q6 - vand q7, q7, q5 - vld1.8 {q4}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_5 - veor q3, q3, q11 - vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q15, #63 - veor q15, q15, q7 - vand q6, q6, q5 - vld1.8 {q5}, [r7]! - subs r9, #0x10 - bmi .Lxts_enc_6 - veor q4, q4, q12 - sub r9, #0x10 - vst1.64 {q15}, [r0,:128] @ next round tweak - - vld1.8 {q6}, [r7]! - veor q5, q5, q13 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q6, q11 - vld1.64 {q14}, [r0,:128]! - veor q10, q3, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - veor q12, q2, q14 - vst1.8 {q10,q11}, [r8]! - vst1.8 {q12}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done -.align 4 -.Lxts_enc_6: - veor q4, q4, q12 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q5, q5, q13 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q6, q11 - veor q10, q3, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - vst1.8 {q10,q11}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done - -@ put this in range for both ARM and Thumb mode adr instructions -.align 5 -.Lxts_magic: -.quad 1, 0x87 - -.align 5 -.Lxts_enc_5: - veor q3, q3, q11 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q4, q4, q12 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12}, [r0,:128]! - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q6, q11 - veor q10, q3, q12 - vst1.8 {q8,q9}, [r8]! - vst1.8 {q10}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done -.align 4 -.Lxts_enc_4: - veor q2, q2, q10 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q3, q3, q11 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q6, q11 - vst1.8 {q8,q9}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done -.align 4 -.Lxts_enc_3: - veor q1, q1, q9 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q2, q2, q10 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q4, q10 - vst1.8 {q0,q1}, [r8]! - vst1.8 {q8}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done -.align 4 -.Lxts_enc_2: - veor q0, q0, q8 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q1, q1, q9 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - vst1.8 {q0,q1}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_enc_done -.align 4 -.Lxts_enc_1: - mov r0, sp - veor q0, q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - mov r4, r3 @ preserve fp - - bl AES_encrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r8]! - mov r3, r4 - - vmov q8, q9 @ next round tweak - -.Lxts_enc_done: -#ifndef XTS_CHAIN_TWEAK - adds r9, #0x10 - beq .Lxts_enc_ret - sub r6, r8, #0x10 - -.Lxts_enc_steal: - ldrb r0, [r7], #1 - ldrb r1, [r8, #-0x10] - strb r0, [r8, #-0x10] - strb r1, [r8], #1 - - subs r9, #1 - bhi .Lxts_enc_steal - - vld1.8 {q0}, [r6] - mov r0, sp - veor q0, q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - mov r4, r3 @ preserve fp - - bl AES_encrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r6] - mov r3, r4 -#endif - -.Lxts_enc_ret: - bic r0, r3, #0xf - vmov.i32 q0, #0 - vmov.i32 q1, #0 -#ifdef XTS_CHAIN_TWEAK - ldr r1, [r3, #0x20+VFP_ABI_FRAME] @ chain tweak -#endif -.Lxts_enc_bzero:@ wipe key schedule [if any] - vstmia sp!, {q0,q1} - cmp sp, r0 - bne .Lxts_enc_bzero - - mov sp, r3 -#ifdef XTS_CHAIN_TWEAK - vst1.8 {q8}, [r1] -#endif - VFP_ABI_POP - ldmia sp!, {r4,r5,r6,r7,r8,r9,r10, pc} @ return - -.size bsaes_xts_encrypt,.-bsaes_xts_encrypt - -.globl bsaes_xts_decrypt -.hidden bsaes_xts_decrypt -.type bsaes_xts_decrypt,%function -.align 4 -bsaes_xts_decrypt: - mov ip, sp - stmdb sp!, {r4,r5,r6,r7,r8,r9,r10, lr} @ 0x20 - VFP_ABI_PUSH - mov r6, sp @ future r3 - - mov r7, r0 - mov r8, r1 - mov r9, r2 - mov r10, r3 - - sub r0, sp, #0x10 @ 0x10 - bic r0, #0xf @ align at 16 bytes - mov sp, r0 - -#ifdef XTS_CHAIN_TWEAK - ldr r0, [ip] @ pointer to input tweak -#else - @ generate initial tweak - ldr r0, [ip, #4] @ iv[] - mov r1, sp - ldr r2, [ip, #0] @ key2 - bl AES_encrypt - mov r0, sp @ pointer to initial tweak -#endif - - ldr r1, [r10, #240] @ get # of rounds - mov r3, r6 -#ifndef BSAES_ASM_EXTENDED_KEY - @ allocate the key schedule on the stack - sub r12, sp, r1, lsl#7 @ 128 bytes per inner round key - @ add r12, #96 @ size of bit-sliced key schedule - sub r12, #48 @ place for tweak[9] - - @ populate the key schedule - mov r4, r10 @ pass key - mov r5, r1 @ pass # of rounds - mov sp, r12 - add r12, #0x90 @ pass key schedule - bl _bsaes_key_convert - add r4, sp, #0x90 - vldmia r4, {q6} - vstmia r12, {q15} @ save last round key - veor q7, q7, q6 @ fix up round 0 key - vstmia r4, {q7} -#else - ldr r12, [r10, #244] - eors r12, #1 - beq 0f - - str r12, [r10, #244] - mov r4, r10 @ pass key - mov r5, r1 @ pass # of rounds - add r12, r10, #248 @ pass key schedule - bl _bsaes_key_convert - add r4, r10, #248 - vldmia r4, {q6} - vstmia r12, {q15} @ save last round key - veor q7, q7, q6 @ fix up round 0 key - vstmia r4, {q7} - -.align 2 - sub sp, #0x90 @ place for tweak[9] -#endif - vld1.8 {q8}, [r0] @ initial tweak - adr r2, .Lxts_magic - -#ifndef XTS_CHAIN_TWEAK - tst r9, #0xf @ if not multiple of 16 - it ne @ Thumb2 thing, sanity check in ARM - subne r9, #0x10 @ subtract another 16 bytes -#endif - subs r9, #0x80 - - blo .Lxts_dec_short - b .Lxts_dec_loop - -.align 4 -.Lxts_dec_loop: - vldmia r2, {q5} @ load XTS magic - vshr.s64 q6, q8, #63 - mov r0, sp - vand q6, q6, q5 - vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q9, #63 - veor q9, q9, q6 - vand q7, q7, q5 - vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q10, #63 - veor q10, q10, q7 - vand q6, q6, q5 - vld1.8 {q0}, [r7]! - vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q11, #63 - veor q11, q11, q6 - vand q7, q7, q5 - vld1.8 {q1}, [r7]! - veor q0, q0, q8 - vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q12, #63 - veor q12, q12, q7 - vand q6, q6, q5 - vld1.8 {q2}, [r7]! - veor q1, q1, q9 - vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q13, #63 - veor q13, q13, q6 - vand q7, q7, q5 - vld1.8 {q3}, [r7]! - veor q2, q2, q10 - vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q14, #63 - veor q14, q14, q7 - vand q6, q6, q5 - vld1.8 {q4}, [r7]! - veor q3, q3, q11 - vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q15, #63 - veor q15, q15, q6 - vand q7, q7, q5 - vld1.8 {q5}, [r7]! - veor q4, q4, q12 - vadd.u64 q8, q15, q15 - vst1.64 {q15}, [r0,:128]! - vswp d15,d14 - veor q8, q8, q7 - vst1.64 {q8}, [r0,:128] @ next round tweak - - vld1.8 {q6,q7}, [r7]! - veor q5, q5, q13 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - veor q7, q7, q15 - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q4, q11 - vld1.64 {q14,q15}, [r0,:128]! - veor q10, q2, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - veor q12, q3, q14 - vst1.8 {q10,q11}, [r8]! - veor q13, q5, q15 - vst1.8 {q12,q13}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - - subs r9, #0x80 - bpl .Lxts_dec_loop - -.Lxts_dec_short: - adds r9, #0x70 - bmi .Lxts_dec_done - - vldmia r2, {q5} @ load XTS magic - vshr.s64 q7, q8, #63 - mov r0, sp - vand q7, q7, q5 - vadd.u64 q9, q8, q8 - vst1.64 {q8}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q9, #63 - veor q9, q9, q7 - vand q6, q6, q5 - vadd.u64 q10, q9, q9 - vst1.64 {q9}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q10, #63 - veor q10, q10, q6 - vand q7, q7, q5 - vld1.8 {q0}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_1 - vadd.u64 q11, q10, q10 - vst1.64 {q10}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q11, #63 - veor q11, q11, q7 - vand q6, q6, q5 - vld1.8 {q1}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_2 - veor q0, q0, q8 - vadd.u64 q12, q11, q11 - vst1.64 {q11}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q12, #63 - veor q12, q12, q6 - vand q7, q7, q5 - vld1.8 {q2}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_3 - veor q1, q1, q9 - vadd.u64 q13, q12, q12 - vst1.64 {q12}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q13, #63 - veor q13, q13, q7 - vand q6, q6, q5 - vld1.8 {q3}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_4 - veor q2, q2, q10 - vadd.u64 q14, q13, q13 - vst1.64 {q13}, [r0,:128]! - vswp d13,d12 - vshr.s64 q7, q14, #63 - veor q14, q14, q6 - vand q7, q7, q5 - vld1.8 {q4}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_5 - veor q3, q3, q11 - vadd.u64 q15, q14, q14 - vst1.64 {q14}, [r0,:128]! - vswp d15,d14 - vshr.s64 q6, q15, #63 - veor q15, q15, q7 - vand q6, q6, q5 - vld1.8 {q5}, [r7]! - subs r9, #0x10 - bmi .Lxts_dec_6 - veor q4, q4, q12 - sub r9, #0x10 - vst1.64 {q15}, [r0,:128] @ next round tweak - - vld1.8 {q6}, [r7]! - veor q5, q5, q13 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q6, q6, q14 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q4, q11 - vld1.64 {q14}, [r0,:128]! - veor q10, q2, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - veor q12, q3, q14 - vst1.8 {q10,q11}, [r8]! - vst1.8 {q12}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_6: - vst1.64 {q14}, [r0,:128] @ next round tweak - - veor q4, q4, q12 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q5, q5, q13 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12,q13}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q4, q11 - veor q10, q2, q12 - vst1.8 {q8,q9}, [r8]! - veor q11, q7, q13 - vst1.8 {q10,q11}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_5: - veor q3, q3, q11 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q4, q4, q12 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - vld1.64 {q12}, [r0,:128]! - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q4, q11 - veor q10, q2, q12 - vst1.8 {q8,q9}, [r8]! - vst1.8 {q10}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_4: - veor q2, q2, q10 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q3, q3, q11 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10,q11}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - veor q9, q4, q11 - vst1.8 {q8,q9}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_3: - veor q1, q1, q9 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q2, q2, q10 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - vld1.64 {q10}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - veor q8, q6, q10 - vst1.8 {q0,q1}, [r8]! - vst1.8 {q8}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_2: - veor q0, q0, q8 -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, r10, #248 @ pass key schedule -#endif - veor q1, q1, q9 - mov r5, r1 @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {q8,q9}, [r0,:128]! - veor q0, q0, q8 - veor q1, q1, q9 - vst1.8 {q0,q1}, [r8]! - - vld1.64 {q8}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_1: - mov r0, sp - veor q0, q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r5, r2 @ preserve magic - mov r2, r10 - mov r4, r3 @ preserve fp - - bl AES_decrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r8]! - mov r3, r4 - mov r2, r5 - - vmov q8, q9 @ next round tweak - -.Lxts_dec_done: -#ifndef XTS_CHAIN_TWEAK - adds r9, #0x10 - beq .Lxts_dec_ret - - @ calculate one round of extra tweak for the stolen ciphertext - vldmia r2, {q5} - vshr.s64 q6, q8, #63 - vand q6, q6, q5 - vadd.u64 q9, q8, q8 - vswp d13,d12 - veor q9, q9, q6 - - @ perform the final decryption with the last tweak value - vld1.8 {q0}, [r7]! - mov r0, sp - veor q0, q0, q9 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - mov r4, r3 @ preserve fp - - bl AES_decrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q9 - vst1.8 {q0}, [r8] - - mov r6, r8 -.Lxts_dec_steal: - ldrb r1, [r8] - ldrb r0, [r7], #1 - strb r1, [r8, #0x10] - strb r0, [r8], #1 - - subs r9, #1 - bhi .Lxts_dec_steal - - vld1.8 {q0}, [r6] - mov r0, sp - veor q0, q8 - mov r1, sp - vst1.8 {q0}, [sp,:128] - mov r2, r10 - - bl AES_decrypt - - vld1.8 {q0}, [sp,:128] - veor q0, q0, q8 - vst1.8 {q0}, [r6] - mov r3, r4 -#endif - -.Lxts_dec_ret: - bic r0, r3, #0xf - vmov.i32 q0, #0 - vmov.i32 q1, #0 -#ifdef XTS_CHAIN_TWEAK - ldr r1, [r3, #0x20+VFP_ABI_FRAME] @ chain tweak -#endif -.Lxts_dec_bzero:@ wipe key schedule [if any] - vstmia sp!, {q0,q1} - cmp sp, r0 - bne .Lxts_dec_bzero - - mov sp, r3 -#ifdef XTS_CHAIN_TWEAK - vst1.8 {q8}, [r1] -#endif - VFP_ABI_POP - ldmia sp!, {r4,r5,r6,r7,r8,r9,r10, pc} @ return - -.size bsaes_xts_decrypt,.-bsaes_xts_decrypt #endif #endif #endif // !OPENSSL_NO_ASM diff --git a/linux-arm/crypto/test/trampoline-armv4.S b/linux-arm/crypto/test/trampoline-armv4.S new file mode 100644 index 0000000..83e8aee --- /dev/null +++ b/linux-arm/crypto/test/trampoline-armv4.S @@ -0,0 +1,378 @@ +// This file is generated from a similarly-named Perl script in the BoringSSL +// source tree. Do not edit by hand. + +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + +#if !defined(OPENSSL_NO_ASM) +#if defined(__arm__) +#if defined(BORINGSSL_PREFIX) +#include +#endif +.syntax unified + +.arch armv7-a +.fpu vfp + +.text + +@ abi_test_trampoline loads callee-saved registers from |state|, calls |func| +@ with |argv|, then saves the callee-saved registers into |state|. It returns +@ the result of |func|. The |unwind| argument is unused. +@ uint32_t abi_test_trampoline(void (*func)(...), CallerState *state, +@ const uint32_t *argv, size_t argc, +@ int unwind); +.type abi_test_trampoline, %function +.globl abi_test_trampoline +.hidden abi_test_trampoline +.align 4 +abi_test_trampoline: +.Labi_test_trampoline_begin: + @ Save parameters and all callee-saved registers. For convenience, we + @ save r9 on iOS even though it's volatile. + vstmdb sp!, {d8,d9,d10,d11,d12,d13,d14,d15} + stmdb sp!, {r0,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,r11,lr} + + @ Reserve stack space for six (10-4) stack parameters, plus an extra 4 + @ bytes to keep it 8-byte-aligned (see AAPCS, section 5.3). + sub sp, sp, #28 + + @ Every register in AAPCS is either non-volatile or a parameter (except + @ r9 on iOS), so this code, by the actual call, loses all its scratch + @ registers. First fill in stack parameters while there are registers + @ to spare. + cmp r3, #4 + bls .Lstack_args_done + mov r4, sp @ r4 is the output pointer. + add r5, r2, r3, lsl #2 @ Set r5 to the end of argv. + add r2, r2, #16 @ Skip four arguments. +.Lstack_args_loop: + ldr r6, [r2], #4 + cmp r2, r5 + str r6, [r4], #4 + bne .Lstack_args_loop + +.Lstack_args_done: + @ Load registers from |r1|. + vldmia r1!, {d8,d9,d10,d11,d12,d13,d14,d15} +#if defined(__APPLE__) + @ r9 is not volatile on iOS. + ldmia r1!, {r4,r5,r6,r7,r8,r10-r11} +#else + ldmia r1!, {r4,r5,r6,r7,r8,r9,r10,r11} +#endif + + @ Load register parameters. This uses up our remaining registers, so we + @ repurpose lr as scratch space. + ldr r3, [sp, #40] @ Reload argc. + ldr lr, [sp, #36] @ .Load argv into lr. + cmp r3, #3 + bhi .Larg_r3 + beq .Larg_r2 + cmp r3, #1 + bhi .Larg_r1 + beq .Larg_r0 + b .Largs_done + +.Larg_r3: + ldr r3, [lr, #12] @ argv[3] +.Larg_r2: + ldr r2, [lr, #8] @ argv[2] +.Larg_r1: + ldr r1, [lr, #4] @ argv[1] +.Larg_r0: + ldr r0, [lr] @ argv[0] +.Largs_done: + + @ With every other register in use, load the function pointer into lr + @ and call the function. + ldr lr, [sp, #28] + blx lr + + @ r1-r3 are free for use again. The trampoline only supports + @ single-return functions. Pass r4-r11 to the caller. + ldr r1, [sp, #32] + vstmia r1!, {d8,d9,d10,d11,d12,d13,d14,d15} +#if defined(__APPLE__) + @ r9 is not volatile on iOS. + stmia r1!, {r4,r5,r6,r7,r8,r10-r11} +#else + stmia r1!, {r4,r5,r6,r7,r8,r9,r10,r11} +#endif + + @ Unwind the stack and restore registers. + add sp, sp, #44 @ 44 = 28+16 + ldmia sp!, {r4,r5,r6,r7,r8,r9,r10,r11,lr} @ Skip r0-r3 (see +16 above). + vldmia sp!, {d8,d9,d10,d11,d12,d13,d14,d15} + + bx lr +.size abi_test_trampoline,.-abi_test_trampoline +.type abi_test_clobber_r0, %function +.globl abi_test_clobber_r0 +.hidden abi_test_clobber_r0 +.align 4 +abi_test_clobber_r0: + mov r0, #0 + bx lr +.size abi_test_clobber_r0,.-abi_test_clobber_r0 +.type abi_test_clobber_r1, %function +.globl abi_test_clobber_r1 +.hidden abi_test_clobber_r1 +.align 4 +abi_test_clobber_r1: + mov r1, #0 + bx lr +.size abi_test_clobber_r1,.-abi_test_clobber_r1 +.type abi_test_clobber_r2, %function +.globl abi_test_clobber_r2 +.hidden abi_test_clobber_r2 +.align 4 +abi_test_clobber_r2: + mov r2, #0 + bx lr +.size abi_test_clobber_r2,.-abi_test_clobber_r2 +.type abi_test_clobber_r3, %function +.globl abi_test_clobber_r3 +.hidden abi_test_clobber_r3 +.align 4 +abi_test_clobber_r3: + mov r3, #0 + bx lr +.size abi_test_clobber_r3,.-abi_test_clobber_r3 +.type abi_test_clobber_r4, %function +.globl abi_test_clobber_r4 +.hidden abi_test_clobber_r4 +.align 4 +abi_test_clobber_r4: + mov r4, #0 + bx lr +.size abi_test_clobber_r4,.-abi_test_clobber_r4 +.type abi_test_clobber_r5, %function +.globl abi_test_clobber_r5 +.hidden abi_test_clobber_r5 +.align 4 +abi_test_clobber_r5: + mov r5, #0 + bx lr +.size abi_test_clobber_r5,.-abi_test_clobber_r5 +.type abi_test_clobber_r6, %function +.globl abi_test_clobber_r6 +.hidden abi_test_clobber_r6 +.align 4 +abi_test_clobber_r6: + mov r6, #0 + bx lr +.size abi_test_clobber_r6,.-abi_test_clobber_r6 +.type abi_test_clobber_r7, %function +.globl abi_test_clobber_r7 +.hidden abi_test_clobber_r7 +.align 4 +abi_test_clobber_r7: + mov r7, #0 + bx lr +.size abi_test_clobber_r7,.-abi_test_clobber_r7 +.type abi_test_clobber_r8, %function +.globl abi_test_clobber_r8 +.hidden abi_test_clobber_r8 +.align 4 +abi_test_clobber_r8: + mov r8, #0 + bx lr +.size abi_test_clobber_r8,.-abi_test_clobber_r8 +.type abi_test_clobber_r9, %function +.globl abi_test_clobber_r9 +.hidden abi_test_clobber_r9 +.align 4 +abi_test_clobber_r9: + mov r9, #0 + bx lr +.size abi_test_clobber_r9,.-abi_test_clobber_r9 +.type abi_test_clobber_r10, %function +.globl abi_test_clobber_r10 +.hidden abi_test_clobber_r10 +.align 4 +abi_test_clobber_r10: + mov r10, #0 + bx lr +.size abi_test_clobber_r10,.-abi_test_clobber_r10 +.type abi_test_clobber_r11, %function +.globl abi_test_clobber_r11 +.hidden abi_test_clobber_r11 +.align 4 +abi_test_clobber_r11: + mov r11, #0 + bx lr +.size abi_test_clobber_r11,.-abi_test_clobber_r11 +.type abi_test_clobber_r12, %function +.globl abi_test_clobber_r12 +.hidden abi_test_clobber_r12 +.align 4 +abi_test_clobber_r12: + mov r12, #0 + bx lr +.size abi_test_clobber_r12,.-abi_test_clobber_r12 +.type abi_test_clobber_d0, %function +.globl abi_test_clobber_d0 +.hidden abi_test_clobber_d0 +.align 4 +abi_test_clobber_d0: + mov r0, #0 + vmov s0, r0 + vmov s1, r0 + bx lr +.size abi_test_clobber_d0,.-abi_test_clobber_d0 +.type abi_test_clobber_d1, %function +.globl abi_test_clobber_d1 +.hidden abi_test_clobber_d1 +.align 4 +abi_test_clobber_d1: + mov r0, #0 + vmov s2, r0 + vmov s3, r0 + bx lr +.size abi_test_clobber_d1,.-abi_test_clobber_d1 +.type abi_test_clobber_d2, %function +.globl abi_test_clobber_d2 +.hidden abi_test_clobber_d2 +.align 4 +abi_test_clobber_d2: + mov r0, #0 + vmov s4, r0 + vmov s5, r0 + bx lr +.size abi_test_clobber_d2,.-abi_test_clobber_d2 +.type abi_test_clobber_d3, %function +.globl abi_test_clobber_d3 +.hidden abi_test_clobber_d3 +.align 4 +abi_test_clobber_d3: + mov r0, #0 + vmov s6, r0 + vmov s7, r0 + bx lr +.size abi_test_clobber_d3,.-abi_test_clobber_d3 +.type abi_test_clobber_d4, %function +.globl abi_test_clobber_d4 +.hidden abi_test_clobber_d4 +.align 4 +abi_test_clobber_d4: + mov r0, #0 + vmov s8, r0 + vmov s9, r0 + bx lr +.size abi_test_clobber_d4,.-abi_test_clobber_d4 +.type abi_test_clobber_d5, %function +.globl abi_test_clobber_d5 +.hidden abi_test_clobber_d5 +.align 4 +abi_test_clobber_d5: + mov r0, #0 + vmov s10, r0 + vmov s11, r0 + bx lr +.size abi_test_clobber_d5,.-abi_test_clobber_d5 +.type abi_test_clobber_d6, %function +.globl abi_test_clobber_d6 +.hidden abi_test_clobber_d6 +.align 4 +abi_test_clobber_d6: + mov r0, #0 + vmov s12, r0 + vmov s13, r0 + bx lr +.size abi_test_clobber_d6,.-abi_test_clobber_d6 +.type abi_test_clobber_d7, %function +.globl abi_test_clobber_d7 +.hidden abi_test_clobber_d7 +.align 4 +abi_test_clobber_d7: + mov r0, #0 + vmov s14, r0 + vmov s15, r0 + bx lr +.size abi_test_clobber_d7,.-abi_test_clobber_d7 +.type abi_test_clobber_d8, %function +.globl abi_test_clobber_d8 +.hidden abi_test_clobber_d8 +.align 4 +abi_test_clobber_d8: + mov r0, #0 + vmov s16, r0 + vmov s17, r0 + bx lr +.size abi_test_clobber_d8,.-abi_test_clobber_d8 +.type abi_test_clobber_d9, %function +.globl abi_test_clobber_d9 +.hidden abi_test_clobber_d9 +.align 4 +abi_test_clobber_d9: + mov r0, #0 + vmov s18, r0 + vmov s19, r0 + bx lr +.size abi_test_clobber_d9,.-abi_test_clobber_d9 +.type abi_test_clobber_d10, %function +.globl abi_test_clobber_d10 +.hidden abi_test_clobber_d10 +.align 4 +abi_test_clobber_d10: + mov r0, #0 + vmov s20, r0 + vmov s21, r0 + bx lr +.size abi_test_clobber_d10,.-abi_test_clobber_d10 +.type abi_test_clobber_d11, %function +.globl abi_test_clobber_d11 +.hidden abi_test_clobber_d11 +.align 4 +abi_test_clobber_d11: + mov r0, #0 + vmov s22, r0 + vmov s23, r0 + bx lr +.size abi_test_clobber_d11,.-abi_test_clobber_d11 +.type abi_test_clobber_d12, %function +.globl abi_test_clobber_d12 +.hidden abi_test_clobber_d12 +.align 4 +abi_test_clobber_d12: + mov r0, #0 + vmov s24, r0 + vmov s25, r0 + bx lr +.size abi_test_clobber_d12,.-abi_test_clobber_d12 +.type abi_test_clobber_d13, %function +.globl abi_test_clobber_d13 +.hidden abi_test_clobber_d13 +.align 4 +abi_test_clobber_d13: + mov r0, #0 + vmov s26, r0 + vmov s27, r0 + bx lr +.size abi_test_clobber_d13,.-abi_test_clobber_d13 +.type abi_test_clobber_d14, %function +.globl abi_test_clobber_d14 +.hidden abi_test_clobber_d14 +.align 4 +abi_test_clobber_d14: + mov r0, #0 + vmov s28, r0 + vmov s29, r0 + bx lr +.size abi_test_clobber_d14,.-abi_test_clobber_d14 +.type abi_test_clobber_d15, %function +.globl abi_test_clobber_d15 +.hidden abi_test_clobber_d15 +.align 4 +abi_test_clobber_d15: + mov r0, #0 + vmov s30, r0 + vmov s31, r0 + bx lr +.size abi_test_clobber_d15,.-abi_test_clobber_d15 +#endif +#endif // !OPENSSL_NO_ASM diff --git a/linux-x86/crypto/fipsmodule/aesni-x86.S b/linux-x86/crypto/fipsmodule/aesni-x86.S index b193966..bd0f271 100644 --- a/linux-x86/crypto/fipsmodule/aesni-x86.S +++ b/linux-x86/crypto/fipsmodule/aesni-x86.S @@ -6,12 +6,26 @@ #include #endif .text +#ifndef NDEBUG +#endif .globl aes_hw_encrypt .hidden aes_hw_encrypt .type aes_hw_encrypt,@function .align 16 aes_hw_encrypt: .L_aes_hw_encrypt_begin: +#ifndef NDEBUG + pushl %ebx + pushl %edx + call .L000pic +.L000pic: + popl %ebx + leal BORINGSSL_function_hit+1-.L000pic(%ebx),%ebx + movl $1,%edx + movb %dl,(%ebx) + popl %edx + popl %ebx +#endif movl 4(%esp),%eax movl 12(%esp),%edx movups (%eax),%xmm2 @@ -21,12 +35,12 @@ aes_hw_encrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L000enc1_loop_1: +.L001enc1_loop_1: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L000enc1_loop_1 + jnz .L001enc1_loop_1 .byte 102,15,56,221,209 pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 @@ -49,12 +63,12 @@ aes_hw_decrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L001dec1_loop_2: +.L002dec1_loop_2: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L001dec1_loop_2 + jnz .L002dec1_loop_2 .byte 102,15,56,223,209 pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 @@ -75,7 +89,7 @@ _aesni_encrypt2: leal 32(%edx,%ecx,1),%edx negl %ecx addl $16,%ecx -.L002enc2_loop: +.L003enc2_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 movups (%edx,%ecx,1),%xmm1 @@ -83,7 +97,7 @@ _aesni_encrypt2: .byte 102,15,56,220,208 .byte 102,15,56,220,216 movups -16(%edx,%ecx,1),%xmm0 - jnz .L002enc2_loop + jnz .L003enc2_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,221,208 @@ -103,7 +117,7 @@ _aesni_decrypt2: leal 32(%edx,%ecx,1),%edx negl %ecx addl $16,%ecx -.L003dec2_loop: +.L004dec2_loop: .byte 102,15,56,222,209 .byte 102,15,56,222,217 movups (%edx,%ecx,1),%xmm1 @@ -111,7 +125,7 @@ _aesni_decrypt2: .byte 102,15,56,222,208 .byte 102,15,56,222,216 movups -16(%edx,%ecx,1),%xmm0 - jnz .L003dec2_loop + jnz .L004dec2_loop .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,223,208 @@ -132,7 +146,7 @@ _aesni_encrypt3: leal 32(%edx,%ecx,1),%edx negl %ecx addl $16,%ecx -.L004enc3_loop: +.L005enc3_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -142,7 +156,7 @@ _aesni_encrypt3: .byte 102,15,56,220,216 .byte 102,15,56,220,224 movups -16(%edx,%ecx,1),%xmm0 - jnz .L004enc3_loop + jnz .L005enc3_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -165,7 +179,7 @@ _aesni_decrypt3: leal 32(%edx,%ecx,1),%edx negl %ecx addl $16,%ecx -.L005dec3_loop: +.L006dec3_loop: .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -175,7 +189,7 @@ _aesni_decrypt3: .byte 102,15,56,222,216 .byte 102,15,56,222,224 movups -16(%edx,%ecx,1),%xmm0 - jnz .L005dec3_loop + jnz .L006dec3_loop .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -200,7 +214,7 @@ _aesni_encrypt4: negl %ecx .byte 15,31,64,0 addl $16,%ecx -.L006enc4_loop: +.L007enc4_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -212,7 +226,7 @@ _aesni_encrypt4: .byte 102,15,56,220,224 .byte 102,15,56,220,232 movups -16(%edx,%ecx,1),%xmm0 - jnz .L006enc4_loop + jnz .L007enc4_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -239,7 +253,7 @@ _aesni_decrypt4: negl %ecx .byte 15,31,64,0 addl $16,%ecx -.L007dec4_loop: +.L008dec4_loop: .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -251,7 +265,7 @@ _aesni_decrypt4: .byte 102,15,56,222,224 .byte 102,15,56,222,232 movups -16(%edx,%ecx,1),%xmm0 - jnz .L007dec4_loop + jnz .L008dec4_loop .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -282,13 +296,13 @@ _aesni_encrypt6: pxor %xmm0,%xmm7 movups (%edx,%ecx,1),%xmm0 addl $16,%ecx - jmp .L008_aesni_encrypt6_inner + jmp .L009_aesni_encrypt6_inner .align 16 -.L009enc6_loop: +.L010enc6_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 -.L008_aesni_encrypt6_inner: +.L009_aesni_encrypt6_inner: .byte 102,15,56,220,233 .byte 102,15,56,220,241 .byte 102,15,56,220,249 @@ -302,7 +316,7 @@ _aesni_encrypt6: .byte 102,15,56,220,240 .byte 102,15,56,220,248 movups -16(%edx,%ecx,1),%xmm0 - jnz .L009enc6_loop + jnz .L010enc6_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -337,13 +351,13 @@ _aesni_decrypt6: pxor %xmm0,%xmm7 movups (%edx,%ecx,1),%xmm0 addl $16,%ecx - jmp .L010_aesni_decrypt6_inner + jmp .L011_aesni_decrypt6_inner .align 16 -.L011dec6_loop: +.L012dec6_loop: .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 -.L010_aesni_decrypt6_inner: +.L011_aesni_decrypt6_inner: .byte 102,15,56,222,233 .byte 102,15,56,222,241 .byte 102,15,56,222,249 @@ -357,7 +371,7 @@ _aesni_decrypt6: .byte 102,15,56,222,240 .byte 102,15,56,222,248 movups -16(%edx,%ecx,1),%xmm0 - jnz .L011dec6_loop + jnz .L012dec6_loop .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -388,14 +402,14 @@ aes_hw_ecb_encrypt: movl 32(%esp),%edx movl 36(%esp),%ebx andl $-16,%eax - jz .L012ecb_ret + jz .L013ecb_ret movl 240(%edx),%ecx testl %ebx,%ebx - jz .L013ecb_decrypt + jz .L014ecb_decrypt movl %edx,%ebp movl %ecx,%ebx cmpl $96,%eax - jb .L014ecb_enc_tail + jb .L015ecb_enc_tail movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -404,9 +418,9 @@ aes_hw_ecb_encrypt: movdqu 80(%esi),%xmm7 leal 96(%esi),%esi subl $96,%eax - jmp .L015ecb_enc_loop6_enter + jmp .L016ecb_enc_loop6_enter .align 16 -.L016ecb_enc_loop6: +.L017ecb_enc_loop6: movups %xmm2,(%edi) movdqu (%esi),%xmm2 movups %xmm3,16(%edi) @@ -421,12 +435,12 @@ aes_hw_ecb_encrypt: leal 96(%edi),%edi movdqu 80(%esi),%xmm7 leal 96(%esi),%esi -.L015ecb_enc_loop6_enter: +.L016ecb_enc_loop6_enter: call _aesni_encrypt6 movl %ebp,%edx movl %ebx,%ecx subl $96,%eax - jnc .L016ecb_enc_loop6 + jnc .L017ecb_enc_loop6 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) @@ -435,18 +449,18 @@ aes_hw_ecb_encrypt: movups %xmm7,80(%edi) leal 96(%edi),%edi addl $96,%eax - jz .L012ecb_ret -.L014ecb_enc_tail: + jz .L013ecb_ret +.L015ecb_enc_tail: movups (%esi),%xmm2 cmpl $32,%eax - jb .L017ecb_enc_one + jb .L018ecb_enc_one movups 16(%esi),%xmm3 - je .L018ecb_enc_two + je .L019ecb_enc_two movups 32(%esi),%xmm4 cmpl $64,%eax - jb .L019ecb_enc_three + jb .L020ecb_enc_three movups 48(%esi),%xmm5 - je .L020ecb_enc_four + je .L021ecb_enc_four movups 64(%esi),%xmm6 xorps %xmm7,%xmm7 call _aesni_encrypt6 @@ -455,49 +469,49 @@ aes_hw_ecb_encrypt: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp .L012ecb_ret + jmp .L013ecb_ret .align 16 -.L017ecb_enc_one: +.L018ecb_enc_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L021enc1_loop_3: +.L022enc1_loop_3: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L021enc1_loop_3 + jnz .L022enc1_loop_3 .byte 102,15,56,221,209 movups %xmm2,(%edi) - jmp .L012ecb_ret + jmp .L013ecb_ret .align 16 -.L018ecb_enc_two: +.L019ecb_enc_two: call _aesni_encrypt2 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp .L012ecb_ret + jmp .L013ecb_ret .align 16 -.L019ecb_enc_three: +.L020ecb_enc_three: call _aesni_encrypt3 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp .L012ecb_ret + jmp .L013ecb_ret .align 16 -.L020ecb_enc_four: +.L021ecb_enc_four: call _aesni_encrypt4 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) movups %xmm5,48(%edi) - jmp .L012ecb_ret + jmp .L013ecb_ret .align 16 -.L013ecb_decrypt: +.L014ecb_decrypt: movl %edx,%ebp movl %ecx,%ebx cmpl $96,%eax - jb .L022ecb_dec_tail + jb .L023ecb_dec_tail movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -506,9 +520,9 @@ aes_hw_ecb_encrypt: movdqu 80(%esi),%xmm7 leal 96(%esi),%esi subl $96,%eax - jmp .L023ecb_dec_loop6_enter + jmp .L024ecb_dec_loop6_enter .align 16 -.L024ecb_dec_loop6: +.L025ecb_dec_loop6: movups %xmm2,(%edi) movdqu (%esi),%xmm2 movups %xmm3,16(%edi) @@ -523,12 +537,12 @@ aes_hw_ecb_encrypt: leal 96(%edi),%edi movdqu 80(%esi),%xmm7 leal 96(%esi),%esi -.L023ecb_dec_loop6_enter: +.L024ecb_dec_loop6_enter: call _aesni_decrypt6 movl %ebp,%edx movl %ebx,%ecx subl $96,%eax - jnc .L024ecb_dec_loop6 + jnc .L025ecb_dec_loop6 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) @@ -537,18 +551,18 @@ aes_hw_ecb_encrypt: movups %xmm7,80(%edi) leal 96(%edi),%edi addl $96,%eax - jz .L012ecb_ret -.L022ecb_dec_tail: + jz .L013ecb_ret +.L023ecb_dec_tail: movups (%esi),%xmm2 cmpl $32,%eax - jb .L025ecb_dec_one + jb .L026ecb_dec_one movups 16(%esi),%xmm3 - je .L026ecb_dec_two + je .L027ecb_dec_two movups 32(%esi),%xmm4 cmpl $64,%eax - jb .L027ecb_dec_three + jb .L028ecb_dec_three movups 48(%esi),%xmm5 - je .L028ecb_dec_four + je .L029ecb_dec_four movups 64(%esi),%xmm6 xorps %xmm7,%xmm7 call _aesni_decrypt6 @@ -557,43 +571,43 @@ aes_hw_ecb_encrypt: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp .L012ecb_ret + jmp .L013ecb_ret .align 16 -.L025ecb_dec_one: +.L026ecb_dec_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L029dec1_loop_4: +.L030dec1_loop_4: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L029dec1_loop_4 + jnz .L030dec1_loop_4 .byte 102,15,56,223,209 movups %xmm2,(%edi) - jmp .L012ecb_ret + jmp .L013ecb_ret .align 16 -.L026ecb_dec_two: +.L027ecb_dec_two: call _aesni_decrypt2 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp .L012ecb_ret + jmp .L013ecb_ret .align 16 -.L027ecb_dec_three: +.L028ecb_dec_three: call _aesni_decrypt3 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp .L012ecb_ret + jmp .L013ecb_ret .align 16 -.L028ecb_dec_four: +.L029ecb_dec_four: call _aesni_decrypt4 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) movups %xmm5,48(%edi) -.L012ecb_ret: +.L013ecb_ret: pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -649,7 +663,7 @@ aes_hw_ccm64_encrypt_blocks: leal 32(%edx,%ecx,1),%edx subl %ecx,%ebx .byte 102,15,56,0,253 -.L030ccm64_enc_outer: +.L031ccm64_enc_outer: movups (%ebp),%xmm0 movl %ebx,%ecx movups (%esi),%xmm6 @@ -658,7 +672,7 @@ aes_hw_ccm64_encrypt_blocks: xorps %xmm6,%xmm0 xorps %xmm0,%xmm3 movups 32(%ebp),%xmm0 -.L031ccm64_enc2_loop: +.L032ccm64_enc2_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 movups (%edx,%ecx,1),%xmm1 @@ -666,7 +680,7 @@ aes_hw_ccm64_encrypt_blocks: .byte 102,15,56,220,208 .byte 102,15,56,220,216 movups -16(%edx,%ecx,1),%xmm0 - jnz .L031ccm64_enc2_loop + jnz .L032ccm64_enc2_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 paddq 16(%esp),%xmm7 @@ -679,7 +693,7 @@ aes_hw_ccm64_encrypt_blocks: movups %xmm6,(%edi) .byte 102,15,56,0,213 leal 16(%edi),%edi - jnz .L030ccm64_enc_outer + jnz .L031ccm64_enc_outer movl 48(%esp),%esp movl 40(%esp),%edi movups %xmm3,(%edi) @@ -739,12 +753,12 @@ aes_hw_ccm64_decrypt_blocks: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L032enc1_loop_5: +.L033enc1_loop_5: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L032enc1_loop_5 + jnz .L033enc1_loop_5 .byte 102,15,56,221,209 shll $4,%ebx movl $16,%ecx @@ -754,16 +768,16 @@ aes_hw_ccm64_decrypt_blocks: subl %ebx,%ecx leal 32(%ebp,%ebx,1),%edx movl %ecx,%ebx - jmp .L033ccm64_dec_outer + jmp .L034ccm64_dec_outer .align 16 -.L033ccm64_dec_outer: +.L034ccm64_dec_outer: xorps %xmm2,%xmm6 movdqa %xmm7,%xmm2 movups %xmm6,(%edi) leal 16(%edi),%edi .byte 102,15,56,0,213 subl $1,%eax - jz .L034ccm64_dec_break + jz .L035ccm64_dec_break movups (%ebp),%xmm0 movl %ebx,%ecx movups 16(%ebp),%xmm1 @@ -771,7 +785,7 @@ aes_hw_ccm64_decrypt_blocks: xorps %xmm0,%xmm2 xorps %xmm6,%xmm3 movups 32(%ebp),%xmm0 -.L035ccm64_dec2_loop: +.L036ccm64_dec2_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 movups (%edx,%ecx,1),%xmm1 @@ -779,7 +793,7 @@ aes_hw_ccm64_decrypt_blocks: .byte 102,15,56,220,208 .byte 102,15,56,220,216 movups -16(%edx,%ecx,1),%xmm0 - jnz .L035ccm64_dec2_loop + jnz .L036ccm64_dec2_loop movups (%esi),%xmm6 paddq 16(%esp),%xmm7 .byte 102,15,56,220,209 @@ -787,9 +801,9 @@ aes_hw_ccm64_decrypt_blocks: .byte 102,15,56,221,208 .byte 102,15,56,221,216 leal 16(%esi),%esi - jmp .L033ccm64_dec_outer + jmp .L034ccm64_dec_outer .align 16 -.L034ccm64_dec_break: +.L035ccm64_dec_break: movl 240(%ebp),%ecx movl %ebp,%edx movups (%edx),%xmm0 @@ -797,12 +811,12 @@ aes_hw_ccm64_decrypt_blocks: xorps %xmm0,%xmm6 leal 32(%edx),%edx xorps %xmm6,%xmm3 -.L036enc1_loop_6: +.L037enc1_loop_6: .byte 102,15,56,220,217 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L036enc1_loop_6 + jnz .L037enc1_loop_6 .byte 102,15,56,221,217 movl 48(%esp),%esp movl 40(%esp),%edi @@ -831,6 +845,18 @@ aes_hw_ctr32_encrypt_blocks: pushl %ebx pushl %esi pushl %edi +#ifndef NDEBUG + pushl %ebx + pushl %edx + call .L038pic +.L038pic: + popl %ebx + leal BORINGSSL_function_hit+0-.L038pic(%ebx),%ebx + movl $1,%edx + movb %dl,(%ebx) + popl %edx + popl %ebx +#endif movl 20(%esp),%esi movl 24(%esp),%edi movl 28(%esp),%eax @@ -841,7 +867,7 @@ aes_hw_ctr32_encrypt_blocks: andl $-16,%esp movl %ebp,80(%esp) cmpl $1,%eax - je .L037ctr32_one_shortcut + je .L039ctr32_one_shortcut movdqu (%ebx),%xmm7 movl $202182159,(%esp) movl $134810123,4(%esp) @@ -879,7 +905,7 @@ aes_hw_ctr32_encrypt_blocks: pshufd $192,%xmm0,%xmm2 pshufd $128,%xmm0,%xmm3 cmpl $6,%eax - jb .L038ctr32_tail + jb .L040ctr32_tail pxor %xmm6,%xmm7 shll $4,%ecx movl $16,%ebx @@ -888,9 +914,9 @@ aes_hw_ctr32_encrypt_blocks: subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx subl $6,%eax - jmp .L039ctr32_loop6 + jmp .L041ctr32_loop6 .align 16 -.L039ctr32_loop6: +.L041ctr32_loop6: pshufd $64,%xmm0,%xmm4 movdqa 32(%esp),%xmm0 pshufd $192,%xmm1,%xmm5 @@ -944,27 +970,27 @@ aes_hw_ctr32_encrypt_blocks: leal 96(%edi),%edi pshufd $128,%xmm0,%xmm3 subl $6,%eax - jnc .L039ctr32_loop6 + jnc .L041ctr32_loop6 addl $6,%eax - jz .L040ctr32_ret + jz .L042ctr32_ret movdqu (%ebp),%xmm7 movl %ebp,%edx pxor 32(%esp),%xmm7 movl 240(%ebp),%ecx -.L038ctr32_tail: +.L040ctr32_tail: por %xmm7,%xmm2 cmpl $2,%eax - jb .L041ctr32_one + jb .L043ctr32_one pshufd $64,%xmm0,%xmm4 por %xmm7,%xmm3 - je .L042ctr32_two + je .L044ctr32_two pshufd $192,%xmm1,%xmm5 por %xmm7,%xmm4 cmpl $4,%eax - jb .L043ctr32_three + jb .L045ctr32_three pshufd $128,%xmm1,%xmm6 por %xmm7,%xmm5 - je .L044ctr32_four + je .L046ctr32_four por %xmm7,%xmm6 call _aesni_encrypt6 movups (%esi),%xmm1 @@ -982,29 +1008,29 @@ aes_hw_ctr32_encrypt_blocks: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp .L040ctr32_ret + jmp .L042ctr32_ret .align 16 -.L037ctr32_one_shortcut: +.L039ctr32_one_shortcut: movups (%ebx),%xmm2 movl 240(%edx),%ecx -.L041ctr32_one: +.L043ctr32_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L045enc1_loop_7: +.L047enc1_loop_7: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L045enc1_loop_7 + jnz .L047enc1_loop_7 .byte 102,15,56,221,209 movups (%esi),%xmm6 xorps %xmm2,%xmm6 movups %xmm6,(%edi) - jmp .L040ctr32_ret + jmp .L042ctr32_ret .align 16 -.L042ctr32_two: +.L044ctr32_two: call _aesni_encrypt2 movups (%esi),%xmm5 movups 16(%esi),%xmm6 @@ -1012,9 +1038,9 @@ aes_hw_ctr32_encrypt_blocks: xorps %xmm6,%xmm3 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp .L040ctr32_ret + jmp .L042ctr32_ret .align 16 -.L043ctr32_three: +.L045ctr32_three: call _aesni_encrypt3 movups (%esi),%xmm5 movups 16(%esi),%xmm6 @@ -1025,9 +1051,9 @@ aes_hw_ctr32_encrypt_blocks: xorps %xmm7,%xmm4 movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp .L040ctr32_ret + jmp .L042ctr32_ret .align 16 -.L044ctr32_four: +.L046ctr32_four: call _aesni_encrypt4 movups (%esi),%xmm6 movups 16(%esi),%xmm7 @@ -1041,7 +1067,7 @@ aes_hw_ctr32_encrypt_blocks: xorps %xmm0,%xmm5 movups %xmm4,32(%edi) movups %xmm5,48(%edi) -.L040ctr32_ret: +.L042ctr32_ret: pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -1078,12 +1104,12 @@ aes_hw_xts_encrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L046enc1_loop_8: +.L048enc1_loop_8: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L046enc1_loop_8 + jnz .L048enc1_loop_8 .byte 102,15,56,221,209 movl 20(%esp),%esi movl 24(%esp),%edi @@ -1107,14 +1133,14 @@ aes_hw_xts_encrypt: movl %edx,%ebp movl %ecx,%ebx subl $96,%eax - jc .L047xts_enc_short + jc .L049xts_enc_short shll $4,%ecx movl $16,%ebx subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx - jmp .L048xts_enc_loop6 + jmp .L050xts_enc_loop6 .align 16 -.L048xts_enc_loop6: +.L050xts_enc_loop6: pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,(%esp) @@ -1203,23 +1229,23 @@ aes_hw_xts_encrypt: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 subl $96,%eax - jnc .L048xts_enc_loop6 + jnc .L050xts_enc_loop6 movl 240(%ebp),%ecx movl %ebp,%edx movl %ecx,%ebx -.L047xts_enc_short: +.L049xts_enc_short: addl $96,%eax - jz .L049xts_enc_done6x + jz .L051xts_enc_done6x movdqa %xmm1,%xmm5 cmpl $32,%eax - jb .L050xts_enc_one + jb .L052xts_enc_one pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 paddq %xmm1,%xmm1 pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 - je .L051xts_enc_two + je .L053xts_enc_two pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm6 @@ -1228,7 +1254,7 @@ aes_hw_xts_encrypt: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 cmpl $64,%eax - jb .L052xts_enc_three + jb .L054xts_enc_three pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm7 @@ -1238,7 +1264,7 @@ aes_hw_xts_encrypt: pxor %xmm2,%xmm1 movdqa %xmm5,(%esp) movdqa %xmm6,16(%esp) - je .L053xts_enc_four + je .L055xts_enc_four movdqa %xmm7,32(%esp) pshufd $19,%xmm0,%xmm7 movdqa %xmm1,48(%esp) @@ -1270,9 +1296,9 @@ aes_hw_xts_encrypt: movups %xmm5,48(%edi) movups %xmm6,64(%edi) leal 80(%edi),%edi - jmp .L054xts_enc_done + jmp .L056xts_enc_done .align 16 -.L050xts_enc_one: +.L052xts_enc_one: movups (%esi),%xmm2 leal 16(%esi),%esi xorps %xmm5,%xmm2 @@ -1280,20 +1306,20 @@ aes_hw_xts_encrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L055enc1_loop_9: +.L057enc1_loop_9: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L055enc1_loop_9 + jnz .L057enc1_loop_9 .byte 102,15,56,221,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) leal 16(%edi),%edi movdqa %xmm5,%xmm1 - jmp .L054xts_enc_done + jmp .L056xts_enc_done .align 16 -.L051xts_enc_two: +.L053xts_enc_two: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1307,9 +1333,9 @@ aes_hw_xts_encrypt: movups %xmm3,16(%edi) leal 32(%edi),%edi movdqa %xmm6,%xmm1 - jmp .L054xts_enc_done + jmp .L056xts_enc_done .align 16 -.L052xts_enc_three: +.L054xts_enc_three: movaps %xmm1,%xmm7 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1327,9 +1353,9 @@ aes_hw_xts_encrypt: movups %xmm4,32(%edi) leal 48(%edi),%edi movdqa %xmm7,%xmm1 - jmp .L054xts_enc_done + jmp .L056xts_enc_done .align 16 -.L053xts_enc_four: +.L055xts_enc_four: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1351,28 +1377,28 @@ aes_hw_xts_encrypt: movups %xmm5,48(%edi) leal 64(%edi),%edi movdqa %xmm6,%xmm1 - jmp .L054xts_enc_done + jmp .L056xts_enc_done .align 16 -.L049xts_enc_done6x: +.L051xts_enc_done6x: movl 112(%esp),%eax andl $15,%eax - jz .L056xts_enc_ret + jz .L058xts_enc_ret movdqa %xmm1,%xmm5 movl %eax,112(%esp) - jmp .L057xts_enc_steal + jmp .L059xts_enc_steal .align 16 -.L054xts_enc_done: +.L056xts_enc_done: movl 112(%esp),%eax pxor %xmm0,%xmm0 andl $15,%eax - jz .L056xts_enc_ret + jz .L058xts_enc_ret pcmpgtd %xmm1,%xmm0 movl %eax,112(%esp) pshufd $19,%xmm0,%xmm5 paddq %xmm1,%xmm1 pand 96(%esp),%xmm5 pxor %xmm1,%xmm5 -.L057xts_enc_steal: +.L059xts_enc_steal: movzbl (%esi),%ecx movzbl -16(%edi),%edx leal 1(%esi),%esi @@ -1380,7 +1406,7 @@ aes_hw_xts_encrypt: movb %dl,(%edi) leal 1(%edi),%edi subl $1,%eax - jnz .L057xts_enc_steal + jnz .L059xts_enc_steal subl 112(%esp),%edi movl %ebp,%edx movl %ebx,%ecx @@ -1390,16 +1416,16 @@ aes_hw_xts_encrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L058enc1_loop_10: +.L060enc1_loop_10: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L058enc1_loop_10 + jnz .L060enc1_loop_10 .byte 102,15,56,221,209 xorps %xmm5,%xmm2 movups %xmm2,-16(%edi) -.L056xts_enc_ret: +.L058xts_enc_ret: pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -1439,12 +1465,12 @@ aes_hw_xts_decrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L059enc1_loop_11: +.L061enc1_loop_11: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L059enc1_loop_11 + jnz .L061enc1_loop_11 .byte 102,15,56,221,209 movl 20(%esp),%esi movl 24(%esp),%edi @@ -1473,14 +1499,14 @@ aes_hw_xts_decrypt: pcmpgtd %xmm1,%xmm0 andl $-16,%eax subl $96,%eax - jc .L060xts_dec_short + jc .L062xts_dec_short shll $4,%ecx movl $16,%ebx subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx - jmp .L061xts_dec_loop6 + jmp .L063xts_dec_loop6 .align 16 -.L061xts_dec_loop6: +.L063xts_dec_loop6: pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,(%esp) @@ -1569,23 +1595,23 @@ aes_hw_xts_decrypt: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 subl $96,%eax - jnc .L061xts_dec_loop6 + jnc .L063xts_dec_loop6 movl 240(%ebp),%ecx movl %ebp,%edx movl %ecx,%ebx -.L060xts_dec_short: +.L062xts_dec_short: addl $96,%eax - jz .L062xts_dec_done6x + jz .L064xts_dec_done6x movdqa %xmm1,%xmm5 cmpl $32,%eax - jb .L063xts_dec_one + jb .L065xts_dec_one pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 paddq %xmm1,%xmm1 pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 - je .L064xts_dec_two + je .L066xts_dec_two pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm6 @@ -1594,7 +1620,7 @@ aes_hw_xts_decrypt: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 cmpl $64,%eax - jb .L065xts_dec_three + jb .L067xts_dec_three pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm7 @@ -1604,7 +1630,7 @@ aes_hw_xts_decrypt: pxor %xmm2,%xmm1 movdqa %xmm5,(%esp) movdqa %xmm6,16(%esp) - je .L066xts_dec_four + je .L068xts_dec_four movdqa %xmm7,32(%esp) pshufd $19,%xmm0,%xmm7 movdqa %xmm1,48(%esp) @@ -1636,9 +1662,9 @@ aes_hw_xts_decrypt: movups %xmm5,48(%edi) movups %xmm6,64(%edi) leal 80(%edi),%edi - jmp .L067xts_dec_done + jmp .L069xts_dec_done .align 16 -.L063xts_dec_one: +.L065xts_dec_one: movups (%esi),%xmm2 leal 16(%esi),%esi xorps %xmm5,%xmm2 @@ -1646,20 +1672,20 @@ aes_hw_xts_decrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L068dec1_loop_12: +.L070dec1_loop_12: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L068dec1_loop_12 + jnz .L070dec1_loop_12 .byte 102,15,56,223,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) leal 16(%edi),%edi movdqa %xmm5,%xmm1 - jmp .L067xts_dec_done + jmp .L069xts_dec_done .align 16 -.L064xts_dec_two: +.L066xts_dec_two: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1673,9 +1699,9 @@ aes_hw_xts_decrypt: movups %xmm3,16(%edi) leal 32(%edi),%edi movdqa %xmm6,%xmm1 - jmp .L067xts_dec_done + jmp .L069xts_dec_done .align 16 -.L065xts_dec_three: +.L067xts_dec_three: movaps %xmm1,%xmm7 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1693,9 +1719,9 @@ aes_hw_xts_decrypt: movups %xmm4,32(%edi) leal 48(%edi),%edi movdqa %xmm7,%xmm1 - jmp .L067xts_dec_done + jmp .L069xts_dec_done .align 16 -.L066xts_dec_four: +.L068xts_dec_four: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1717,20 +1743,20 @@ aes_hw_xts_decrypt: movups %xmm5,48(%edi) leal 64(%edi),%edi movdqa %xmm6,%xmm1 - jmp .L067xts_dec_done + jmp .L069xts_dec_done .align 16 -.L062xts_dec_done6x: +.L064xts_dec_done6x: movl 112(%esp),%eax andl $15,%eax - jz .L069xts_dec_ret + jz .L071xts_dec_ret movl %eax,112(%esp) - jmp .L070xts_dec_only_one_more + jmp .L072xts_dec_only_one_more .align 16 -.L067xts_dec_done: +.L069xts_dec_done: movl 112(%esp),%eax pxor %xmm0,%xmm0 andl $15,%eax - jz .L069xts_dec_ret + jz .L071xts_dec_ret pcmpgtd %xmm1,%xmm0 movl %eax,112(%esp) pshufd $19,%xmm0,%xmm2 @@ -1740,7 +1766,7 @@ aes_hw_xts_decrypt: pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 -.L070xts_dec_only_one_more: +.L072xts_dec_only_one_more: pshufd $19,%xmm0,%xmm5 movdqa %xmm1,%xmm6 paddq %xmm1,%xmm1 @@ -1754,16 +1780,16 @@ aes_hw_xts_decrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L071dec1_loop_13: +.L073dec1_loop_13: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L071dec1_loop_13 + jnz .L073dec1_loop_13 .byte 102,15,56,223,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) -.L072xts_dec_steal: +.L074xts_dec_steal: movzbl 16(%esi),%ecx movzbl (%edi),%edx leal 1(%esi),%esi @@ -1771,7 +1797,7 @@ aes_hw_xts_decrypt: movb %dl,16(%edi) leal 1(%edi),%edi subl $1,%eax - jnz .L072xts_dec_steal + jnz .L074xts_dec_steal subl 112(%esp),%edi movl %ebp,%edx movl %ebx,%ecx @@ -1781,16 +1807,16 @@ aes_hw_xts_decrypt: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L073dec1_loop_14: +.L075dec1_loop_14: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L073dec1_loop_14 + jnz .L075dec1_loop_14 .byte 102,15,56,223,209 xorps %xmm6,%xmm2 movups %xmm2,(%edi) -.L069xts_dec_ret: +.L071xts_dec_ret: pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -1831,7 +1857,7 @@ aes_hw_cbc_encrypt: movl 32(%esp),%edx movl 36(%esp),%ebp testl %eax,%eax - jz .L074cbc_abort + jz .L076cbc_abort cmpl $0,40(%esp) xchgl %esp,%ebx movups (%ebp),%xmm7 @@ -1839,14 +1865,14 @@ aes_hw_cbc_encrypt: movl %edx,%ebp movl %ebx,16(%esp) movl %ecx,%ebx - je .L075cbc_decrypt + je .L077cbc_decrypt movaps %xmm7,%xmm2 cmpl $16,%eax - jb .L076cbc_enc_tail + jb .L078cbc_enc_tail subl $16,%eax - jmp .L077cbc_enc_loop + jmp .L079cbc_enc_loop .align 16 -.L077cbc_enc_loop: +.L079cbc_enc_loop: movups (%esi),%xmm7 leal 16(%esi),%esi movups (%edx),%xmm0 @@ -1854,25 +1880,25 @@ aes_hw_cbc_encrypt: xorps %xmm0,%xmm7 leal 32(%edx),%edx xorps %xmm7,%xmm2 -.L078enc1_loop_15: +.L080enc1_loop_15: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L078enc1_loop_15 + jnz .L080enc1_loop_15 .byte 102,15,56,221,209 movl %ebx,%ecx movl %ebp,%edx movups %xmm2,(%edi) leal 16(%edi),%edi subl $16,%eax - jnc .L077cbc_enc_loop + jnc .L079cbc_enc_loop addl $16,%eax - jnz .L076cbc_enc_tail + jnz .L078cbc_enc_tail movaps %xmm2,%xmm7 pxor %xmm2,%xmm2 - jmp .L079cbc_ret -.L076cbc_enc_tail: + jmp .L081cbc_ret +.L078cbc_enc_tail: movl %eax,%ecx .long 2767451785 movl $16,%ecx @@ -1883,20 +1909,20 @@ aes_hw_cbc_encrypt: movl %ebx,%ecx movl %edi,%esi movl %ebp,%edx - jmp .L077cbc_enc_loop + jmp .L079cbc_enc_loop .align 16 -.L075cbc_decrypt: +.L077cbc_decrypt: cmpl $80,%eax - jbe .L080cbc_dec_tail + jbe .L082cbc_dec_tail movaps %xmm7,(%esp) subl $80,%eax - jmp .L081cbc_dec_loop6_enter + jmp .L083cbc_dec_loop6_enter .align 16 -.L082cbc_dec_loop6: +.L084cbc_dec_loop6: movaps %xmm0,(%esp) movups %xmm7,(%edi) leal 16(%edi),%edi -.L081cbc_dec_loop6_enter: +.L083cbc_dec_loop6_enter: movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -1926,28 +1952,28 @@ aes_hw_cbc_encrypt: movups %xmm6,64(%edi) leal 80(%edi),%edi subl $96,%eax - ja .L082cbc_dec_loop6 + ja .L084cbc_dec_loop6 movaps %xmm7,%xmm2 movaps %xmm0,%xmm7 addl $80,%eax - jle .L083cbc_dec_clear_tail_collected + jle .L085cbc_dec_clear_tail_collected movups %xmm2,(%edi) leal 16(%edi),%edi -.L080cbc_dec_tail: +.L082cbc_dec_tail: movups (%esi),%xmm2 movaps %xmm2,%xmm6 cmpl $16,%eax - jbe .L084cbc_dec_one + jbe .L086cbc_dec_one movups 16(%esi),%xmm3 movaps %xmm3,%xmm5 cmpl $32,%eax - jbe .L085cbc_dec_two + jbe .L087cbc_dec_two movups 32(%esi),%xmm4 cmpl $48,%eax - jbe .L086cbc_dec_three + jbe .L088cbc_dec_three movups 48(%esi),%xmm5 cmpl $64,%eax - jbe .L087cbc_dec_four + jbe .L089cbc_dec_four movups 64(%esi),%xmm6 movaps %xmm7,(%esp) movups (%esi),%xmm2 @@ -1974,26 +2000,26 @@ aes_hw_cbc_encrypt: movaps %xmm6,%xmm2 pxor %xmm6,%xmm6 subl $80,%eax - jmp .L088cbc_dec_tail_collected + jmp .L090cbc_dec_tail_collected .align 16 -.L084cbc_dec_one: +.L086cbc_dec_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -.L089dec1_loop_16: +.L091dec1_loop_16: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz .L089dec1_loop_16 + jnz .L091dec1_loop_16 .byte 102,15,56,223,209 xorps %xmm7,%xmm2 movaps %xmm6,%xmm7 subl $16,%eax - jmp .L088cbc_dec_tail_collected + jmp .L090cbc_dec_tail_collected .align 16 -.L085cbc_dec_two: +.L087cbc_dec_two: call _aesni_decrypt2 xorps %xmm7,%xmm2 xorps %xmm6,%xmm3 @@ -2003,9 +2029,9 @@ aes_hw_cbc_encrypt: leal 16(%edi),%edi movaps %xmm5,%xmm7 subl $32,%eax - jmp .L088cbc_dec_tail_collected + jmp .L090cbc_dec_tail_collected .align 16 -.L086cbc_dec_three: +.L088cbc_dec_three: call _aesni_decrypt3 xorps %xmm7,%xmm2 xorps %xmm6,%xmm3 @@ -2018,9 +2044,9 @@ aes_hw_cbc_encrypt: leal 32(%edi),%edi movups 32(%esi),%xmm7 subl $48,%eax - jmp .L088cbc_dec_tail_collected + jmp .L090cbc_dec_tail_collected .align 16 -.L087cbc_dec_four: +.L089cbc_dec_four: call _aesni_decrypt4 movups 16(%esi),%xmm1 movups 32(%esi),%xmm0 @@ -2038,21 +2064,21 @@ aes_hw_cbc_encrypt: movaps %xmm5,%xmm2 pxor %xmm5,%xmm5 subl $64,%eax - jmp .L088cbc_dec_tail_collected + jmp .L090cbc_dec_tail_collected .align 16 -.L083cbc_dec_clear_tail_collected: +.L085cbc_dec_clear_tail_collected: pxor %xmm3,%xmm3 pxor %xmm4,%xmm4 pxor %xmm5,%xmm5 pxor %xmm6,%xmm6 -.L088cbc_dec_tail_collected: +.L090cbc_dec_tail_collected: andl $15,%eax - jnz .L090cbc_dec_tail_partial + jnz .L092cbc_dec_tail_partial movups %xmm2,(%edi) pxor %xmm0,%xmm0 - jmp .L079cbc_ret + jmp .L081cbc_ret .align 16 -.L090cbc_dec_tail_partial: +.L092cbc_dec_tail_partial: movaps %xmm2,(%esp) pxor %xmm0,%xmm0 movl $16,%ecx @@ -2060,14 +2086,14 @@ aes_hw_cbc_encrypt: subl %eax,%ecx .long 2767451785 movdqa %xmm2,(%esp) -.L079cbc_ret: +.L081cbc_ret: movl 16(%esp),%esp movl 36(%esp),%ebp pxor %xmm2,%xmm2 pxor %xmm1,%xmm1 movups %xmm7,(%ebp) pxor %xmm7,%xmm7 -.L074cbc_abort: +.L076cbc_abort: popl %edi popl %esi popl %ebx @@ -2081,13 +2107,13 @@ _aesni_set_encrypt_key: pushl %ebp pushl %ebx testl %eax,%eax - jz .L091bad_pointer + jz .L093bad_pointer testl %edx,%edx - jz .L091bad_pointer - call .L092pic -.L092pic: + jz .L093bad_pointer + call .L094pic +.L094pic: popl %ebx - leal .Lkey_const-.L092pic(%ebx),%ebx + leal .Lkey_const-.L094pic(%ebx),%ebx leal OPENSSL_ia32cap_P-.Lkey_const(%ebx),%ebp movups (%eax),%xmm0 xorps %xmm4,%xmm4 @@ -2095,45 +2121,45 @@ _aesni_set_encrypt_key: leal 16(%edx),%edx andl $268437504,%ebp cmpl $256,%ecx - je .L09314rounds + je .L09514rounds cmpl $192,%ecx - je .L09412rounds + je .L09612rounds cmpl $128,%ecx - jne .L095bad_keybits + jne .L097bad_keybits .align 16 -.L09610rounds: +.L09810rounds: cmpl $268435456,%ebp - je .L09710rounds_alt + je .L09910rounds_alt movl $9,%ecx movups %xmm0,-16(%edx) .byte 102,15,58,223,200,1 - call .L098key_128_cold + call .L100key_128_cold .byte 102,15,58,223,200,2 - call .L099key_128 + call .L101key_128 .byte 102,15,58,223,200,4 - call .L099key_128 + call .L101key_128 .byte 102,15,58,223,200,8 - call .L099key_128 + call .L101key_128 .byte 102,15,58,223,200,16 - call .L099key_128 + call .L101key_128 .byte 102,15,58,223,200,32 - call .L099key_128 + call .L101key_128 .byte 102,15,58,223,200,64 - call .L099key_128 + call .L101key_128 .byte 102,15,58,223,200,128 - call .L099key_128 + call .L101key_128 .byte 102,15,58,223,200,27 - call .L099key_128 + call .L101key_128 .byte 102,15,58,223,200,54 - call .L099key_128 + call .L101key_128 movups %xmm0,(%edx) movl %ecx,80(%edx) - jmp .L100good_key + jmp .L102good_key .align 16 -.L099key_128: +.L101key_128: movups %xmm0,(%edx) leal 16(%edx),%edx -.L098key_128_cold: +.L100key_128_cold: shufps $16,%xmm0,%xmm4 xorps %xmm4,%xmm0 shufps $140,%xmm0,%xmm4 @@ -2142,13 +2168,13 @@ _aesni_set_encrypt_key: xorps %xmm1,%xmm0 ret .align 16 -.L09710rounds_alt: +.L09910rounds_alt: movdqa (%ebx),%xmm5 movl $8,%ecx movdqa 32(%ebx),%xmm4 movdqa %xmm0,%xmm2 movdqu %xmm0,-16(%edx) -.L101loop_key128: +.L103loop_key128: .byte 102,15,56,0,197 .byte 102,15,56,221,196 pslld $1,%xmm4 @@ -2164,7 +2190,7 @@ _aesni_set_encrypt_key: movdqu %xmm0,-16(%edx) movdqa %xmm0,%xmm2 decl %ecx - jnz .L101loop_key128 + jnz .L103loop_key128 movdqa 48(%ebx),%xmm4 .byte 102,15,56,0,197 .byte 102,15,56,221,196 @@ -2192,41 +2218,41 @@ _aesni_set_encrypt_key: movdqu %xmm0,16(%edx) movl $9,%ecx movl %ecx,96(%edx) - jmp .L100good_key + jmp .L102good_key .align 16 -.L09412rounds: +.L09612rounds: movq 16(%eax),%xmm2 cmpl $268435456,%ebp - je .L10212rounds_alt + je .L10412rounds_alt movl $11,%ecx movups %xmm0,-16(%edx) .byte 102,15,58,223,202,1 - call .L103key_192a_cold + call .L105key_192a_cold .byte 102,15,58,223,202,2 - call .L104key_192b + call .L106key_192b .byte 102,15,58,223,202,4 - call .L105key_192a + call .L107key_192a .byte 102,15,58,223,202,8 - call .L104key_192b + call .L106key_192b .byte 102,15,58,223,202,16 - call .L105key_192a + call .L107key_192a .byte 102,15,58,223,202,32 - call .L104key_192b + call .L106key_192b .byte 102,15,58,223,202,64 - call .L105key_192a + call .L107key_192a .byte 102,15,58,223,202,128 - call .L104key_192b + call .L106key_192b movups %xmm0,(%edx) movl %ecx,48(%edx) - jmp .L100good_key + jmp .L102good_key .align 16 -.L105key_192a: +.L107key_192a: movups %xmm0,(%edx) leal 16(%edx),%edx .align 16 -.L103key_192a_cold: +.L105key_192a_cold: movaps %xmm2,%xmm5 -.L106key_192b_warm: +.L108key_192b_warm: shufps $16,%xmm0,%xmm4 movdqa %xmm2,%xmm3 xorps %xmm4,%xmm0 @@ -2240,21 +2266,21 @@ _aesni_set_encrypt_key: pxor %xmm3,%xmm2 ret .align 16 -.L104key_192b: +.L106key_192b: movaps %xmm0,%xmm3 shufps $68,%xmm0,%xmm5 movups %xmm5,(%edx) shufps $78,%xmm2,%xmm3 movups %xmm3,16(%edx) leal 32(%edx),%edx - jmp .L106key_192b_warm + jmp .L108key_192b_warm .align 16 -.L10212rounds_alt: +.L10412rounds_alt: movdqa 16(%ebx),%xmm5 movdqa 32(%ebx),%xmm4 movl $8,%ecx movdqu %xmm0,-16(%edx) -.L107loop_key192: +.L109loop_key192: movq %xmm2,(%edx) movdqa %xmm2,%xmm1 .byte 102,15,56,0,213 @@ -2276,54 +2302,54 @@ _aesni_set_encrypt_key: pxor %xmm3,%xmm2 movdqu %xmm0,-16(%edx) decl %ecx - jnz .L107loop_key192 + jnz .L109loop_key192 movl $11,%ecx movl %ecx,32(%edx) - jmp .L100good_key + jmp .L102good_key .align 16 -.L09314rounds: +.L09514rounds: movups 16(%eax),%xmm2 leal 16(%edx),%edx cmpl $268435456,%ebp - je .L10814rounds_alt + je .L11014rounds_alt movl $13,%ecx movups %xmm0,-32(%edx) movups %xmm2,-16(%edx) .byte 102,15,58,223,202,1 - call .L109key_256a_cold + call .L111key_256a_cold .byte 102,15,58,223,200,1 - call .L110key_256b + call .L112key_256b .byte 102,15,58,223,202,2 - call .L111key_256a + call .L113key_256a .byte 102,15,58,223,200,2 - call .L110key_256b + call .L112key_256b .byte 102,15,58,223,202,4 - call .L111key_256a + call .L113key_256a .byte 102,15,58,223,200,4 - call .L110key_256b + call .L112key_256b .byte 102,15,58,223,202,8 - call .L111key_256a + call .L113key_256a .byte 102,15,58,223,200,8 - call .L110key_256b + call .L112key_256b .byte 102,15,58,223,202,16 - call .L111key_256a + call .L113key_256a .byte 102,15,58,223,200,16 - call .L110key_256b + call .L112key_256b .byte 102,15,58,223,202,32 - call .L111key_256a + call .L113key_256a .byte 102,15,58,223,200,32 - call .L110key_256b + call .L112key_256b .byte 102,15,58,223,202,64 - call .L111key_256a + call .L113key_256a movups %xmm0,(%edx) movl %ecx,16(%edx) xorl %eax,%eax - jmp .L100good_key + jmp .L102good_key .align 16 -.L111key_256a: +.L113key_256a: movups %xmm2,(%edx) leal 16(%edx),%edx -.L109key_256a_cold: +.L111key_256a_cold: shufps $16,%xmm0,%xmm4 xorps %xmm4,%xmm0 shufps $140,%xmm0,%xmm4 @@ -2332,7 +2358,7 @@ _aesni_set_encrypt_key: xorps %xmm1,%xmm0 ret .align 16 -.L110key_256b: +.L112key_256b: movups %xmm0,(%edx) leal 16(%edx),%edx shufps $16,%xmm2,%xmm4 @@ -2343,14 +2369,14 @@ _aesni_set_encrypt_key: xorps %xmm1,%xmm2 ret .align 16 -.L10814rounds_alt: +.L11014rounds_alt: movdqa (%ebx),%xmm5 movdqa 32(%ebx),%xmm4 movl $7,%ecx movdqu %xmm0,-32(%edx) movdqa %xmm2,%xmm1 movdqu %xmm2,-16(%edx) -.L112loop_key256: +.L114loop_key256: .byte 102,15,56,0,213 .byte 102,15,56,221,212 movdqa %xmm0,%xmm3 @@ -2364,7 +2390,7 @@ _aesni_set_encrypt_key: pxor %xmm2,%xmm0 movdqu %xmm0,(%edx) decl %ecx - jz .L113done_key256 + jz .L115done_key256 pshufd $255,%xmm0,%xmm2 pxor %xmm3,%xmm3 .byte 102,15,56,221,211 @@ -2379,11 +2405,11 @@ _aesni_set_encrypt_key: movdqu %xmm2,16(%edx) leal 32(%edx),%edx movdqa %xmm2,%xmm1 - jmp .L112loop_key256 -.L113done_key256: + jmp .L114loop_key256 +.L115done_key256: movl $13,%ecx movl %ecx,16(%edx) -.L100good_key: +.L102good_key: pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -2395,13 +2421,13 @@ _aesni_set_encrypt_key: popl %ebp ret .align 4 -.L091bad_pointer: +.L093bad_pointer: movl $-1,%eax popl %ebx popl %ebp ret .align 4 -.L095bad_keybits: +.L097bad_keybits: pxor %xmm0,%xmm0 movl $-2,%eax popl %ebx @@ -2414,6 +2440,18 @@ _aesni_set_encrypt_key: .align 16 aes_hw_set_encrypt_key: .L_aes_hw_set_encrypt_key_begin: +#ifndef NDEBUG + pushl %ebx + pushl %edx + call .L116pic +.L116pic: + popl %ebx + leal BORINGSSL_function_hit+3-.L116pic(%ebx),%ebx + movl $1,%edx + movb %dl,(%ebx) + popl %edx + popl %ebx +#endif movl 4(%esp),%eax movl 8(%esp),%ecx movl 12(%esp),%edx @@ -2433,7 +2471,7 @@ aes_hw_set_decrypt_key: movl 12(%esp),%edx shll $4,%ecx testl %eax,%eax - jnz .L114dec_key_ret + jnz .L117dec_key_ret leal 16(%edx,%ecx,1),%eax movups (%edx),%xmm0 movups (%eax),%xmm1 @@ -2441,7 +2479,7 @@ aes_hw_set_decrypt_key: movups %xmm1,(%edx) leal 16(%edx),%edx leal -16(%eax),%eax -.L115dec_key_inverse: +.L118dec_key_inverse: movups (%edx),%xmm0 movups (%eax),%xmm1 .byte 102,15,56,219,192 @@ -2451,14 +2489,14 @@ aes_hw_set_decrypt_key: movups %xmm0,16(%eax) movups %xmm1,-16(%edx) cmpl %edx,%eax - ja .L115dec_key_inverse + ja .L118dec_key_inverse movups (%edx),%xmm0 .byte 102,15,56,219,192 movups %xmm0,(%edx) pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 xorl %eax,%eax -.L114dec_key_ret: +.L117dec_key_ret: ret .size aes_hw_set_decrypt_key,.-.L_aes_hw_set_decrypt_key_begin .align 64 diff --git a/linux-x86/crypto/fipsmodule/vpaes-x86.S b/linux-x86/crypto/fipsmodule/vpaes-x86.S index b2c63e5..4ea92ed 100644 --- a/linux-x86/crypto/fipsmodule/vpaes-x86.S +++ b/linux-x86/crypto/fipsmodule/vpaes-x86.S @@ -6,6 +6,8 @@ #include #endif .text +#ifndef NDEBUG +#endif .align 64 .L_vpaes_consts: .long 218628480,235210255,168496130,67568393 @@ -483,6 +485,18 @@ vpaes_set_encrypt_key: pushl %ebx pushl %esi pushl %edi +#ifndef NDEBUG + pushl %ebx + pushl %edx + call .L016pic +.L016pic: + popl %ebx + leal BORINGSSL_function_hit+5-.L016pic(%ebx),%ebx + movl $1,%edx + movb %dl,(%ebx) + popl %edx + popl %ebx +#endif movl 20(%esp),%esi leal -56(%esp),%ebx movl 24(%esp),%eax @@ -496,9 +510,9 @@ vpaes_set_encrypt_key: movl %ebx,240(%edx) movl $48,%ecx movl $0,%edi - leal .L_vpaes_consts+0x30-.L016pic_point,%ebp + leal .L_vpaes_consts+0x30-.L017pic_point,%ebp call _vpaes_schedule_core -.L016pic_point: +.L017pic_point: movl 48(%esp),%esp xorl %eax,%eax popl %edi @@ -535,9 +549,9 @@ vpaes_set_decrypt_key: shrl $1,%ecx andl $32,%ecx xorl $32,%ecx - leal .L_vpaes_consts+0x30-.L017pic_point,%ebp + leal .L_vpaes_consts+0x30-.L018pic_point,%ebp call _vpaes_schedule_core -.L017pic_point: +.L018pic_point: movl 48(%esp),%esp xorl %eax,%eax popl %edi @@ -556,9 +570,21 @@ vpaes_encrypt: pushl %ebx pushl %esi pushl %edi - leal .L_vpaes_consts+0x30-.L018pic_point,%ebp +#ifndef NDEBUG + pushl %ebx + pushl %edx + call .L019pic +.L019pic: + popl %ebx + leal BORINGSSL_function_hit+4-.L019pic(%ebx),%ebx + movl $1,%edx + movb %dl,(%ebx) + popl %edx + popl %ebx +#endif + leal .L_vpaes_consts+0x30-.L020pic_point,%ebp call _vpaes_preheat -.L018pic_point: +.L020pic_point: movl 20(%esp),%esi leal -56(%esp),%ebx movl 24(%esp),%edi @@ -586,9 +612,9 @@ vpaes_decrypt: pushl %ebx pushl %esi pushl %edi - leal .L_vpaes_consts+0x30-.L019pic_point,%ebp + leal .L_vpaes_consts+0x30-.L021pic_point,%ebp call _vpaes_preheat -.L019pic_point: +.L021pic_point: movl 20(%esp),%esi leal -56(%esp),%ebx movl 24(%esp),%edi @@ -621,7 +647,7 @@ vpaes_cbc_encrypt: movl 28(%esp),%eax movl 32(%esp),%edx subl $16,%eax - jc .L020cbc_abort + jc .L022cbc_abort leal -56(%esp),%ebx movl 36(%esp),%ebp andl $-16,%ebx @@ -634,14 +660,14 @@ vpaes_cbc_encrypt: movl %edx,4(%esp) movl %ebp,8(%esp) movl %eax,%edi - leal .L_vpaes_consts+0x30-.L021pic_point,%ebp + leal .L_vpaes_consts+0x30-.L023pic_point,%ebp call _vpaes_preheat -.L021pic_point: +.L023pic_point: cmpl $0,%ecx - je .L022cbc_dec_loop - jmp .L023cbc_enc_loop + je .L024cbc_dec_loop + jmp .L025cbc_enc_loop .align 16 -.L023cbc_enc_loop: +.L025cbc_enc_loop: movdqu (%esi),%xmm0 pxor %xmm1,%xmm0 call _vpaes_encrypt_core @@ -651,10 +677,10 @@ vpaes_cbc_encrypt: movdqu %xmm0,(%ebx,%esi,1) leal 16(%esi),%esi subl $16,%edi - jnc .L023cbc_enc_loop - jmp .L024cbc_done + jnc .L025cbc_enc_loop + jmp .L026cbc_done .align 16 -.L022cbc_dec_loop: +.L024cbc_dec_loop: movdqu (%esi),%xmm0 movdqa %xmm1,16(%esp) movdqa %xmm0,32(%esp) @@ -666,12 +692,12 @@ vpaes_cbc_encrypt: movdqu %xmm0,(%ebx,%esi,1) leal 16(%esi),%esi subl $16,%edi - jnc .L022cbc_dec_loop -.L024cbc_done: + jnc .L024cbc_dec_loop +.L026cbc_done: movl 8(%esp),%ebx movl 48(%esp),%esp movdqu %xmm1,(%ebx) -.L020cbc_abort: +.L022cbc_abort: popl %edi popl %esi popl %ebx diff --git a/linux-x86/crypto/test/trampoline-x86.S b/linux-x86/crypto/test/trampoline-x86.S new file mode 100644 index 0000000..2222347 --- /dev/null +++ b/linux-x86/crypto/test/trampoline-x86.S @@ -0,0 +1,205 @@ +# This file is generated from a similarly-named Perl script in the BoringSSL +# source tree. Do not edit by hand. + +#if defined(__i386__) +#if defined(BORINGSSL_PREFIX) +#include +#endif +.text +.globl abi_test_trampoline +.hidden abi_test_trampoline +.type abi_test_trampoline,@function +.align 16 +abi_test_trampoline: +.L_abi_test_trampoline_begin: + pushl %ebp + pushl %ebx + pushl %esi + pushl %edi + movl 24(%esp),%ecx + movl (%ecx),%esi + movl 4(%ecx),%edi + movl 8(%ecx),%ebx + movl 12(%ecx),%ebp + subl $44,%esp + movl 72(%esp),%eax + xorl %ecx,%ecx +.L000loop: + cmpl 76(%esp),%ecx + jae .L001loop_done + movl (%eax,%ecx,4),%edx + movl %edx,(%esp,%ecx,4) + addl $1,%ecx + jmp .L000loop +.L001loop_done: + call *64(%esp) + addl $44,%esp + movl 24(%esp),%ecx + movl %esi,(%ecx) + movl %edi,4(%ecx) + movl %ebx,8(%ecx) + movl %ebp,12(%ecx) + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.size abi_test_trampoline,.-.L_abi_test_trampoline_begin +.globl abi_test_get_and_clear_direction_flag +.hidden abi_test_get_and_clear_direction_flag +.type abi_test_get_and_clear_direction_flag,@function +.align 16 +abi_test_get_and_clear_direction_flag: +.L_abi_test_get_and_clear_direction_flag_begin: + pushfl + popl %eax + andl $1024,%eax + shrl $10,%eax + cld + ret +.size abi_test_get_and_clear_direction_flag,.-.L_abi_test_get_and_clear_direction_flag_begin +.globl abi_test_set_direction_flag +.hidden abi_test_set_direction_flag +.type abi_test_set_direction_flag,@function +.align 16 +abi_test_set_direction_flag: +.L_abi_test_set_direction_flag_begin: + std + ret +.size abi_test_set_direction_flag,.-.L_abi_test_set_direction_flag_begin +.globl abi_test_clobber_eax +.hidden abi_test_clobber_eax +.type abi_test_clobber_eax,@function +.align 16 +abi_test_clobber_eax: +.L_abi_test_clobber_eax_begin: + xorl %eax,%eax + ret +.size abi_test_clobber_eax,.-.L_abi_test_clobber_eax_begin +.globl abi_test_clobber_ebx +.hidden abi_test_clobber_ebx +.type abi_test_clobber_ebx,@function +.align 16 +abi_test_clobber_ebx: +.L_abi_test_clobber_ebx_begin: + xorl %ebx,%ebx + ret +.size abi_test_clobber_ebx,.-.L_abi_test_clobber_ebx_begin +.globl abi_test_clobber_ecx +.hidden abi_test_clobber_ecx +.type abi_test_clobber_ecx,@function +.align 16 +abi_test_clobber_ecx: +.L_abi_test_clobber_ecx_begin: + xorl %ecx,%ecx + ret +.size abi_test_clobber_ecx,.-.L_abi_test_clobber_ecx_begin +.globl abi_test_clobber_edx +.hidden abi_test_clobber_edx +.type abi_test_clobber_edx,@function +.align 16 +abi_test_clobber_edx: +.L_abi_test_clobber_edx_begin: + xorl %edx,%edx + ret +.size abi_test_clobber_edx,.-.L_abi_test_clobber_edx_begin +.globl abi_test_clobber_edi +.hidden abi_test_clobber_edi +.type abi_test_clobber_edi,@function +.align 16 +abi_test_clobber_edi: +.L_abi_test_clobber_edi_begin: + xorl %edi,%edi + ret +.size abi_test_clobber_edi,.-.L_abi_test_clobber_edi_begin +.globl abi_test_clobber_esi +.hidden abi_test_clobber_esi +.type abi_test_clobber_esi,@function +.align 16 +abi_test_clobber_esi: +.L_abi_test_clobber_esi_begin: + xorl %esi,%esi + ret +.size abi_test_clobber_esi,.-.L_abi_test_clobber_esi_begin +.globl abi_test_clobber_ebp +.hidden abi_test_clobber_ebp +.type abi_test_clobber_ebp,@function +.align 16 +abi_test_clobber_ebp: +.L_abi_test_clobber_ebp_begin: + xorl %ebp,%ebp + ret +.size abi_test_clobber_ebp,.-.L_abi_test_clobber_ebp_begin +.globl abi_test_clobber_xmm0 +.hidden abi_test_clobber_xmm0 +.type abi_test_clobber_xmm0,@function +.align 16 +abi_test_clobber_xmm0: +.L_abi_test_clobber_xmm0_begin: + pxor %xmm0,%xmm0 + ret +.size abi_test_clobber_xmm0,.-.L_abi_test_clobber_xmm0_begin +.globl abi_test_clobber_xmm1 +.hidden abi_test_clobber_xmm1 +.type abi_test_clobber_xmm1,@function +.align 16 +abi_test_clobber_xmm1: +.L_abi_test_clobber_xmm1_begin: + pxor %xmm1,%xmm1 + ret +.size abi_test_clobber_xmm1,.-.L_abi_test_clobber_xmm1_begin +.globl abi_test_clobber_xmm2 +.hidden abi_test_clobber_xmm2 +.type abi_test_clobber_xmm2,@function +.align 16 +abi_test_clobber_xmm2: +.L_abi_test_clobber_xmm2_begin: + pxor %xmm2,%xmm2 + ret +.size abi_test_clobber_xmm2,.-.L_abi_test_clobber_xmm2_begin +.globl abi_test_clobber_xmm3 +.hidden abi_test_clobber_xmm3 +.type abi_test_clobber_xmm3,@function +.align 16 +abi_test_clobber_xmm3: +.L_abi_test_clobber_xmm3_begin: + pxor %xmm3,%xmm3 + ret +.size abi_test_clobber_xmm3,.-.L_abi_test_clobber_xmm3_begin +.globl abi_test_clobber_xmm4 +.hidden abi_test_clobber_xmm4 +.type abi_test_clobber_xmm4,@function +.align 16 +abi_test_clobber_xmm4: +.L_abi_test_clobber_xmm4_begin: + pxor %xmm4,%xmm4 + ret +.size abi_test_clobber_xmm4,.-.L_abi_test_clobber_xmm4_begin +.globl abi_test_clobber_xmm5 +.hidden abi_test_clobber_xmm5 +.type abi_test_clobber_xmm5,@function +.align 16 +abi_test_clobber_xmm5: +.L_abi_test_clobber_xmm5_begin: + pxor %xmm5,%xmm5 + ret +.size abi_test_clobber_xmm5,.-.L_abi_test_clobber_xmm5_begin +.globl abi_test_clobber_xmm6 +.hidden abi_test_clobber_xmm6 +.type abi_test_clobber_xmm6,@function +.align 16 +abi_test_clobber_xmm6: +.L_abi_test_clobber_xmm6_begin: + pxor %xmm6,%xmm6 + ret +.size abi_test_clobber_xmm6,.-.L_abi_test_clobber_xmm6_begin +.globl abi_test_clobber_xmm7 +.hidden abi_test_clobber_xmm7 +.type abi_test_clobber_xmm7,@function +.align 16 +abi_test_clobber_xmm7: +.L_abi_test_clobber_xmm7_begin: + pxor %xmm7,%xmm7 + ret +.size abi_test_clobber_xmm7,.-.L_abi_test_clobber_xmm7_begin +#endif diff --git a/linux-x86_64/crypto/chacha/chacha-x86_64.S b/linux-x86_64/crypto/chacha/chacha-x86_64.S index 785b2dc..4e2267b 100644 --- a/linux-x86_64/crypto/chacha/chacha-x86_64.S +++ b/linux-x86_64/crypto/chacha/chacha-x86_64.S @@ -50,6 +50,7 @@ .type ChaCha20_ctr32,@function .align 64 ChaCha20_ctr32: +.cfi_startproc cmpq $0,%rdx je .Lno_data movq OPENSSL_ia32cap_P+4(%rip),%r10 @@ -57,12 +58,25 @@ ChaCha20_ctr32: jnz .LChaCha20_ssse3 pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset rbx,-16 pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset rbp,-24 pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset r12,-32 pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset r13,-40 pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset r14,-48 pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset r15,-56 subq $64+24,%rsp +.cfi_adjust_cfa_offset 88 .Lctr32_body: @@ -303,20 +317,30 @@ ChaCha20_ctr32: .Ldone: leaq 64+24+48(%rsp),%rsi movq -48(%rsi),%r15 +.cfi_restore r15 movq -40(%rsi),%r14 +.cfi_restore r14 movq -32(%rsi),%r13 +.cfi_restore r13 movq -24(%rsi),%r12 +.cfi_restore r12 movq -16(%rsi),%rbp +.cfi_restore rbp movq -8(%rsi),%rbx +.cfi_restore rbx leaq (%rsi),%rsp +.cfi_adjust_cfa_offset -136 .Lno_data: .byte 0xf3,0xc3 +.cfi_endproc .size ChaCha20_ctr32,.-ChaCha20_ctr32 .type ChaCha20_ssse3,@function .align 32 ChaCha20_ssse3: .LChaCha20_ssse3: +.cfi_startproc movq %rsp,%r9 +.cfi_def_cfa_register r9 cmpq $128,%rdx ja .LChaCha20_4x @@ -442,14 +466,18 @@ ChaCha20_ssse3: .Ldone_ssse3: leaq (%r9),%rsp +.cfi_def_cfa_register rsp .Lssse3_epilogue: .byte 0xf3,0xc3 +.cfi_endproc .size ChaCha20_ssse3,.-ChaCha20_ssse3 .type ChaCha20_4x,@function .align 32 ChaCha20_4x: .LChaCha20_4x: +.cfi_startproc movq %rsp,%r9 +.cfi_def_cfa_register r9 movq %r10,%r11 shrq $32,%r10 testq $32,%r10 @@ -990,14 +1018,18 @@ ChaCha20_4x: .Ldone4x: leaq (%r9),%rsp +.cfi_def_cfa_register rsp .L4x_epilogue: .byte 0xf3,0xc3 +.cfi_endproc .size ChaCha20_4x,.-ChaCha20_4x .type ChaCha20_8x,@function .align 32 ChaCha20_8x: .LChaCha20_8x: +.cfi_startproc movq %rsp,%r9 +.cfi_def_cfa_register r9 subq $0x280+8,%rsp andq $-32,%rsp vzeroupper @@ -1592,7 +1624,9 @@ ChaCha20_8x: .Ldone8x: vzeroall leaq (%r9),%rsp +.cfi_def_cfa_register rsp .L8x_epilogue: .byte 0xf3,0xc3 +.cfi_endproc .size ChaCha20_8x,.-ChaCha20_8x #endif diff --git a/linux-x86_64/crypto/fipsmodule/aes-x86_64.S b/linux-x86_64/crypto/fipsmodule/aes-x86_64.S index 0dca261..f45e010 100644 --- a/linux-x86_64/crypto/fipsmodule/aes-x86_64.S +++ b/linux-x86_64/crypto/fipsmodule/aes-x86_64.S @@ -168,6 +168,7 @@ _x86_64_AES_encrypt: .type _x86_64_AES_encrypt_compact,@function .align 16 _x86_64_AES_encrypt_compact: +.cfi_startproc leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -337,6 +338,7 @@ _x86_64_AES_encrypt_compact: xorl 8(%r15),%ecx xorl 12(%r15),%edx .byte 0xf3,0xc3 +.cfi_endproc .size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact .align 16 .globl aes_nohw_encrypt @@ -580,6 +582,7 @@ _x86_64_AES_decrypt: .type _x86_64_AES_decrypt_compact,@function .align 16 _x86_64_AES_decrypt_compact: +.cfi_startproc leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -801,6 +804,7 @@ _x86_64_AES_decrypt_compact: xorl 8(%r15),%ecx xorl 12(%r15),%edx .byte 0xf3,0xc3 +.cfi_endproc .size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact .align 16 .globl aes_nohw_decrypt @@ -932,6 +936,7 @@ aes_nohw_set_encrypt_key: .type _x86_64_AES_set_encrypt_key,@function .align 16 _x86_64_AES_set_encrypt_key: +.cfi_startproc movl %esi,%ecx movq %rdi,%rsi movq %rdx,%rdi @@ -1167,6 +1172,7 @@ _x86_64_AES_set_encrypt_key: movq $-1,%rax .Lexit: .byte 0xf3,0xc3 +.cfi_endproc .size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key .align 16 .globl aes_nohw_set_decrypt_key @@ -1390,8 +1396,9 @@ aes_nohw_cbc_encrypt: cmpq $0,%rdx je .Lcbc_epilogue pushfq + + .cfi_adjust_cfa_offset 8 -.cfi_offset 49,-16 pushq %rbx .cfi_adjust_cfa_offset 8 .cfi_offset %rbx,-24 @@ -1420,6 +1427,7 @@ aes_nohw_cbc_encrypt: cmpq $0,%r9 cmoveq %r10,%r14 +.cfi_remember_state leaq OPENSSL_ia32cap_P(%rip),%r10 movl (%r10),%r10d cmpq $512,%rdx @@ -1656,6 +1664,7 @@ aes_nohw_cbc_encrypt: .align 16 .Lcbc_slow_prologue: +.cfi_restore_state leaq -88(%rsp),%rbp andq $-64,%rbp @@ -1667,8 +1676,10 @@ aes_nohw_cbc_encrypt: subq %r10,%rbp xchgq %rsp,%rbp +.cfi_def_cfa_register %rbp movq %rbp,16(%rsp) +.cfi_escape 0x0f,0x05,0x77,0x10,0x06,0x23,0x40 .Lcbc_slow_body: @@ -1857,8 +1868,9 @@ aes_nohw_cbc_encrypt: .cfi_def_cfa %rsp,16 .Lcbc_popfq: popfq + + .cfi_adjust_cfa_offset -8 -.cfi_restore 49 .Lcbc_epilogue: .byte 0xf3,0xc3 .cfi_endproc diff --git a/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S b/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S index 066f477..240cb5d 100644 --- a/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +++ b/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S @@ -556,6 +556,13 @@ _aesni_ctr32_6x: .align 32 aesni_gcm_encrypt: .cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS +.extern BORINGSSL_function_hit +.hidden BORINGSSL_function_hit + movb $1,BORINGSSL_function_hit+2(%rip) +#endif +#endif xorq %r10,%r10 diff --git a/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S b/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S index 9ea9824..42e5530 100644 --- a/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S +++ b/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S @@ -19,6 +19,14 @@ .type aes_hw_encrypt,@function .align 16 aes_hw_encrypt: +.cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS +.extern BORINGSSL_function_hit +.hidden BORINGSSL_function_hit + movb $1,BORINGSSL_function_hit+1(%rip) +#endif +#endif movups (%rdi),%xmm2 movl 240(%rdx),%eax movups (%rdx),%xmm0 @@ -37,6 +45,7 @@ aes_hw_encrypt: movups %xmm2,(%rsi) pxor %xmm2,%xmm2 .byte 0xf3,0xc3 +.cfi_endproc .size aes_hw_encrypt,.-aes_hw_encrypt .globl aes_hw_decrypt @@ -44,6 +53,7 @@ aes_hw_encrypt: .type aes_hw_decrypt,@function .align 16 aes_hw_decrypt: +.cfi_startproc movups (%rdi),%xmm2 movl 240(%rdx),%eax movups (%rdx),%xmm0 @@ -62,10 +72,12 @@ aes_hw_decrypt: movups %xmm2,(%rsi) pxor %xmm2,%xmm2 .byte 0xf3,0xc3 +.cfi_endproc .size aes_hw_decrypt, .-aes_hw_decrypt .type _aesni_encrypt2,@function .align 16 _aesni_encrypt2: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -91,10 +103,12 @@ _aesni_encrypt2: .byte 102,15,56,221,208 .byte 102,15,56,221,216 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_encrypt2,.-_aesni_encrypt2 .type _aesni_decrypt2,@function .align 16 _aesni_decrypt2: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -120,10 +134,12 @@ _aesni_decrypt2: .byte 102,15,56,223,208 .byte 102,15,56,223,216 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_decrypt2,.-_aesni_decrypt2 .type _aesni_encrypt3,@function .align 16 _aesni_encrypt3: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -154,10 +170,12 @@ _aesni_encrypt3: .byte 102,15,56,221,216 .byte 102,15,56,221,224 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_encrypt3,.-_aesni_encrypt3 .type _aesni_decrypt3,@function .align 16 _aesni_decrypt3: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -188,10 +206,12 @@ _aesni_decrypt3: .byte 102,15,56,223,216 .byte 102,15,56,223,224 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_decrypt3,.-_aesni_decrypt3 .type _aesni_encrypt4,@function .align 16 _aesni_encrypt4: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -228,10 +248,12 @@ _aesni_encrypt4: .byte 102,15,56,221,224 .byte 102,15,56,221,232 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_encrypt4,.-_aesni_encrypt4 .type _aesni_decrypt4,@function .align 16 _aesni_decrypt4: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -268,10 +290,12 @@ _aesni_decrypt4: .byte 102,15,56,223,224 .byte 102,15,56,223,232 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_decrypt4,.-_aesni_decrypt4 .type _aesni_encrypt6,@function .align 16 _aesni_encrypt6: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -322,10 +346,12 @@ _aesni_encrypt6: .byte 102,15,56,221,240 .byte 102,15,56,221,248 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_encrypt6,.-_aesni_encrypt6 .type _aesni_decrypt6,@function .align 16 _aesni_decrypt6: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -376,10 +402,12 @@ _aesni_decrypt6: .byte 102,15,56,223,240 .byte 102,15,56,223,248 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_decrypt6,.-_aesni_decrypt6 .type _aesni_encrypt8,@function .align 16 _aesni_encrypt8: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -440,10 +468,12 @@ _aesni_encrypt8: .byte 102,68,15,56,221,192 .byte 102,68,15,56,221,200 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_encrypt8,.-_aesni_encrypt8 .type _aesni_decrypt8,@function .align 16 _aesni_decrypt8: +.cfi_startproc movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -504,12 +534,14 @@ _aesni_decrypt8: .byte 102,68,15,56,223,192 .byte 102,68,15,56,223,200 .byte 0xf3,0xc3 +.cfi_endproc .size _aesni_decrypt8,.-_aesni_decrypt8 .globl aes_hw_ecb_encrypt .hidden aes_hw_ecb_encrypt .type aes_hw_ecb_encrypt,@function .align 16 aes_hw_ecb_encrypt: +.cfi_startproc andq $-16,%rdx jz .Lecb_ret @@ -847,175 +879,19 @@ aes_hw_ecb_encrypt: xorps %xmm0,%xmm0 pxor %xmm1,%xmm1 .byte 0xf3,0xc3 +.cfi_endproc .size aes_hw_ecb_encrypt,.-aes_hw_ecb_encrypt -.globl aes_hw_ccm64_encrypt_blocks -.hidden aes_hw_ccm64_encrypt_blocks -.type aes_hw_ccm64_encrypt_blocks,@function -.align 16 -aes_hw_ccm64_encrypt_blocks: - movl 240(%rcx),%eax - movdqu (%r8),%xmm6 - movdqa .Lincrement64(%rip),%xmm9 - movdqa .Lbswap_mask(%rip),%xmm7 - - shll $4,%eax - movl $16,%r10d - leaq 0(%rcx),%r11 - movdqu (%r9),%xmm3 - movdqa %xmm6,%xmm2 - leaq 32(%rcx,%rax,1),%rcx -.byte 102,15,56,0,247 - subq %rax,%r10 - jmp .Lccm64_enc_outer -.align 16 -.Lccm64_enc_outer: - movups (%r11),%xmm0 - movq %r10,%rax - movups (%rdi),%xmm8 - - xorps %xmm0,%xmm2 - movups 16(%r11),%xmm1 - xorps %xmm8,%xmm0 - xorps %xmm0,%xmm3 - movups 32(%r11),%xmm0 - -.Lccm64_enc2_loop: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 - movups -16(%rcx,%rax,1),%xmm0 - jnz .Lccm64_enc2_loop -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 - paddq %xmm9,%xmm6 - decq %rdx -.byte 102,15,56,221,208 -.byte 102,15,56,221,216 - - leaq 16(%rdi),%rdi - xorps %xmm2,%xmm8 - movdqa %xmm6,%xmm2 - movups %xmm8,(%rsi) -.byte 102,15,56,0,215 - leaq 16(%rsi),%rsi - jnz .Lccm64_enc_outer - - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - movups %xmm3,(%r9) - pxor %xmm3,%xmm3 - pxor %xmm8,%xmm8 - pxor %xmm6,%xmm6 - .byte 0xf3,0xc3 -.size aes_hw_ccm64_encrypt_blocks,.-aes_hw_ccm64_encrypt_blocks -.globl aes_hw_ccm64_decrypt_blocks -.hidden aes_hw_ccm64_decrypt_blocks -.type aes_hw_ccm64_decrypt_blocks,@function -.align 16 -aes_hw_ccm64_decrypt_blocks: - movl 240(%rcx),%eax - movups (%r8),%xmm6 - movdqu (%r9),%xmm3 - movdqa .Lincrement64(%rip),%xmm9 - movdqa .Lbswap_mask(%rip),%xmm7 - - movaps %xmm6,%xmm2 - movl %eax,%r10d - movq %rcx,%r11 -.byte 102,15,56,0,247 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -.Loop_enc1_5: -.byte 102,15,56,220,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz .Loop_enc1_5 -.byte 102,15,56,221,209 - shll $4,%r10d - movl $16,%eax - movups (%rdi),%xmm8 - paddq %xmm9,%xmm6 - leaq 16(%rdi),%rdi - subq %r10,%rax - leaq 32(%r11,%r10,1),%rcx - movq %rax,%r10 - jmp .Lccm64_dec_outer -.align 16 -.Lccm64_dec_outer: - xorps %xmm2,%xmm8 - movdqa %xmm6,%xmm2 - movups %xmm8,(%rsi) - leaq 16(%rsi),%rsi -.byte 102,15,56,0,215 - - subq $1,%rdx - jz .Lccm64_dec_break - - movups (%r11),%xmm0 - movq %r10,%rax - movups 16(%r11),%xmm1 - xorps %xmm0,%xmm8 - xorps %xmm0,%xmm2 - xorps %xmm8,%xmm3 - movups 32(%r11),%xmm0 - jmp .Lccm64_dec2_loop -.align 16 -.Lccm64_dec2_loop: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 - movups -16(%rcx,%rax,1),%xmm0 - jnz .Lccm64_dec2_loop - movups (%rdi),%xmm8 - paddq %xmm9,%xmm6 -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,221,208 -.byte 102,15,56,221,216 - leaq 16(%rdi),%rdi - jmp .Lccm64_dec_outer - -.align 16 -.Lccm64_dec_break: - - movl 240(%r11),%eax - movups (%r11),%xmm0 - movups 16(%r11),%xmm1 - xorps %xmm0,%xmm8 - leaq 32(%r11),%r11 - xorps %xmm8,%xmm3 -.Loop_enc1_6: -.byte 102,15,56,220,217 - decl %eax - movups (%r11),%xmm1 - leaq 16(%r11),%r11 - jnz .Loop_enc1_6 -.byte 102,15,56,221,217 - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - movups %xmm3,(%r9) - pxor %xmm3,%xmm3 - pxor %xmm8,%xmm8 - pxor %xmm6,%xmm6 - .byte 0xf3,0xc3 -.size aes_hw_ccm64_decrypt_blocks,.-aes_hw_ccm64_decrypt_blocks .globl aes_hw_ctr32_encrypt_blocks .hidden aes_hw_ctr32_encrypt_blocks .type aes_hw_ctr32_encrypt_blocks,@function .align 16 aes_hw_ctr32_encrypt_blocks: .cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS + movb $1,BORINGSSL_function_hit(%rip) +#endif +#endif cmpq $1,%rdx jne .Lctr32_bulk @@ -1028,12 +904,12 @@ aes_hw_ctr32_encrypt_blocks: movups 16(%rcx),%xmm1 leaq 32(%rcx),%rcx xorps %xmm0,%xmm2 -.Loop_enc1_7: +.Loop_enc1_5: .byte 102,15,56,220,209 decl %edx movups (%rcx),%xmm1 leaq 16(%rcx),%rcx - jnz .Loop_enc1_7 + jnz .Loop_enc1_5 .byte 102,15,56,221,209 pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 @@ -1590,1965 +1466,132 @@ aes_hw_ctr32_encrypt_blocks: .byte 0xf3,0xc3 .cfi_endproc .size aes_hw_ctr32_encrypt_blocks,.-aes_hw_ctr32_encrypt_blocks -.globl aes_hw_xts_encrypt -.hidden aes_hw_xts_encrypt -.type aes_hw_xts_encrypt,@function +.globl aes_hw_cbc_encrypt +.hidden aes_hw_cbc_encrypt +.type aes_hw_cbc_encrypt,@function .align 16 -aes_hw_xts_encrypt: +aes_hw_cbc_encrypt: .cfi_startproc - leaq (%rsp),%r11 -.cfi_def_cfa_register %r11 - pushq %rbp -.cfi_offset %rbp,-16 - subq $112,%rsp - andq $-16,%rsp - movups (%r9),%xmm2 - movl 240(%r8),%eax + testq %rdx,%rdx + jz .Lcbc_ret + movl 240(%rcx),%r10d - movups (%r8),%xmm0 - movups 16(%r8),%xmm1 - leaq 32(%r8),%r8 - xorps %xmm0,%xmm2 -.Loop_enc1_8: + movq %rcx,%r11 + testl %r9d,%r9d + jz .Lcbc_decrypt + + movups (%r8),%xmm2 + movl %r10d,%eax + cmpq $16,%rdx + jb .Lcbc_enc_tail + subq $16,%rdx + jmp .Lcbc_enc_loop +.align 16 +.Lcbc_enc_loop: + movups (%rdi),%xmm3 + leaq 16(%rdi),%rdi + + movups (%rcx),%xmm0 + movups 16(%rcx),%xmm1 + xorps %xmm0,%xmm3 + leaq 32(%rcx),%rcx + xorps %xmm3,%xmm2 +.Loop_enc1_6: .byte 102,15,56,220,209 decl %eax - movups (%r8),%xmm1 - leaq 16(%r8),%r8 - jnz .Loop_enc1_8 + movups (%rcx),%xmm1 + leaq 16(%rcx),%rcx + jnz .Loop_enc1_6 .byte 102,15,56,221,209 - movups (%rcx),%xmm0 - movq %rcx,%rbp movl %r10d,%eax - shll $4,%r10d - movq %rdx,%r9 - andq $-16,%rdx + movq %r11,%rcx + movups %xmm2,0(%rsi) + leaq 16(%rsi),%rsi + subq $16,%rdx + jnc .Lcbc_enc_loop + addq $16,%rdx + jnz .Lcbc_enc_tail + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + movups %xmm2,(%r8) + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + jmp .Lcbc_ret - movups 16(%rcx,%r10,1),%xmm1 +.Lcbc_enc_tail: + movq %rdx,%rcx + xchgq %rdi,%rsi +.long 0x9066A4F3 + movl $16,%ecx + subq %rdx,%rcx + xorl %eax,%eax +.long 0x9066AAF3 + leaq -16(%rdi),%rdi + movl %r10d,%eax + movq %rdi,%rsi + movq %r11,%rcx + xorq %rdx,%rdx + jmp .Lcbc_enc_loop - movdqa .Lxts_magic(%rip),%xmm8 - movdqa %xmm2,%xmm15 - pshufd $0x5f,%xmm2,%xmm9 - pxor %xmm0,%xmm1 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm10 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm10 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm11 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm11 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm12 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm12 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm13 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm13 - pxor %xmm14,%xmm15 - movdqa %xmm15,%xmm14 - psrad $31,%xmm9 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm9 - pxor %xmm0,%xmm14 - pxor %xmm9,%xmm15 - movaps %xmm1,96(%rsp) +.align 16 +.Lcbc_decrypt: + cmpq $16,%rdx + jne .Lcbc_decrypt_bulk - subq $96,%rdx - jc .Lxts_enc_short - movl $16+96,%eax - leaq 32(%rbp,%r10,1),%rcx - subq %r10,%rax - movups 16(%rbp),%xmm1 - movq %rax,%r10 - leaq .Lxts_magic(%rip),%r8 - jmp .Lxts_enc_grandloop -.align 32 -.Lxts_enc_grandloop: + movdqu (%rdi),%xmm2 + movdqu (%r8),%xmm3 + movdqa %xmm2,%xmm4 + movups (%rcx),%xmm0 + movups 16(%rcx),%xmm1 + leaq 32(%rcx),%rcx + xorps %xmm0,%xmm2 +.Loop_dec1_7: +.byte 102,15,56,222,209 + decl %r10d + movups (%rcx),%xmm1 + leaq 16(%rcx),%rcx + jnz .Loop_dec1_7 +.byte 102,15,56,223,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + movdqu %xmm4,(%r8) + xorps %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 + jmp .Lcbc_ret +.align 16 +.Lcbc_decrypt_bulk: + leaq (%rsp),%r11 +.cfi_def_cfa_register %r11 + pushq %rbp +.cfi_offset %rbp,-16 + subq $16,%rsp + andq $-16,%rsp + movq %rcx,%rbp + movups (%r8),%xmm10 + movl %r10d,%eax + cmpq $0x50,%rdx + jbe .Lcbc_dec_tail + + movups (%rcx),%xmm0 movdqu 0(%rdi),%xmm2 - movdqa %xmm0,%xmm8 movdqu 16(%rdi),%xmm3 - pxor %xmm10,%xmm2 + movdqa %xmm2,%xmm11 movdqu 32(%rdi),%xmm4 - pxor %xmm11,%xmm3 -.byte 102,15,56,220,209 + movdqa %xmm3,%xmm12 movdqu 48(%rdi),%xmm5 - pxor %xmm12,%xmm4 -.byte 102,15,56,220,217 + movdqa %xmm4,%xmm13 movdqu 64(%rdi),%xmm6 - pxor %xmm13,%xmm5 -.byte 102,15,56,220,225 + movdqa %xmm5,%xmm14 movdqu 80(%rdi),%xmm7 - pxor %xmm15,%xmm8 - movdqa 96(%rsp),%xmm9 - pxor %xmm14,%xmm6 -.byte 102,15,56,220,233 - movups 32(%rbp),%xmm0 - leaq 96(%rdi),%rdi - pxor %xmm8,%xmm7 - - pxor %xmm9,%xmm10 -.byte 102,15,56,220,241 - pxor %xmm9,%xmm11 - movdqa %xmm10,0(%rsp) -.byte 102,15,56,220,249 - movups 48(%rbp),%xmm1 - pxor %xmm9,%xmm12 - -.byte 102,15,56,220,208 - pxor %xmm9,%xmm13 - movdqa %xmm11,16(%rsp) -.byte 102,15,56,220,216 - pxor %xmm9,%xmm14 - movdqa %xmm12,32(%rsp) -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 - pxor %xmm9,%xmm8 - movdqa %xmm14,64(%rsp) -.byte 102,15,56,220,240 -.byte 102,15,56,220,248 - movups 64(%rbp),%xmm0 - movdqa %xmm8,80(%rsp) - pshufd $0x5f,%xmm15,%xmm9 - jmp .Lxts_enc_loop6 -.align 32 -.Lxts_enc_loop6: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups -64(%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 -.byte 102,15,56,220,240 -.byte 102,15,56,220,248 - movups -80(%rcx,%rax,1),%xmm0 - jnz .Lxts_enc_loop6 - - movdqa (%r8),%xmm8 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 -.byte 102,15,56,220,209 - paddq %xmm15,%xmm15 - psrad $31,%xmm14 -.byte 102,15,56,220,217 - pand %xmm8,%xmm14 - movups (%rbp),%xmm10 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 - pxor %xmm14,%xmm15 - movaps %xmm10,%xmm11 -.byte 102,15,56,220,249 - movups -64(%rcx),%xmm1 - - movdqa %xmm9,%xmm14 -.byte 102,15,56,220,208 - paddd %xmm9,%xmm9 - pxor %xmm15,%xmm10 -.byte 102,15,56,220,216 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 - pand %xmm8,%xmm14 - movaps %xmm11,%xmm12 -.byte 102,15,56,220,240 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 -.byte 102,15,56,220,248 - movups -48(%rcx),%xmm0 - - paddd %xmm9,%xmm9 -.byte 102,15,56,220,209 - pxor %xmm15,%xmm11 - psrad $31,%xmm14 -.byte 102,15,56,220,217 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - movdqa %xmm13,48(%rsp) - pxor %xmm14,%xmm15 -.byte 102,15,56,220,241 - movaps %xmm12,%xmm13 - movdqa %xmm9,%xmm14 -.byte 102,15,56,220,249 - movups -32(%rcx),%xmm1 - - paddd %xmm9,%xmm9 -.byte 102,15,56,220,208 - pxor %xmm15,%xmm12 - psrad $31,%xmm14 -.byte 102,15,56,220,216 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 -.byte 102,15,56,220,240 - pxor %xmm14,%xmm15 - movaps %xmm13,%xmm14 -.byte 102,15,56,220,248 - - movdqa %xmm9,%xmm0 - paddd %xmm9,%xmm9 -.byte 102,15,56,220,209 - pxor %xmm15,%xmm13 - psrad $31,%xmm0 -.byte 102,15,56,220,217 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm0 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - pxor %xmm0,%xmm15 - movups (%rbp),%xmm0 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups 16(%rbp),%xmm1 - - pxor %xmm15,%xmm14 -.byte 102,15,56,221,84,36,0 - psrad $31,%xmm9 - paddq %xmm15,%xmm15 -.byte 102,15,56,221,92,36,16 -.byte 102,15,56,221,100,36,32 - pand %xmm8,%xmm9 - movq %r10,%rax -.byte 102,15,56,221,108,36,48 -.byte 102,15,56,221,116,36,64 -.byte 102,15,56,221,124,36,80 - pxor %xmm9,%xmm15 - - leaq 96(%rsi),%rsi - movups %xmm2,-96(%rsi) - movups %xmm3,-80(%rsi) - movups %xmm4,-64(%rsi) - movups %xmm5,-48(%rsi) - movups %xmm6,-32(%rsi) - movups %xmm7,-16(%rsi) - subq $96,%rdx - jnc .Lxts_enc_grandloop - - movl $16+96,%eax - subl %r10d,%eax - movq %rbp,%rcx - shrl $4,%eax - -.Lxts_enc_short: - - movl %eax,%r10d - pxor %xmm0,%xmm10 - addq $96,%rdx - jz .Lxts_enc_done - - pxor %xmm0,%xmm11 - cmpq $0x20,%rdx - jb .Lxts_enc_one - pxor %xmm0,%xmm12 - je .Lxts_enc_two - - pxor %xmm0,%xmm13 - cmpq $0x40,%rdx - jb .Lxts_enc_three - pxor %xmm0,%xmm14 - je .Lxts_enc_four - - movdqu (%rdi),%xmm2 - movdqu 16(%rdi),%xmm3 - movdqu 32(%rdi),%xmm4 - pxor %xmm10,%xmm2 - movdqu 48(%rdi),%xmm5 - pxor %xmm11,%xmm3 - movdqu 64(%rdi),%xmm6 - leaq 80(%rdi),%rdi - pxor %xmm12,%xmm4 - pxor %xmm13,%xmm5 - pxor %xmm14,%xmm6 - pxor %xmm7,%xmm7 - - call _aesni_encrypt6 - - xorps %xmm10,%xmm2 - movdqa %xmm15,%xmm10 - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - movdqu %xmm2,(%rsi) - xorps %xmm13,%xmm5 - movdqu %xmm3,16(%rsi) - xorps %xmm14,%xmm6 - movdqu %xmm4,32(%rsi) - movdqu %xmm5,48(%rsi) - movdqu %xmm6,64(%rsi) - leaq 80(%rsi),%rsi - jmp .Lxts_enc_done - -.align 16 -.Lxts_enc_one: - movups (%rdi),%xmm2 - leaq 16(%rdi),%rdi - xorps %xmm10,%xmm2 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -.Loop_enc1_9: -.byte 102,15,56,220,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz .Loop_enc1_9 -.byte 102,15,56,221,209 - xorps %xmm10,%xmm2 - movdqa %xmm11,%xmm10 - movups %xmm2,(%rsi) - leaq 16(%rsi),%rsi - jmp .Lxts_enc_done - -.align 16 -.Lxts_enc_two: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - leaq 32(%rdi),%rdi - xorps %xmm10,%xmm2 - xorps %xmm11,%xmm3 - - call _aesni_encrypt2 - - xorps %xmm10,%xmm2 - movdqa %xmm12,%xmm10 - xorps %xmm11,%xmm3 - movups %xmm2,(%rsi) - movups %xmm3,16(%rsi) - leaq 32(%rsi),%rsi - jmp .Lxts_enc_done - -.align 16 -.Lxts_enc_three: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - movups 32(%rdi),%xmm4 - leaq 48(%rdi),%rdi - xorps %xmm10,%xmm2 - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - - call _aesni_encrypt3 - - xorps %xmm10,%xmm2 - movdqa %xmm13,%xmm10 - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - movups %xmm2,(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - leaq 48(%rsi),%rsi - jmp .Lxts_enc_done - -.align 16 -.Lxts_enc_four: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - movups 32(%rdi),%xmm4 - xorps %xmm10,%xmm2 - movups 48(%rdi),%xmm5 - leaq 64(%rdi),%rdi - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - xorps %xmm13,%xmm5 - - call _aesni_encrypt4 - - pxor %xmm10,%xmm2 - movdqa %xmm14,%xmm10 - pxor %xmm11,%xmm3 - pxor %xmm12,%xmm4 - movdqu %xmm2,(%rsi) - pxor %xmm13,%xmm5 - movdqu %xmm3,16(%rsi) - movdqu %xmm4,32(%rsi) - movdqu %xmm5,48(%rsi) - leaq 64(%rsi),%rsi - jmp .Lxts_enc_done - -.align 16 -.Lxts_enc_done: - andq $15,%r9 - jz .Lxts_enc_ret - movq %r9,%rdx - -.Lxts_enc_steal: - movzbl (%rdi),%eax - movzbl -16(%rsi),%ecx - leaq 1(%rdi),%rdi - movb %al,-16(%rsi) - movb %cl,0(%rsi) - leaq 1(%rsi),%rsi - subq $1,%rdx - jnz .Lxts_enc_steal - - subq %r9,%rsi - movq %rbp,%rcx - movl %r10d,%eax - - movups -16(%rsi),%xmm2 - xorps %xmm10,%xmm2 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -.Loop_enc1_10: -.byte 102,15,56,220,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz .Loop_enc1_10 -.byte 102,15,56,221,209 - xorps %xmm10,%xmm2 - movups %xmm2,-16(%rsi) - -.Lxts_enc_ret: - xorps %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - movaps %xmm0,0(%rsp) - pxor %xmm8,%xmm8 - movaps %xmm0,16(%rsp) - pxor %xmm9,%xmm9 - movaps %xmm0,32(%rsp) - pxor %xmm10,%xmm10 - movaps %xmm0,48(%rsp) - pxor %xmm11,%xmm11 - movaps %xmm0,64(%rsp) - pxor %xmm12,%xmm12 - movaps %xmm0,80(%rsp) - pxor %xmm13,%xmm13 - movaps %xmm0,96(%rsp) - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - movq -8(%r11),%rbp -.cfi_restore %rbp - leaq (%r11),%rsp -.cfi_def_cfa_register %rsp -.Lxts_enc_epilogue: - .byte 0xf3,0xc3 -.cfi_endproc -.size aes_hw_xts_encrypt,.-aes_hw_xts_encrypt -.globl aes_hw_xts_decrypt -.hidden aes_hw_xts_decrypt -.type aes_hw_xts_decrypt,@function -.align 16 -aes_hw_xts_decrypt: -.cfi_startproc - leaq (%rsp),%r11 -.cfi_def_cfa_register %r11 - pushq %rbp -.cfi_offset %rbp,-16 - subq $112,%rsp - andq $-16,%rsp - movups (%r9),%xmm2 - movl 240(%r8),%eax - movl 240(%rcx),%r10d - movups (%r8),%xmm0 - movups 16(%r8),%xmm1 - leaq 32(%r8),%r8 - xorps %xmm0,%xmm2 -.Loop_enc1_11: -.byte 102,15,56,220,209 - decl %eax - movups (%r8),%xmm1 - leaq 16(%r8),%r8 - jnz .Loop_enc1_11 -.byte 102,15,56,221,209 - xorl %eax,%eax - testq $15,%rdx - setnz %al - shlq $4,%rax - subq %rax,%rdx - - movups (%rcx),%xmm0 - movq %rcx,%rbp - movl %r10d,%eax - shll $4,%r10d - movq %rdx,%r9 - andq $-16,%rdx - - movups 16(%rcx,%r10,1),%xmm1 - - movdqa .Lxts_magic(%rip),%xmm8 - movdqa %xmm2,%xmm15 - pshufd $0x5f,%xmm2,%xmm9 - pxor %xmm0,%xmm1 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm10 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm10 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm11 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm11 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm12 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm12 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm13 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm13 - pxor %xmm14,%xmm15 - movdqa %xmm15,%xmm14 - psrad $31,%xmm9 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm9 - pxor %xmm0,%xmm14 - pxor %xmm9,%xmm15 - movaps %xmm1,96(%rsp) - - subq $96,%rdx - jc .Lxts_dec_short - - movl $16+96,%eax - leaq 32(%rbp,%r10,1),%rcx - subq %r10,%rax - movups 16(%rbp),%xmm1 - movq %rax,%r10 - leaq .Lxts_magic(%rip),%r8 - jmp .Lxts_dec_grandloop - -.align 32 -.Lxts_dec_grandloop: - movdqu 0(%rdi),%xmm2 - movdqa %xmm0,%xmm8 - movdqu 16(%rdi),%xmm3 - pxor %xmm10,%xmm2 - movdqu 32(%rdi),%xmm4 - pxor %xmm11,%xmm3 -.byte 102,15,56,222,209 - movdqu 48(%rdi),%xmm5 - pxor %xmm12,%xmm4 -.byte 102,15,56,222,217 - movdqu 64(%rdi),%xmm6 - pxor %xmm13,%xmm5 -.byte 102,15,56,222,225 - movdqu 80(%rdi),%xmm7 - pxor %xmm15,%xmm8 - movdqa 96(%rsp),%xmm9 - pxor %xmm14,%xmm6 -.byte 102,15,56,222,233 - movups 32(%rbp),%xmm0 - leaq 96(%rdi),%rdi - pxor %xmm8,%xmm7 - - pxor %xmm9,%xmm10 -.byte 102,15,56,222,241 - pxor %xmm9,%xmm11 - movdqa %xmm10,0(%rsp) -.byte 102,15,56,222,249 - movups 48(%rbp),%xmm1 - pxor %xmm9,%xmm12 - -.byte 102,15,56,222,208 - pxor %xmm9,%xmm13 - movdqa %xmm11,16(%rsp) -.byte 102,15,56,222,216 - pxor %xmm9,%xmm14 - movdqa %xmm12,32(%rsp) -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 - pxor %xmm9,%xmm8 - movdqa %xmm14,64(%rsp) -.byte 102,15,56,222,240 -.byte 102,15,56,222,248 - movups 64(%rbp),%xmm0 - movdqa %xmm8,80(%rsp) - pshufd $0x5f,%xmm15,%xmm9 - jmp .Lxts_dec_loop6 -.align 32 -.Lxts_dec_loop6: -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups -64(%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,222,208 -.byte 102,15,56,222,216 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 -.byte 102,15,56,222,240 -.byte 102,15,56,222,248 - movups -80(%rcx,%rax,1),%xmm0 - jnz .Lxts_dec_loop6 - - movdqa (%r8),%xmm8 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 -.byte 102,15,56,222,209 - paddq %xmm15,%xmm15 - psrad $31,%xmm14 -.byte 102,15,56,222,217 - pand %xmm8,%xmm14 - movups (%rbp),%xmm10 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 - pxor %xmm14,%xmm15 - movaps %xmm10,%xmm11 -.byte 102,15,56,222,249 - movups -64(%rcx),%xmm1 - - movdqa %xmm9,%xmm14 -.byte 102,15,56,222,208 - paddd %xmm9,%xmm9 - pxor %xmm15,%xmm10 -.byte 102,15,56,222,216 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 - pand %xmm8,%xmm14 - movaps %xmm11,%xmm12 -.byte 102,15,56,222,240 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 -.byte 102,15,56,222,248 - movups -48(%rcx),%xmm0 - - paddd %xmm9,%xmm9 -.byte 102,15,56,222,209 - pxor %xmm15,%xmm11 - psrad $31,%xmm14 -.byte 102,15,56,222,217 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - movdqa %xmm13,48(%rsp) - pxor %xmm14,%xmm15 -.byte 102,15,56,222,241 - movaps %xmm12,%xmm13 - movdqa %xmm9,%xmm14 -.byte 102,15,56,222,249 - movups -32(%rcx),%xmm1 - - paddd %xmm9,%xmm9 -.byte 102,15,56,222,208 - pxor %xmm15,%xmm12 - psrad $31,%xmm14 -.byte 102,15,56,222,216 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 -.byte 102,15,56,222,240 - pxor %xmm14,%xmm15 - movaps %xmm13,%xmm14 -.byte 102,15,56,222,248 - - movdqa %xmm9,%xmm0 - paddd %xmm9,%xmm9 -.byte 102,15,56,222,209 - pxor %xmm15,%xmm13 - psrad $31,%xmm0 -.byte 102,15,56,222,217 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm0 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - pxor %xmm0,%xmm15 - movups (%rbp),%xmm0 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups 16(%rbp),%xmm1 - - pxor %xmm15,%xmm14 -.byte 102,15,56,223,84,36,0 - psrad $31,%xmm9 - paddq %xmm15,%xmm15 -.byte 102,15,56,223,92,36,16 -.byte 102,15,56,223,100,36,32 - pand %xmm8,%xmm9 - movq %r10,%rax -.byte 102,15,56,223,108,36,48 -.byte 102,15,56,223,116,36,64 -.byte 102,15,56,223,124,36,80 - pxor %xmm9,%xmm15 - - leaq 96(%rsi),%rsi - movups %xmm2,-96(%rsi) - movups %xmm3,-80(%rsi) - movups %xmm4,-64(%rsi) - movups %xmm5,-48(%rsi) - movups %xmm6,-32(%rsi) - movups %xmm7,-16(%rsi) - subq $96,%rdx - jnc .Lxts_dec_grandloop - - movl $16+96,%eax - subl %r10d,%eax - movq %rbp,%rcx - shrl $4,%eax - -.Lxts_dec_short: - - movl %eax,%r10d - pxor %xmm0,%xmm10 - pxor %xmm0,%xmm11 - addq $96,%rdx - jz .Lxts_dec_done - - pxor %xmm0,%xmm12 - cmpq $0x20,%rdx - jb .Lxts_dec_one - pxor %xmm0,%xmm13 - je .Lxts_dec_two - - pxor %xmm0,%xmm14 - cmpq $0x40,%rdx - jb .Lxts_dec_three - je .Lxts_dec_four - - movdqu (%rdi),%xmm2 - movdqu 16(%rdi),%xmm3 - movdqu 32(%rdi),%xmm4 - pxor %xmm10,%xmm2 - movdqu 48(%rdi),%xmm5 - pxor %xmm11,%xmm3 - movdqu 64(%rdi),%xmm6 - leaq 80(%rdi),%rdi - pxor %xmm12,%xmm4 - pxor %xmm13,%xmm5 - pxor %xmm14,%xmm6 - - call _aesni_decrypt6 - - xorps %xmm10,%xmm2 - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - movdqu %xmm2,(%rsi) - xorps %xmm13,%xmm5 - movdqu %xmm3,16(%rsi) - xorps %xmm14,%xmm6 - movdqu %xmm4,32(%rsi) - pxor %xmm14,%xmm14 - movdqu %xmm5,48(%rsi) - pcmpgtd %xmm15,%xmm14 - movdqu %xmm6,64(%rsi) - leaq 80(%rsi),%rsi - pshufd $0x13,%xmm14,%xmm11 - andq $15,%r9 - jz .Lxts_dec_ret - - movdqa %xmm15,%xmm10 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm11 - pxor %xmm15,%xmm11 - jmp .Lxts_dec_done2 - -.align 16 -.Lxts_dec_one: - movups (%rdi),%xmm2 - leaq 16(%rdi),%rdi - xorps %xmm10,%xmm2 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -.Loop_dec1_12: -.byte 102,15,56,222,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz .Loop_dec1_12 -.byte 102,15,56,223,209 - xorps %xmm10,%xmm2 - movdqa %xmm11,%xmm10 - movups %xmm2,(%rsi) - movdqa %xmm12,%xmm11 - leaq 16(%rsi),%rsi - jmp .Lxts_dec_done - -.align 16 -.Lxts_dec_two: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - leaq 32(%rdi),%rdi - xorps %xmm10,%xmm2 - xorps %xmm11,%xmm3 - - call _aesni_decrypt2 - - xorps %xmm10,%xmm2 - movdqa %xmm12,%xmm10 - xorps %xmm11,%xmm3 - movdqa %xmm13,%xmm11 - movups %xmm2,(%rsi) - movups %xmm3,16(%rsi) - leaq 32(%rsi),%rsi - jmp .Lxts_dec_done - -.align 16 -.Lxts_dec_three: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - movups 32(%rdi),%xmm4 - leaq 48(%rdi),%rdi - xorps %xmm10,%xmm2 - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - - call _aesni_decrypt3 - - xorps %xmm10,%xmm2 - movdqa %xmm13,%xmm10 - xorps %xmm11,%xmm3 - movdqa %xmm14,%xmm11 - xorps %xmm12,%xmm4 - movups %xmm2,(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - leaq 48(%rsi),%rsi - jmp .Lxts_dec_done - -.align 16 -.Lxts_dec_four: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - movups 32(%rdi),%xmm4 - xorps %xmm10,%xmm2 - movups 48(%rdi),%xmm5 - leaq 64(%rdi),%rdi - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - xorps %xmm13,%xmm5 - - call _aesni_decrypt4 - - pxor %xmm10,%xmm2 - movdqa %xmm14,%xmm10 - pxor %xmm11,%xmm3 - movdqa %xmm15,%xmm11 - pxor %xmm12,%xmm4 - movdqu %xmm2,(%rsi) - pxor %xmm13,%xmm5 - movdqu %xmm3,16(%rsi) - movdqu %xmm4,32(%rsi) - movdqu %xmm5,48(%rsi) - leaq 64(%rsi),%rsi - jmp .Lxts_dec_done - -.align 16 -.Lxts_dec_done: - andq $15,%r9 - jz .Lxts_dec_ret -.Lxts_dec_done2: - movq %r9,%rdx - movq %rbp,%rcx - movl %r10d,%eax - - movups (%rdi),%xmm2 - xorps %xmm11,%xmm2 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -.Loop_dec1_13: -.byte 102,15,56,222,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz .Loop_dec1_13 -.byte 102,15,56,223,209 - xorps %xmm11,%xmm2 - movups %xmm2,(%rsi) - -.Lxts_dec_steal: - movzbl 16(%rdi),%eax - movzbl (%rsi),%ecx - leaq 1(%rdi),%rdi - movb %al,(%rsi) - movb %cl,16(%rsi) - leaq 1(%rsi),%rsi - subq $1,%rdx - jnz .Lxts_dec_steal - - subq %r9,%rsi - movq %rbp,%rcx - movl %r10d,%eax - - movups (%rsi),%xmm2 - xorps %xmm10,%xmm2 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -.Loop_dec1_14: -.byte 102,15,56,222,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz .Loop_dec1_14 -.byte 102,15,56,223,209 - xorps %xmm10,%xmm2 - movups %xmm2,(%rsi) - -.Lxts_dec_ret: - xorps %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - movaps %xmm0,0(%rsp) - pxor %xmm8,%xmm8 - movaps %xmm0,16(%rsp) - pxor %xmm9,%xmm9 - movaps %xmm0,32(%rsp) - pxor %xmm10,%xmm10 - movaps %xmm0,48(%rsp) - pxor %xmm11,%xmm11 - movaps %xmm0,64(%rsp) - pxor %xmm12,%xmm12 - movaps %xmm0,80(%rsp) - pxor %xmm13,%xmm13 - movaps %xmm0,96(%rsp) - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - movq -8(%r11),%rbp -.cfi_restore %rbp - leaq (%r11),%rsp -.cfi_def_cfa_register %rsp -.Lxts_dec_epilogue: - .byte 0xf3,0xc3 -.cfi_endproc -.size aes_hw_xts_decrypt,.-aes_hw_xts_decrypt -.globl aes_hw_ocb_encrypt -.hidden aes_hw_ocb_encrypt -.type aes_hw_ocb_encrypt,@function -.align 32 -aes_hw_ocb_encrypt: -.cfi_startproc - leaq (%rsp),%rax - pushq %rbx -.cfi_adjust_cfa_offset 8 -.cfi_offset %rbx,-16 - pushq %rbp -.cfi_adjust_cfa_offset 8 -.cfi_offset %rbp,-24 - pushq %r12 -.cfi_adjust_cfa_offset 8 -.cfi_offset %r12,-32 - pushq %r13 -.cfi_adjust_cfa_offset 8 -.cfi_offset %r13,-40 - pushq %r14 -.cfi_adjust_cfa_offset 8 -.cfi_offset %r14,-48 - movq 8(%rax),%rbx - movq 8+8(%rax),%rbp - - movl 240(%rcx),%r10d - movq %rcx,%r11 - shll $4,%r10d - movups (%rcx),%xmm9 - movups 16(%rcx,%r10,1),%xmm1 - - movdqu (%r9),%xmm15 - pxor %xmm1,%xmm9 - pxor %xmm1,%xmm15 - - movl $16+32,%eax - leaq 32(%r11,%r10,1),%rcx - movups 16(%r11),%xmm1 - subq %r10,%rax - movq %rax,%r10 - - movdqu (%rbx),%xmm10 - movdqu (%rbp),%xmm8 - - testq $1,%r8 - jnz .Locb_enc_odd - - bsfq %r8,%r12 - addq $1,%r8 - shlq $4,%r12 - movdqu (%rbx,%r12,1),%xmm7 - movdqu (%rdi),%xmm2 - leaq 16(%rdi),%rdi - - call __ocb_encrypt1 - - movdqa %xmm7,%xmm15 - movups %xmm2,(%rsi) - leaq 16(%rsi),%rsi - subq $1,%rdx - jz .Locb_enc_done - -.Locb_enc_odd: - leaq 1(%r8),%r12 - leaq 3(%r8),%r13 - leaq 5(%r8),%r14 - leaq 6(%r8),%r8 - bsfq %r12,%r12 - bsfq %r13,%r13 - bsfq %r14,%r14 - shlq $4,%r12 - shlq $4,%r13 - shlq $4,%r14 - - subq $6,%rdx - jc .Locb_enc_short - jmp .Locb_enc_grandloop - -.align 32 -.Locb_enc_grandloop: - movdqu 0(%rdi),%xmm2 - movdqu 16(%rdi),%xmm3 - movdqu 32(%rdi),%xmm4 - movdqu 48(%rdi),%xmm5 - movdqu 64(%rdi),%xmm6 - movdqu 80(%rdi),%xmm7 - leaq 96(%rdi),%rdi - - call __ocb_encrypt6 - - movups %xmm2,0(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - movups %xmm5,48(%rsi) - movups %xmm6,64(%rsi) - movups %xmm7,80(%rsi) - leaq 96(%rsi),%rsi - subq $6,%rdx - jnc .Locb_enc_grandloop - -.Locb_enc_short: - addq $6,%rdx - jz .Locb_enc_done - - movdqu 0(%rdi),%xmm2 - cmpq $2,%rdx - jb .Locb_enc_one - movdqu 16(%rdi),%xmm3 - je .Locb_enc_two - - movdqu 32(%rdi),%xmm4 - cmpq $4,%rdx - jb .Locb_enc_three - movdqu 48(%rdi),%xmm5 - je .Locb_enc_four - - movdqu 64(%rdi),%xmm6 - pxor %xmm7,%xmm7 - - call __ocb_encrypt6 - - movdqa %xmm14,%xmm15 - movups %xmm2,0(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - movups %xmm5,48(%rsi) - movups %xmm6,64(%rsi) - - jmp .Locb_enc_done - -.align 16 -.Locb_enc_one: - movdqa %xmm10,%xmm7 - - call __ocb_encrypt1 - - movdqa %xmm7,%xmm15 - movups %xmm2,0(%rsi) - jmp .Locb_enc_done - -.align 16 -.Locb_enc_two: - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - - call __ocb_encrypt4 - - movdqa %xmm11,%xmm15 - movups %xmm2,0(%rsi) - movups %xmm3,16(%rsi) - - jmp .Locb_enc_done - -.align 16 -.Locb_enc_three: - pxor %xmm5,%xmm5 - - call __ocb_encrypt4 - - movdqa %xmm12,%xmm15 - movups %xmm2,0(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - - jmp .Locb_enc_done - -.align 16 -.Locb_enc_four: - call __ocb_encrypt4 - - movdqa %xmm13,%xmm15 - movups %xmm2,0(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - movups %xmm5,48(%rsi) - -.Locb_enc_done: - pxor %xmm0,%xmm15 - movdqu %xmm8,(%rbp) - movdqu %xmm15,(%r9) - - xorps %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - pxor %xmm8,%xmm8 - pxor %xmm9,%xmm9 - pxor %xmm10,%xmm10 - pxor %xmm11,%xmm11 - pxor %xmm12,%xmm12 - pxor %xmm13,%xmm13 - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - leaq 40(%rsp),%rax -.cfi_def_cfa %rax,8 - movq -40(%rax),%r14 -.cfi_restore %r14 - movq -32(%rax),%r13 -.cfi_restore %r13 - movq -24(%rax),%r12 -.cfi_restore %r12 - movq -16(%rax),%rbp -.cfi_restore %rbp - movq -8(%rax),%rbx -.cfi_restore %rbx - leaq (%rax),%rsp -.cfi_def_cfa_register %rsp -.Locb_enc_epilogue: - .byte 0xf3,0xc3 -.cfi_endproc -.size aes_hw_ocb_encrypt,.-aes_hw_ocb_encrypt - -.type __ocb_encrypt6,@function -.align 32 -__ocb_encrypt6: - pxor %xmm9,%xmm15 - movdqu (%rbx,%r12,1),%xmm11 - movdqa %xmm10,%xmm12 - movdqu (%rbx,%r13,1),%xmm13 - movdqa %xmm10,%xmm14 - pxor %xmm15,%xmm10 - movdqu (%rbx,%r14,1),%xmm15 - pxor %xmm10,%xmm11 - pxor %xmm2,%xmm8 - pxor %xmm10,%xmm2 - pxor %xmm11,%xmm12 - pxor %xmm3,%xmm8 - pxor %xmm11,%xmm3 - pxor %xmm12,%xmm13 - pxor %xmm4,%xmm8 - pxor %xmm12,%xmm4 - pxor %xmm13,%xmm14 - pxor %xmm5,%xmm8 - pxor %xmm13,%xmm5 - pxor %xmm14,%xmm15 - pxor %xmm6,%xmm8 - pxor %xmm14,%xmm6 - pxor %xmm7,%xmm8 - pxor %xmm15,%xmm7 - movups 32(%r11),%xmm0 - - leaq 1(%r8),%r12 - leaq 3(%r8),%r13 - leaq 5(%r8),%r14 - addq $6,%r8 - pxor %xmm9,%xmm10 - bsfq %r12,%r12 - bsfq %r13,%r13 - bsfq %r14,%r14 - -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - pxor %xmm9,%xmm11 - pxor %xmm9,%xmm12 -.byte 102,15,56,220,241 - pxor %xmm9,%xmm13 - pxor %xmm9,%xmm14 -.byte 102,15,56,220,249 - movups 48(%r11),%xmm1 - pxor %xmm9,%xmm15 - -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 -.byte 102,15,56,220,240 -.byte 102,15,56,220,248 - movups 64(%r11),%xmm0 - shlq $4,%r12 - shlq $4,%r13 - jmp .Locb_enc_loop6 - -.align 32 -.Locb_enc_loop6: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 -.byte 102,15,56,220,240 -.byte 102,15,56,220,248 - movups -16(%rcx,%rax,1),%xmm0 - jnz .Locb_enc_loop6 - -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups 16(%r11),%xmm1 - shlq $4,%r14 - -.byte 102,65,15,56,221,210 - movdqu (%rbx),%xmm10 - movq %r10,%rax -.byte 102,65,15,56,221,219 -.byte 102,65,15,56,221,228 -.byte 102,65,15,56,221,237 -.byte 102,65,15,56,221,246 -.byte 102,65,15,56,221,255 - .byte 0xf3,0xc3 -.size __ocb_encrypt6,.-__ocb_encrypt6 - -.type __ocb_encrypt4,@function -.align 32 -__ocb_encrypt4: - pxor %xmm9,%xmm15 - movdqu (%rbx,%r12,1),%xmm11 - movdqa %xmm10,%xmm12 - movdqu (%rbx,%r13,1),%xmm13 - pxor %xmm15,%xmm10 - pxor %xmm10,%xmm11 - pxor %xmm2,%xmm8 - pxor %xmm10,%xmm2 - pxor %xmm11,%xmm12 - pxor %xmm3,%xmm8 - pxor %xmm11,%xmm3 - pxor %xmm12,%xmm13 - pxor %xmm4,%xmm8 - pxor %xmm12,%xmm4 - pxor %xmm5,%xmm8 - pxor %xmm13,%xmm5 - movups 32(%r11),%xmm0 - - pxor %xmm9,%xmm10 - pxor %xmm9,%xmm11 - pxor %xmm9,%xmm12 - pxor %xmm9,%xmm13 - -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - movups 48(%r11),%xmm1 - -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 - movups 64(%r11),%xmm0 - jmp .Locb_enc_loop4 - -.align 32 -.Locb_enc_loop4: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 - movups -16(%rcx,%rax,1),%xmm0 - jnz .Locb_enc_loop4 - -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - movups 16(%r11),%xmm1 - movq %r10,%rax - -.byte 102,65,15,56,221,210 -.byte 102,65,15,56,221,219 -.byte 102,65,15,56,221,228 -.byte 102,65,15,56,221,237 - .byte 0xf3,0xc3 -.size __ocb_encrypt4,.-__ocb_encrypt4 - -.type __ocb_encrypt1,@function -.align 32 -__ocb_encrypt1: - pxor %xmm15,%xmm7 - pxor %xmm9,%xmm7 - pxor %xmm2,%xmm8 - pxor %xmm7,%xmm2 - movups 32(%r11),%xmm0 - -.byte 102,15,56,220,209 - movups 48(%r11),%xmm1 - pxor %xmm9,%xmm7 - -.byte 102,15,56,220,208 - movups 64(%r11),%xmm0 - jmp .Locb_enc_loop1 - -.align 32 -.Locb_enc_loop1: -.byte 102,15,56,220,209 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,220,208 - movups -16(%rcx,%rax,1),%xmm0 - jnz .Locb_enc_loop1 - -.byte 102,15,56,220,209 - movups 16(%r11),%xmm1 - movq %r10,%rax - -.byte 102,15,56,221,215 - .byte 0xf3,0xc3 -.size __ocb_encrypt1,.-__ocb_encrypt1 - -.globl aes_hw_ocb_decrypt -.hidden aes_hw_ocb_decrypt -.type aes_hw_ocb_decrypt,@function -.align 32 -aes_hw_ocb_decrypt: -.cfi_startproc - leaq (%rsp),%rax - pushq %rbx -.cfi_adjust_cfa_offset 8 -.cfi_offset %rbx,-16 - pushq %rbp -.cfi_adjust_cfa_offset 8 -.cfi_offset %rbp,-24 - pushq %r12 -.cfi_adjust_cfa_offset 8 -.cfi_offset %r12,-32 - pushq %r13 -.cfi_adjust_cfa_offset 8 -.cfi_offset %r13,-40 - pushq %r14 -.cfi_adjust_cfa_offset 8 -.cfi_offset %r14,-48 - movq 8(%rax),%rbx - movq 8+8(%rax),%rbp - - movl 240(%rcx),%r10d - movq %rcx,%r11 - shll $4,%r10d - movups (%rcx),%xmm9 - movups 16(%rcx,%r10,1),%xmm1 - - movdqu (%r9),%xmm15 - pxor %xmm1,%xmm9 - pxor %xmm1,%xmm15 - - movl $16+32,%eax - leaq 32(%r11,%r10,1),%rcx - movups 16(%r11),%xmm1 - subq %r10,%rax - movq %rax,%r10 - - movdqu (%rbx),%xmm10 - movdqu (%rbp),%xmm8 - - testq $1,%r8 - jnz .Locb_dec_odd - - bsfq %r8,%r12 - addq $1,%r8 - shlq $4,%r12 - movdqu (%rbx,%r12,1),%xmm7 - movdqu (%rdi),%xmm2 - leaq 16(%rdi),%rdi - - call __ocb_decrypt1 - - movdqa %xmm7,%xmm15 - movups %xmm2,(%rsi) - xorps %xmm2,%xmm8 - leaq 16(%rsi),%rsi - subq $1,%rdx - jz .Locb_dec_done - -.Locb_dec_odd: - leaq 1(%r8),%r12 - leaq 3(%r8),%r13 - leaq 5(%r8),%r14 - leaq 6(%r8),%r8 - bsfq %r12,%r12 - bsfq %r13,%r13 - bsfq %r14,%r14 - shlq $4,%r12 - shlq $4,%r13 - shlq $4,%r14 - - subq $6,%rdx - jc .Locb_dec_short - jmp .Locb_dec_grandloop - -.align 32 -.Locb_dec_grandloop: - movdqu 0(%rdi),%xmm2 - movdqu 16(%rdi),%xmm3 - movdqu 32(%rdi),%xmm4 - movdqu 48(%rdi),%xmm5 - movdqu 64(%rdi),%xmm6 - movdqu 80(%rdi),%xmm7 - leaq 96(%rdi),%rdi - - call __ocb_decrypt6 - - movups %xmm2,0(%rsi) - pxor %xmm2,%xmm8 - movups %xmm3,16(%rsi) - pxor %xmm3,%xmm8 - movups %xmm4,32(%rsi) - pxor %xmm4,%xmm8 - movups %xmm5,48(%rsi) - pxor %xmm5,%xmm8 - movups %xmm6,64(%rsi) - pxor %xmm6,%xmm8 - movups %xmm7,80(%rsi) - pxor %xmm7,%xmm8 - leaq 96(%rsi),%rsi - subq $6,%rdx - jnc .Locb_dec_grandloop - -.Locb_dec_short: - addq $6,%rdx - jz .Locb_dec_done - - movdqu 0(%rdi),%xmm2 - cmpq $2,%rdx - jb .Locb_dec_one - movdqu 16(%rdi),%xmm3 - je .Locb_dec_two - - movdqu 32(%rdi),%xmm4 - cmpq $4,%rdx - jb .Locb_dec_three - movdqu 48(%rdi),%xmm5 - je .Locb_dec_four - - movdqu 64(%rdi),%xmm6 - pxor %xmm7,%xmm7 - - call __ocb_decrypt6 - - movdqa %xmm14,%xmm15 - movups %xmm2,0(%rsi) - pxor %xmm2,%xmm8 - movups %xmm3,16(%rsi) - pxor %xmm3,%xmm8 - movups %xmm4,32(%rsi) - pxor %xmm4,%xmm8 - movups %xmm5,48(%rsi) - pxor %xmm5,%xmm8 - movups %xmm6,64(%rsi) - pxor %xmm6,%xmm8 - - jmp .Locb_dec_done - -.align 16 -.Locb_dec_one: - movdqa %xmm10,%xmm7 - - call __ocb_decrypt1 - - movdqa %xmm7,%xmm15 - movups %xmm2,0(%rsi) - xorps %xmm2,%xmm8 - jmp .Locb_dec_done - -.align 16 -.Locb_dec_two: - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - - call __ocb_decrypt4 - - movdqa %xmm11,%xmm15 - movups %xmm2,0(%rsi) - xorps %xmm2,%xmm8 - movups %xmm3,16(%rsi) - xorps %xmm3,%xmm8 - - jmp .Locb_dec_done - -.align 16 -.Locb_dec_three: - pxor %xmm5,%xmm5 - - call __ocb_decrypt4 - - movdqa %xmm12,%xmm15 - movups %xmm2,0(%rsi) - xorps %xmm2,%xmm8 - movups %xmm3,16(%rsi) - xorps %xmm3,%xmm8 - movups %xmm4,32(%rsi) - xorps %xmm4,%xmm8 - - jmp .Locb_dec_done - -.align 16 -.Locb_dec_four: - call __ocb_decrypt4 - - movdqa %xmm13,%xmm15 - movups %xmm2,0(%rsi) - pxor %xmm2,%xmm8 - movups %xmm3,16(%rsi) - pxor %xmm3,%xmm8 - movups %xmm4,32(%rsi) - pxor %xmm4,%xmm8 - movups %xmm5,48(%rsi) - pxor %xmm5,%xmm8 - -.Locb_dec_done: - pxor %xmm0,%xmm15 - movdqu %xmm8,(%rbp) - movdqu %xmm15,(%r9) - - xorps %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - pxor %xmm8,%xmm8 - pxor %xmm9,%xmm9 - pxor %xmm10,%xmm10 - pxor %xmm11,%xmm11 - pxor %xmm12,%xmm12 - pxor %xmm13,%xmm13 - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - leaq 40(%rsp),%rax -.cfi_def_cfa %rax,8 - movq -40(%rax),%r14 -.cfi_restore %r14 - movq -32(%rax),%r13 -.cfi_restore %r13 - movq -24(%rax),%r12 -.cfi_restore %r12 - movq -16(%rax),%rbp -.cfi_restore %rbp - movq -8(%rax),%rbx -.cfi_restore %rbx - leaq (%rax),%rsp -.cfi_def_cfa_register %rsp -.Locb_dec_epilogue: - .byte 0xf3,0xc3 -.cfi_endproc -.size aes_hw_ocb_decrypt,.-aes_hw_ocb_decrypt - -.type __ocb_decrypt6,@function -.align 32 -__ocb_decrypt6: - pxor %xmm9,%xmm15 - movdqu (%rbx,%r12,1),%xmm11 - movdqa %xmm10,%xmm12 - movdqu (%rbx,%r13,1),%xmm13 - movdqa %xmm10,%xmm14 - pxor %xmm15,%xmm10 - movdqu (%rbx,%r14,1),%xmm15 - pxor %xmm10,%xmm11 - pxor %xmm10,%xmm2 - pxor %xmm11,%xmm12 - pxor %xmm11,%xmm3 - pxor %xmm12,%xmm13 - pxor %xmm12,%xmm4 - pxor %xmm13,%xmm14 - pxor %xmm13,%xmm5 - pxor %xmm14,%xmm15 - pxor %xmm14,%xmm6 - pxor %xmm15,%xmm7 - movups 32(%r11),%xmm0 - - leaq 1(%r8),%r12 - leaq 3(%r8),%r13 - leaq 5(%r8),%r14 - addq $6,%r8 - pxor %xmm9,%xmm10 - bsfq %r12,%r12 - bsfq %r13,%r13 - bsfq %r14,%r14 - -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - pxor %xmm9,%xmm11 - pxor %xmm9,%xmm12 -.byte 102,15,56,222,241 - pxor %xmm9,%xmm13 - pxor %xmm9,%xmm14 -.byte 102,15,56,222,249 - movups 48(%r11),%xmm1 - pxor %xmm9,%xmm15 - -.byte 102,15,56,222,208 -.byte 102,15,56,222,216 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 -.byte 102,15,56,222,240 -.byte 102,15,56,222,248 - movups 64(%r11),%xmm0 - shlq $4,%r12 - shlq $4,%r13 - jmp .Locb_dec_loop6 - -.align 32 -.Locb_dec_loop6: -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,222,208 -.byte 102,15,56,222,216 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 -.byte 102,15,56,222,240 -.byte 102,15,56,222,248 - movups -16(%rcx,%rax,1),%xmm0 - jnz .Locb_dec_loop6 - -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups 16(%r11),%xmm1 - shlq $4,%r14 - -.byte 102,65,15,56,223,210 - movdqu (%rbx),%xmm10 - movq %r10,%rax -.byte 102,65,15,56,223,219 -.byte 102,65,15,56,223,228 -.byte 102,65,15,56,223,237 -.byte 102,65,15,56,223,246 -.byte 102,65,15,56,223,255 - .byte 0xf3,0xc3 -.size __ocb_decrypt6,.-__ocb_decrypt6 - -.type __ocb_decrypt4,@function -.align 32 -__ocb_decrypt4: - pxor %xmm9,%xmm15 - movdqu (%rbx,%r12,1),%xmm11 - movdqa %xmm10,%xmm12 - movdqu (%rbx,%r13,1),%xmm13 - pxor %xmm15,%xmm10 - pxor %xmm10,%xmm11 - pxor %xmm10,%xmm2 - pxor %xmm11,%xmm12 - pxor %xmm11,%xmm3 - pxor %xmm12,%xmm13 - pxor %xmm12,%xmm4 - pxor %xmm13,%xmm5 - movups 32(%r11),%xmm0 - - pxor %xmm9,%xmm10 - pxor %xmm9,%xmm11 - pxor %xmm9,%xmm12 - pxor %xmm9,%xmm13 - -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - movups 48(%r11),%xmm1 - -.byte 102,15,56,222,208 -.byte 102,15,56,222,216 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 - movups 64(%r11),%xmm0 - jmp .Locb_dec_loop4 - -.align 32 -.Locb_dec_loop4: -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,222,208 -.byte 102,15,56,222,216 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 - movups -16(%rcx,%rax,1),%xmm0 - jnz .Locb_dec_loop4 - -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - movups 16(%r11),%xmm1 - movq %r10,%rax - -.byte 102,65,15,56,223,210 -.byte 102,65,15,56,223,219 -.byte 102,65,15,56,223,228 -.byte 102,65,15,56,223,237 - .byte 0xf3,0xc3 -.size __ocb_decrypt4,.-__ocb_decrypt4 - -.type __ocb_decrypt1,@function -.align 32 -__ocb_decrypt1: - pxor %xmm15,%xmm7 - pxor %xmm9,%xmm7 - pxor %xmm7,%xmm2 - movups 32(%r11),%xmm0 - -.byte 102,15,56,222,209 - movups 48(%r11),%xmm1 - pxor %xmm9,%xmm7 - -.byte 102,15,56,222,208 - movups 64(%r11),%xmm0 - jmp .Locb_dec_loop1 - -.align 32 -.Locb_dec_loop1: -.byte 102,15,56,222,209 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,222,208 - movups -16(%rcx,%rax,1),%xmm0 - jnz .Locb_dec_loop1 - -.byte 102,15,56,222,209 - movups 16(%r11),%xmm1 - movq %r10,%rax - -.byte 102,15,56,223,215 - .byte 0xf3,0xc3 -.size __ocb_decrypt1,.-__ocb_decrypt1 -.globl aes_hw_cbc_encrypt -.hidden aes_hw_cbc_encrypt -.type aes_hw_cbc_encrypt,@function -.align 16 -aes_hw_cbc_encrypt: -.cfi_startproc - testq %rdx,%rdx - jz .Lcbc_ret - - movl 240(%rcx),%r10d - movq %rcx,%r11 - testl %r9d,%r9d - jz .Lcbc_decrypt - - movups (%r8),%xmm2 - movl %r10d,%eax - cmpq $16,%rdx - jb .Lcbc_enc_tail - subq $16,%rdx - jmp .Lcbc_enc_loop -.align 16 -.Lcbc_enc_loop: - movups (%rdi),%xmm3 - leaq 16(%rdi),%rdi - - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - xorps %xmm0,%xmm3 - leaq 32(%rcx),%rcx - xorps %xmm3,%xmm2 -.Loop_enc1_15: -.byte 102,15,56,220,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz .Loop_enc1_15 -.byte 102,15,56,221,209 - movl %r10d,%eax - movq %r11,%rcx - movups %xmm2,0(%rsi) - leaq 16(%rsi),%rsi - subq $16,%rdx - jnc .Lcbc_enc_loop - addq $16,%rdx - jnz .Lcbc_enc_tail - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - movups %xmm2,(%r8) - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - jmp .Lcbc_ret - -.Lcbc_enc_tail: - movq %rdx,%rcx - xchgq %rdi,%rsi -.long 0x9066A4F3 - movl $16,%ecx - subq %rdx,%rcx - xorl %eax,%eax -.long 0x9066AAF3 - leaq -16(%rdi),%rdi - movl %r10d,%eax - movq %rdi,%rsi - movq %r11,%rcx - xorq %rdx,%rdx - jmp .Lcbc_enc_loop - -.align 16 -.Lcbc_decrypt: - cmpq $16,%rdx - jne .Lcbc_decrypt_bulk - - - - movdqu (%rdi),%xmm2 - movdqu (%r8),%xmm3 - movdqa %xmm2,%xmm4 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -.Loop_dec1_16: -.byte 102,15,56,222,209 - decl %r10d - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz .Loop_dec1_16 -.byte 102,15,56,223,209 - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - movdqu %xmm4,(%r8) - xorps %xmm3,%xmm2 - pxor %xmm3,%xmm3 - movups %xmm2,(%rsi) - pxor %xmm2,%xmm2 - jmp .Lcbc_ret -.align 16 -.Lcbc_decrypt_bulk: - leaq (%rsp),%r11 -.cfi_def_cfa_register %r11 - pushq %rbp -.cfi_offset %rbp,-16 - subq $16,%rsp - andq $-16,%rsp - movq %rcx,%rbp - movups (%r8),%xmm10 - movl %r10d,%eax - cmpq $0x50,%rdx - jbe .Lcbc_dec_tail - - movups (%rcx),%xmm0 - movdqu 0(%rdi),%xmm2 - movdqu 16(%rdi),%xmm3 - movdqa %xmm2,%xmm11 - movdqu 32(%rdi),%xmm4 - movdqa %xmm3,%xmm12 - movdqu 48(%rdi),%xmm5 - movdqa %xmm4,%xmm13 - movdqu 64(%rdi),%xmm6 - movdqa %xmm5,%xmm14 - movdqu 80(%rdi),%xmm7 - movdqa %xmm6,%xmm15 - leaq OPENSSL_ia32cap_P(%rip),%r9 - movl 4(%r9),%r9d - cmpq $0x70,%rdx - jbe .Lcbc_dec_six_or_seven + movdqa %xmm6,%xmm15 + leaq OPENSSL_ia32cap_P(%rip),%r9 + movl 4(%r9),%r9d + cmpq $0x70,%rdx + jbe .Lcbc_dec_six_or_seven andl $71303168,%r9d subq $0x50,%rdx @@ -3922,12 +1965,12 @@ aes_hw_cbc_encrypt: movups 16(%rcx),%xmm1 leaq 32(%rcx),%rcx xorps %xmm0,%xmm2 -.Loop_dec1_17: +.Loop_dec1_8: .byte 102,15,56,222,209 decl %eax movups (%rcx),%xmm1 leaq 16(%rcx),%rcx - jnz .Loop_dec1_17 + jnz .Loop_dec1_8 .byte 102,15,56,223,209 xorps %xmm10,%xmm2 movaps %xmm11,%xmm10 @@ -4068,6 +2111,11 @@ aes_hw_set_decrypt_key: aes_hw_set_encrypt_key: __aesni_set_encrypt_key: .cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS + movb $1,BORINGSSL_function_hit+3(%rip) +#endif +#endif .byte 0x48,0x83,0xEC,0x08 .cfi_adjust_cfa_offset 8 movq $-1,%rax diff --git a/linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S b/linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S index 36c01ef..5236aa6 100644 --- a/linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S +++ b/linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S @@ -21,6 +21,7 @@ .type _bsaes_encrypt8,@function .align 64 _bsaes_encrypt8: +.cfi_startproc leaq .LBS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -488,11 +489,13 @@ _bsaes_encrypt8_bitslice: pxor %xmm7,%xmm15 pxor %xmm7,%xmm0 .byte 0xf3,0xc3 +.cfi_endproc .size _bsaes_encrypt8,.-_bsaes_encrypt8 .type _bsaes_decrypt8,@function .align 64 _bsaes_decrypt8: +.cfi_startproc leaq .LBS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -994,10 +997,12 @@ _bsaes_decrypt8: pxor %xmm7,%xmm15 pxor %xmm7,%xmm0 .byte 0xf3,0xc3 +.cfi_endproc .size _bsaes_decrypt8,.-_bsaes_decrypt8 .type _bsaes_key_convert,@function .align 16 _bsaes_key_convert: +.cfi_startproc leaq .Lmasks(%rip),%r11 movdqu (%rcx),%xmm7 leaq 16(%rcx),%rcx @@ -1076,6 +1081,7 @@ _bsaes_key_convert: movdqa 80(%r11),%xmm7 .byte 0xf3,0xc3 +.cfi_endproc .size _bsaes_key_convert,.-_bsaes_key_convert .extern aes_nohw_cbc_encrypt .hidden aes_nohw_cbc_encrypt @@ -1359,6 +1365,13 @@ bsaes_cbc_encrypt: .align 16 bsaes_ctr32_encrypt_blocks: .cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS +.extern BORINGSSL_function_hit +.hidden BORINGSSL_function_hit + movb $1,BORINGSSL_function_hit+6(%rip) +#endif +#endif movq %rsp,%rax .Lctr_enc_prologue: pushq %rbp diff --git a/linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S b/linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S new file mode 100644 index 0000000..ecf5b66 --- /dev/null +++ b/linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S @@ -0,0 +1,426 @@ +# This file is generated from a similarly-named Perl script in the BoringSSL +# source tree. Do not edit by hand. + +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + +#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#if defined(BORINGSSL_PREFIX) +#include +#endif +.text + + + + + +.type gcm_gmult_ssse3, @function +.globl gcm_gmult_ssse3 +.hidden gcm_gmult_ssse3 +.align 16 +gcm_gmult_ssse3: +.cfi_startproc +.Lgmult_seh_begin: + movdqu (%rdi),%xmm0 + movdqa .Lreverse_bytes(%rip),%xmm10 + movdqa .Llow4_mask(%rip),%xmm2 + + +.byte 102,65,15,56,0,194 + + + movdqa %xmm2,%xmm1 + pandn %xmm0,%xmm1 + psrld $4,%xmm1 + pand %xmm2,%xmm0 + + + + + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + movq $5,%rax +.Loop_row_1: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz .Loop_row_1 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movq $5,%rax +.Loop_row_2: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz .Loop_row_2 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movq $6,%rax +.Loop_row_3: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz .Loop_row_3 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + +.byte 102,65,15,56,0,210 + movdqu %xmm2,(%rdi) + + + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 +.Lgmult_seh_end: +.cfi_endproc +.size gcm_gmult_ssse3,.-gcm_gmult_ssse3 + + + + + +.type gcm_ghash_ssse3, @function +.globl gcm_ghash_ssse3 +.hidden gcm_ghash_ssse3 +.align 16 +gcm_ghash_ssse3: +.Lghash_seh_begin: +.cfi_startproc + movdqu (%rdi),%xmm0 + movdqa .Lreverse_bytes(%rip),%xmm10 + movdqa .Llow4_mask(%rip),%xmm11 + + + andq $-16,%rcx + + + +.byte 102,65,15,56,0,194 + + + pxor %xmm3,%xmm3 +.Loop_ghash: + + movdqu (%rdx),%xmm1 +.byte 102,65,15,56,0,202 + pxor %xmm1,%xmm0 + + + movdqa %xmm11,%xmm1 + pandn %xmm0,%xmm1 + psrld $4,%xmm1 + pand %xmm11,%xmm0 + + + + + pxor %xmm2,%xmm2 + + movq $5,%rax +.Loop_row_4: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz .Loop_row_4 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movq $5,%rax +.Loop_row_5: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz .Loop_row_5 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movq $6,%rax +.Loop_row_6: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz .Loop_row_6 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movdqa %xmm2,%xmm0 + + + leaq -256(%rsi),%rsi + + + leaq 16(%rdx),%rdx + subq $16,%rcx + jnz .Loop_ghash + + +.byte 102,65,15,56,0,194 + movdqu %xmm0,(%rdi) + + + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 +.Lghash_seh_end: +.cfi_endproc +.size gcm_ghash_ssse3,.-gcm_ghash_ssse3 + +.align 16 + + +.Lreverse_bytes: +.byte 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 + +.Llow4_mask: +.quad 0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f +#endif diff --git a/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S b/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S index ed0946d..0b36afa 100644 --- a/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S +++ b/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S @@ -722,6 +722,7 @@ gcm_ghash_4bit: .type gcm_init_clmul,@function .align 16 gcm_init_clmul: +.cfi_startproc .L_init_clmul: movdqu (%rsi),%xmm2 pshufd $78,%xmm2,%xmm2 @@ -873,12 +874,14 @@ gcm_init_clmul: .byte 102,15,58,15,227,8 movdqu %xmm4,80(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size gcm_init_clmul,.-gcm_init_clmul .globl gcm_gmult_clmul .hidden gcm_gmult_clmul .type gcm_gmult_clmul,@function .align 16 gcm_gmult_clmul: +.cfi_startproc .L_gmult_clmul: movdqu (%rdi),%xmm0 movdqa .Lbswap_mask(%rip),%xmm5 @@ -925,12 +928,14 @@ gcm_gmult_clmul: .byte 102,15,56,0,197 movdqu %xmm0,(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size gcm_gmult_clmul,.-gcm_gmult_clmul .globl gcm_ghash_clmul .hidden gcm_ghash_clmul .type gcm_ghash_clmul,@function .align 32 gcm_ghash_clmul: +.cfi_startproc .L_ghash_clmul: movdqa .Lbswap_mask(%rip),%xmm10 @@ -1310,12 +1315,14 @@ gcm_ghash_clmul: .byte 102,65,15,56,0,194 movdqu %xmm0,(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size gcm_ghash_clmul,.-gcm_ghash_clmul .globl gcm_init_avx .hidden gcm_init_avx .type gcm_init_avx,@function .align 32 gcm_init_avx: +.cfi_startproc vzeroupper vmovdqu (%rsi),%xmm2 @@ -1418,19 +1425,23 @@ gcm_init_avx: vzeroupper .byte 0xf3,0xc3 +.cfi_endproc .size gcm_init_avx,.-gcm_init_avx .globl gcm_gmult_avx .hidden gcm_gmult_avx .type gcm_gmult_avx,@function .align 32 gcm_gmult_avx: +.cfi_startproc jmp .L_gmult_clmul +.cfi_endproc .size gcm_gmult_avx,.-gcm_gmult_avx .globl gcm_ghash_avx .hidden gcm_ghash_avx .type gcm_ghash_avx,@function .align 32 gcm_ghash_avx: +.cfi_startproc vzeroupper vmovdqu (%rdi),%xmm10 @@ -1802,6 +1813,7 @@ gcm_ghash_avx: vmovdqu %xmm10,(%rdi) vzeroupper .byte 0xf3,0xc3 +.cfi_endproc .size gcm_ghash_avx,.-gcm_ghash_avx .align 64 .Lbswap_mask: diff --git a/linux-x86_64/crypto/fipsmodule/md5-x86_64.S b/linux-x86_64/crypto/fipsmodule/md5-x86_64.S index 6d08f17..18e2e92 100644 --- a/linux-x86_64/crypto/fipsmodule/md5-x86_64.S +++ b/linux-x86_64/crypto/fipsmodule/md5-x86_64.S @@ -18,11 +18,22 @@ .hidden md5_block_asm_data_order .type md5_block_asm_data_order,@function md5_block_asm_data_order: +.cfi_startproc pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset rbp,-16 pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset rbx,-24 pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset r12,-32 pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset r14,-40 pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset r15,-48 .Lprologue: @@ -672,12 +683,19 @@ md5_block_asm_data_order: movl %edx,12(%rbp) movq (%rsp),%r15 +.cfi_restore r15 movq 8(%rsp),%r14 +.cfi_restore r14 movq 16(%rsp),%r12 +.cfi_restore r12 movq 24(%rsp),%rbx +.cfi_restore rbx movq 32(%rsp),%rbp +.cfi_restore rbp addq $40,%rsp +.cfi_adjust_cfa_offset -40 .Lepilogue: .byte 0xf3,0xc3 +.cfi_endproc .size md5_block_asm_data_order,.-md5_block_asm_data_order #endif diff --git a/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S b/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S index 6a3cb1c..3a57522 100644 --- a/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +++ b/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S @@ -1267,6 +1267,7 @@ ecp_nistz256_mul_mont: .type __ecp_nistz256_mul_montq,@function .align 32 __ecp_nistz256_mul_montq: +.cfi_startproc movq %rax,%rbp @@ -1478,6 +1479,7 @@ __ecp_nistz256_mul_montq: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq @@ -1557,6 +1559,7 @@ ecp_nistz256_sqr_mont: .type __ecp_nistz256_sqr_montq,@function .align 32 __ecp_nistz256_sqr_montq: +.cfi_startproc movq %rax,%r13 mulq %r14 movq %rax,%r9 @@ -1714,10 +1717,12 @@ __ecp_nistz256_sqr_montq: movq %r15,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq .type __ecp_nistz256_mul_montx,@function .align 32 __ecp_nistz256_mul_montx: +.cfi_startproc mulxq %r9,%r8,%r9 @@ -1880,11 +1885,13 @@ __ecp_nistz256_mul_montx: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx .type __ecp_nistz256_sqr_montx,@function .align 32 __ecp_nistz256_sqr_montx: +.cfi_startproc mulxq %r14,%r9,%r10 mulxq %r15,%rcx,%r11 xorl %eax,%eax @@ -2008,6 +2015,7 @@ __ecp_nistz256_sqr_montx: movq %r15,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx @@ -2016,6 +2024,7 @@ __ecp_nistz256_sqr_montx: .type ecp_nistz256_select_w5,@function .align 32 ecp_nistz256_select_w5: +.cfi_startproc leaq OPENSSL_ia32cap_P(%rip),%rax movq 8(%rax),%rax testl $32,%eax @@ -2071,6 +2080,7 @@ ecp_nistz256_select_w5: movdqu %xmm6,64(%rdi) movdqu %xmm7,80(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .LSEH_end_ecp_nistz256_select_w5: .size ecp_nistz256_select_w5,.-ecp_nistz256_select_w5 @@ -2081,6 +2091,7 @@ ecp_nistz256_select_w5: .type ecp_nistz256_select_w7,@function .align 32 ecp_nistz256_select_w7: +.cfi_startproc leaq OPENSSL_ia32cap_P(%rip),%rax movq 8(%rax),%rax testl $32,%eax @@ -2125,6 +2136,7 @@ ecp_nistz256_select_w7: movdqu %xmm4,32(%rdi) movdqu %xmm5,48(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .LSEH_end_ecp_nistz256_select_w7: .size ecp_nistz256_select_w7,.-ecp_nistz256_select_w7 @@ -2132,6 +2144,7 @@ ecp_nistz256_select_w7: .type ecp_nistz256_avx2_select_w5,@function .align 32 ecp_nistz256_avx2_select_w5: +.cfi_startproc .Lavx2_select_w5: vzeroupper vmovdqa .LTwo(%rip),%ymm0 @@ -2186,6 +2199,7 @@ ecp_nistz256_avx2_select_w5: vmovdqu %ymm4,64(%rdi) vzeroupper .byte 0xf3,0xc3 +.cfi_endproc .LSEH_end_ecp_nistz256_avx2_select_w5: .size ecp_nistz256_avx2_select_w5,.-ecp_nistz256_avx2_select_w5 @@ -2196,6 +2210,7 @@ ecp_nistz256_avx2_select_w5: .type ecp_nistz256_avx2_select_w7,@function .align 32 ecp_nistz256_avx2_select_w7: +.cfi_startproc .Lavx2_select_w7: vzeroupper vmovdqa .LThree(%rip),%ymm0 @@ -2265,11 +2280,13 @@ ecp_nistz256_avx2_select_w7: vmovdqu %ymm3,32(%rdi) vzeroupper .byte 0xf3,0xc3 +.cfi_endproc .LSEH_end_ecp_nistz256_avx2_select_w7: .size ecp_nistz256_avx2_select_w7,.-ecp_nistz256_avx2_select_w7 .type __ecp_nistz256_add_toq,@function .align 32 __ecp_nistz256_add_toq: +.cfi_startproc xorq %r11,%r11 addq 0(%rbx),%r12 adcq 8(%rbx),%r13 @@ -2297,11 +2314,13 @@ __ecp_nistz256_add_toq: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq .type __ecp_nistz256_sub_fromq,@function .align 32 __ecp_nistz256_sub_fromq: +.cfi_startproc subq 0(%rbx),%r12 sbbq 8(%rbx),%r13 movq %r12,%rax @@ -2328,11 +2347,13 @@ __ecp_nistz256_sub_fromq: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq .type __ecp_nistz256_subq,@function .align 32 __ecp_nistz256_subq: +.cfi_startproc subq %r12,%rax sbbq %r13,%rbp movq %rax,%r12 @@ -2355,11 +2376,13 @@ __ecp_nistz256_subq: cmovnzq %r10,%r9 .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_subq,.-__ecp_nistz256_subq .type __ecp_nistz256_mul_by_2q,@function .align 32 __ecp_nistz256_mul_by_2q: +.cfi_startproc xorq %r11,%r11 addq %r12,%r12 adcq %r13,%r13 @@ -2387,6 +2410,7 @@ __ecp_nistz256_mul_by_2q: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q .globl ecp_nistz256_point_double .hidden ecp_nistz256_point_double @@ -2823,7 +2847,9 @@ ecp_nistz256_point_add: .byte 102,72,15,126,206 .byte 102,72,15,126,199 addq $416,%rsp +.cfi_adjust_cfa_offset -416 jmp .Lpoint_double_shortcutq +.cfi_adjust_cfa_offset 416 .align 32 .Ladd_proceedq: @@ -3387,6 +3413,7 @@ ecp_nistz256_point_add_affine: .type __ecp_nistz256_add_tox,@function .align 32 __ecp_nistz256_add_tox: +.cfi_startproc xorq %r11,%r11 adcq 0(%rbx),%r12 adcq 8(%rbx),%r13 @@ -3415,11 +3442,13 @@ __ecp_nistz256_add_tox: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox .type __ecp_nistz256_sub_fromx,@function .align 32 __ecp_nistz256_sub_fromx: +.cfi_startproc xorq %r11,%r11 sbbq 0(%rbx),%r12 sbbq 8(%rbx),%r13 @@ -3448,11 +3477,13 @@ __ecp_nistz256_sub_fromx: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx .type __ecp_nistz256_subx,@function .align 32 __ecp_nistz256_subx: +.cfi_startproc xorq %r11,%r11 sbbq %r12,%rax sbbq %r13,%rbp @@ -3477,11 +3508,13 @@ __ecp_nistz256_subx: cmovcq %r10,%r9 .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_subx,.-__ecp_nistz256_subx .type __ecp_nistz256_mul_by_2x,@function .align 32 __ecp_nistz256_mul_by_2x: +.cfi_startproc xorq %r11,%r11 adcq %r12,%r12 adcq %r13,%r13 @@ -3510,6 +3543,7 @@ __ecp_nistz256_mul_by_2x: movq %r9,24(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size __ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x .type ecp_nistz256_point_doublex,@function .align 32 @@ -3934,7 +3968,9 @@ ecp_nistz256_point_addx: .byte 102,72,15,126,206 .byte 102,72,15,126,199 addq $416,%rsp +.cfi_adjust_cfa_offset -416 jmp .Lpoint_double_shortcutx +.cfi_adjust_cfa_offset 416 .align 32 .Ladd_proceedx: diff --git a/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S b/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S index 98a2f8f..5dfecc8 100644 --- a/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +++ b/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S @@ -23,23 +23,27 @@ beeu_mod_inverse_vartime: pushq %rbp .cfi_adjust_cfa_offset 8 .cfi_offset rbp,-16 - movq %rsp,%rbp -.cfi_def_cfa_register rbp - pushq %r12 +.cfi_adjust_cfa_offset 8 .cfi_offset r12,-24 pushq %r13 +.cfi_adjust_cfa_offset 8 .cfi_offset r13,-32 pushq %r14 +.cfi_adjust_cfa_offset 8 .cfi_offset r14,-40 pushq %r15 +.cfi_adjust_cfa_offset 8 .cfi_offset r15,-48 pushq %rbx +.cfi_adjust_cfa_offset 8 .cfi_offset rbx,-56 pushq %rsi +.cfi_adjust_cfa_offset 8 .cfi_offset rsi,-64 subq $80,%rsp +.cfi_adjust_cfa_offset 80 movq %rdi,0(%rsp) @@ -309,23 +313,30 @@ beeu_mod_inverse_vartime: .Lbeeu_finish: addq $80,%rsp +.cfi_adjust_cfa_offset -80 popq %rsi +.cfi_adjust_cfa_offset -8 .cfi_restore rsi popq %rbx +.cfi_adjust_cfa_offset -8 .cfi_restore rbx popq %r15 +.cfi_adjust_cfa_offset -8 .cfi_restore r15 popq %r14 +.cfi_adjust_cfa_offset -8 .cfi_restore r14 popq %r13 +.cfi_adjust_cfa_offset -8 .cfi_restore r13 popq %r12 +.cfi_adjust_cfa_offset -8 .cfi_restore r12 popq %rbp +.cfi_adjust_cfa_offset -8 .cfi_restore rbp -.cfi_def_cfa rsp, 8 -.cfi_endproc .byte 0xf3,0xc3 +.cfi_endproc .size beeu_mod_inverse_vartime, .-beeu_mod_inverse_vartime #endif diff --git a/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S b/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S index d7b0cb4..fefccd6 100644 --- a/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S +++ b/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S @@ -23,14 +23,13 @@ CRYPTO_rdrand: .cfi_startproc xorq %rax,%rax - - -.byte 0x48, 0x0f, 0xc7, 0xf1 +.byte 72,15,199,242 adcq %rax,%rax - movq %rcx,0(%rdi) + movq %rdx,0(%rdi) .byte 0xf3,0xc3 .cfi_endproc +.size CRYPTO_rdrand,.-CRYPTO_rdrand @@ -46,9 +45,7 @@ CRYPTO_rdrand_multiple8_buf: jz .Lout movq $8,%rdx .Lloop: - - -.byte 0x48, 0x0f, 0xc7, 0xf1 +.byte 72,15,199,241 jnc .Lerr movq %rcx,0(%rdi) addq %rdx,%rdi @@ -61,4 +58,5 @@ CRYPTO_rdrand_multiple8_buf: xorq %rax,%rax .byte 0xf3,0xc3 .cfi_endproc +.size CRYPTO_rdrand_multiple8_buf,.-CRYPTO_rdrand_multiple8_buf #endif diff --git a/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S b/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S index 4ca2cab..579c705 100644 --- a/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S +++ b/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S @@ -1228,6 +1228,7 @@ rsaz_1024_mul_avx2: .type rsaz_1024_red2norm_avx2,@function .align 32 rsaz_1024_red2norm_avx2: +.cfi_startproc subq $-128,%rsi xorq %rax,%rax movq -128(%rsi),%r8 @@ -1419,6 +1420,7 @@ rsaz_1024_red2norm_avx2: movq %rax,120(%rdi) movq %r11,%rax .byte 0xf3,0xc3 +.cfi_endproc .size rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2 .globl rsaz_1024_norm2red_avx2 @@ -1426,6 +1428,7 @@ rsaz_1024_red2norm_avx2: .type rsaz_1024_norm2red_avx2,@function .align 32 rsaz_1024_norm2red_avx2: +.cfi_startproc subq $-128,%rdi movq (%rsi),%r8 movl $0x1fffffff,%eax @@ -1578,12 +1581,14 @@ rsaz_1024_norm2red_avx2: movq %r8,176(%rdi) movq %r8,184(%rdi) .byte 0xf3,0xc3 +.cfi_endproc .size rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2 .globl rsaz_1024_scatter5_avx2 .hidden rsaz_1024_scatter5_avx2 .type rsaz_1024_scatter5_avx2,@function .align 32 rsaz_1024_scatter5_avx2: +.cfi_startproc vzeroupper vmovdqu .Lscatter_permd(%rip),%ymm5 shll $4,%edx @@ -1603,6 +1608,7 @@ rsaz_1024_scatter5_avx2: vzeroupper .byte 0xf3,0xc3 +.cfi_endproc .size rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2 .globl rsaz_1024_gather5_avx2 @@ -1727,25 +1733,6 @@ rsaz_1024_gather5_avx2: .cfi_endproc .LSEH_end_rsaz_1024_gather5: .size rsaz_1024_gather5_avx2,.-rsaz_1024_gather5_avx2 -.extern OPENSSL_ia32cap_P -.hidden OPENSSL_ia32cap_P -.globl rsaz_avx2_eligible -.hidden rsaz_avx2_eligible -.type rsaz_avx2_eligible,@function -.align 32 -rsaz_avx2_eligible: - leaq OPENSSL_ia32cap_P(%rip),%rax - movl 8(%rax),%eax - movl $524544,%ecx - movl $0,%edx - andl %eax,%ecx - cmpl $524544,%ecx - cmovel %edx,%eax - andl $32,%eax - shrl $5,%eax - .byte 0xf3,0xc3 -.size rsaz_avx2_eligible,.-rsaz_avx2_eligible - .align 64 .Land_mask: .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff diff --git a/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S b/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S index 41b113a..4355438 100644 --- a/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S +++ b/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S @@ -31,6 +31,7 @@ .type _vpaes_encrypt_core,@function .align 16 _vpaes_encrypt_core: +.cfi_startproc movq %rdx,%r9 movq $16,%r11 movl 240(%rdx),%eax @@ -111,6 +112,7 @@ _vpaes_encrypt_core: pxor %xmm4,%xmm0 .byte 102,15,56,0,193 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_encrypt_core,.-_vpaes_encrypt_core @@ -121,6 +123,7 @@ _vpaes_encrypt_core: .type _vpaes_decrypt_core,@function .align 16 _vpaes_decrypt_core: +.cfi_startproc movq %rdx,%r9 movl 240(%rdx),%eax movdqa %xmm9,%xmm1 @@ -217,6 +220,7 @@ _vpaes_decrypt_core: pxor %xmm4,%xmm0 .byte 102,15,56,0,194 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_decrypt_core,.-_vpaes_decrypt_core @@ -227,6 +231,7 @@ _vpaes_decrypt_core: .type _vpaes_schedule_core,@function .align 16 _vpaes_schedule_core: +.cfi_startproc @@ -393,6 +398,7 @@ _vpaes_schedule_core: pxor %xmm6,%xmm6 pxor %xmm7,%xmm7 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_schedule_core,.-_vpaes_schedule_core @@ -412,6 +418,7 @@ _vpaes_schedule_core: .type _vpaes_schedule_192_smear,@function .align 16 _vpaes_schedule_192_smear: +.cfi_startproc pshufd $0x80,%xmm6,%xmm1 pshufd $0xFE,%xmm7,%xmm0 pxor %xmm1,%xmm6 @@ -420,6 +427,7 @@ _vpaes_schedule_192_smear: movdqa %xmm6,%xmm0 movhlps %xmm1,%xmm6 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear @@ -443,6 +451,7 @@ _vpaes_schedule_192_smear: .type _vpaes_schedule_round,@function .align 16 _vpaes_schedule_round: +.cfi_startproc pxor %xmm1,%xmm1 .byte 102,65,15,58,15,200,15 @@ -496,6 +505,7 @@ _vpaes_schedule_low_round: pxor %xmm7,%xmm0 movdqa %xmm0,%xmm7 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_schedule_round,.-_vpaes_schedule_round @@ -510,6 +520,7 @@ _vpaes_schedule_low_round: .type _vpaes_schedule_transform,@function .align 16 _vpaes_schedule_transform: +.cfi_startproc movdqa %xmm9,%xmm1 pandn %xmm0,%xmm1 psrld $4,%xmm1 @@ -520,6 +531,7 @@ _vpaes_schedule_transform: .byte 102,15,56,0,193 pxor %xmm2,%xmm0 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_schedule_transform,.-_vpaes_schedule_transform @@ -548,6 +560,7 @@ _vpaes_schedule_transform: .type _vpaes_schedule_mangle,@function .align 16 _vpaes_schedule_mangle: +.cfi_startproc movdqa %xmm0,%xmm4 movdqa .Lk_mc_forward(%rip),%xmm5 testq %rcx,%rcx @@ -612,6 +625,7 @@ _vpaes_schedule_mangle: andq $0x30,%r8 movdqu %xmm3,(%rdx) .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_schedule_mangle,.-_vpaes_schedule_mangle @@ -622,6 +636,15 @@ _vpaes_schedule_mangle: .type vpaes_set_encrypt_key,@function .align 16 vpaes_set_encrypt_key: +.cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS +.extern BORINGSSL_function_hit +.hidden BORINGSSL_function_hit + movb $1,BORINGSSL_function_hit+5(%rip) +#endif +#endif + movl %esi,%eax shrl $5,%eax addl $5,%eax @@ -632,6 +655,7 @@ vpaes_set_encrypt_key: call _vpaes_schedule_core xorl %eax,%eax .byte 0xf3,0xc3 +.cfi_endproc .size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key .globl vpaes_set_decrypt_key @@ -639,6 +663,7 @@ vpaes_set_encrypt_key: .type vpaes_set_decrypt_key,@function .align 16 vpaes_set_decrypt_key: +.cfi_startproc movl %esi,%eax shrl $5,%eax addl $5,%eax @@ -654,6 +679,7 @@ vpaes_set_decrypt_key: call _vpaes_schedule_core xorl %eax,%eax .byte 0xf3,0xc3 +.cfi_endproc .size vpaes_set_decrypt_key,.-vpaes_set_decrypt_key .globl vpaes_encrypt @@ -661,11 +687,20 @@ vpaes_set_decrypt_key: .type vpaes_encrypt,@function .align 16 vpaes_encrypt: +.cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS +.extern BORINGSSL_function_hit +.hidden BORINGSSL_function_hit + movb $1,BORINGSSL_function_hit+4(%rip) +#endif +#endif movdqu (%rdi),%xmm0 call _vpaes_preheat call _vpaes_encrypt_core movdqu %xmm0,(%rsi) .byte 0xf3,0xc3 +.cfi_endproc .size vpaes_encrypt,.-vpaes_encrypt .globl vpaes_decrypt @@ -673,17 +708,20 @@ vpaes_encrypt: .type vpaes_decrypt,@function .align 16 vpaes_decrypt: +.cfi_startproc movdqu (%rdi),%xmm0 call _vpaes_preheat call _vpaes_decrypt_core movdqu %xmm0,(%rsi) .byte 0xf3,0xc3 +.cfi_endproc .size vpaes_decrypt,.-vpaes_decrypt .globl vpaes_cbc_encrypt .hidden vpaes_cbc_encrypt .type vpaes_cbc_encrypt,@function .align 16 vpaes_cbc_encrypt: +.cfi_startproc xchgq %rcx,%rdx subq $16,%rcx jc .Lcbc_abort @@ -719,6 +757,7 @@ vpaes_cbc_encrypt: movdqu %xmm6,(%r8) .Lcbc_abort: .byte 0xf3,0xc3 +.cfi_endproc .size vpaes_cbc_encrypt,.-vpaes_cbc_encrypt @@ -729,6 +768,7 @@ vpaes_cbc_encrypt: .type _vpaes_preheat,@function .align 16 _vpaes_preheat: +.cfi_startproc leaq .Lk_s0F(%rip),%r10 movdqa -32(%r10),%xmm10 movdqa -16(%r10),%xmm11 @@ -738,6 +778,7 @@ _vpaes_preheat: movdqa 80(%r10),%xmm15 movdqa 96(%r10),%xmm14 .byte 0xf3,0xc3 +.cfi_endproc .size _vpaes_preheat,.-_vpaes_preheat diff --git a/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S b/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S index 8ac360d..b12393e 100644 --- a/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S +++ b/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S @@ -566,6 +566,7 @@ bn_mul4x_mont_gather5: .type mul4x_internal,@function .align 32 mul4x_internal: +.cfi_startproc shlq $5,%r9 movd 8(%rax),%xmm5 leaq .Linc(%rip),%rax @@ -1087,6 +1088,7 @@ mul4x_internal: movq 16(%rbp),%r14 movq 24(%rbp),%r15 jmp .Lsqr4x_sub_entry +.cfi_endproc .size mul4x_internal,.-mul4x_internal .globl bn_power5 .hidden bn_power5 @@ -1232,6 +1234,7 @@ bn_power5: .align 32 bn_sqr8x_internal: __bn_sqr8x_internal: +.cfi_startproc @@ -2006,10 +2009,12 @@ __bn_sqr8x_reduction: cmpq %rdx,%rdi jb .L8x_reduction_loop .byte 0xf3,0xc3 +.cfi_endproc .size bn_sqr8x_internal,.-bn_sqr8x_internal .type __bn_post4x_internal,@function .align 32 __bn_post4x_internal: +.cfi_startproc movq 0(%rbp),%r12 leaq (%rdi,%r9,1),%rbx movq %r9,%rcx @@ -2060,16 +2065,19 @@ __bn_post4x_internal: movq %r9,%r10 negq %r9 .byte 0xf3,0xc3 +.cfi_endproc .size __bn_post4x_internal,.-__bn_post4x_internal .globl bn_from_montgomery .hidden bn_from_montgomery .type bn_from_montgomery,@function .align 32 bn_from_montgomery: +.cfi_startproc testl $7,%r9d jz bn_from_mont8x xorl %eax,%eax .byte 0xf3,0xc3 +.cfi_endproc .size bn_from_montgomery,.-bn_from_montgomery .type bn_from_mont8x,@function @@ -2354,6 +2362,7 @@ bn_mulx4x_mont_gather5: .type mulx4x_internal,@function .align 32 mulx4x_internal: +.cfi_startproc movq %r9,8(%rsp) movq %r9,%r10 negq %r9 @@ -2772,6 +2781,7 @@ mulx4x_internal: movq 16(%rbp),%r14 movq 24(%rbp),%r15 jmp .Lsqrx4x_sub_entry +.cfi_endproc .size mulx4x_internal,.-mulx4x_internal .type bn_powerx5,@function .align 32 @@ -2915,6 +2925,7 @@ bn_powerx5: .align 32 bn_sqrx8x_internal: __bn_sqrx8x_internal: +.cfi_startproc @@ -3526,9 +3537,12 @@ __bn_sqrx8x_reduction: cmpq 8+8(%rsp),%r8 jb .Lsqrx8x_reduction_loop .byte 0xf3,0xc3 +.cfi_endproc .size bn_sqrx8x_internal,.-bn_sqrx8x_internal .align 32 +.type __bn_postx4x_internal,@function __bn_postx4x_internal: +.cfi_startproc movq 0(%rbp),%r12 movq %rcx,%r10 movq %rcx,%r9 @@ -3576,12 +3590,14 @@ __bn_postx4x_internal: negq %r9 .byte 0xf3,0xc3 +.cfi_endproc .size __bn_postx4x_internal,.-__bn_postx4x_internal .globl bn_scatter5 .hidden bn_scatter5 .type bn_scatter5,@function .align 16 bn_scatter5: +.cfi_startproc cmpl $0,%esi jz .Lscatter_epilogue leaq (%rdx,%rcx,8),%rdx @@ -3594,6 +3610,7 @@ bn_scatter5: jnz .Lscatter .Lscatter_epilogue: .byte 0xf3,0xc3 +.cfi_endproc .size bn_scatter5,.-bn_scatter5 .globl bn_gather5 @@ -3601,9 +3618,11 @@ bn_scatter5: .type bn_gather5,@function .align 32 bn_gather5: +.cfi_startproc .LSEH_begin_bn_gather5: .byte 0x4c,0x8d,0x14,0x24 +.cfi_def_cfa_register %r10 .byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 leaq .Linc(%rip),%rax andq $-16,%rsp @@ -3757,8 +3776,10 @@ bn_gather5: jnz .Lgather leaq (%r10),%rsp +.cfi_def_cfa_register %rsp .byte 0xf3,0xc3 .LSEH_end_bn_gather5: +.cfi_endproc .size bn_gather5,.-bn_gather5 .align 64 .Linc: diff --git a/linux-x86_64/crypto/test/trampoline-x86_64.S b/linux-x86_64/crypto/test/trampoline-x86_64.S new file mode 100644 index 0000000..91a13f3 --- /dev/null +++ b/linux-x86_64/crypto/test/trampoline-x86_64.S @@ -0,0 +1,517 @@ +# This file is generated from a similarly-named Perl script in the BoringSSL +# source tree. Do not edit by hand. + +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + +#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#if defined(BORINGSSL_PREFIX) +#include +#endif +.text + + + + + + + + +.type abi_test_trampoline, @function +.globl abi_test_trampoline +.hidden abi_test_trampoline +.align 16 +abi_test_trampoline: +.Labi_test_trampoline_seh_begin: +.cfi_startproc + + + + + + + + + + subq $120,%rsp +.cfi_adjust_cfa_offset 120 +.Labi_test_trampoline_seh_prolog_alloc: + movq %r8,48(%rsp) + movq %rbx,64(%rsp) +.cfi_offset rbx, -64 +.Labi_test_trampoline_seh_prolog_rbx: + movq %rbp,72(%rsp) +.cfi_offset rbp, -56 +.Labi_test_trampoline_seh_prolog_rbp: + movq %r12,80(%rsp) +.cfi_offset r12, -48 +.Labi_test_trampoline_seh_prolog_r12: + movq %r13,88(%rsp) +.cfi_offset r13, -40 +.Labi_test_trampoline_seh_prolog_r13: + movq %r14,96(%rsp) +.cfi_offset r14, -32 +.Labi_test_trampoline_seh_prolog_r14: + movq %r15,104(%rsp) +.cfi_offset r15, -24 +.Labi_test_trampoline_seh_prolog_r15: +.Labi_test_trampoline_seh_prolog_end: + movq 0(%rsi),%rbx + movq 8(%rsi),%rbp + movq 16(%rsi),%r12 + movq 24(%rsi),%r13 + movq 32(%rsi),%r14 + movq 40(%rsi),%r15 + + movq %rdi,32(%rsp) + movq %rsi,40(%rsp) + + + + + movq %rdx,%r10 + movq %rcx,%r11 + decq %r11 + js .Largs_done + movq (%r10),%rdi + addq $8,%r10 + decq %r11 + js .Largs_done + movq (%r10),%rsi + addq $8,%r10 + decq %r11 + js .Largs_done + movq (%r10),%rdx + addq $8,%r10 + decq %r11 + js .Largs_done + movq (%r10),%rcx + addq $8,%r10 + decq %r11 + js .Largs_done + movq (%r10),%r8 + addq $8,%r10 + decq %r11 + js .Largs_done + movq (%r10),%r9 + addq $8,%r10 + leaq 0(%rsp),%rax +.Largs_loop: + decq %r11 + js .Largs_done + + + + + + + movq %r11,56(%rsp) + movq (%r10),%r11 + movq %r11,(%rax) + movq 56(%rsp),%r11 + + addq $8,%r10 + addq $8,%rax + jmp .Largs_loop + +.Largs_done: + movq 32(%rsp),%rax + movq 48(%rsp),%r10 + testq %r10,%r10 + jz .Lno_unwind + + + pushfq + orq $0x100,0(%rsp) + popfq + + + + nop +.globl abi_test_unwind_start +.hidden abi_test_unwind_start +abi_test_unwind_start: + + call *%rax +.globl abi_test_unwind_return +.hidden abi_test_unwind_return +abi_test_unwind_return: + + + + + pushfq + andq $-0x101,0(%rsp) + popfq +.globl abi_test_unwind_stop +.hidden abi_test_unwind_stop +abi_test_unwind_stop: + + jmp .Lcall_done + +.Lno_unwind: + call *%rax + +.Lcall_done: + + movq 40(%rsp),%rsi + movq %rbx,0(%rsi) + movq %rbp,8(%rsi) + movq %r12,16(%rsi) + movq %r13,24(%rsi) + movq %r14,32(%rsi) + movq %r15,40(%rsi) + movq 64(%rsp),%rbx +.cfi_restore rbx + movq 72(%rsp),%rbp +.cfi_restore rbp + movq 80(%rsp),%r12 +.cfi_restore r12 + movq 88(%rsp),%r13 +.cfi_restore r13 + movq 96(%rsp),%r14 +.cfi_restore r14 + movq 104(%rsp),%r15 +.cfi_restore r15 + addq $120,%rsp +.cfi_adjust_cfa_offset -120 + + + .byte 0xf3,0xc3 +.cfi_endproc +.Labi_test_trampoline_seh_end: +.size abi_test_trampoline,.-abi_test_trampoline +.type abi_test_clobber_rax, @function +.globl abi_test_clobber_rax +.hidden abi_test_clobber_rax +.align 16 +abi_test_clobber_rax: + xorq %rax,%rax + .byte 0xf3,0xc3 +.size abi_test_clobber_rax,.-abi_test_clobber_rax +.type abi_test_clobber_rbx, @function +.globl abi_test_clobber_rbx +.hidden abi_test_clobber_rbx +.align 16 +abi_test_clobber_rbx: + xorq %rbx,%rbx + .byte 0xf3,0xc3 +.size abi_test_clobber_rbx,.-abi_test_clobber_rbx +.type abi_test_clobber_rcx, @function +.globl abi_test_clobber_rcx +.hidden abi_test_clobber_rcx +.align 16 +abi_test_clobber_rcx: + xorq %rcx,%rcx + .byte 0xf3,0xc3 +.size abi_test_clobber_rcx,.-abi_test_clobber_rcx +.type abi_test_clobber_rdx, @function +.globl abi_test_clobber_rdx +.hidden abi_test_clobber_rdx +.align 16 +abi_test_clobber_rdx: + xorq %rdx,%rdx + .byte 0xf3,0xc3 +.size abi_test_clobber_rdx,.-abi_test_clobber_rdx +.type abi_test_clobber_rdi, @function +.globl abi_test_clobber_rdi +.hidden abi_test_clobber_rdi +.align 16 +abi_test_clobber_rdi: + xorq %rdi,%rdi + .byte 0xf3,0xc3 +.size abi_test_clobber_rdi,.-abi_test_clobber_rdi +.type abi_test_clobber_rsi, @function +.globl abi_test_clobber_rsi +.hidden abi_test_clobber_rsi +.align 16 +abi_test_clobber_rsi: + xorq %rsi,%rsi + .byte 0xf3,0xc3 +.size abi_test_clobber_rsi,.-abi_test_clobber_rsi +.type abi_test_clobber_rbp, @function +.globl abi_test_clobber_rbp +.hidden abi_test_clobber_rbp +.align 16 +abi_test_clobber_rbp: + xorq %rbp,%rbp + .byte 0xf3,0xc3 +.size abi_test_clobber_rbp,.-abi_test_clobber_rbp +.type abi_test_clobber_r8, @function +.globl abi_test_clobber_r8 +.hidden abi_test_clobber_r8 +.align 16 +abi_test_clobber_r8: + xorq %r8,%r8 + .byte 0xf3,0xc3 +.size abi_test_clobber_r8,.-abi_test_clobber_r8 +.type abi_test_clobber_r9, @function +.globl abi_test_clobber_r9 +.hidden abi_test_clobber_r9 +.align 16 +abi_test_clobber_r9: + xorq %r9,%r9 + .byte 0xf3,0xc3 +.size abi_test_clobber_r9,.-abi_test_clobber_r9 +.type abi_test_clobber_r10, @function +.globl abi_test_clobber_r10 +.hidden abi_test_clobber_r10 +.align 16 +abi_test_clobber_r10: + xorq %r10,%r10 + .byte 0xf3,0xc3 +.size abi_test_clobber_r10,.-abi_test_clobber_r10 +.type abi_test_clobber_r11, @function +.globl abi_test_clobber_r11 +.hidden abi_test_clobber_r11 +.align 16 +abi_test_clobber_r11: + xorq %r11,%r11 + .byte 0xf3,0xc3 +.size abi_test_clobber_r11,.-abi_test_clobber_r11 +.type abi_test_clobber_r12, @function +.globl abi_test_clobber_r12 +.hidden abi_test_clobber_r12 +.align 16 +abi_test_clobber_r12: + xorq %r12,%r12 + .byte 0xf3,0xc3 +.size abi_test_clobber_r12,.-abi_test_clobber_r12 +.type abi_test_clobber_r13, @function +.globl abi_test_clobber_r13 +.hidden abi_test_clobber_r13 +.align 16 +abi_test_clobber_r13: + xorq %r13,%r13 + .byte 0xf3,0xc3 +.size abi_test_clobber_r13,.-abi_test_clobber_r13 +.type abi_test_clobber_r14, @function +.globl abi_test_clobber_r14 +.hidden abi_test_clobber_r14 +.align 16 +abi_test_clobber_r14: + xorq %r14,%r14 + .byte 0xf3,0xc3 +.size abi_test_clobber_r14,.-abi_test_clobber_r14 +.type abi_test_clobber_r15, @function +.globl abi_test_clobber_r15 +.hidden abi_test_clobber_r15 +.align 16 +abi_test_clobber_r15: + xorq %r15,%r15 + .byte 0xf3,0xc3 +.size abi_test_clobber_r15,.-abi_test_clobber_r15 +.type abi_test_clobber_xmm0, @function +.globl abi_test_clobber_xmm0 +.hidden abi_test_clobber_xmm0 +.align 16 +abi_test_clobber_xmm0: + pxor %xmm0,%xmm0 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm0,.-abi_test_clobber_xmm0 +.type abi_test_clobber_xmm1, @function +.globl abi_test_clobber_xmm1 +.hidden abi_test_clobber_xmm1 +.align 16 +abi_test_clobber_xmm1: + pxor %xmm1,%xmm1 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm1,.-abi_test_clobber_xmm1 +.type abi_test_clobber_xmm2, @function +.globl abi_test_clobber_xmm2 +.hidden abi_test_clobber_xmm2 +.align 16 +abi_test_clobber_xmm2: + pxor %xmm2,%xmm2 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm2,.-abi_test_clobber_xmm2 +.type abi_test_clobber_xmm3, @function +.globl abi_test_clobber_xmm3 +.hidden abi_test_clobber_xmm3 +.align 16 +abi_test_clobber_xmm3: + pxor %xmm3,%xmm3 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm3,.-abi_test_clobber_xmm3 +.type abi_test_clobber_xmm4, @function +.globl abi_test_clobber_xmm4 +.hidden abi_test_clobber_xmm4 +.align 16 +abi_test_clobber_xmm4: + pxor %xmm4,%xmm4 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm4,.-abi_test_clobber_xmm4 +.type abi_test_clobber_xmm5, @function +.globl abi_test_clobber_xmm5 +.hidden abi_test_clobber_xmm5 +.align 16 +abi_test_clobber_xmm5: + pxor %xmm5,%xmm5 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm5,.-abi_test_clobber_xmm5 +.type abi_test_clobber_xmm6, @function +.globl abi_test_clobber_xmm6 +.hidden abi_test_clobber_xmm6 +.align 16 +abi_test_clobber_xmm6: + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm6,.-abi_test_clobber_xmm6 +.type abi_test_clobber_xmm7, @function +.globl abi_test_clobber_xmm7 +.hidden abi_test_clobber_xmm7 +.align 16 +abi_test_clobber_xmm7: + pxor %xmm7,%xmm7 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm7,.-abi_test_clobber_xmm7 +.type abi_test_clobber_xmm8, @function +.globl abi_test_clobber_xmm8 +.hidden abi_test_clobber_xmm8 +.align 16 +abi_test_clobber_xmm8: + pxor %xmm8,%xmm8 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm8,.-abi_test_clobber_xmm8 +.type abi_test_clobber_xmm9, @function +.globl abi_test_clobber_xmm9 +.hidden abi_test_clobber_xmm9 +.align 16 +abi_test_clobber_xmm9: + pxor %xmm9,%xmm9 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm9,.-abi_test_clobber_xmm9 +.type abi_test_clobber_xmm10, @function +.globl abi_test_clobber_xmm10 +.hidden abi_test_clobber_xmm10 +.align 16 +abi_test_clobber_xmm10: + pxor %xmm10,%xmm10 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm10,.-abi_test_clobber_xmm10 +.type abi_test_clobber_xmm11, @function +.globl abi_test_clobber_xmm11 +.hidden abi_test_clobber_xmm11 +.align 16 +abi_test_clobber_xmm11: + pxor %xmm11,%xmm11 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm11,.-abi_test_clobber_xmm11 +.type abi_test_clobber_xmm12, @function +.globl abi_test_clobber_xmm12 +.hidden abi_test_clobber_xmm12 +.align 16 +abi_test_clobber_xmm12: + pxor %xmm12,%xmm12 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm12,.-abi_test_clobber_xmm12 +.type abi_test_clobber_xmm13, @function +.globl abi_test_clobber_xmm13 +.hidden abi_test_clobber_xmm13 +.align 16 +abi_test_clobber_xmm13: + pxor %xmm13,%xmm13 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm13,.-abi_test_clobber_xmm13 +.type abi_test_clobber_xmm14, @function +.globl abi_test_clobber_xmm14 +.hidden abi_test_clobber_xmm14 +.align 16 +abi_test_clobber_xmm14: + pxor %xmm14,%xmm14 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm14,.-abi_test_clobber_xmm14 +.type abi_test_clobber_xmm15, @function +.globl abi_test_clobber_xmm15 +.hidden abi_test_clobber_xmm15 +.align 16 +abi_test_clobber_xmm15: + pxor %xmm15,%xmm15 + .byte 0xf3,0xc3 +.size abi_test_clobber_xmm15,.-abi_test_clobber_xmm15 + + + +.type abi_test_bad_unwind_wrong_register, @function +.globl abi_test_bad_unwind_wrong_register +.hidden abi_test_bad_unwind_wrong_register +.align 16 +abi_test_bad_unwind_wrong_register: +.cfi_startproc +.Labi_test_bad_unwind_wrong_register_seh_begin: + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-16 +.Labi_test_bad_unwind_wrong_register_seh_push_r13: + + + + nop + popq %r12 +.cfi_adjust_cfa_offset -8 +.cfi_restore %r12 + .byte 0xf3,0xc3 +.Labi_test_bad_unwind_wrong_register_seh_end: +.cfi_endproc +.size abi_test_bad_unwind_wrong_register,.-abi_test_bad_unwind_wrong_register + + + + +.type abi_test_bad_unwind_temporary, @function +.globl abi_test_bad_unwind_temporary +.hidden abi_test_bad_unwind_temporary +.align 16 +abi_test_bad_unwind_temporary: +.cfi_startproc +.Labi_test_bad_unwind_temporary_seh_begin: + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-16 +.Labi_test_bad_unwind_temporary_seh_push_r12: + + movq %r12,%rax + incq %rax + movq %rax,(%rsp) + + + + movq %r12,(%rsp) + + + popq %r12 +.cfi_adjust_cfa_offset -8 +.cfi_restore %r12 + .byte 0xf3,0xc3 +.Labi_test_bad_unwind_temporary_seh_end: +.cfi_endproc +.size abi_test_bad_unwind_temporary,.-abi_test_bad_unwind_temporary + + + + +.type abi_test_set_direction_flag, @function +.globl abi_test_get_and_clear_direction_flag +.hidden abi_test_get_and_clear_direction_flag +abi_test_get_and_clear_direction_flag: + pushfq + popq %rax + andq $0x400,%rax + shrq $10,%rax + cld + .byte 0xf3,0xc3 +.size abi_test_get_and_clear_direction_flag,.-abi_test_get_and_clear_direction_flag + + + +.type abi_test_set_direction_flag, @function +.globl abi_test_set_direction_flag +.hidden abi_test_set_direction_flag +abi_test_set_direction_flag: + std + .byte 0xf3,0xc3 +.size abi_test_set_direction_flag,.-abi_test_set_direction_flag +#endif diff --git a/mac-x86/crypto/fipsmodule/aesni-x86.S b/mac-x86/crypto/fipsmodule/aesni-x86.S index cca1d32..17eeaea 100644 --- a/mac-x86/crypto/fipsmodule/aesni-x86.S +++ b/mac-x86/crypto/fipsmodule/aesni-x86.S @@ -6,11 +6,25 @@ #include #endif .text +#ifndef NDEBUG +#endif .globl _aes_hw_encrypt .private_extern _aes_hw_encrypt .align 4 _aes_hw_encrypt: L_aes_hw_encrypt_begin: +#ifndef NDEBUG + pushl %ebx + pushl %edx + call L000pic +L000pic: + popl %ebx + leal _BORINGSSL_function_hit+1-L000pic(%ebx),%ebx + movl $1,%edx + movb %dl,(%ebx) + popl %edx + popl %ebx +#endif movl 4(%esp),%eax movl 12(%esp),%edx movups (%eax),%xmm2 @@ -20,12 +34,12 @@ L_aes_hw_encrypt_begin: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L000enc1_loop_1: +L001enc1_loop_1: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L000enc1_loop_1 + jnz L001enc1_loop_1 .byte 102,15,56,221,209 pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 @@ -46,12 +60,12 @@ L_aes_hw_decrypt_begin: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L001dec1_loop_2: +L002dec1_loop_2: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L001dec1_loop_2 + jnz L002dec1_loop_2 .byte 102,15,56,223,209 pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 @@ -70,7 +84,7 @@ __aesni_encrypt2: leal 32(%edx,%ecx,1),%edx negl %ecx addl $16,%ecx -L002enc2_loop: +L003enc2_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 movups (%edx,%ecx,1),%xmm1 @@ -78,7 +92,7 @@ L002enc2_loop: .byte 102,15,56,220,208 .byte 102,15,56,220,216 movups -16(%edx,%ecx,1),%xmm0 - jnz L002enc2_loop + jnz L003enc2_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,221,208 @@ -96,7 +110,7 @@ __aesni_decrypt2: leal 32(%edx,%ecx,1),%edx negl %ecx addl $16,%ecx -L003dec2_loop: +L004dec2_loop: .byte 102,15,56,222,209 .byte 102,15,56,222,217 movups (%edx,%ecx,1),%xmm1 @@ -104,7 +118,7 @@ L003dec2_loop: .byte 102,15,56,222,208 .byte 102,15,56,222,216 movups -16(%edx,%ecx,1),%xmm0 - jnz L003dec2_loop + jnz L004dec2_loop .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,223,208 @@ -123,7 +137,7 @@ __aesni_encrypt3: leal 32(%edx,%ecx,1),%edx negl %ecx addl $16,%ecx -L004enc3_loop: +L005enc3_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -133,7 +147,7 @@ L004enc3_loop: .byte 102,15,56,220,216 .byte 102,15,56,220,224 movups -16(%edx,%ecx,1),%xmm0 - jnz L004enc3_loop + jnz L005enc3_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -154,7 +168,7 @@ __aesni_decrypt3: leal 32(%edx,%ecx,1),%edx negl %ecx addl $16,%ecx -L005dec3_loop: +L006dec3_loop: .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -164,7 +178,7 @@ L005dec3_loop: .byte 102,15,56,222,216 .byte 102,15,56,222,224 movups -16(%edx,%ecx,1),%xmm0 - jnz L005dec3_loop + jnz L006dec3_loop .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -187,7 +201,7 @@ __aesni_encrypt4: negl %ecx .byte 15,31,64,0 addl $16,%ecx -L006enc4_loop: +L007enc4_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -199,7 +213,7 @@ L006enc4_loop: .byte 102,15,56,220,224 .byte 102,15,56,220,232 movups -16(%edx,%ecx,1),%xmm0 - jnz L006enc4_loop + jnz L007enc4_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -224,7 +238,7 @@ __aesni_decrypt4: negl %ecx .byte 15,31,64,0 addl $16,%ecx -L007dec4_loop: +L008dec4_loop: .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -236,7 +250,7 @@ L007dec4_loop: .byte 102,15,56,222,224 .byte 102,15,56,222,232 movups -16(%edx,%ecx,1),%xmm0 - jnz L007dec4_loop + jnz L008dec4_loop .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -265,13 +279,13 @@ __aesni_encrypt6: pxor %xmm0,%xmm7 movups (%edx,%ecx,1),%xmm0 addl $16,%ecx - jmp L008_aesni_encrypt6_inner + jmp L009_aesni_encrypt6_inner .align 4,0x90 -L009enc6_loop: +L010enc6_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 -L008_aesni_encrypt6_inner: +L009_aesni_encrypt6_inner: .byte 102,15,56,220,233 .byte 102,15,56,220,241 .byte 102,15,56,220,249 @@ -285,7 +299,7 @@ L_aesni_encrypt6_enter: .byte 102,15,56,220,240 .byte 102,15,56,220,248 movups -16(%edx,%ecx,1),%xmm0 - jnz L009enc6_loop + jnz L010enc6_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 .byte 102,15,56,220,225 @@ -318,13 +332,13 @@ __aesni_decrypt6: pxor %xmm0,%xmm7 movups (%edx,%ecx,1),%xmm0 addl $16,%ecx - jmp L010_aesni_decrypt6_inner + jmp L011_aesni_decrypt6_inner .align 4,0x90 -L011dec6_loop: +L012dec6_loop: .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 -L010_aesni_decrypt6_inner: +L011_aesni_decrypt6_inner: .byte 102,15,56,222,233 .byte 102,15,56,222,241 .byte 102,15,56,222,249 @@ -338,7 +352,7 @@ L_aesni_decrypt6_enter: .byte 102,15,56,222,240 .byte 102,15,56,222,248 movups -16(%edx,%ecx,1),%xmm0 - jnz L011dec6_loop + jnz L012dec6_loop .byte 102,15,56,222,209 .byte 102,15,56,222,217 .byte 102,15,56,222,225 @@ -367,14 +381,14 @@ L_aes_hw_ecb_encrypt_begin: movl 32(%esp),%edx movl 36(%esp),%ebx andl $-16,%eax - jz L012ecb_ret + jz L013ecb_ret movl 240(%edx),%ecx testl %ebx,%ebx - jz L013ecb_decrypt + jz L014ecb_decrypt movl %edx,%ebp movl %ecx,%ebx cmpl $96,%eax - jb L014ecb_enc_tail + jb L015ecb_enc_tail movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -383,9 +397,9 @@ L_aes_hw_ecb_encrypt_begin: movdqu 80(%esi),%xmm7 leal 96(%esi),%esi subl $96,%eax - jmp L015ecb_enc_loop6_enter + jmp L016ecb_enc_loop6_enter .align 4,0x90 -L016ecb_enc_loop6: +L017ecb_enc_loop6: movups %xmm2,(%edi) movdqu (%esi),%xmm2 movups %xmm3,16(%edi) @@ -400,12 +414,12 @@ L016ecb_enc_loop6: leal 96(%edi),%edi movdqu 80(%esi),%xmm7 leal 96(%esi),%esi -L015ecb_enc_loop6_enter: +L016ecb_enc_loop6_enter: call __aesni_encrypt6 movl %ebp,%edx movl %ebx,%ecx subl $96,%eax - jnc L016ecb_enc_loop6 + jnc L017ecb_enc_loop6 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) @@ -414,18 +428,18 @@ L015ecb_enc_loop6_enter: movups %xmm7,80(%edi) leal 96(%edi),%edi addl $96,%eax - jz L012ecb_ret -L014ecb_enc_tail: + jz L013ecb_ret +L015ecb_enc_tail: movups (%esi),%xmm2 cmpl $32,%eax - jb L017ecb_enc_one + jb L018ecb_enc_one movups 16(%esi),%xmm3 - je L018ecb_enc_two + je L019ecb_enc_two movups 32(%esi),%xmm4 cmpl $64,%eax - jb L019ecb_enc_three + jb L020ecb_enc_three movups 48(%esi),%xmm5 - je L020ecb_enc_four + je L021ecb_enc_four movups 64(%esi),%xmm6 xorps %xmm7,%xmm7 call __aesni_encrypt6 @@ -434,49 +448,49 @@ L014ecb_enc_tail: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp L012ecb_ret + jmp L013ecb_ret .align 4,0x90 -L017ecb_enc_one: +L018ecb_enc_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L021enc1_loop_3: +L022enc1_loop_3: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L021enc1_loop_3 + jnz L022enc1_loop_3 .byte 102,15,56,221,209 movups %xmm2,(%edi) - jmp L012ecb_ret + jmp L013ecb_ret .align 4,0x90 -L018ecb_enc_two: +L019ecb_enc_two: call __aesni_encrypt2 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp L012ecb_ret + jmp L013ecb_ret .align 4,0x90 -L019ecb_enc_three: +L020ecb_enc_three: call __aesni_encrypt3 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp L012ecb_ret + jmp L013ecb_ret .align 4,0x90 -L020ecb_enc_four: +L021ecb_enc_four: call __aesni_encrypt4 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) movups %xmm5,48(%edi) - jmp L012ecb_ret + jmp L013ecb_ret .align 4,0x90 -L013ecb_decrypt: +L014ecb_decrypt: movl %edx,%ebp movl %ecx,%ebx cmpl $96,%eax - jb L022ecb_dec_tail + jb L023ecb_dec_tail movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -485,9 +499,9 @@ L013ecb_decrypt: movdqu 80(%esi),%xmm7 leal 96(%esi),%esi subl $96,%eax - jmp L023ecb_dec_loop6_enter + jmp L024ecb_dec_loop6_enter .align 4,0x90 -L024ecb_dec_loop6: +L025ecb_dec_loop6: movups %xmm2,(%edi) movdqu (%esi),%xmm2 movups %xmm3,16(%edi) @@ -502,12 +516,12 @@ L024ecb_dec_loop6: leal 96(%edi),%edi movdqu 80(%esi),%xmm7 leal 96(%esi),%esi -L023ecb_dec_loop6_enter: +L024ecb_dec_loop6_enter: call __aesni_decrypt6 movl %ebp,%edx movl %ebx,%ecx subl $96,%eax - jnc L024ecb_dec_loop6 + jnc L025ecb_dec_loop6 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) @@ -516,18 +530,18 @@ L023ecb_dec_loop6_enter: movups %xmm7,80(%edi) leal 96(%edi),%edi addl $96,%eax - jz L012ecb_ret -L022ecb_dec_tail: + jz L013ecb_ret +L023ecb_dec_tail: movups (%esi),%xmm2 cmpl $32,%eax - jb L025ecb_dec_one + jb L026ecb_dec_one movups 16(%esi),%xmm3 - je L026ecb_dec_two + je L027ecb_dec_two movups 32(%esi),%xmm4 cmpl $64,%eax - jb L027ecb_dec_three + jb L028ecb_dec_three movups 48(%esi),%xmm5 - je L028ecb_dec_four + je L029ecb_dec_four movups 64(%esi),%xmm6 xorps %xmm7,%xmm7 call __aesni_decrypt6 @@ -536,43 +550,43 @@ L022ecb_dec_tail: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp L012ecb_ret + jmp L013ecb_ret .align 4,0x90 -L025ecb_dec_one: +L026ecb_dec_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L029dec1_loop_4: +L030dec1_loop_4: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L029dec1_loop_4 + jnz L030dec1_loop_4 .byte 102,15,56,223,209 movups %xmm2,(%edi) - jmp L012ecb_ret + jmp L013ecb_ret .align 4,0x90 -L026ecb_dec_two: +L027ecb_dec_two: call __aesni_decrypt2 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp L012ecb_ret + jmp L013ecb_ret .align 4,0x90 -L027ecb_dec_three: +L028ecb_dec_three: call __aesni_decrypt3 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp L012ecb_ret + jmp L013ecb_ret .align 4,0x90 -L028ecb_dec_four: +L029ecb_dec_four: call __aesni_decrypt4 movups %xmm2,(%edi) movups %xmm3,16(%edi) movups %xmm4,32(%edi) movups %xmm5,48(%edi) -L012ecb_ret: +L013ecb_ret: pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -626,7 +640,7 @@ L_aes_hw_ccm64_encrypt_blocks_begin: leal 32(%edx,%ecx,1),%edx subl %ecx,%ebx .byte 102,15,56,0,253 -L030ccm64_enc_outer: +L031ccm64_enc_outer: movups (%ebp),%xmm0 movl %ebx,%ecx movups (%esi),%xmm6 @@ -635,7 +649,7 @@ L030ccm64_enc_outer: xorps %xmm6,%xmm0 xorps %xmm0,%xmm3 movups 32(%ebp),%xmm0 -L031ccm64_enc2_loop: +L032ccm64_enc2_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 movups (%edx,%ecx,1),%xmm1 @@ -643,7 +657,7 @@ L031ccm64_enc2_loop: .byte 102,15,56,220,208 .byte 102,15,56,220,216 movups -16(%edx,%ecx,1),%xmm0 - jnz L031ccm64_enc2_loop + jnz L032ccm64_enc2_loop .byte 102,15,56,220,209 .byte 102,15,56,220,217 paddq 16(%esp),%xmm7 @@ -656,7 +670,7 @@ L031ccm64_enc2_loop: movups %xmm6,(%edi) .byte 102,15,56,0,213 leal 16(%edi),%edi - jnz L030ccm64_enc_outer + jnz L031ccm64_enc_outer movl 48(%esp),%esp movl 40(%esp),%edi movups %xmm3,(%edi) @@ -714,12 +728,12 @@ L_aes_hw_ccm64_decrypt_blocks_begin: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L032enc1_loop_5: +L033enc1_loop_5: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L032enc1_loop_5 + jnz L033enc1_loop_5 .byte 102,15,56,221,209 shll $4,%ebx movl $16,%ecx @@ -729,16 +743,16 @@ L032enc1_loop_5: subl %ebx,%ecx leal 32(%ebp,%ebx,1),%edx movl %ecx,%ebx - jmp L033ccm64_dec_outer + jmp L034ccm64_dec_outer .align 4,0x90 -L033ccm64_dec_outer: +L034ccm64_dec_outer: xorps %xmm2,%xmm6 movdqa %xmm7,%xmm2 movups %xmm6,(%edi) leal 16(%edi),%edi .byte 102,15,56,0,213 subl $1,%eax - jz L034ccm64_dec_break + jz L035ccm64_dec_break movups (%ebp),%xmm0 movl %ebx,%ecx movups 16(%ebp),%xmm1 @@ -746,7 +760,7 @@ L033ccm64_dec_outer: xorps %xmm0,%xmm2 xorps %xmm6,%xmm3 movups 32(%ebp),%xmm0 -L035ccm64_dec2_loop: +L036ccm64_dec2_loop: .byte 102,15,56,220,209 .byte 102,15,56,220,217 movups (%edx,%ecx,1),%xmm1 @@ -754,7 +768,7 @@ L035ccm64_dec2_loop: .byte 102,15,56,220,208 .byte 102,15,56,220,216 movups -16(%edx,%ecx,1),%xmm0 - jnz L035ccm64_dec2_loop + jnz L036ccm64_dec2_loop movups (%esi),%xmm6 paddq 16(%esp),%xmm7 .byte 102,15,56,220,209 @@ -762,9 +776,9 @@ L035ccm64_dec2_loop: .byte 102,15,56,221,208 .byte 102,15,56,221,216 leal 16(%esi),%esi - jmp L033ccm64_dec_outer + jmp L034ccm64_dec_outer .align 4,0x90 -L034ccm64_dec_break: +L035ccm64_dec_break: movl 240(%ebp),%ecx movl %ebp,%edx movups (%edx),%xmm0 @@ -772,12 +786,12 @@ L034ccm64_dec_break: xorps %xmm0,%xmm6 leal 32(%edx),%edx xorps %xmm6,%xmm3 -L036enc1_loop_6: +L037enc1_loop_6: .byte 102,15,56,220,217 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L036enc1_loop_6 + jnz L037enc1_loop_6 .byte 102,15,56,221,217 movl 48(%esp),%esp movl 40(%esp),%edi @@ -804,6 +818,18 @@ L_aes_hw_ctr32_encrypt_blocks_begin: pushl %ebx pushl %esi pushl %edi +#ifndef NDEBUG + pushl %ebx + pushl %edx + call L038pic +L038pic: + popl %ebx + leal _BORINGSSL_function_hit+0-L038pic(%ebx),%ebx + movl $1,%edx + movb %dl,(%ebx) + popl %edx + popl %ebx +#endif movl 20(%esp),%esi movl 24(%esp),%edi movl 28(%esp),%eax @@ -814,7 +840,7 @@ L_aes_hw_ctr32_encrypt_blocks_begin: andl $-16,%esp movl %ebp,80(%esp) cmpl $1,%eax - je L037ctr32_one_shortcut + je L039ctr32_one_shortcut movdqu (%ebx),%xmm7 movl $202182159,(%esp) movl $134810123,4(%esp) @@ -852,7 +878,7 @@ L_aes_hw_ctr32_encrypt_blocks_begin: pshufd $192,%xmm0,%xmm2 pshufd $128,%xmm0,%xmm3 cmpl $6,%eax - jb L038ctr32_tail + jb L040ctr32_tail pxor %xmm6,%xmm7 shll $4,%ecx movl $16,%ebx @@ -861,9 +887,9 @@ L_aes_hw_ctr32_encrypt_blocks_begin: subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx subl $6,%eax - jmp L039ctr32_loop6 + jmp L041ctr32_loop6 .align 4,0x90 -L039ctr32_loop6: +L041ctr32_loop6: pshufd $64,%xmm0,%xmm4 movdqa 32(%esp),%xmm0 pshufd $192,%xmm1,%xmm5 @@ -917,27 +943,27 @@ L039ctr32_loop6: leal 96(%edi),%edi pshufd $128,%xmm0,%xmm3 subl $6,%eax - jnc L039ctr32_loop6 + jnc L041ctr32_loop6 addl $6,%eax - jz L040ctr32_ret + jz L042ctr32_ret movdqu (%ebp),%xmm7 movl %ebp,%edx pxor 32(%esp),%xmm7 movl 240(%ebp),%ecx -L038ctr32_tail: +L040ctr32_tail: por %xmm7,%xmm2 cmpl $2,%eax - jb L041ctr32_one + jb L043ctr32_one pshufd $64,%xmm0,%xmm4 por %xmm7,%xmm3 - je L042ctr32_two + je L044ctr32_two pshufd $192,%xmm1,%xmm5 por %xmm7,%xmm4 cmpl $4,%eax - jb L043ctr32_three + jb L045ctr32_three pshufd $128,%xmm1,%xmm6 por %xmm7,%xmm5 - je L044ctr32_four + je L046ctr32_four por %xmm7,%xmm6 call __aesni_encrypt6 movups (%esi),%xmm1 @@ -955,29 +981,29 @@ L038ctr32_tail: movups %xmm4,32(%edi) movups %xmm5,48(%edi) movups %xmm6,64(%edi) - jmp L040ctr32_ret + jmp L042ctr32_ret .align 4,0x90 -L037ctr32_one_shortcut: +L039ctr32_one_shortcut: movups (%ebx),%xmm2 movl 240(%edx),%ecx -L041ctr32_one: +L043ctr32_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L045enc1_loop_7: +L047enc1_loop_7: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L045enc1_loop_7 + jnz L047enc1_loop_7 .byte 102,15,56,221,209 movups (%esi),%xmm6 xorps %xmm2,%xmm6 movups %xmm6,(%edi) - jmp L040ctr32_ret + jmp L042ctr32_ret .align 4,0x90 -L042ctr32_two: +L044ctr32_two: call __aesni_encrypt2 movups (%esi),%xmm5 movups 16(%esi),%xmm6 @@ -985,9 +1011,9 @@ L042ctr32_two: xorps %xmm6,%xmm3 movups %xmm2,(%edi) movups %xmm3,16(%edi) - jmp L040ctr32_ret + jmp L042ctr32_ret .align 4,0x90 -L043ctr32_three: +L045ctr32_three: call __aesni_encrypt3 movups (%esi),%xmm5 movups 16(%esi),%xmm6 @@ -998,9 +1024,9 @@ L043ctr32_three: xorps %xmm7,%xmm4 movups %xmm3,16(%edi) movups %xmm4,32(%edi) - jmp L040ctr32_ret + jmp L042ctr32_ret .align 4,0x90 -L044ctr32_four: +L046ctr32_four: call __aesni_encrypt4 movups (%esi),%xmm6 movups 16(%esi),%xmm7 @@ -1014,7 +1040,7 @@ L044ctr32_four: xorps %xmm0,%xmm5 movups %xmm4,32(%edi) movups %xmm5,48(%edi) -L040ctr32_ret: +L042ctr32_ret: pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -1049,12 +1075,12 @@ L_aes_hw_xts_encrypt_begin: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L046enc1_loop_8: +L048enc1_loop_8: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L046enc1_loop_8 + jnz L048enc1_loop_8 .byte 102,15,56,221,209 movl 20(%esp),%esi movl 24(%esp),%edi @@ -1078,14 +1104,14 @@ L046enc1_loop_8: movl %edx,%ebp movl %ecx,%ebx subl $96,%eax - jc L047xts_enc_short + jc L049xts_enc_short shll $4,%ecx movl $16,%ebx subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx - jmp L048xts_enc_loop6 + jmp L050xts_enc_loop6 .align 4,0x90 -L048xts_enc_loop6: +L050xts_enc_loop6: pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,(%esp) @@ -1174,23 +1200,23 @@ L048xts_enc_loop6: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 subl $96,%eax - jnc L048xts_enc_loop6 + jnc L050xts_enc_loop6 movl 240(%ebp),%ecx movl %ebp,%edx movl %ecx,%ebx -L047xts_enc_short: +L049xts_enc_short: addl $96,%eax - jz L049xts_enc_done6x + jz L051xts_enc_done6x movdqa %xmm1,%xmm5 cmpl $32,%eax - jb L050xts_enc_one + jb L052xts_enc_one pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 paddq %xmm1,%xmm1 pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 - je L051xts_enc_two + je L053xts_enc_two pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm6 @@ -1199,7 +1225,7 @@ L047xts_enc_short: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 cmpl $64,%eax - jb L052xts_enc_three + jb L054xts_enc_three pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm7 @@ -1209,7 +1235,7 @@ L047xts_enc_short: pxor %xmm2,%xmm1 movdqa %xmm5,(%esp) movdqa %xmm6,16(%esp) - je L053xts_enc_four + je L055xts_enc_four movdqa %xmm7,32(%esp) pshufd $19,%xmm0,%xmm7 movdqa %xmm1,48(%esp) @@ -1241,9 +1267,9 @@ L047xts_enc_short: movups %xmm5,48(%edi) movups %xmm6,64(%edi) leal 80(%edi),%edi - jmp L054xts_enc_done + jmp L056xts_enc_done .align 4,0x90 -L050xts_enc_one: +L052xts_enc_one: movups (%esi),%xmm2 leal 16(%esi),%esi xorps %xmm5,%xmm2 @@ -1251,20 +1277,20 @@ L050xts_enc_one: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L055enc1_loop_9: +L057enc1_loop_9: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L055enc1_loop_9 + jnz L057enc1_loop_9 .byte 102,15,56,221,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) leal 16(%edi),%edi movdqa %xmm5,%xmm1 - jmp L054xts_enc_done + jmp L056xts_enc_done .align 4,0x90 -L051xts_enc_two: +L053xts_enc_two: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1278,9 +1304,9 @@ L051xts_enc_two: movups %xmm3,16(%edi) leal 32(%edi),%edi movdqa %xmm6,%xmm1 - jmp L054xts_enc_done + jmp L056xts_enc_done .align 4,0x90 -L052xts_enc_three: +L054xts_enc_three: movaps %xmm1,%xmm7 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1298,9 +1324,9 @@ L052xts_enc_three: movups %xmm4,32(%edi) leal 48(%edi),%edi movdqa %xmm7,%xmm1 - jmp L054xts_enc_done + jmp L056xts_enc_done .align 4,0x90 -L053xts_enc_four: +L055xts_enc_four: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1322,28 +1348,28 @@ L053xts_enc_four: movups %xmm5,48(%edi) leal 64(%edi),%edi movdqa %xmm6,%xmm1 - jmp L054xts_enc_done + jmp L056xts_enc_done .align 4,0x90 -L049xts_enc_done6x: +L051xts_enc_done6x: movl 112(%esp),%eax andl $15,%eax - jz L056xts_enc_ret + jz L058xts_enc_ret movdqa %xmm1,%xmm5 movl %eax,112(%esp) - jmp L057xts_enc_steal + jmp L059xts_enc_steal .align 4,0x90 -L054xts_enc_done: +L056xts_enc_done: movl 112(%esp),%eax pxor %xmm0,%xmm0 andl $15,%eax - jz L056xts_enc_ret + jz L058xts_enc_ret pcmpgtd %xmm1,%xmm0 movl %eax,112(%esp) pshufd $19,%xmm0,%xmm5 paddq %xmm1,%xmm1 pand 96(%esp),%xmm5 pxor %xmm1,%xmm5 -L057xts_enc_steal: +L059xts_enc_steal: movzbl (%esi),%ecx movzbl -16(%edi),%edx leal 1(%esi),%esi @@ -1351,7 +1377,7 @@ L057xts_enc_steal: movb %dl,(%edi) leal 1(%edi),%edi subl $1,%eax - jnz L057xts_enc_steal + jnz L059xts_enc_steal subl 112(%esp),%edi movl %ebp,%edx movl %ebx,%ecx @@ -1361,16 +1387,16 @@ L057xts_enc_steal: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L058enc1_loop_10: +L060enc1_loop_10: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L058enc1_loop_10 + jnz L060enc1_loop_10 .byte 102,15,56,221,209 xorps %xmm5,%xmm2 movups %xmm2,-16(%edi) -L056xts_enc_ret: +L058xts_enc_ret: pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -1408,12 +1434,12 @@ L_aes_hw_xts_decrypt_begin: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L059enc1_loop_11: +L061enc1_loop_11: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L059enc1_loop_11 + jnz L061enc1_loop_11 .byte 102,15,56,221,209 movl 20(%esp),%esi movl 24(%esp),%edi @@ -1442,14 +1468,14 @@ L059enc1_loop_11: pcmpgtd %xmm1,%xmm0 andl $-16,%eax subl $96,%eax - jc L060xts_dec_short + jc L062xts_dec_short shll $4,%ecx movl $16,%ebx subl %ecx,%ebx leal 32(%edx,%ecx,1),%edx - jmp L061xts_dec_loop6 + jmp L063xts_dec_loop6 .align 4,0x90 -L061xts_dec_loop6: +L063xts_dec_loop6: pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,(%esp) @@ -1538,23 +1564,23 @@ L061xts_dec_loop6: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 subl $96,%eax - jnc L061xts_dec_loop6 + jnc L063xts_dec_loop6 movl 240(%ebp),%ecx movl %ebp,%edx movl %ecx,%ebx -L060xts_dec_short: +L062xts_dec_short: addl $96,%eax - jz L062xts_dec_done6x + jz L064xts_dec_done6x movdqa %xmm1,%xmm5 cmpl $32,%eax - jb L063xts_dec_one + jb L065xts_dec_one pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 paddq %xmm1,%xmm1 pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 - je L064xts_dec_two + je L066xts_dec_two pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm6 @@ -1563,7 +1589,7 @@ L060xts_dec_short: pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 cmpl $64,%eax - jb L065xts_dec_three + jb L067xts_dec_three pshufd $19,%xmm0,%xmm2 pxor %xmm0,%xmm0 movdqa %xmm1,%xmm7 @@ -1573,7 +1599,7 @@ L060xts_dec_short: pxor %xmm2,%xmm1 movdqa %xmm5,(%esp) movdqa %xmm6,16(%esp) - je L066xts_dec_four + je L068xts_dec_four movdqa %xmm7,32(%esp) pshufd $19,%xmm0,%xmm7 movdqa %xmm1,48(%esp) @@ -1605,9 +1631,9 @@ L060xts_dec_short: movups %xmm5,48(%edi) movups %xmm6,64(%edi) leal 80(%edi),%edi - jmp L067xts_dec_done + jmp L069xts_dec_done .align 4,0x90 -L063xts_dec_one: +L065xts_dec_one: movups (%esi),%xmm2 leal 16(%esi),%esi xorps %xmm5,%xmm2 @@ -1615,20 +1641,20 @@ L063xts_dec_one: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L068dec1_loop_12: +L070dec1_loop_12: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L068dec1_loop_12 + jnz L070dec1_loop_12 .byte 102,15,56,223,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) leal 16(%edi),%edi movdqa %xmm5,%xmm1 - jmp L067xts_dec_done + jmp L069xts_dec_done .align 4,0x90 -L064xts_dec_two: +L066xts_dec_two: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1642,9 +1668,9 @@ L064xts_dec_two: movups %xmm3,16(%edi) leal 32(%edi),%edi movdqa %xmm6,%xmm1 - jmp L067xts_dec_done + jmp L069xts_dec_done .align 4,0x90 -L065xts_dec_three: +L067xts_dec_three: movaps %xmm1,%xmm7 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1662,9 +1688,9 @@ L065xts_dec_three: movups %xmm4,32(%edi) leal 48(%edi),%edi movdqa %xmm7,%xmm1 - jmp L067xts_dec_done + jmp L069xts_dec_done .align 4,0x90 -L066xts_dec_four: +L068xts_dec_four: movaps %xmm1,%xmm6 movups (%esi),%xmm2 movups 16(%esi),%xmm3 @@ -1686,20 +1712,20 @@ L066xts_dec_four: movups %xmm5,48(%edi) leal 64(%edi),%edi movdqa %xmm6,%xmm1 - jmp L067xts_dec_done + jmp L069xts_dec_done .align 4,0x90 -L062xts_dec_done6x: +L064xts_dec_done6x: movl 112(%esp),%eax andl $15,%eax - jz L069xts_dec_ret + jz L071xts_dec_ret movl %eax,112(%esp) - jmp L070xts_dec_only_one_more + jmp L072xts_dec_only_one_more .align 4,0x90 -L067xts_dec_done: +L069xts_dec_done: movl 112(%esp),%eax pxor %xmm0,%xmm0 andl $15,%eax - jz L069xts_dec_ret + jz L071xts_dec_ret pcmpgtd %xmm1,%xmm0 movl %eax,112(%esp) pshufd $19,%xmm0,%xmm2 @@ -1709,7 +1735,7 @@ L067xts_dec_done: pand %xmm3,%xmm2 pcmpgtd %xmm1,%xmm0 pxor %xmm2,%xmm1 -L070xts_dec_only_one_more: +L072xts_dec_only_one_more: pshufd $19,%xmm0,%xmm5 movdqa %xmm1,%xmm6 paddq %xmm1,%xmm1 @@ -1723,16 +1749,16 @@ L070xts_dec_only_one_more: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L071dec1_loop_13: +L073dec1_loop_13: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L071dec1_loop_13 + jnz L073dec1_loop_13 .byte 102,15,56,223,209 xorps %xmm5,%xmm2 movups %xmm2,(%edi) -L072xts_dec_steal: +L074xts_dec_steal: movzbl 16(%esi),%ecx movzbl (%edi),%edx leal 1(%esi),%esi @@ -1740,7 +1766,7 @@ L072xts_dec_steal: movb %dl,16(%edi) leal 1(%edi),%edi subl $1,%eax - jnz L072xts_dec_steal + jnz L074xts_dec_steal subl 112(%esp),%edi movl %ebp,%edx movl %ebx,%ecx @@ -1750,16 +1776,16 @@ L072xts_dec_steal: movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L073dec1_loop_14: +L075dec1_loop_14: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L073dec1_loop_14 + jnz L075dec1_loop_14 .byte 102,15,56,223,209 xorps %xmm6,%xmm2 movups %xmm2,(%edi) -L069xts_dec_ret: +L071xts_dec_ret: pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -1798,7 +1824,7 @@ L_aes_hw_cbc_encrypt_begin: movl 32(%esp),%edx movl 36(%esp),%ebp testl %eax,%eax - jz L074cbc_abort + jz L076cbc_abort cmpl $0,40(%esp) xchgl %esp,%ebx movups (%ebp),%xmm7 @@ -1806,14 +1832,14 @@ L_aes_hw_cbc_encrypt_begin: movl %edx,%ebp movl %ebx,16(%esp) movl %ecx,%ebx - je L075cbc_decrypt + je L077cbc_decrypt movaps %xmm7,%xmm2 cmpl $16,%eax - jb L076cbc_enc_tail + jb L078cbc_enc_tail subl $16,%eax - jmp L077cbc_enc_loop + jmp L079cbc_enc_loop .align 4,0x90 -L077cbc_enc_loop: +L079cbc_enc_loop: movups (%esi),%xmm7 leal 16(%esi),%esi movups (%edx),%xmm0 @@ -1821,25 +1847,25 @@ L077cbc_enc_loop: xorps %xmm0,%xmm7 leal 32(%edx),%edx xorps %xmm7,%xmm2 -L078enc1_loop_15: +L080enc1_loop_15: .byte 102,15,56,220,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L078enc1_loop_15 + jnz L080enc1_loop_15 .byte 102,15,56,221,209 movl %ebx,%ecx movl %ebp,%edx movups %xmm2,(%edi) leal 16(%edi),%edi subl $16,%eax - jnc L077cbc_enc_loop + jnc L079cbc_enc_loop addl $16,%eax - jnz L076cbc_enc_tail + jnz L078cbc_enc_tail movaps %xmm2,%xmm7 pxor %xmm2,%xmm2 - jmp L079cbc_ret -L076cbc_enc_tail: + jmp L081cbc_ret +L078cbc_enc_tail: movl %eax,%ecx .long 2767451785 movl $16,%ecx @@ -1850,20 +1876,20 @@ L076cbc_enc_tail: movl %ebx,%ecx movl %edi,%esi movl %ebp,%edx - jmp L077cbc_enc_loop + jmp L079cbc_enc_loop .align 4,0x90 -L075cbc_decrypt: +L077cbc_decrypt: cmpl $80,%eax - jbe L080cbc_dec_tail + jbe L082cbc_dec_tail movaps %xmm7,(%esp) subl $80,%eax - jmp L081cbc_dec_loop6_enter + jmp L083cbc_dec_loop6_enter .align 4,0x90 -L082cbc_dec_loop6: +L084cbc_dec_loop6: movaps %xmm0,(%esp) movups %xmm7,(%edi) leal 16(%edi),%edi -L081cbc_dec_loop6_enter: +L083cbc_dec_loop6_enter: movdqu (%esi),%xmm2 movdqu 16(%esi),%xmm3 movdqu 32(%esi),%xmm4 @@ -1893,28 +1919,28 @@ L081cbc_dec_loop6_enter: movups %xmm6,64(%edi) leal 80(%edi),%edi subl $96,%eax - ja L082cbc_dec_loop6 + ja L084cbc_dec_loop6 movaps %xmm7,%xmm2 movaps %xmm0,%xmm7 addl $80,%eax - jle L083cbc_dec_clear_tail_collected + jle L085cbc_dec_clear_tail_collected movups %xmm2,(%edi) leal 16(%edi),%edi -L080cbc_dec_tail: +L082cbc_dec_tail: movups (%esi),%xmm2 movaps %xmm2,%xmm6 cmpl $16,%eax - jbe L084cbc_dec_one + jbe L086cbc_dec_one movups 16(%esi),%xmm3 movaps %xmm3,%xmm5 cmpl $32,%eax - jbe L085cbc_dec_two + jbe L087cbc_dec_two movups 32(%esi),%xmm4 cmpl $48,%eax - jbe L086cbc_dec_three + jbe L088cbc_dec_three movups 48(%esi),%xmm5 cmpl $64,%eax - jbe L087cbc_dec_four + jbe L089cbc_dec_four movups 64(%esi),%xmm6 movaps %xmm7,(%esp) movups (%esi),%xmm2 @@ -1941,26 +1967,26 @@ L080cbc_dec_tail: movaps %xmm6,%xmm2 pxor %xmm6,%xmm6 subl $80,%eax - jmp L088cbc_dec_tail_collected + jmp L090cbc_dec_tail_collected .align 4,0x90 -L084cbc_dec_one: +L086cbc_dec_one: movups (%edx),%xmm0 movups 16(%edx),%xmm1 leal 32(%edx),%edx xorps %xmm0,%xmm2 -L089dec1_loop_16: +L091dec1_loop_16: .byte 102,15,56,222,209 decl %ecx movups (%edx),%xmm1 leal 16(%edx),%edx - jnz L089dec1_loop_16 + jnz L091dec1_loop_16 .byte 102,15,56,223,209 xorps %xmm7,%xmm2 movaps %xmm6,%xmm7 subl $16,%eax - jmp L088cbc_dec_tail_collected + jmp L090cbc_dec_tail_collected .align 4,0x90 -L085cbc_dec_two: +L087cbc_dec_two: call __aesni_decrypt2 xorps %xmm7,%xmm2 xorps %xmm6,%xmm3 @@ -1970,9 +1996,9 @@ L085cbc_dec_two: leal 16(%edi),%edi movaps %xmm5,%xmm7 subl $32,%eax - jmp L088cbc_dec_tail_collected + jmp L090cbc_dec_tail_collected .align 4,0x90 -L086cbc_dec_three: +L088cbc_dec_three: call __aesni_decrypt3 xorps %xmm7,%xmm2 xorps %xmm6,%xmm3 @@ -1985,9 +2011,9 @@ L086cbc_dec_three: leal 32(%edi),%edi movups 32(%esi),%xmm7 subl $48,%eax - jmp L088cbc_dec_tail_collected + jmp L090cbc_dec_tail_collected .align 4,0x90 -L087cbc_dec_four: +L089cbc_dec_four: call __aesni_decrypt4 movups 16(%esi),%xmm1 movups 32(%esi),%xmm0 @@ -2005,21 +2031,21 @@ L087cbc_dec_four: movaps %xmm5,%xmm2 pxor %xmm5,%xmm5 subl $64,%eax - jmp L088cbc_dec_tail_collected + jmp L090cbc_dec_tail_collected .align 4,0x90 -L083cbc_dec_clear_tail_collected: +L085cbc_dec_clear_tail_collected: pxor %xmm3,%xmm3 pxor %xmm4,%xmm4 pxor %xmm5,%xmm5 pxor %xmm6,%xmm6 -L088cbc_dec_tail_collected: +L090cbc_dec_tail_collected: andl $15,%eax - jnz L090cbc_dec_tail_partial + jnz L092cbc_dec_tail_partial movups %xmm2,(%edi) pxor %xmm0,%xmm0 - jmp L079cbc_ret + jmp L081cbc_ret .align 4,0x90 -L090cbc_dec_tail_partial: +L092cbc_dec_tail_partial: movaps %xmm2,(%esp) pxor %xmm0,%xmm0 movl $16,%ecx @@ -2027,14 +2053,14 @@ L090cbc_dec_tail_partial: subl %eax,%ecx .long 2767451785 movdqa %xmm2,(%esp) -L079cbc_ret: +L081cbc_ret: movl 16(%esp),%esp movl 36(%esp),%ebp pxor %xmm2,%xmm2 pxor %xmm1,%xmm1 movups %xmm7,(%ebp) pxor %xmm7,%xmm7 -L074cbc_abort: +L076cbc_abort: popl %edi popl %esi popl %ebx @@ -2046,13 +2072,13 @@ __aesni_set_encrypt_key: pushl %ebp pushl %ebx testl %eax,%eax - jz L091bad_pointer + jz L093bad_pointer testl %edx,%edx - jz L091bad_pointer - call L092pic -L092pic: + jz L093bad_pointer + call L094pic +L094pic: popl %ebx - leal Lkey_const-L092pic(%ebx),%ebx + leal Lkey_const-L094pic(%ebx),%ebx movl L_OPENSSL_ia32cap_P$non_lazy_ptr-Lkey_const(%ebx),%ebp movups (%eax),%xmm0 xorps %xmm4,%xmm4 @@ -2060,45 +2086,45 @@ L092pic: leal 16(%edx),%edx andl $268437504,%ebp cmpl $256,%ecx - je L09314rounds + je L09514rounds cmpl $192,%ecx - je L09412rounds + je L09612rounds cmpl $128,%ecx - jne L095bad_keybits + jne L097bad_keybits .align 4,0x90 -L09610rounds: +L09810rounds: cmpl $268435456,%ebp - je L09710rounds_alt + je L09910rounds_alt movl $9,%ecx movups %xmm0,-16(%edx) .byte 102,15,58,223,200,1 - call L098key_128_cold + call L100key_128_cold .byte 102,15,58,223,200,2 - call L099key_128 + call L101key_128 .byte 102,15,58,223,200,4 - call L099key_128 + call L101key_128 .byte 102,15,58,223,200,8 - call L099key_128 + call L101key_128 .byte 102,15,58,223,200,16 - call L099key_128 + call L101key_128 .byte 102,15,58,223,200,32 - call L099key_128 + call L101key_128 .byte 102,15,58,223,200,64 - call L099key_128 + call L101key_128 .byte 102,15,58,223,200,128 - call L099key_128 + call L101key_128 .byte 102,15,58,223,200,27 - call L099key_128 + call L101key_128 .byte 102,15,58,223,200,54 - call L099key_128 + call L101key_128 movups %xmm0,(%edx) movl %ecx,80(%edx) - jmp L100good_key + jmp L102good_key .align 4,0x90 -L099key_128: +L101key_128: movups %xmm0,(%edx) leal 16(%edx),%edx -L098key_128_cold: +L100key_128_cold: shufps $16,%xmm0,%xmm4 xorps %xmm4,%xmm0 shufps $140,%xmm0,%xmm4 @@ -2107,13 +2133,13 @@ L098key_128_cold: xorps %xmm1,%xmm0 ret .align 4,0x90 -L09710rounds_alt: +L09910rounds_alt: movdqa (%ebx),%xmm5 movl $8,%ecx movdqa 32(%ebx),%xmm4 movdqa %xmm0,%xmm2 movdqu %xmm0,-16(%edx) -L101loop_key128: +L103loop_key128: .byte 102,15,56,0,197 .byte 102,15,56,221,196 pslld $1,%xmm4 @@ -2129,7 +2155,7 @@ L101loop_key128: movdqu %xmm0,-16(%edx) movdqa %xmm0,%xmm2 decl %ecx - jnz L101loop_key128 + jnz L103loop_key128 movdqa 48(%ebx),%xmm4 .byte 102,15,56,0,197 .byte 102,15,56,221,196 @@ -2157,41 +2183,41 @@ L101loop_key128: movdqu %xmm0,16(%edx) movl $9,%ecx movl %ecx,96(%edx) - jmp L100good_key + jmp L102good_key .align 4,0x90 -L09412rounds: +L09612rounds: movq 16(%eax),%xmm2 cmpl $268435456,%ebp - je L10212rounds_alt + je L10412rounds_alt movl $11,%ecx movups %xmm0,-16(%edx) .byte 102,15,58,223,202,1 - call L103key_192a_cold + call L105key_192a_cold .byte 102,15,58,223,202,2 - call L104key_192b + call L106key_192b .byte 102,15,58,223,202,4 - call L105key_192a + call L107key_192a .byte 102,15,58,223,202,8 - call L104key_192b + call L106key_192b .byte 102,15,58,223,202,16 - call L105key_192a + call L107key_192a .byte 102,15,58,223,202,32 - call L104key_192b + call L106key_192b .byte 102,15,58,223,202,64 - call L105key_192a + call L107key_192a .byte 102,15,58,223,202,128 - call L104key_192b + call L106key_192b movups %xmm0,(%edx) movl %ecx,48(%edx) - jmp L100good_key + jmp L102good_key .align 4,0x90 -L105key_192a: +L107key_192a: movups %xmm0,(%edx) leal 16(%edx),%edx .align 4,0x90 -L103key_192a_cold: +L105key_192a_cold: movaps %xmm2,%xmm5 -L106key_192b_warm: +L108key_192b_warm: shufps $16,%xmm0,%xmm4 movdqa %xmm2,%xmm3 xorps %xmm4,%xmm0 @@ -2205,21 +2231,21 @@ L106key_192b_warm: pxor %xmm3,%xmm2 ret .align 4,0x90 -L104key_192b: +L106key_192b: movaps %xmm0,%xmm3 shufps $68,%xmm0,%xmm5 movups %xmm5,(%edx) shufps $78,%xmm2,%xmm3 movups %xmm3,16(%edx) leal 32(%edx),%edx - jmp L106key_192b_warm + jmp L108key_192b_warm .align 4,0x90 -L10212rounds_alt: +L10412rounds_alt: movdqa 16(%ebx),%xmm5 movdqa 32(%ebx),%xmm4 movl $8,%ecx movdqu %xmm0,-16(%edx) -L107loop_key192: +L109loop_key192: movq %xmm2,(%edx) movdqa %xmm2,%xmm1 .byte 102,15,56,0,213 @@ -2241,54 +2267,54 @@ L107loop_key192: pxor %xmm3,%xmm2 movdqu %xmm0,-16(%edx) decl %ecx - jnz L107loop_key192 + jnz L109loop_key192 movl $11,%ecx movl %ecx,32(%edx) - jmp L100good_key + jmp L102good_key .align 4,0x90 -L09314rounds: +L09514rounds: movups 16(%eax),%xmm2 leal 16(%edx),%edx cmpl $268435456,%ebp - je L10814rounds_alt + je L11014rounds_alt movl $13,%ecx movups %xmm0,-32(%edx) movups %xmm2,-16(%edx) .byte 102,15,58,223,202,1 - call L109key_256a_cold + call L111key_256a_cold .byte 102,15,58,223,200,1 - call L110key_256b + call L112key_256b .byte 102,15,58,223,202,2 - call L111key_256a + call L113key_256a .byte 102,15,58,223,200,2 - call L110key_256b + call L112key_256b .byte 102,15,58,223,202,4 - call L111key_256a + call L113key_256a .byte 102,15,58,223,200,4 - call L110key_256b + call L112key_256b .byte 102,15,58,223,202,8 - call L111key_256a + call L113key_256a .byte 102,15,58,223,200,8 - call L110key_256b + call L112key_256b .byte 102,15,58,223,202,16 - call L111key_256a + call L113key_256a .byte 102,15,58,223,200,16 - call L110key_256b + call L112key_256b .byte 102,15,58,223,202,32 - call L111key_256a + call L113key_256a .byte 102,15,58,223,200,32 - call L110key_256b + call L112key_256b .byte 102,15,58,223,202,64 - call L111key_256a + call L113key_256a movups %xmm0,(%edx) movl %ecx,16(%edx) xorl %eax,%eax - jmp L100good_key + jmp L102good_key .align 4,0x90 -L111key_256a: +L113key_256a: movups %xmm2,(%edx) leal 16(%edx),%edx -L109key_256a_cold: +L111key_256a_cold: shufps $16,%xmm0,%xmm4 xorps %xmm4,%xmm0 shufps $140,%xmm0,%xmm4 @@ -2297,7 +2323,7 @@ L109key_256a_cold: xorps %xmm1,%xmm0 ret .align 4,0x90 -L110key_256b: +L112key_256b: movups %xmm0,(%edx) leal 16(%edx),%edx shufps $16,%xmm2,%xmm4 @@ -2308,14 +2334,14 @@ L110key_256b: xorps %xmm1,%xmm2 ret .align 4,0x90 -L10814rounds_alt: +L11014rounds_alt: movdqa (%ebx),%xmm5 movdqa 32(%ebx),%xmm4 movl $7,%ecx movdqu %xmm0,-32(%edx) movdqa %xmm2,%xmm1 movdqu %xmm2,-16(%edx) -L112loop_key256: +L114loop_key256: .byte 102,15,56,0,213 .byte 102,15,56,221,212 movdqa %xmm0,%xmm3 @@ -2329,7 +2355,7 @@ L112loop_key256: pxor %xmm2,%xmm0 movdqu %xmm0,(%edx) decl %ecx - jz L113done_key256 + jz L115done_key256 pshufd $255,%xmm0,%xmm2 pxor %xmm3,%xmm3 .byte 102,15,56,221,211 @@ -2344,11 +2370,11 @@ L112loop_key256: movdqu %xmm2,16(%edx) leal 32(%edx),%edx movdqa %xmm2,%xmm1 - jmp L112loop_key256 -L113done_key256: + jmp L114loop_key256 +L115done_key256: movl $13,%ecx movl %ecx,16(%edx) -L100good_key: +L102good_key: pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -2360,13 +2386,13 @@ L100good_key: popl %ebp ret .align 2,0x90 -L091bad_pointer: +L093bad_pointer: movl $-1,%eax popl %ebx popl %ebp ret .align 2,0x90 -L095bad_keybits: +L097bad_keybits: pxor %xmm0,%xmm0 movl $-2,%eax popl %ebx @@ -2377,6 +2403,18 @@ L095bad_keybits: .align 4 _aes_hw_set_encrypt_key: L_aes_hw_set_encrypt_key_begin: +#ifndef NDEBUG + pushl %ebx + pushl %edx + call L116pic +L116pic: + popl %ebx + leal _BORINGSSL_function_hit+3-L116pic(%ebx),%ebx + movl $1,%edx + movb %dl,(%ebx) + popl %edx + popl %ebx +#endif movl 4(%esp),%eax movl 8(%esp),%ecx movl 12(%esp),%edx @@ -2394,7 +2432,7 @@ L_aes_hw_set_decrypt_key_begin: movl 12(%esp),%edx shll $4,%ecx testl %eax,%eax - jnz L114dec_key_ret + jnz L117dec_key_ret leal 16(%edx,%ecx,1),%eax movups (%edx),%xmm0 movups (%eax),%xmm1 @@ -2402,7 +2440,7 @@ L_aes_hw_set_decrypt_key_begin: movups %xmm1,(%edx) leal 16(%edx),%edx leal -16(%eax),%eax -L115dec_key_inverse: +L118dec_key_inverse: movups (%edx),%xmm0 movups (%eax),%xmm1 .byte 102,15,56,219,192 @@ -2412,14 +2450,14 @@ L115dec_key_inverse: movups %xmm0,16(%eax) movups %xmm1,-16(%edx) cmpl %edx,%eax - ja L115dec_key_inverse + ja L118dec_key_inverse movups (%edx),%xmm0 .byte 102,15,56,219,192 movups %xmm0,(%edx) pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 xorl %eax,%eax -L114dec_key_ret: +L117dec_key_ret: ret .align 6,0x90 Lkey_const: diff --git a/mac-x86/crypto/fipsmodule/vpaes-x86.S b/mac-x86/crypto/fipsmodule/vpaes-x86.S index c47a217..22043e2 100644 --- a/mac-x86/crypto/fipsmodule/vpaes-x86.S +++ b/mac-x86/crypto/fipsmodule/vpaes-x86.S @@ -6,6 +6,8 @@ #include #endif .text +#ifndef NDEBUG +#endif .align 6,0x90 L_vpaes_consts: .long 218628480,235210255,168496130,67568393 @@ -466,6 +468,18 @@ L_vpaes_set_encrypt_key_begin: pushl %ebx pushl %esi pushl %edi +#ifndef NDEBUG + pushl %ebx + pushl %edx + call L016pic +L016pic: + popl %ebx + leal _BORINGSSL_function_hit+5-L016pic(%ebx),%ebx + movl $1,%edx + movb %dl,(%ebx) + popl %edx + popl %ebx +#endif movl 20(%esp),%esi leal -56(%esp),%ebx movl 24(%esp),%eax @@ -479,9 +493,9 @@ L_vpaes_set_encrypt_key_begin: movl %ebx,240(%edx) movl $48,%ecx movl $0,%edi - leal L_vpaes_consts+0x30-L016pic_point,%ebp + leal L_vpaes_consts+0x30-L017pic_point,%ebp call __vpaes_schedule_core -L016pic_point: +L017pic_point: movl 48(%esp),%esp xorl %eax,%eax popl %edi @@ -516,9 +530,9 @@ L_vpaes_set_decrypt_key_begin: shrl $1,%ecx andl $32,%ecx xorl $32,%ecx - leal L_vpaes_consts+0x30-L017pic_point,%ebp + leal L_vpaes_consts+0x30-L018pic_point,%ebp call __vpaes_schedule_core -L017pic_point: +L018pic_point: movl 48(%esp),%esp xorl %eax,%eax popl %edi @@ -535,9 +549,21 @@ L_vpaes_encrypt_begin: pushl %ebx pushl %esi pushl %edi - leal L_vpaes_consts+0x30-L018pic_point,%ebp +#ifndef NDEBUG + pushl %ebx + pushl %edx + call L019pic +L019pic: + popl %ebx + leal _BORINGSSL_function_hit+4-L019pic(%ebx),%ebx + movl $1,%edx + movb %dl,(%ebx) + popl %edx + popl %ebx +#endif + leal L_vpaes_consts+0x30-L020pic_point,%ebp call __vpaes_preheat -L018pic_point: +L020pic_point: movl 20(%esp),%esi leal -56(%esp),%ebx movl 24(%esp),%edi @@ -563,9 +589,9 @@ L_vpaes_decrypt_begin: pushl %ebx pushl %esi pushl %edi - leal L_vpaes_consts+0x30-L019pic_point,%ebp + leal L_vpaes_consts+0x30-L021pic_point,%ebp call __vpaes_preheat -L019pic_point: +L021pic_point: movl 20(%esp),%esi leal -56(%esp),%ebx movl 24(%esp),%edi @@ -596,7 +622,7 @@ L_vpaes_cbc_encrypt_begin: movl 28(%esp),%eax movl 32(%esp),%edx subl $16,%eax - jc L020cbc_abort + jc L022cbc_abort leal -56(%esp),%ebx movl 36(%esp),%ebp andl $-16,%ebx @@ -609,14 +635,14 @@ L_vpaes_cbc_encrypt_begin: movl %edx,4(%esp) movl %ebp,8(%esp) movl %eax,%edi - leal L_vpaes_consts+0x30-L021pic_point,%ebp + leal L_vpaes_consts+0x30-L023pic_point,%ebp call __vpaes_preheat -L021pic_point: +L023pic_point: cmpl $0,%ecx - je L022cbc_dec_loop - jmp L023cbc_enc_loop + je L024cbc_dec_loop + jmp L025cbc_enc_loop .align 4,0x90 -L023cbc_enc_loop: +L025cbc_enc_loop: movdqu (%esi),%xmm0 pxor %xmm1,%xmm0 call __vpaes_encrypt_core @@ -626,10 +652,10 @@ L023cbc_enc_loop: movdqu %xmm0,(%ebx,%esi,1) leal 16(%esi),%esi subl $16,%edi - jnc L023cbc_enc_loop - jmp L024cbc_done + jnc L025cbc_enc_loop + jmp L026cbc_done .align 4,0x90 -L022cbc_dec_loop: +L024cbc_dec_loop: movdqu (%esi),%xmm0 movdqa %xmm1,16(%esp) movdqa %xmm0,32(%esp) @@ -641,12 +667,12 @@ L022cbc_dec_loop: movdqu %xmm0,(%ebx,%esi,1) leal 16(%esi),%esi subl $16,%edi - jnc L022cbc_dec_loop -L024cbc_done: + jnc L024cbc_dec_loop +L026cbc_done: movl 8(%esp),%ebx movl 48(%esp),%esp movdqu %xmm1,(%ebx) -L020cbc_abort: +L022cbc_abort: popl %edi popl %esi popl %ebx diff --git a/mac-x86/crypto/test/trampoline-x86.S b/mac-x86/crypto/test/trampoline-x86.S new file mode 100644 index 0000000..601f2f0 --- /dev/null +++ b/mac-x86/crypto/test/trampoline-x86.S @@ -0,0 +1,169 @@ +# This file is generated from a similarly-named Perl script in the BoringSSL +# source tree. Do not edit by hand. + +#if defined(__i386__) +#if defined(BORINGSSL_PREFIX) +#include +#endif +.text +.globl _abi_test_trampoline +.private_extern _abi_test_trampoline +.align 4 +_abi_test_trampoline: +L_abi_test_trampoline_begin: + pushl %ebp + pushl %ebx + pushl %esi + pushl %edi + movl 24(%esp),%ecx + movl (%ecx),%esi + movl 4(%ecx),%edi + movl 8(%ecx),%ebx + movl 12(%ecx),%ebp + subl $44,%esp + movl 72(%esp),%eax + xorl %ecx,%ecx +L000loop: + cmpl 76(%esp),%ecx + jae L001loop_done + movl (%eax,%ecx,4),%edx + movl %edx,(%esp,%ecx,4) + addl $1,%ecx + jmp L000loop +L001loop_done: + call *64(%esp) + addl $44,%esp + movl 24(%esp),%ecx + movl %esi,(%ecx) + movl %edi,4(%ecx) + movl %ebx,8(%ecx) + movl %ebp,12(%ecx) + popl %edi + popl %esi + popl %ebx + popl %ebp + ret +.globl _abi_test_get_and_clear_direction_flag +.private_extern _abi_test_get_and_clear_direction_flag +.align 4 +_abi_test_get_and_clear_direction_flag: +L_abi_test_get_and_clear_direction_flag_begin: + pushfl + popl %eax + andl $1024,%eax + shrl $10,%eax + cld + ret +.globl _abi_test_set_direction_flag +.private_extern _abi_test_set_direction_flag +.align 4 +_abi_test_set_direction_flag: +L_abi_test_set_direction_flag_begin: + std + ret +.globl _abi_test_clobber_eax +.private_extern _abi_test_clobber_eax +.align 4 +_abi_test_clobber_eax: +L_abi_test_clobber_eax_begin: + xorl %eax,%eax + ret +.globl _abi_test_clobber_ebx +.private_extern _abi_test_clobber_ebx +.align 4 +_abi_test_clobber_ebx: +L_abi_test_clobber_ebx_begin: + xorl %ebx,%ebx + ret +.globl _abi_test_clobber_ecx +.private_extern _abi_test_clobber_ecx +.align 4 +_abi_test_clobber_ecx: +L_abi_test_clobber_ecx_begin: + xorl %ecx,%ecx + ret +.globl _abi_test_clobber_edx +.private_extern _abi_test_clobber_edx +.align 4 +_abi_test_clobber_edx: +L_abi_test_clobber_edx_begin: + xorl %edx,%edx + ret +.globl _abi_test_clobber_edi +.private_extern _abi_test_clobber_edi +.align 4 +_abi_test_clobber_edi: +L_abi_test_clobber_edi_begin: + xorl %edi,%edi + ret +.globl _abi_test_clobber_esi +.private_extern _abi_test_clobber_esi +.align 4 +_abi_test_clobber_esi: +L_abi_test_clobber_esi_begin: + xorl %esi,%esi + ret +.globl _abi_test_clobber_ebp +.private_extern _abi_test_clobber_ebp +.align 4 +_abi_test_clobber_ebp: +L_abi_test_clobber_ebp_begin: + xorl %ebp,%ebp + ret +.globl _abi_test_clobber_xmm0 +.private_extern _abi_test_clobber_xmm0 +.align 4 +_abi_test_clobber_xmm0: +L_abi_test_clobber_xmm0_begin: + pxor %xmm0,%xmm0 + ret +.globl _abi_test_clobber_xmm1 +.private_extern _abi_test_clobber_xmm1 +.align 4 +_abi_test_clobber_xmm1: +L_abi_test_clobber_xmm1_begin: + pxor %xmm1,%xmm1 + ret +.globl _abi_test_clobber_xmm2 +.private_extern _abi_test_clobber_xmm2 +.align 4 +_abi_test_clobber_xmm2: +L_abi_test_clobber_xmm2_begin: + pxor %xmm2,%xmm2 + ret +.globl _abi_test_clobber_xmm3 +.private_extern _abi_test_clobber_xmm3 +.align 4 +_abi_test_clobber_xmm3: +L_abi_test_clobber_xmm3_begin: + pxor %xmm3,%xmm3 + ret +.globl _abi_test_clobber_xmm4 +.private_extern _abi_test_clobber_xmm4 +.align 4 +_abi_test_clobber_xmm4: +L_abi_test_clobber_xmm4_begin: + pxor %xmm4,%xmm4 + ret +.globl _abi_test_clobber_xmm5 +.private_extern _abi_test_clobber_xmm5 +.align 4 +_abi_test_clobber_xmm5: +L_abi_test_clobber_xmm5_begin: + pxor %xmm5,%xmm5 + ret +.globl _abi_test_clobber_xmm6 +.private_extern _abi_test_clobber_xmm6 +.align 4 +_abi_test_clobber_xmm6: +L_abi_test_clobber_xmm6_begin: + pxor %xmm6,%xmm6 + ret +.globl _abi_test_clobber_xmm7 +.private_extern _abi_test_clobber_xmm7 +.align 4 +_abi_test_clobber_xmm7: +L_abi_test_clobber_xmm7_begin: + pxor %xmm7,%xmm7 + ret +#endif diff --git a/mac-x86_64/crypto/chacha/chacha-x86_64.S b/mac-x86_64/crypto/chacha/chacha-x86_64.S index 4f97274..10b1ad9 100644 --- a/mac-x86_64/crypto/chacha/chacha-x86_64.S +++ b/mac-x86_64/crypto/chacha/chacha-x86_64.S @@ -49,6 +49,7 @@ L$sixteen: .p2align 6 _ChaCha20_ctr32: + cmpq $0,%rdx je L$no_data movq _OPENSSL_ia32cap_P+4(%rip),%r10 @@ -56,12 +57,19 @@ _ChaCha20_ctr32: jnz L$ChaCha20_ssse3 pushq %rbx + pushq %rbp + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + subq $64+24,%rsp + L$ctr32_body: @@ -302,20 +310,30 @@ L$oop_tail: L$done: leaq 64+24+48(%rsp),%rsi movq -48(%rsi),%r15 + movq -40(%rsi),%r14 + movq -32(%rsi),%r13 + movq -24(%rsi),%r12 + movq -16(%rsi),%rbp + movq -8(%rsi),%rbx + leaq (%rsi),%rsp + L$no_data: .byte 0xf3,0xc3 + .p2align 5 ChaCha20_ssse3: L$ChaCha20_ssse3: + movq %rsp,%r9 + cmpq $128,%rdx ja L$ChaCha20_4x @@ -441,14 +459,18 @@ L$oop_tail_ssse3: L$done_ssse3: leaq (%r9),%rsp + L$ssse3_epilogue: .byte 0xf3,0xc3 + .p2align 5 ChaCha20_4x: L$ChaCha20_4x: + movq %rsp,%r9 + movq %r10,%r11 shrq $32,%r10 testq $32,%r10 @@ -989,14 +1011,18 @@ L$oop_tail4x: L$done4x: leaq (%r9),%rsp + L$4x_epilogue: .byte 0xf3,0xc3 + .p2align 5 ChaCha20_8x: L$ChaCha20_8x: + movq %rsp,%r9 + subq $0x280+8,%rsp andq $-32,%rsp vzeroupper @@ -1591,7 +1617,9 @@ L$oop_tail8x: L$done8x: vzeroall leaq (%r9),%rsp + L$8x_epilogue: .byte 0xf3,0xc3 + #endif diff --git a/mac-x86_64/crypto/fipsmodule/aes-x86_64.S b/mac-x86_64/crypto/fipsmodule/aes-x86_64.S index c23234f..8875d0a 100644 --- a/mac-x86_64/crypto/fipsmodule/aes-x86_64.S +++ b/mac-x86_64/crypto/fipsmodule/aes-x86_64.S @@ -168,6 +168,7 @@ L$enc_loop: .p2align 4 _x86_64_AES_encrypt_compact: + leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -338,6 +339,7 @@ L$enc_compact_done: xorl 12(%r15),%edx .byte 0xf3,0xc3 + .p2align 4 .globl _aes_nohw_encrypt .private_extern _aes_nohw_encrypt @@ -580,6 +582,7 @@ L$dec_loop: .p2align 4 _x86_64_AES_decrypt_compact: + leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -802,6 +805,7 @@ L$dec_compact_done: xorl 12(%r15),%edx .byte 0xf3,0xc3 + .p2align 4 .globl _aes_nohw_decrypt .private_extern _aes_nohw_decrypt @@ -926,6 +930,7 @@ L$enc_key_epilogue: .p2align 4 _x86_64_AES_set_encrypt_key: + movl %esi,%ecx movq %rdi,%rsi movq %rdx,%rdi @@ -1162,6 +1167,7 @@ L$badpointer: L$exit: .byte 0xf3,0xc3 + .p2align 4 .globl _aes_nohw_set_decrypt_key .private_extern _aes_nohw_set_decrypt_key @@ -1378,6 +1384,8 @@ _aes_nohw_cbc_encrypt: je L$cbc_epilogue pushfq + + pushq %rbx pushq %rbp @@ -1400,6 +1408,7 @@ L$cbc_prologue: cmpq $0,%r9 cmoveq %r10,%r14 + leaq _OPENSSL_ia32cap_P(%rip),%r10 movl (%r10),%r10d cmpq $512,%rdx @@ -1637,6 +1646,7 @@ L$cbc_fast_cleanup: .p2align 4 L$cbc_slow_prologue: + leaq -88(%rsp),%rbp andq $-64,%rbp @@ -1648,7 +1658,9 @@ L$cbc_slow_prologue: xchgq %rsp,%rbp + movq %rbp,16(%rsp) + L$cbc_slow_body: @@ -1838,6 +1850,8 @@ L$cbc_exit: L$cbc_popfq: popfq + + L$cbc_epilogue: .byte 0xf3,0xc3 diff --git a/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S b/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S index b7902ca..9fb4bef 100644 --- a/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +++ b/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S @@ -556,6 +556,12 @@ L$handle_ctr32_2: .p2align 5 _aesni_gcm_encrypt: +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS + + movb $1,_BORINGSSL_function_hit+2(%rip) +#endif +#endif xorq %r10,%r10 diff --git a/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S b/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S index 381c574..5e12596 100644 --- a/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S +++ b/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S @@ -18,6 +18,13 @@ .p2align 4 _aes_hw_encrypt: + +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS + + movb $1,_BORINGSSL_function_hit+1(%rip) +#endif +#endif movups (%rdi),%xmm2 movl 240(%rdx),%eax movups (%rdx),%xmm0 @@ -38,11 +45,13 @@ L$oop_enc1_1: .byte 0xf3,0xc3 + .globl _aes_hw_decrypt .private_extern _aes_hw_decrypt .p2align 4 _aes_hw_decrypt: + movups (%rdi),%xmm2 movl 240(%rdx),%eax movups (%rdx),%xmm0 @@ -63,8 +72,10 @@ L$oop_dec1_2: .byte 0xf3,0xc3 + .p2align 4 _aesni_encrypt2: + movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -92,8 +103,10 @@ L$enc_loop2: .byte 0xf3,0xc3 + .p2align 4 _aesni_decrypt2: + movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -121,8 +134,10 @@ L$dec_loop2: .byte 0xf3,0xc3 + .p2align 4 _aesni_encrypt3: + movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -155,8 +170,10 @@ L$enc_loop3: .byte 0xf3,0xc3 + .p2align 4 _aesni_decrypt3: + movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -189,8 +206,10 @@ L$dec_loop3: .byte 0xf3,0xc3 + .p2align 4 _aesni_encrypt4: + movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -229,8 +248,10 @@ L$enc_loop4: .byte 0xf3,0xc3 + .p2align 4 _aesni_decrypt4: + movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -269,8 +290,10 @@ L$dec_loop4: .byte 0xf3,0xc3 + .p2align 4 _aesni_encrypt6: + movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -323,8 +346,10 @@ L$enc_loop6_enter: .byte 0xf3,0xc3 + .p2align 4 _aesni_decrypt6: + movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -377,8 +402,10 @@ L$dec_loop6_enter: .byte 0xf3,0xc3 + .p2align 4 _aesni_encrypt8: + movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -441,8 +468,10 @@ L$enc_loop8_enter: .byte 0xf3,0xc3 + .p2align 4 _aesni_decrypt8: + movups (%rcx),%xmm0 shll $4,%eax movups 16(%rcx),%xmm1 @@ -504,11 +533,13 @@ L$dec_loop8_enter: .byte 102,68,15,56,223,200 .byte 0xf3,0xc3 + .globl _aes_hw_ecb_encrypt .private_extern _aes_hw_ecb_encrypt .p2align 4 _aes_hw_ecb_encrypt: + andq $-16,%rdx jz L$ecb_ret @@ -847,167 +878,6 @@ L$ecb_ret: pxor %xmm1,%xmm1 .byte 0xf3,0xc3 -.globl _aes_hw_ccm64_encrypt_blocks -.private_extern _aes_hw_ccm64_encrypt_blocks - -.p2align 4 -_aes_hw_ccm64_encrypt_blocks: - movl 240(%rcx),%eax - movdqu (%r8),%xmm6 - movdqa L$increment64(%rip),%xmm9 - movdqa L$bswap_mask(%rip),%xmm7 - - shll $4,%eax - movl $16,%r10d - leaq 0(%rcx),%r11 - movdqu (%r9),%xmm3 - movdqa %xmm6,%xmm2 - leaq 32(%rcx,%rax,1),%rcx -.byte 102,15,56,0,247 - subq %rax,%r10 - jmp L$ccm64_enc_outer -.p2align 4 -L$ccm64_enc_outer: - movups (%r11),%xmm0 - movq %r10,%rax - movups (%rdi),%xmm8 - - xorps %xmm0,%xmm2 - movups 16(%r11),%xmm1 - xorps %xmm8,%xmm0 - xorps %xmm0,%xmm3 - movups 32(%r11),%xmm0 - -L$ccm64_enc2_loop: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 - movups -16(%rcx,%rax,1),%xmm0 - jnz L$ccm64_enc2_loop -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 - paddq %xmm9,%xmm6 - decq %rdx -.byte 102,15,56,221,208 -.byte 102,15,56,221,216 - - leaq 16(%rdi),%rdi - xorps %xmm2,%xmm8 - movdqa %xmm6,%xmm2 - movups %xmm8,(%rsi) -.byte 102,15,56,0,215 - leaq 16(%rsi),%rsi - jnz L$ccm64_enc_outer - - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - movups %xmm3,(%r9) - pxor %xmm3,%xmm3 - pxor %xmm8,%xmm8 - pxor %xmm6,%xmm6 - .byte 0xf3,0xc3 - -.globl _aes_hw_ccm64_decrypt_blocks -.private_extern _aes_hw_ccm64_decrypt_blocks - -.p2align 4 -_aes_hw_ccm64_decrypt_blocks: - movl 240(%rcx),%eax - movups (%r8),%xmm6 - movdqu (%r9),%xmm3 - movdqa L$increment64(%rip),%xmm9 - movdqa L$bswap_mask(%rip),%xmm7 - - movaps %xmm6,%xmm2 - movl %eax,%r10d - movq %rcx,%r11 -.byte 102,15,56,0,247 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -L$oop_enc1_5: -.byte 102,15,56,220,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz L$oop_enc1_5 -.byte 102,15,56,221,209 - shll $4,%r10d - movl $16,%eax - movups (%rdi),%xmm8 - paddq %xmm9,%xmm6 - leaq 16(%rdi),%rdi - subq %r10,%rax - leaq 32(%r11,%r10,1),%rcx - movq %rax,%r10 - jmp L$ccm64_dec_outer -.p2align 4 -L$ccm64_dec_outer: - xorps %xmm2,%xmm8 - movdqa %xmm6,%xmm2 - movups %xmm8,(%rsi) - leaq 16(%rsi),%rsi -.byte 102,15,56,0,215 - - subq $1,%rdx - jz L$ccm64_dec_break - - movups (%r11),%xmm0 - movq %r10,%rax - movups 16(%r11),%xmm1 - xorps %xmm0,%xmm8 - xorps %xmm0,%xmm2 - xorps %xmm8,%xmm3 - movups 32(%r11),%xmm0 - jmp L$ccm64_dec2_loop -.p2align 4 -L$ccm64_dec2_loop: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 - movups -16(%rcx,%rax,1),%xmm0 - jnz L$ccm64_dec2_loop - movups (%rdi),%xmm8 - paddq %xmm9,%xmm6 -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,221,208 -.byte 102,15,56,221,216 - leaq 16(%rdi),%rdi - jmp L$ccm64_dec_outer - -.p2align 4 -L$ccm64_dec_break: - - movl 240(%r11),%eax - movups (%r11),%xmm0 - movups 16(%r11),%xmm1 - xorps %xmm0,%xmm8 - leaq 32(%r11),%r11 - xorps %xmm8,%xmm3 -L$oop_enc1_6: -.byte 102,15,56,220,217 - decl %eax - movups (%r11),%xmm1 - leaq 16(%r11),%r11 - jnz L$oop_enc1_6 -.byte 102,15,56,221,217 - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - movups %xmm3,(%r9) - pxor %xmm3,%xmm3 - pxor %xmm8,%xmm8 - pxor %xmm6,%xmm6 - .byte 0xf3,0xc3 .globl _aes_hw_ctr32_encrypt_blocks .private_extern _aes_hw_ctr32_encrypt_blocks @@ -1015,6 +885,11 @@ L$oop_enc1_6: .p2align 4 _aes_hw_ctr32_encrypt_blocks: +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS + movb $1,_BORINGSSL_function_hit(%rip) +#endif +#endif cmpq $1,%rdx jne L$ctr32_bulk @@ -1027,12 +902,12 @@ _aes_hw_ctr32_encrypt_blocks: movups 16(%rcx),%xmm1 leaq 32(%rcx),%rcx xorps %xmm0,%xmm2 -L$oop_enc1_7: +L$oop_enc1_5: .byte 102,15,56,220,209 decl %edx movups (%rcx),%xmm1 leaq 16(%rcx),%rcx - jnz L$oop_enc1_7 + jnz L$oop_enc1_5 .byte 102,15,56,221,209 pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 @@ -1589,1955 +1464,132 @@ L$ctr32_epilogue: .byte 0xf3,0xc3 -.globl _aes_hw_xts_encrypt -.private_extern _aes_hw_xts_encrypt +.globl _aes_hw_cbc_encrypt +.private_extern _aes_hw_cbc_encrypt .p2align 4 -_aes_hw_xts_encrypt: - - leaq (%rsp),%r11 +_aes_hw_cbc_encrypt: - pushq %rbp + testq %rdx,%rdx + jz L$cbc_ret - subq $112,%rsp - andq $-16,%rsp - movups (%r9),%xmm2 - movl 240(%r8),%eax movl 240(%rcx),%r10d - movups (%r8),%xmm0 - movups 16(%r8),%xmm1 - leaq 32(%r8),%r8 - xorps %xmm0,%xmm2 -L$oop_enc1_8: + movq %rcx,%r11 + testl %r9d,%r9d + jz L$cbc_decrypt + + movups (%r8),%xmm2 + movl %r10d,%eax + cmpq $16,%rdx + jb L$cbc_enc_tail + subq $16,%rdx + jmp L$cbc_enc_loop +.p2align 4 +L$cbc_enc_loop: + movups (%rdi),%xmm3 + leaq 16(%rdi),%rdi + + movups (%rcx),%xmm0 + movups 16(%rcx),%xmm1 + xorps %xmm0,%xmm3 + leaq 32(%rcx),%rcx + xorps %xmm3,%xmm2 +L$oop_enc1_6: .byte 102,15,56,220,209 decl %eax - movups (%r8),%xmm1 - leaq 16(%r8),%r8 - jnz L$oop_enc1_8 + movups (%rcx),%xmm1 + leaq 16(%rcx),%rcx + jnz L$oop_enc1_6 .byte 102,15,56,221,209 - movups (%rcx),%xmm0 - movq %rcx,%rbp movl %r10d,%eax - shll $4,%r10d - movq %rdx,%r9 - andq $-16,%rdx + movq %r11,%rcx + movups %xmm2,0(%rsi) + leaq 16(%rsi),%rsi + subq $16,%rdx + jnc L$cbc_enc_loop + addq $16,%rdx + jnz L$cbc_enc_tail + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + movups %xmm2,(%r8) + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + jmp L$cbc_ret - movups 16(%rcx,%r10,1),%xmm1 +L$cbc_enc_tail: + movq %rdx,%rcx + xchgq %rdi,%rsi +.long 0x9066A4F3 + movl $16,%ecx + subq %rdx,%rcx + xorl %eax,%eax +.long 0x9066AAF3 + leaq -16(%rdi),%rdi + movl %r10d,%eax + movq %rdi,%rsi + movq %r11,%rcx + xorq %rdx,%rdx + jmp L$cbc_enc_loop - movdqa L$xts_magic(%rip),%xmm8 - movdqa %xmm2,%xmm15 - pshufd $0x5f,%xmm2,%xmm9 - pxor %xmm0,%xmm1 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm10 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm10 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm11 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm11 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm12 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm12 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm13 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm13 - pxor %xmm14,%xmm15 - movdqa %xmm15,%xmm14 - psrad $31,%xmm9 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm9 - pxor %xmm0,%xmm14 - pxor %xmm9,%xmm15 - movaps %xmm1,96(%rsp) +.p2align 4 +L$cbc_decrypt: + cmpq $16,%rdx + jne L$cbc_decrypt_bulk - subq $96,%rdx - jc L$xts_enc_short - movl $16+96,%eax - leaq 32(%rbp,%r10,1),%rcx - subq %r10,%rax - movups 16(%rbp),%xmm1 - movq %rax,%r10 - leaq L$xts_magic(%rip),%r8 - jmp L$xts_enc_grandloop -.p2align 5 -L$xts_enc_grandloop: + movdqu (%rdi),%xmm2 + movdqu (%r8),%xmm3 + movdqa %xmm2,%xmm4 + movups (%rcx),%xmm0 + movups 16(%rcx),%xmm1 + leaq 32(%rcx),%rcx + xorps %xmm0,%xmm2 +L$oop_dec1_7: +.byte 102,15,56,222,209 + decl %r10d + movups (%rcx),%xmm1 + leaq 16(%rcx),%rcx + jnz L$oop_dec1_7 +.byte 102,15,56,223,209 + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + movdqu %xmm4,(%r8) + xorps %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movups %xmm2,(%rsi) + pxor %xmm2,%xmm2 + jmp L$cbc_ret +.p2align 4 +L$cbc_decrypt_bulk: + leaq (%rsp),%r11 + + pushq %rbp + + subq $16,%rsp + andq $-16,%rsp + movq %rcx,%rbp + movups (%r8),%xmm10 + movl %r10d,%eax + cmpq $0x50,%rdx + jbe L$cbc_dec_tail + + movups (%rcx),%xmm0 movdqu 0(%rdi),%xmm2 - movdqa %xmm0,%xmm8 movdqu 16(%rdi),%xmm3 - pxor %xmm10,%xmm2 + movdqa %xmm2,%xmm11 movdqu 32(%rdi),%xmm4 - pxor %xmm11,%xmm3 -.byte 102,15,56,220,209 + movdqa %xmm3,%xmm12 movdqu 48(%rdi),%xmm5 - pxor %xmm12,%xmm4 -.byte 102,15,56,220,217 + movdqa %xmm4,%xmm13 movdqu 64(%rdi),%xmm6 - pxor %xmm13,%xmm5 -.byte 102,15,56,220,225 + movdqa %xmm5,%xmm14 movdqu 80(%rdi),%xmm7 - pxor %xmm15,%xmm8 - movdqa 96(%rsp),%xmm9 - pxor %xmm14,%xmm6 -.byte 102,15,56,220,233 - movups 32(%rbp),%xmm0 - leaq 96(%rdi),%rdi - pxor %xmm8,%xmm7 - - pxor %xmm9,%xmm10 -.byte 102,15,56,220,241 - pxor %xmm9,%xmm11 - movdqa %xmm10,0(%rsp) -.byte 102,15,56,220,249 - movups 48(%rbp),%xmm1 - pxor %xmm9,%xmm12 - -.byte 102,15,56,220,208 - pxor %xmm9,%xmm13 - movdqa %xmm11,16(%rsp) -.byte 102,15,56,220,216 - pxor %xmm9,%xmm14 - movdqa %xmm12,32(%rsp) -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 - pxor %xmm9,%xmm8 - movdqa %xmm14,64(%rsp) -.byte 102,15,56,220,240 -.byte 102,15,56,220,248 - movups 64(%rbp),%xmm0 - movdqa %xmm8,80(%rsp) - pshufd $0x5f,%xmm15,%xmm9 - jmp L$xts_enc_loop6 -.p2align 5 -L$xts_enc_loop6: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups -64(%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 -.byte 102,15,56,220,240 -.byte 102,15,56,220,248 - movups -80(%rcx,%rax,1),%xmm0 - jnz L$xts_enc_loop6 - - movdqa (%r8),%xmm8 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 -.byte 102,15,56,220,209 - paddq %xmm15,%xmm15 - psrad $31,%xmm14 -.byte 102,15,56,220,217 - pand %xmm8,%xmm14 - movups (%rbp),%xmm10 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 - pxor %xmm14,%xmm15 - movaps %xmm10,%xmm11 -.byte 102,15,56,220,249 - movups -64(%rcx),%xmm1 - - movdqa %xmm9,%xmm14 -.byte 102,15,56,220,208 - paddd %xmm9,%xmm9 - pxor %xmm15,%xmm10 -.byte 102,15,56,220,216 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 - pand %xmm8,%xmm14 - movaps %xmm11,%xmm12 -.byte 102,15,56,220,240 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 -.byte 102,15,56,220,248 - movups -48(%rcx),%xmm0 - - paddd %xmm9,%xmm9 -.byte 102,15,56,220,209 - pxor %xmm15,%xmm11 - psrad $31,%xmm14 -.byte 102,15,56,220,217 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - movdqa %xmm13,48(%rsp) - pxor %xmm14,%xmm15 -.byte 102,15,56,220,241 - movaps %xmm12,%xmm13 - movdqa %xmm9,%xmm14 -.byte 102,15,56,220,249 - movups -32(%rcx),%xmm1 - - paddd %xmm9,%xmm9 -.byte 102,15,56,220,208 - pxor %xmm15,%xmm12 - psrad $31,%xmm14 -.byte 102,15,56,220,216 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 -.byte 102,15,56,220,240 - pxor %xmm14,%xmm15 - movaps %xmm13,%xmm14 -.byte 102,15,56,220,248 - - movdqa %xmm9,%xmm0 - paddd %xmm9,%xmm9 -.byte 102,15,56,220,209 - pxor %xmm15,%xmm13 - psrad $31,%xmm0 -.byte 102,15,56,220,217 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm0 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - pxor %xmm0,%xmm15 - movups (%rbp),%xmm0 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups 16(%rbp),%xmm1 - - pxor %xmm15,%xmm14 -.byte 102,15,56,221,84,36,0 - psrad $31,%xmm9 - paddq %xmm15,%xmm15 -.byte 102,15,56,221,92,36,16 -.byte 102,15,56,221,100,36,32 - pand %xmm8,%xmm9 - movq %r10,%rax -.byte 102,15,56,221,108,36,48 -.byte 102,15,56,221,116,36,64 -.byte 102,15,56,221,124,36,80 - pxor %xmm9,%xmm15 - - leaq 96(%rsi),%rsi - movups %xmm2,-96(%rsi) - movups %xmm3,-80(%rsi) - movups %xmm4,-64(%rsi) - movups %xmm5,-48(%rsi) - movups %xmm6,-32(%rsi) - movups %xmm7,-16(%rsi) - subq $96,%rdx - jnc L$xts_enc_grandloop - - movl $16+96,%eax - subl %r10d,%eax - movq %rbp,%rcx - shrl $4,%eax - -L$xts_enc_short: - - movl %eax,%r10d - pxor %xmm0,%xmm10 - addq $96,%rdx - jz L$xts_enc_done - - pxor %xmm0,%xmm11 - cmpq $0x20,%rdx - jb L$xts_enc_one - pxor %xmm0,%xmm12 - je L$xts_enc_two - - pxor %xmm0,%xmm13 - cmpq $0x40,%rdx - jb L$xts_enc_three - pxor %xmm0,%xmm14 - je L$xts_enc_four - - movdqu (%rdi),%xmm2 - movdqu 16(%rdi),%xmm3 - movdqu 32(%rdi),%xmm4 - pxor %xmm10,%xmm2 - movdqu 48(%rdi),%xmm5 - pxor %xmm11,%xmm3 - movdqu 64(%rdi),%xmm6 - leaq 80(%rdi),%rdi - pxor %xmm12,%xmm4 - pxor %xmm13,%xmm5 - pxor %xmm14,%xmm6 - pxor %xmm7,%xmm7 - - call _aesni_encrypt6 - - xorps %xmm10,%xmm2 - movdqa %xmm15,%xmm10 - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - movdqu %xmm2,(%rsi) - xorps %xmm13,%xmm5 - movdqu %xmm3,16(%rsi) - xorps %xmm14,%xmm6 - movdqu %xmm4,32(%rsi) - movdqu %xmm5,48(%rsi) - movdqu %xmm6,64(%rsi) - leaq 80(%rsi),%rsi - jmp L$xts_enc_done - -.p2align 4 -L$xts_enc_one: - movups (%rdi),%xmm2 - leaq 16(%rdi),%rdi - xorps %xmm10,%xmm2 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -L$oop_enc1_9: -.byte 102,15,56,220,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz L$oop_enc1_9 -.byte 102,15,56,221,209 - xorps %xmm10,%xmm2 - movdqa %xmm11,%xmm10 - movups %xmm2,(%rsi) - leaq 16(%rsi),%rsi - jmp L$xts_enc_done - -.p2align 4 -L$xts_enc_two: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - leaq 32(%rdi),%rdi - xorps %xmm10,%xmm2 - xorps %xmm11,%xmm3 - - call _aesni_encrypt2 - - xorps %xmm10,%xmm2 - movdqa %xmm12,%xmm10 - xorps %xmm11,%xmm3 - movups %xmm2,(%rsi) - movups %xmm3,16(%rsi) - leaq 32(%rsi),%rsi - jmp L$xts_enc_done - -.p2align 4 -L$xts_enc_three: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - movups 32(%rdi),%xmm4 - leaq 48(%rdi),%rdi - xorps %xmm10,%xmm2 - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - - call _aesni_encrypt3 - - xorps %xmm10,%xmm2 - movdqa %xmm13,%xmm10 - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - movups %xmm2,(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - leaq 48(%rsi),%rsi - jmp L$xts_enc_done - -.p2align 4 -L$xts_enc_four: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - movups 32(%rdi),%xmm4 - xorps %xmm10,%xmm2 - movups 48(%rdi),%xmm5 - leaq 64(%rdi),%rdi - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - xorps %xmm13,%xmm5 - - call _aesni_encrypt4 - - pxor %xmm10,%xmm2 - movdqa %xmm14,%xmm10 - pxor %xmm11,%xmm3 - pxor %xmm12,%xmm4 - movdqu %xmm2,(%rsi) - pxor %xmm13,%xmm5 - movdqu %xmm3,16(%rsi) - movdqu %xmm4,32(%rsi) - movdqu %xmm5,48(%rsi) - leaq 64(%rsi),%rsi - jmp L$xts_enc_done - -.p2align 4 -L$xts_enc_done: - andq $15,%r9 - jz L$xts_enc_ret - movq %r9,%rdx - -L$xts_enc_steal: - movzbl (%rdi),%eax - movzbl -16(%rsi),%ecx - leaq 1(%rdi),%rdi - movb %al,-16(%rsi) - movb %cl,0(%rsi) - leaq 1(%rsi),%rsi - subq $1,%rdx - jnz L$xts_enc_steal - - subq %r9,%rsi - movq %rbp,%rcx - movl %r10d,%eax - - movups -16(%rsi),%xmm2 - xorps %xmm10,%xmm2 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -L$oop_enc1_10: -.byte 102,15,56,220,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz L$oop_enc1_10 -.byte 102,15,56,221,209 - xorps %xmm10,%xmm2 - movups %xmm2,-16(%rsi) - -L$xts_enc_ret: - xorps %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - movaps %xmm0,0(%rsp) - pxor %xmm8,%xmm8 - movaps %xmm0,16(%rsp) - pxor %xmm9,%xmm9 - movaps %xmm0,32(%rsp) - pxor %xmm10,%xmm10 - movaps %xmm0,48(%rsp) - pxor %xmm11,%xmm11 - movaps %xmm0,64(%rsp) - pxor %xmm12,%xmm12 - movaps %xmm0,80(%rsp) - pxor %xmm13,%xmm13 - movaps %xmm0,96(%rsp) - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - movq -8(%r11),%rbp - - leaq (%r11),%rsp - -L$xts_enc_epilogue: - .byte 0xf3,0xc3 - - -.globl _aes_hw_xts_decrypt -.private_extern _aes_hw_xts_decrypt - -.p2align 4 -_aes_hw_xts_decrypt: - - leaq (%rsp),%r11 - - pushq %rbp - - subq $112,%rsp - andq $-16,%rsp - movups (%r9),%xmm2 - movl 240(%r8),%eax - movl 240(%rcx),%r10d - movups (%r8),%xmm0 - movups 16(%r8),%xmm1 - leaq 32(%r8),%r8 - xorps %xmm0,%xmm2 -L$oop_enc1_11: -.byte 102,15,56,220,209 - decl %eax - movups (%r8),%xmm1 - leaq 16(%r8),%r8 - jnz L$oop_enc1_11 -.byte 102,15,56,221,209 - xorl %eax,%eax - testq $15,%rdx - setnz %al - shlq $4,%rax - subq %rax,%rdx - - movups (%rcx),%xmm0 - movq %rcx,%rbp - movl %r10d,%eax - shll $4,%r10d - movq %rdx,%r9 - andq $-16,%rdx - - movups 16(%rcx,%r10,1),%xmm1 - - movdqa L$xts_magic(%rip),%xmm8 - movdqa %xmm2,%xmm15 - pshufd $0x5f,%xmm2,%xmm9 - pxor %xmm0,%xmm1 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm10 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm10 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm11 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm11 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm12 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm12 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 - movdqa %xmm15,%xmm13 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 - pxor %xmm0,%xmm13 - pxor %xmm14,%xmm15 - movdqa %xmm15,%xmm14 - psrad $31,%xmm9 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm9 - pxor %xmm0,%xmm14 - pxor %xmm9,%xmm15 - movaps %xmm1,96(%rsp) - - subq $96,%rdx - jc L$xts_dec_short - - movl $16+96,%eax - leaq 32(%rbp,%r10,1),%rcx - subq %r10,%rax - movups 16(%rbp),%xmm1 - movq %rax,%r10 - leaq L$xts_magic(%rip),%r8 - jmp L$xts_dec_grandloop - -.p2align 5 -L$xts_dec_grandloop: - movdqu 0(%rdi),%xmm2 - movdqa %xmm0,%xmm8 - movdqu 16(%rdi),%xmm3 - pxor %xmm10,%xmm2 - movdqu 32(%rdi),%xmm4 - pxor %xmm11,%xmm3 -.byte 102,15,56,222,209 - movdqu 48(%rdi),%xmm5 - pxor %xmm12,%xmm4 -.byte 102,15,56,222,217 - movdqu 64(%rdi),%xmm6 - pxor %xmm13,%xmm5 -.byte 102,15,56,222,225 - movdqu 80(%rdi),%xmm7 - pxor %xmm15,%xmm8 - movdqa 96(%rsp),%xmm9 - pxor %xmm14,%xmm6 -.byte 102,15,56,222,233 - movups 32(%rbp),%xmm0 - leaq 96(%rdi),%rdi - pxor %xmm8,%xmm7 - - pxor %xmm9,%xmm10 -.byte 102,15,56,222,241 - pxor %xmm9,%xmm11 - movdqa %xmm10,0(%rsp) -.byte 102,15,56,222,249 - movups 48(%rbp),%xmm1 - pxor %xmm9,%xmm12 - -.byte 102,15,56,222,208 - pxor %xmm9,%xmm13 - movdqa %xmm11,16(%rsp) -.byte 102,15,56,222,216 - pxor %xmm9,%xmm14 - movdqa %xmm12,32(%rsp) -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 - pxor %xmm9,%xmm8 - movdqa %xmm14,64(%rsp) -.byte 102,15,56,222,240 -.byte 102,15,56,222,248 - movups 64(%rbp),%xmm0 - movdqa %xmm8,80(%rsp) - pshufd $0x5f,%xmm15,%xmm9 - jmp L$xts_dec_loop6 -.p2align 5 -L$xts_dec_loop6: -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups -64(%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,222,208 -.byte 102,15,56,222,216 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 -.byte 102,15,56,222,240 -.byte 102,15,56,222,248 - movups -80(%rcx,%rax,1),%xmm0 - jnz L$xts_dec_loop6 - - movdqa (%r8),%xmm8 - movdqa %xmm9,%xmm14 - paddd %xmm9,%xmm9 -.byte 102,15,56,222,209 - paddq %xmm15,%xmm15 - psrad $31,%xmm14 -.byte 102,15,56,222,217 - pand %xmm8,%xmm14 - movups (%rbp),%xmm10 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 - pxor %xmm14,%xmm15 - movaps %xmm10,%xmm11 -.byte 102,15,56,222,249 - movups -64(%rcx),%xmm1 - - movdqa %xmm9,%xmm14 -.byte 102,15,56,222,208 - paddd %xmm9,%xmm9 - pxor %xmm15,%xmm10 -.byte 102,15,56,222,216 - psrad $31,%xmm14 - paddq %xmm15,%xmm15 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 - pand %xmm8,%xmm14 - movaps %xmm11,%xmm12 -.byte 102,15,56,222,240 - pxor %xmm14,%xmm15 - movdqa %xmm9,%xmm14 -.byte 102,15,56,222,248 - movups -48(%rcx),%xmm0 - - paddd %xmm9,%xmm9 -.byte 102,15,56,222,209 - pxor %xmm15,%xmm11 - psrad $31,%xmm14 -.byte 102,15,56,222,217 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - movdqa %xmm13,48(%rsp) - pxor %xmm14,%xmm15 -.byte 102,15,56,222,241 - movaps %xmm12,%xmm13 - movdqa %xmm9,%xmm14 -.byte 102,15,56,222,249 - movups -32(%rcx),%xmm1 - - paddd %xmm9,%xmm9 -.byte 102,15,56,222,208 - pxor %xmm15,%xmm12 - psrad $31,%xmm14 -.byte 102,15,56,222,216 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm14 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 -.byte 102,15,56,222,240 - pxor %xmm14,%xmm15 - movaps %xmm13,%xmm14 -.byte 102,15,56,222,248 - - movdqa %xmm9,%xmm0 - paddd %xmm9,%xmm9 -.byte 102,15,56,222,209 - pxor %xmm15,%xmm13 - psrad $31,%xmm0 -.byte 102,15,56,222,217 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm0 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - pxor %xmm0,%xmm15 - movups (%rbp),%xmm0 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups 16(%rbp),%xmm1 - - pxor %xmm15,%xmm14 -.byte 102,15,56,223,84,36,0 - psrad $31,%xmm9 - paddq %xmm15,%xmm15 -.byte 102,15,56,223,92,36,16 -.byte 102,15,56,223,100,36,32 - pand %xmm8,%xmm9 - movq %r10,%rax -.byte 102,15,56,223,108,36,48 -.byte 102,15,56,223,116,36,64 -.byte 102,15,56,223,124,36,80 - pxor %xmm9,%xmm15 - - leaq 96(%rsi),%rsi - movups %xmm2,-96(%rsi) - movups %xmm3,-80(%rsi) - movups %xmm4,-64(%rsi) - movups %xmm5,-48(%rsi) - movups %xmm6,-32(%rsi) - movups %xmm7,-16(%rsi) - subq $96,%rdx - jnc L$xts_dec_grandloop - - movl $16+96,%eax - subl %r10d,%eax - movq %rbp,%rcx - shrl $4,%eax - -L$xts_dec_short: - - movl %eax,%r10d - pxor %xmm0,%xmm10 - pxor %xmm0,%xmm11 - addq $96,%rdx - jz L$xts_dec_done - - pxor %xmm0,%xmm12 - cmpq $0x20,%rdx - jb L$xts_dec_one - pxor %xmm0,%xmm13 - je L$xts_dec_two - - pxor %xmm0,%xmm14 - cmpq $0x40,%rdx - jb L$xts_dec_three - je L$xts_dec_four - - movdqu (%rdi),%xmm2 - movdqu 16(%rdi),%xmm3 - movdqu 32(%rdi),%xmm4 - pxor %xmm10,%xmm2 - movdqu 48(%rdi),%xmm5 - pxor %xmm11,%xmm3 - movdqu 64(%rdi),%xmm6 - leaq 80(%rdi),%rdi - pxor %xmm12,%xmm4 - pxor %xmm13,%xmm5 - pxor %xmm14,%xmm6 - - call _aesni_decrypt6 - - xorps %xmm10,%xmm2 - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - movdqu %xmm2,(%rsi) - xorps %xmm13,%xmm5 - movdqu %xmm3,16(%rsi) - xorps %xmm14,%xmm6 - movdqu %xmm4,32(%rsi) - pxor %xmm14,%xmm14 - movdqu %xmm5,48(%rsi) - pcmpgtd %xmm15,%xmm14 - movdqu %xmm6,64(%rsi) - leaq 80(%rsi),%rsi - pshufd $0x13,%xmm14,%xmm11 - andq $15,%r9 - jz L$xts_dec_ret - - movdqa %xmm15,%xmm10 - paddq %xmm15,%xmm15 - pand %xmm8,%xmm11 - pxor %xmm15,%xmm11 - jmp L$xts_dec_done2 - -.p2align 4 -L$xts_dec_one: - movups (%rdi),%xmm2 - leaq 16(%rdi),%rdi - xorps %xmm10,%xmm2 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -L$oop_dec1_12: -.byte 102,15,56,222,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz L$oop_dec1_12 -.byte 102,15,56,223,209 - xorps %xmm10,%xmm2 - movdqa %xmm11,%xmm10 - movups %xmm2,(%rsi) - movdqa %xmm12,%xmm11 - leaq 16(%rsi),%rsi - jmp L$xts_dec_done - -.p2align 4 -L$xts_dec_two: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - leaq 32(%rdi),%rdi - xorps %xmm10,%xmm2 - xorps %xmm11,%xmm3 - - call _aesni_decrypt2 - - xorps %xmm10,%xmm2 - movdqa %xmm12,%xmm10 - xorps %xmm11,%xmm3 - movdqa %xmm13,%xmm11 - movups %xmm2,(%rsi) - movups %xmm3,16(%rsi) - leaq 32(%rsi),%rsi - jmp L$xts_dec_done - -.p2align 4 -L$xts_dec_three: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - movups 32(%rdi),%xmm4 - leaq 48(%rdi),%rdi - xorps %xmm10,%xmm2 - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - - call _aesni_decrypt3 - - xorps %xmm10,%xmm2 - movdqa %xmm13,%xmm10 - xorps %xmm11,%xmm3 - movdqa %xmm14,%xmm11 - xorps %xmm12,%xmm4 - movups %xmm2,(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - leaq 48(%rsi),%rsi - jmp L$xts_dec_done - -.p2align 4 -L$xts_dec_four: - movups (%rdi),%xmm2 - movups 16(%rdi),%xmm3 - movups 32(%rdi),%xmm4 - xorps %xmm10,%xmm2 - movups 48(%rdi),%xmm5 - leaq 64(%rdi),%rdi - xorps %xmm11,%xmm3 - xorps %xmm12,%xmm4 - xorps %xmm13,%xmm5 - - call _aesni_decrypt4 - - pxor %xmm10,%xmm2 - movdqa %xmm14,%xmm10 - pxor %xmm11,%xmm3 - movdqa %xmm15,%xmm11 - pxor %xmm12,%xmm4 - movdqu %xmm2,(%rsi) - pxor %xmm13,%xmm5 - movdqu %xmm3,16(%rsi) - movdqu %xmm4,32(%rsi) - movdqu %xmm5,48(%rsi) - leaq 64(%rsi),%rsi - jmp L$xts_dec_done - -.p2align 4 -L$xts_dec_done: - andq $15,%r9 - jz L$xts_dec_ret -L$xts_dec_done2: - movq %r9,%rdx - movq %rbp,%rcx - movl %r10d,%eax - - movups (%rdi),%xmm2 - xorps %xmm11,%xmm2 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -L$oop_dec1_13: -.byte 102,15,56,222,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz L$oop_dec1_13 -.byte 102,15,56,223,209 - xorps %xmm11,%xmm2 - movups %xmm2,(%rsi) - -L$xts_dec_steal: - movzbl 16(%rdi),%eax - movzbl (%rsi),%ecx - leaq 1(%rdi),%rdi - movb %al,(%rsi) - movb %cl,16(%rsi) - leaq 1(%rsi),%rsi - subq $1,%rdx - jnz L$xts_dec_steal - - subq %r9,%rsi - movq %rbp,%rcx - movl %r10d,%eax - - movups (%rsi),%xmm2 - xorps %xmm10,%xmm2 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -L$oop_dec1_14: -.byte 102,15,56,222,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz L$oop_dec1_14 -.byte 102,15,56,223,209 - xorps %xmm10,%xmm2 - movups %xmm2,(%rsi) - -L$xts_dec_ret: - xorps %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - movaps %xmm0,0(%rsp) - pxor %xmm8,%xmm8 - movaps %xmm0,16(%rsp) - pxor %xmm9,%xmm9 - movaps %xmm0,32(%rsp) - pxor %xmm10,%xmm10 - movaps %xmm0,48(%rsp) - pxor %xmm11,%xmm11 - movaps %xmm0,64(%rsp) - pxor %xmm12,%xmm12 - movaps %xmm0,80(%rsp) - pxor %xmm13,%xmm13 - movaps %xmm0,96(%rsp) - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - movq -8(%r11),%rbp - - leaq (%r11),%rsp - -L$xts_dec_epilogue: - .byte 0xf3,0xc3 - - -.globl _aes_hw_ocb_encrypt -.private_extern _aes_hw_ocb_encrypt - -.p2align 5 -_aes_hw_ocb_encrypt: - - leaq (%rsp),%rax - pushq %rbx - - pushq %rbp - - pushq %r12 - - pushq %r13 - - pushq %r14 - - movq 8(%rax),%rbx - movq 8+8(%rax),%rbp - - movl 240(%rcx),%r10d - movq %rcx,%r11 - shll $4,%r10d - movups (%rcx),%xmm9 - movups 16(%rcx,%r10,1),%xmm1 - - movdqu (%r9),%xmm15 - pxor %xmm1,%xmm9 - pxor %xmm1,%xmm15 - - movl $16+32,%eax - leaq 32(%r11,%r10,1),%rcx - movups 16(%r11),%xmm1 - subq %r10,%rax - movq %rax,%r10 - - movdqu (%rbx),%xmm10 - movdqu (%rbp),%xmm8 - - testq $1,%r8 - jnz L$ocb_enc_odd - - bsfq %r8,%r12 - addq $1,%r8 - shlq $4,%r12 - movdqu (%rbx,%r12,1),%xmm7 - movdqu (%rdi),%xmm2 - leaq 16(%rdi),%rdi - - call __ocb_encrypt1 - - movdqa %xmm7,%xmm15 - movups %xmm2,(%rsi) - leaq 16(%rsi),%rsi - subq $1,%rdx - jz L$ocb_enc_done - -L$ocb_enc_odd: - leaq 1(%r8),%r12 - leaq 3(%r8),%r13 - leaq 5(%r8),%r14 - leaq 6(%r8),%r8 - bsfq %r12,%r12 - bsfq %r13,%r13 - bsfq %r14,%r14 - shlq $4,%r12 - shlq $4,%r13 - shlq $4,%r14 - - subq $6,%rdx - jc L$ocb_enc_short - jmp L$ocb_enc_grandloop - -.p2align 5 -L$ocb_enc_grandloop: - movdqu 0(%rdi),%xmm2 - movdqu 16(%rdi),%xmm3 - movdqu 32(%rdi),%xmm4 - movdqu 48(%rdi),%xmm5 - movdqu 64(%rdi),%xmm6 - movdqu 80(%rdi),%xmm7 - leaq 96(%rdi),%rdi - - call __ocb_encrypt6 - - movups %xmm2,0(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - movups %xmm5,48(%rsi) - movups %xmm6,64(%rsi) - movups %xmm7,80(%rsi) - leaq 96(%rsi),%rsi - subq $6,%rdx - jnc L$ocb_enc_grandloop - -L$ocb_enc_short: - addq $6,%rdx - jz L$ocb_enc_done - - movdqu 0(%rdi),%xmm2 - cmpq $2,%rdx - jb L$ocb_enc_one - movdqu 16(%rdi),%xmm3 - je L$ocb_enc_two - - movdqu 32(%rdi),%xmm4 - cmpq $4,%rdx - jb L$ocb_enc_three - movdqu 48(%rdi),%xmm5 - je L$ocb_enc_four - - movdqu 64(%rdi),%xmm6 - pxor %xmm7,%xmm7 - - call __ocb_encrypt6 - - movdqa %xmm14,%xmm15 - movups %xmm2,0(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - movups %xmm5,48(%rsi) - movups %xmm6,64(%rsi) - - jmp L$ocb_enc_done - -.p2align 4 -L$ocb_enc_one: - movdqa %xmm10,%xmm7 - - call __ocb_encrypt1 - - movdqa %xmm7,%xmm15 - movups %xmm2,0(%rsi) - jmp L$ocb_enc_done - -.p2align 4 -L$ocb_enc_two: - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - - call __ocb_encrypt4 - - movdqa %xmm11,%xmm15 - movups %xmm2,0(%rsi) - movups %xmm3,16(%rsi) - - jmp L$ocb_enc_done - -.p2align 4 -L$ocb_enc_three: - pxor %xmm5,%xmm5 - - call __ocb_encrypt4 - - movdqa %xmm12,%xmm15 - movups %xmm2,0(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - - jmp L$ocb_enc_done - -.p2align 4 -L$ocb_enc_four: - call __ocb_encrypt4 - - movdqa %xmm13,%xmm15 - movups %xmm2,0(%rsi) - movups %xmm3,16(%rsi) - movups %xmm4,32(%rsi) - movups %xmm5,48(%rsi) - -L$ocb_enc_done: - pxor %xmm0,%xmm15 - movdqu %xmm8,(%rbp) - movdqu %xmm15,(%r9) - - xorps %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - pxor %xmm8,%xmm8 - pxor %xmm9,%xmm9 - pxor %xmm10,%xmm10 - pxor %xmm11,%xmm11 - pxor %xmm12,%xmm12 - pxor %xmm13,%xmm13 - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - leaq 40(%rsp),%rax - - movq -40(%rax),%r14 - - movq -32(%rax),%r13 - - movq -24(%rax),%r12 - - movq -16(%rax),%rbp - - movq -8(%rax),%rbx - - leaq (%rax),%rsp - -L$ocb_enc_epilogue: - .byte 0xf3,0xc3 - - - - -.p2align 5 -__ocb_encrypt6: - pxor %xmm9,%xmm15 - movdqu (%rbx,%r12,1),%xmm11 - movdqa %xmm10,%xmm12 - movdqu (%rbx,%r13,1),%xmm13 - movdqa %xmm10,%xmm14 - pxor %xmm15,%xmm10 - movdqu (%rbx,%r14,1),%xmm15 - pxor %xmm10,%xmm11 - pxor %xmm2,%xmm8 - pxor %xmm10,%xmm2 - pxor %xmm11,%xmm12 - pxor %xmm3,%xmm8 - pxor %xmm11,%xmm3 - pxor %xmm12,%xmm13 - pxor %xmm4,%xmm8 - pxor %xmm12,%xmm4 - pxor %xmm13,%xmm14 - pxor %xmm5,%xmm8 - pxor %xmm13,%xmm5 - pxor %xmm14,%xmm15 - pxor %xmm6,%xmm8 - pxor %xmm14,%xmm6 - pxor %xmm7,%xmm8 - pxor %xmm15,%xmm7 - movups 32(%r11),%xmm0 - - leaq 1(%r8),%r12 - leaq 3(%r8),%r13 - leaq 5(%r8),%r14 - addq $6,%r8 - pxor %xmm9,%xmm10 - bsfq %r12,%r12 - bsfq %r13,%r13 - bsfq %r14,%r14 - -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - pxor %xmm9,%xmm11 - pxor %xmm9,%xmm12 -.byte 102,15,56,220,241 - pxor %xmm9,%xmm13 - pxor %xmm9,%xmm14 -.byte 102,15,56,220,249 - movups 48(%r11),%xmm1 - pxor %xmm9,%xmm15 - -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 -.byte 102,15,56,220,240 -.byte 102,15,56,220,248 - movups 64(%r11),%xmm0 - shlq $4,%r12 - shlq $4,%r13 - jmp L$ocb_enc_loop6 - -.p2align 5 -L$ocb_enc_loop6: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 -.byte 102,15,56,220,240 -.byte 102,15,56,220,248 - movups -16(%rcx,%rax,1),%xmm0 - jnz L$ocb_enc_loop6 - -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - movups 16(%r11),%xmm1 - shlq $4,%r14 - -.byte 102,65,15,56,221,210 - movdqu (%rbx),%xmm10 - movq %r10,%rax -.byte 102,65,15,56,221,219 -.byte 102,65,15,56,221,228 -.byte 102,65,15,56,221,237 -.byte 102,65,15,56,221,246 -.byte 102,65,15,56,221,255 - .byte 0xf3,0xc3 - - - -.p2align 5 -__ocb_encrypt4: - pxor %xmm9,%xmm15 - movdqu (%rbx,%r12,1),%xmm11 - movdqa %xmm10,%xmm12 - movdqu (%rbx,%r13,1),%xmm13 - pxor %xmm15,%xmm10 - pxor %xmm10,%xmm11 - pxor %xmm2,%xmm8 - pxor %xmm10,%xmm2 - pxor %xmm11,%xmm12 - pxor %xmm3,%xmm8 - pxor %xmm11,%xmm3 - pxor %xmm12,%xmm13 - pxor %xmm4,%xmm8 - pxor %xmm12,%xmm4 - pxor %xmm5,%xmm8 - pxor %xmm13,%xmm5 - movups 32(%r11),%xmm0 - - pxor %xmm9,%xmm10 - pxor %xmm9,%xmm11 - pxor %xmm9,%xmm12 - pxor %xmm9,%xmm13 - -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - movups 48(%r11),%xmm1 - -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 - movups 64(%r11),%xmm0 - jmp L$ocb_enc_loop4 - -.p2align 5 -L$ocb_enc_loop4: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 - movups -16(%rcx,%rax,1),%xmm0 - jnz L$ocb_enc_loop4 - -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - movups 16(%r11),%xmm1 - movq %r10,%rax - -.byte 102,65,15,56,221,210 -.byte 102,65,15,56,221,219 -.byte 102,65,15,56,221,228 -.byte 102,65,15,56,221,237 - .byte 0xf3,0xc3 - - - -.p2align 5 -__ocb_encrypt1: - pxor %xmm15,%xmm7 - pxor %xmm9,%xmm7 - pxor %xmm2,%xmm8 - pxor %xmm7,%xmm2 - movups 32(%r11),%xmm0 - -.byte 102,15,56,220,209 - movups 48(%r11),%xmm1 - pxor %xmm9,%xmm7 - -.byte 102,15,56,220,208 - movups 64(%r11),%xmm0 - jmp L$ocb_enc_loop1 - -.p2align 5 -L$ocb_enc_loop1: -.byte 102,15,56,220,209 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,220,208 - movups -16(%rcx,%rax,1),%xmm0 - jnz L$ocb_enc_loop1 - -.byte 102,15,56,220,209 - movups 16(%r11),%xmm1 - movq %r10,%rax - -.byte 102,15,56,221,215 - .byte 0xf3,0xc3 - - -.globl _aes_hw_ocb_decrypt -.private_extern _aes_hw_ocb_decrypt - -.p2align 5 -_aes_hw_ocb_decrypt: - - leaq (%rsp),%rax - pushq %rbx - - pushq %rbp - - pushq %r12 - - pushq %r13 - - pushq %r14 - - movq 8(%rax),%rbx - movq 8+8(%rax),%rbp - - movl 240(%rcx),%r10d - movq %rcx,%r11 - shll $4,%r10d - movups (%rcx),%xmm9 - movups 16(%rcx,%r10,1),%xmm1 - - movdqu (%r9),%xmm15 - pxor %xmm1,%xmm9 - pxor %xmm1,%xmm15 - - movl $16+32,%eax - leaq 32(%r11,%r10,1),%rcx - movups 16(%r11),%xmm1 - subq %r10,%rax - movq %rax,%r10 - - movdqu (%rbx),%xmm10 - movdqu (%rbp),%xmm8 - - testq $1,%r8 - jnz L$ocb_dec_odd - - bsfq %r8,%r12 - addq $1,%r8 - shlq $4,%r12 - movdqu (%rbx,%r12,1),%xmm7 - movdqu (%rdi),%xmm2 - leaq 16(%rdi),%rdi - - call __ocb_decrypt1 - - movdqa %xmm7,%xmm15 - movups %xmm2,(%rsi) - xorps %xmm2,%xmm8 - leaq 16(%rsi),%rsi - subq $1,%rdx - jz L$ocb_dec_done - -L$ocb_dec_odd: - leaq 1(%r8),%r12 - leaq 3(%r8),%r13 - leaq 5(%r8),%r14 - leaq 6(%r8),%r8 - bsfq %r12,%r12 - bsfq %r13,%r13 - bsfq %r14,%r14 - shlq $4,%r12 - shlq $4,%r13 - shlq $4,%r14 - - subq $6,%rdx - jc L$ocb_dec_short - jmp L$ocb_dec_grandloop - -.p2align 5 -L$ocb_dec_grandloop: - movdqu 0(%rdi),%xmm2 - movdqu 16(%rdi),%xmm3 - movdqu 32(%rdi),%xmm4 - movdqu 48(%rdi),%xmm5 - movdqu 64(%rdi),%xmm6 - movdqu 80(%rdi),%xmm7 - leaq 96(%rdi),%rdi - - call __ocb_decrypt6 - - movups %xmm2,0(%rsi) - pxor %xmm2,%xmm8 - movups %xmm3,16(%rsi) - pxor %xmm3,%xmm8 - movups %xmm4,32(%rsi) - pxor %xmm4,%xmm8 - movups %xmm5,48(%rsi) - pxor %xmm5,%xmm8 - movups %xmm6,64(%rsi) - pxor %xmm6,%xmm8 - movups %xmm7,80(%rsi) - pxor %xmm7,%xmm8 - leaq 96(%rsi),%rsi - subq $6,%rdx - jnc L$ocb_dec_grandloop - -L$ocb_dec_short: - addq $6,%rdx - jz L$ocb_dec_done - - movdqu 0(%rdi),%xmm2 - cmpq $2,%rdx - jb L$ocb_dec_one - movdqu 16(%rdi),%xmm3 - je L$ocb_dec_two - - movdqu 32(%rdi),%xmm4 - cmpq $4,%rdx - jb L$ocb_dec_three - movdqu 48(%rdi),%xmm5 - je L$ocb_dec_four - - movdqu 64(%rdi),%xmm6 - pxor %xmm7,%xmm7 - - call __ocb_decrypt6 - - movdqa %xmm14,%xmm15 - movups %xmm2,0(%rsi) - pxor %xmm2,%xmm8 - movups %xmm3,16(%rsi) - pxor %xmm3,%xmm8 - movups %xmm4,32(%rsi) - pxor %xmm4,%xmm8 - movups %xmm5,48(%rsi) - pxor %xmm5,%xmm8 - movups %xmm6,64(%rsi) - pxor %xmm6,%xmm8 - - jmp L$ocb_dec_done - -.p2align 4 -L$ocb_dec_one: - movdqa %xmm10,%xmm7 - - call __ocb_decrypt1 - - movdqa %xmm7,%xmm15 - movups %xmm2,0(%rsi) - xorps %xmm2,%xmm8 - jmp L$ocb_dec_done - -.p2align 4 -L$ocb_dec_two: - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - - call __ocb_decrypt4 - - movdqa %xmm11,%xmm15 - movups %xmm2,0(%rsi) - xorps %xmm2,%xmm8 - movups %xmm3,16(%rsi) - xorps %xmm3,%xmm8 - - jmp L$ocb_dec_done - -.p2align 4 -L$ocb_dec_three: - pxor %xmm5,%xmm5 - - call __ocb_decrypt4 - - movdqa %xmm12,%xmm15 - movups %xmm2,0(%rsi) - xorps %xmm2,%xmm8 - movups %xmm3,16(%rsi) - xorps %xmm3,%xmm8 - movups %xmm4,32(%rsi) - xorps %xmm4,%xmm8 - - jmp L$ocb_dec_done - -.p2align 4 -L$ocb_dec_four: - call __ocb_decrypt4 - - movdqa %xmm13,%xmm15 - movups %xmm2,0(%rsi) - pxor %xmm2,%xmm8 - movups %xmm3,16(%rsi) - pxor %xmm3,%xmm8 - movups %xmm4,32(%rsi) - pxor %xmm4,%xmm8 - movups %xmm5,48(%rsi) - pxor %xmm5,%xmm8 - -L$ocb_dec_done: - pxor %xmm0,%xmm15 - movdqu %xmm8,(%rbp) - movdqu %xmm15,(%r9) - - xorps %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - pxor %xmm8,%xmm8 - pxor %xmm9,%xmm9 - pxor %xmm10,%xmm10 - pxor %xmm11,%xmm11 - pxor %xmm12,%xmm12 - pxor %xmm13,%xmm13 - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - leaq 40(%rsp),%rax - - movq -40(%rax),%r14 - - movq -32(%rax),%r13 - - movq -24(%rax),%r12 - - movq -16(%rax),%rbp - - movq -8(%rax),%rbx - - leaq (%rax),%rsp - -L$ocb_dec_epilogue: - .byte 0xf3,0xc3 - - - - -.p2align 5 -__ocb_decrypt6: - pxor %xmm9,%xmm15 - movdqu (%rbx,%r12,1),%xmm11 - movdqa %xmm10,%xmm12 - movdqu (%rbx,%r13,1),%xmm13 - movdqa %xmm10,%xmm14 - pxor %xmm15,%xmm10 - movdqu (%rbx,%r14,1),%xmm15 - pxor %xmm10,%xmm11 - pxor %xmm10,%xmm2 - pxor %xmm11,%xmm12 - pxor %xmm11,%xmm3 - pxor %xmm12,%xmm13 - pxor %xmm12,%xmm4 - pxor %xmm13,%xmm14 - pxor %xmm13,%xmm5 - pxor %xmm14,%xmm15 - pxor %xmm14,%xmm6 - pxor %xmm15,%xmm7 - movups 32(%r11),%xmm0 - - leaq 1(%r8),%r12 - leaq 3(%r8),%r13 - leaq 5(%r8),%r14 - addq $6,%r8 - pxor %xmm9,%xmm10 - bsfq %r12,%r12 - bsfq %r13,%r13 - bsfq %r14,%r14 - -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - pxor %xmm9,%xmm11 - pxor %xmm9,%xmm12 -.byte 102,15,56,222,241 - pxor %xmm9,%xmm13 - pxor %xmm9,%xmm14 -.byte 102,15,56,222,249 - movups 48(%r11),%xmm1 - pxor %xmm9,%xmm15 - -.byte 102,15,56,222,208 -.byte 102,15,56,222,216 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 -.byte 102,15,56,222,240 -.byte 102,15,56,222,248 - movups 64(%r11),%xmm0 - shlq $4,%r12 - shlq $4,%r13 - jmp L$ocb_dec_loop6 - -.p2align 5 -L$ocb_dec_loop6: -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,222,208 -.byte 102,15,56,222,216 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 -.byte 102,15,56,222,240 -.byte 102,15,56,222,248 - movups -16(%rcx,%rax,1),%xmm0 - jnz L$ocb_dec_loop6 - -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 -.byte 102,15,56,222,241 -.byte 102,15,56,222,249 - movups 16(%r11),%xmm1 - shlq $4,%r14 - -.byte 102,65,15,56,223,210 - movdqu (%rbx),%xmm10 - movq %r10,%rax -.byte 102,65,15,56,223,219 -.byte 102,65,15,56,223,228 -.byte 102,65,15,56,223,237 -.byte 102,65,15,56,223,246 -.byte 102,65,15,56,223,255 - .byte 0xf3,0xc3 - - - -.p2align 5 -__ocb_decrypt4: - pxor %xmm9,%xmm15 - movdqu (%rbx,%r12,1),%xmm11 - movdqa %xmm10,%xmm12 - movdqu (%rbx,%r13,1),%xmm13 - pxor %xmm15,%xmm10 - pxor %xmm10,%xmm11 - pxor %xmm10,%xmm2 - pxor %xmm11,%xmm12 - pxor %xmm11,%xmm3 - pxor %xmm12,%xmm13 - pxor %xmm12,%xmm4 - pxor %xmm13,%xmm5 - movups 32(%r11),%xmm0 - - pxor %xmm9,%xmm10 - pxor %xmm9,%xmm11 - pxor %xmm9,%xmm12 - pxor %xmm9,%xmm13 - -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - movups 48(%r11),%xmm1 - -.byte 102,15,56,222,208 -.byte 102,15,56,222,216 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 - movups 64(%r11),%xmm0 - jmp L$ocb_dec_loop4 - -.p2align 5 -L$ocb_dec_loop4: -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,222,208 -.byte 102,15,56,222,216 -.byte 102,15,56,222,224 -.byte 102,15,56,222,232 - movups -16(%rcx,%rax,1),%xmm0 - jnz L$ocb_dec_loop4 - -.byte 102,15,56,222,209 -.byte 102,15,56,222,217 -.byte 102,15,56,222,225 -.byte 102,15,56,222,233 - movups 16(%r11),%xmm1 - movq %r10,%rax - -.byte 102,65,15,56,223,210 -.byte 102,65,15,56,223,219 -.byte 102,65,15,56,223,228 -.byte 102,65,15,56,223,237 - .byte 0xf3,0xc3 - - - -.p2align 5 -__ocb_decrypt1: - pxor %xmm15,%xmm7 - pxor %xmm9,%xmm7 - pxor %xmm7,%xmm2 - movups 32(%r11),%xmm0 - -.byte 102,15,56,222,209 - movups 48(%r11),%xmm1 - pxor %xmm9,%xmm7 - -.byte 102,15,56,222,208 - movups 64(%r11),%xmm0 - jmp L$ocb_dec_loop1 - -.p2align 5 -L$ocb_dec_loop1: -.byte 102,15,56,222,209 - movups (%rcx,%rax,1),%xmm1 - addq $32,%rax - -.byte 102,15,56,222,208 - movups -16(%rcx,%rax,1),%xmm0 - jnz L$ocb_dec_loop1 - -.byte 102,15,56,222,209 - movups 16(%r11),%xmm1 - movq %r10,%rax - -.byte 102,15,56,223,215 - .byte 0xf3,0xc3 - -.globl _aes_hw_cbc_encrypt -.private_extern _aes_hw_cbc_encrypt - -.p2align 4 -_aes_hw_cbc_encrypt: - - testq %rdx,%rdx - jz L$cbc_ret - - movl 240(%rcx),%r10d - movq %rcx,%r11 - testl %r9d,%r9d - jz L$cbc_decrypt - - movups (%r8),%xmm2 - movl %r10d,%eax - cmpq $16,%rdx - jb L$cbc_enc_tail - subq $16,%rdx - jmp L$cbc_enc_loop -.p2align 4 -L$cbc_enc_loop: - movups (%rdi),%xmm3 - leaq 16(%rdi),%rdi - - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - xorps %xmm0,%xmm3 - leaq 32(%rcx),%rcx - xorps %xmm3,%xmm2 -L$oop_enc1_15: -.byte 102,15,56,220,209 - decl %eax - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz L$oop_enc1_15 -.byte 102,15,56,221,209 - movl %r10d,%eax - movq %r11,%rcx - movups %xmm2,0(%rsi) - leaq 16(%rsi),%rsi - subq $16,%rdx - jnc L$cbc_enc_loop - addq $16,%rdx - jnz L$cbc_enc_tail - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - movups %xmm2,(%r8) - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - jmp L$cbc_ret - -L$cbc_enc_tail: - movq %rdx,%rcx - xchgq %rdi,%rsi -.long 0x9066A4F3 - movl $16,%ecx - subq %rdx,%rcx - xorl %eax,%eax -.long 0x9066AAF3 - leaq -16(%rdi),%rdi - movl %r10d,%eax - movq %rdi,%rsi - movq %r11,%rcx - xorq %rdx,%rdx - jmp L$cbc_enc_loop - -.p2align 4 -L$cbc_decrypt: - cmpq $16,%rdx - jne L$cbc_decrypt_bulk - - - - movdqu (%rdi),%xmm2 - movdqu (%r8),%xmm3 - movdqa %xmm2,%xmm4 - movups (%rcx),%xmm0 - movups 16(%rcx),%xmm1 - leaq 32(%rcx),%rcx - xorps %xmm0,%xmm2 -L$oop_dec1_16: -.byte 102,15,56,222,209 - decl %r10d - movups (%rcx),%xmm1 - leaq 16(%rcx),%rcx - jnz L$oop_dec1_16 -.byte 102,15,56,223,209 - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - movdqu %xmm4,(%r8) - xorps %xmm3,%xmm2 - pxor %xmm3,%xmm3 - movups %xmm2,(%rsi) - pxor %xmm2,%xmm2 - jmp L$cbc_ret -.p2align 4 -L$cbc_decrypt_bulk: - leaq (%rsp),%r11 - - pushq %rbp - - subq $16,%rsp - andq $-16,%rsp - movq %rcx,%rbp - movups (%r8),%xmm10 - movl %r10d,%eax - cmpq $0x50,%rdx - jbe L$cbc_dec_tail - - movups (%rcx),%xmm0 - movdqu 0(%rdi),%xmm2 - movdqu 16(%rdi),%xmm3 - movdqa %xmm2,%xmm11 - movdqu 32(%rdi),%xmm4 - movdqa %xmm3,%xmm12 - movdqu 48(%rdi),%xmm5 - movdqa %xmm4,%xmm13 - movdqu 64(%rdi),%xmm6 - movdqa %xmm5,%xmm14 - movdqu 80(%rdi),%xmm7 - movdqa %xmm6,%xmm15 - leaq _OPENSSL_ia32cap_P(%rip),%r9 - movl 4(%r9),%r9d - cmpq $0x70,%rdx - jbe L$cbc_dec_six_or_seven + movdqa %xmm6,%xmm15 + leaq _OPENSSL_ia32cap_P(%rip),%r9 + movl 4(%r9),%r9d + cmpq $0x70,%rdx + jbe L$cbc_dec_six_or_seven andl $71303168,%r9d subq $0x50,%rdx @@ -3911,12 +1963,12 @@ L$cbc_dec_one: movups 16(%rcx),%xmm1 leaq 32(%rcx),%rcx xorps %xmm0,%xmm2 -L$oop_dec1_17: +L$oop_dec1_8: .byte 102,15,56,222,209 decl %eax movups (%rcx),%xmm1 leaq 16(%rcx),%rcx - jnz L$oop_dec1_17 + jnz L$oop_dec1_8 .byte 102,15,56,223,209 xorps %xmm10,%xmm2 movaps %xmm11,%xmm10 @@ -4057,6 +2109,11 @@ L$SEH_end_set_decrypt_key: _aes_hw_set_encrypt_key: __aesni_set_encrypt_key: +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS + movb $1,_BORINGSSL_function_hit+3(%rip) +#endif +#endif .byte 0x48,0x83,0xEC,0x08 movq $-1,%rax diff --git a/mac-x86_64/crypto/fipsmodule/bsaes-x86_64.S b/mac-x86_64/crypto/fipsmodule/bsaes-x86_64.S index 0149e0e..5a65960 100644 --- a/mac-x86_64/crypto/fipsmodule/bsaes-x86_64.S +++ b/mac-x86_64/crypto/fipsmodule/bsaes-x86_64.S @@ -19,6 +19,7 @@ .p2align 6 _bsaes_encrypt8: + leaq L$BS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -489,8 +490,10 @@ L$enc_done: + .p2align 6 _bsaes_decrypt8: + leaq L$BS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -994,8 +997,10 @@ L$dec_done: .byte 0xf3,0xc3 + .p2align 4 _bsaes_key_convert: + leaq L$masks(%rip),%r11 movdqu (%rcx),%xmm7 leaq 16(%rcx),%rcx @@ -1076,6 +1081,7 @@ L$key_loop: .byte 0xf3,0xc3 + .globl _bsaes_cbc_encrypt .private_extern _bsaes_cbc_encrypt @@ -1350,6 +1356,12 @@ L$cbc_dec_epilogue: .p2align 4 _bsaes_ctr32_encrypt_blocks: +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS + + movb $1,_BORINGSSL_function_hit+6(%rip) +#endif +#endif movq %rsp,%rax L$ctr_enc_prologue: pushq %rbp diff --git a/mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S b/mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S new file mode 100644 index 0000000..1b9129f --- /dev/null +++ b/mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S @@ -0,0 +1,426 @@ +# This file is generated from a similarly-named Perl script in the BoringSSL +# source tree. Do not edit by hand. + +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + +#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#if defined(BORINGSSL_PREFIX) +#include +#endif +.text + + + + + + +.globl _gcm_gmult_ssse3 +.private_extern _gcm_gmult_ssse3 +.p2align 4 +_gcm_gmult_ssse3: + +L$gmult_seh_begin: + movdqu (%rdi),%xmm0 + movdqa L$reverse_bytes(%rip),%xmm10 + movdqa L$low4_mask(%rip),%xmm2 + + +.byte 102,65,15,56,0,194 + + + movdqa %xmm2,%xmm1 + pandn %xmm0,%xmm1 + psrld $4,%xmm1 + pand %xmm2,%xmm0 + + + + + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + movq $5,%rax +L$oop_row_1: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz L$oop_row_1 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movq $5,%rax +L$oop_row_2: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz L$oop_row_2 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movq $6,%rax +L$oop_row_3: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz L$oop_row_3 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + +.byte 102,65,15,56,0,210 + movdqu %xmm2,(%rdi) + + + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 +L$gmult_seh_end: + + + + + + + + +.globl _gcm_ghash_ssse3 +.private_extern _gcm_ghash_ssse3 +.p2align 4 +_gcm_ghash_ssse3: +L$ghash_seh_begin: + + movdqu (%rdi),%xmm0 + movdqa L$reverse_bytes(%rip),%xmm10 + movdqa L$low4_mask(%rip),%xmm11 + + + andq $-16,%rcx + + + +.byte 102,65,15,56,0,194 + + + pxor %xmm3,%xmm3 +L$oop_ghash: + + movdqu (%rdx),%xmm1 +.byte 102,65,15,56,0,202 + pxor %xmm1,%xmm0 + + + movdqa %xmm11,%xmm1 + pandn %xmm0,%xmm1 + psrld $4,%xmm1 + pand %xmm11,%xmm0 + + + + + pxor %xmm2,%xmm2 + + movq $5,%rax +L$oop_row_4: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz L$oop_row_4 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movq $5,%rax +L$oop_row_5: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz L$oop_row_5 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movq $6,%rax +L$oop_row_6: + movdqa (%rsi),%xmm4 + leaq 16(%rsi),%rsi + + + movdqa %xmm2,%xmm6 +.byte 102,15,58,15,243,1 + movdqa %xmm6,%xmm3 + psrldq $1,%xmm2 + + + + + movdqa %xmm4,%xmm5 +.byte 102,15,56,0,224 +.byte 102,15,56,0,233 + + + pxor %xmm5,%xmm2 + + + + movdqa %xmm4,%xmm5 + psllq $60,%xmm5 + movdqa %xmm5,%xmm6 + pslldq $8,%xmm6 + pxor %xmm6,%xmm3 + + + psrldq $8,%xmm5 + pxor %xmm5,%xmm2 + psrlq $4,%xmm4 + pxor %xmm4,%xmm2 + + subq $1,%rax + jnz L$oop_row_6 + + + + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $1,%xmm3 + pxor %xmm3,%xmm2 + psrlq $5,%xmm3 + pxor %xmm3,%xmm2 + pxor %xmm3,%xmm3 + movdqa %xmm2,%xmm0 + + + leaq -256(%rsi),%rsi + + + leaq 16(%rdx),%rdx + subq $16,%rcx + jnz L$oop_ghash + + +.byte 102,65,15,56,0,194 + movdqu %xmm0,(%rdi) + + + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 +L$ghash_seh_end: + + + +.p2align 4 + + +L$reverse_bytes: +.byte 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 + +L$low4_mask: +.quad 0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f +#endif diff --git a/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S b/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S index 5256fbf..d7dcf5d 100644 --- a/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S +++ b/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S @@ -709,6 +709,7 @@ L$ghash_epilogue: .p2align 4 _gcm_init_clmul: + L$_init_clmul: movdqu (%rsi),%xmm2 pshufd $78,%xmm2,%xmm2 @@ -861,11 +862,13 @@ L$_init_clmul: movdqu %xmm4,80(%rdi) .byte 0xf3,0xc3 + .globl _gcm_gmult_clmul .private_extern _gcm_gmult_clmul .p2align 4 _gcm_gmult_clmul: + L$_gmult_clmul: movdqu (%rdi),%xmm0 movdqa L$bswap_mask(%rip),%xmm5 @@ -913,11 +916,13 @@ L$_gmult_clmul: movdqu %xmm0,(%rdi) .byte 0xf3,0xc3 + .globl _gcm_ghash_clmul .private_extern _gcm_ghash_clmul .p2align 5 _gcm_ghash_clmul: + L$_ghash_clmul: movdqa L$bswap_mask(%rip),%xmm10 @@ -1298,11 +1303,13 @@ L$done: movdqu %xmm0,(%rdi) .byte 0xf3,0xc3 + .globl _gcm_init_avx .private_extern _gcm_init_avx .p2align 5 _gcm_init_avx: + vzeroupper vmovdqu (%rsi),%xmm2 @@ -1406,18 +1413,22 @@ L$init_start_avx: vzeroupper .byte 0xf3,0xc3 + .globl _gcm_gmult_avx .private_extern _gcm_gmult_avx .p2align 5 _gcm_gmult_avx: + jmp L$_gmult_clmul + .globl _gcm_ghash_avx .private_extern _gcm_ghash_avx .p2align 5 _gcm_ghash_avx: + vzeroupper vmovdqu (%rdi),%xmm10 @@ -1790,6 +1801,7 @@ L$tail_no_xor_avx: vzeroupper .byte 0xf3,0xc3 + .p2align 6 L$bswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 diff --git a/mac-x86_64/crypto/fipsmodule/md5-x86_64.S b/mac-x86_64/crypto/fipsmodule/md5-x86_64.S index f6dd669..cfb4180 100644 --- a/mac-x86_64/crypto/fipsmodule/md5-x86_64.S +++ b/mac-x86_64/crypto/fipsmodule/md5-x86_64.S @@ -18,11 +18,17 @@ .private_extern _md5_block_asm_data_order _md5_block_asm_data_order: + pushq %rbp + pushq %rbx + pushq %r12 + pushq %r14 + pushq %r15 + L$prologue: @@ -672,12 +678,19 @@ L$end: movl %edx,12(%rbp) movq (%rsp),%r15 + movq 8(%rsp),%r14 + movq 16(%rsp),%r12 + movq 24(%rsp),%rbx + movq 32(%rsp),%rbp + addq $40,%rsp + L$epilogue: .byte 0xf3,0xc3 + #endif diff --git a/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S b/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S index 429887d..237c0a3 100644 --- a/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +++ b/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S @@ -1236,6 +1236,7 @@ L$mul_epilogue: __ecp_nistz256_mul_montq: + movq %rax,%rbp mulq %r9 movq L$poly+8(%rip),%r14 @@ -1454,6 +1455,7 @@ __ecp_nistz256_mul_montq: + .globl _ecp_nistz256_sqr_mont .private_extern _ecp_nistz256_sqr_mont @@ -1518,6 +1520,7 @@ L$sqr_epilogue: .p2align 5 __ecp_nistz256_sqr_montq: + movq %rax,%r13 mulq %r14 movq %rax,%r9 @@ -1677,10 +1680,12 @@ __ecp_nistz256_sqr_montq: .byte 0xf3,0xc3 + .p2align 5 __ecp_nistz256_mul_montx: + mulxq %r9,%r8,%r9 mulxq %r10,%rcx,%r10 movq $32,%r14 @@ -1844,8 +1849,10 @@ __ecp_nistz256_mul_montx: + .p2align 5 __ecp_nistz256_sqr_montx: + mulxq %r14,%r9,%r10 mulxq %r15,%rcx,%r11 xorl %eax,%eax @@ -1972,11 +1979,13 @@ __ecp_nistz256_sqr_montx: + .globl _ecp_nistz256_select_w5 .private_extern _ecp_nistz256_select_w5 .p2align 5 _ecp_nistz256_select_w5: + leaq _OPENSSL_ia32cap_P(%rip),%rax movq 8(%rax),%rax testl $32,%eax @@ -2032,6 +2041,7 @@ L$select_loop_sse_w5: movdqu %xmm6,64(%rdi) movdqu %xmm7,80(%rdi) .byte 0xf3,0xc3 + L$SEH_end_ecp_nistz256_select_w5: @@ -2042,6 +2052,7 @@ L$SEH_end_ecp_nistz256_select_w5: .p2align 5 _ecp_nistz256_select_w7: + leaq _OPENSSL_ia32cap_P(%rip),%rax movq 8(%rax),%rax testl $32,%eax @@ -2086,6 +2097,7 @@ L$select_loop_sse_w7: movdqu %xmm4,32(%rdi) movdqu %xmm5,48(%rdi) .byte 0xf3,0xc3 + L$SEH_end_ecp_nistz256_select_w7: @@ -2093,6 +2105,7 @@ L$SEH_end_ecp_nistz256_select_w7: .p2align 5 ecp_nistz256_avx2_select_w5: + L$avx2_select_w5: vzeroupper vmovdqa L$Two(%rip),%ymm0 @@ -2147,6 +2160,7 @@ L$select_loop_avx2_w5: vmovdqu %ymm4,64(%rdi) vzeroupper .byte 0xf3,0xc3 + L$SEH_end_ecp_nistz256_avx2_select_w5: @@ -2157,6 +2171,7 @@ L$SEH_end_ecp_nistz256_avx2_select_w5: .p2align 5 _ecp_nistz256_avx2_select_w7: + L$avx2_select_w7: vzeroupper vmovdqa L$Three(%rip),%ymm0 @@ -2226,11 +2241,13 @@ L$select_loop_avx2_w7: vmovdqu %ymm3,32(%rdi) vzeroupper .byte 0xf3,0xc3 + L$SEH_end_ecp_nistz256_avx2_select_w7: .p2align 5 __ecp_nistz256_add_toq: + xorq %r11,%r11 addq 0(%rbx),%r12 adcq 8(%rbx),%r13 @@ -2261,8 +2278,10 @@ __ecp_nistz256_add_toq: + .p2align 5 __ecp_nistz256_sub_fromq: + subq 0(%rbx),%r12 sbbq 8(%rbx),%r13 movq %r12,%rax @@ -2292,8 +2311,10 @@ __ecp_nistz256_sub_fromq: + .p2align 5 __ecp_nistz256_subq: + subq %r12,%rax sbbq %r13,%rbp movq %rax,%r12 @@ -2319,8 +2340,10 @@ __ecp_nistz256_subq: + .p2align 5 __ecp_nistz256_mul_by_2q: + xorq %r11,%r11 addq %r12,%r12 adcq %r13,%r13 @@ -2349,6 +2372,7 @@ __ecp_nistz256_mul_by_2q: .byte 0xf3,0xc3 + .globl _ecp_nistz256_point_double .private_extern _ecp_nistz256_point_double @@ -2772,8 +2796,10 @@ L$add_doubleq: .byte 102,72,15,126,206 .byte 102,72,15,126,199 addq $416,%rsp + jmp L$point_double_shortcutq + .p2align 5 L$add_proceedq: movq 0+64(%rsp),%rax @@ -3330,6 +3356,7 @@ L$add_affineq_epilogue: .p2align 5 __ecp_nistz256_add_tox: + xorq %r11,%r11 adcq 0(%rbx),%r12 adcq 8(%rbx),%r13 @@ -3361,8 +3388,10 @@ __ecp_nistz256_add_tox: + .p2align 5 __ecp_nistz256_sub_fromx: + xorq %r11,%r11 sbbq 0(%rbx),%r12 sbbq 8(%rbx),%r13 @@ -3394,8 +3423,10 @@ __ecp_nistz256_sub_fromx: + .p2align 5 __ecp_nistz256_subx: + xorq %r11,%r11 sbbq %r12,%rax sbbq %r13,%rbp @@ -3423,8 +3454,10 @@ __ecp_nistz256_subx: + .p2align 5 __ecp_nistz256_mul_by_2x: + xorq %r11,%r11 adcq %r12,%r12 adcq %r13,%r13 @@ -3455,6 +3488,7 @@ __ecp_nistz256_mul_by_2x: .byte 0xf3,0xc3 + .p2align 5 ecp_nistz256_point_doublex: @@ -3865,8 +3899,10 @@ L$add_doublex: .byte 102,72,15,126,206 .byte 102,72,15,126,199 addq $416,%rsp + jmp L$point_double_shortcutx + .p2align 5 L$add_proceedx: movq 0+64(%rsp),%rdx diff --git a/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S b/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S index 446dc34..66fcfa3 100644 --- a/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +++ b/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S @@ -22,9 +22,6 @@ _beeu_mod_inverse_vartime: pushq %rbp - movq %rsp,%rbp - - pushq %r12 pushq %r13 @@ -39,6 +36,7 @@ _beeu_mod_inverse_vartime: subq $80,%rsp + movq %rdi,0(%rsp) @@ -308,6 +306,7 @@ L$beeu_err: L$beeu_finish: addq $80,%rsp + popq %rsi popq %rbx @@ -322,9 +321,8 @@ L$beeu_finish: popq %rbp - - .byte 0xf3,0xc3 + #endif diff --git a/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S b/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S index e65b5d6..f6f2be7 100644 --- a/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S +++ b/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S @@ -23,12 +23,10 @@ _CRYPTO_rdrand: xorq %rax,%rax - - -.byte 0x48, 0x0f, 0xc7, 0xf1 +.byte 72,15,199,242 adcq %rax,%rax - movq %rcx,0(%rdi) + movq %rdx,0(%rdi) .byte 0xf3,0xc3 @@ -36,6 +34,7 @@ _CRYPTO_rdrand: + .globl _CRYPTO_rdrand_multiple8_buf .private_extern _CRYPTO_rdrand_multiple8_buf @@ -46,9 +45,7 @@ _CRYPTO_rdrand_multiple8_buf: jz L$out movq $8,%rdx L$loop: - - -.byte 0x48, 0x0f, 0xc7, 0xf1 +.byte 72,15,199,241 jnc L$err movq %rcx,0(%rdi) addq %rdx,%rdi @@ -61,4 +58,5 @@ L$err: xorq %rax,%rax .byte 0xf3,0xc3 + #endif diff --git a/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S b/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S index e4345bd..e9cae78 100644 --- a/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S +++ b/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S @@ -1228,6 +1228,7 @@ L$mul_1024_epilogue: .p2align 5 _rsaz_1024_red2norm_avx2: + subq $-128,%rsi xorq %rax,%rax movq -128(%rsi),%r8 @@ -1421,11 +1422,13 @@ _rsaz_1024_red2norm_avx2: .byte 0xf3,0xc3 + .globl _rsaz_1024_norm2red_avx2 .private_extern _rsaz_1024_norm2red_avx2 .p2align 5 _rsaz_1024_norm2red_avx2: + subq $-128,%rdi movq (%rsi),%r8 movl $0x1fffffff,%eax @@ -1579,11 +1582,13 @@ _rsaz_1024_norm2red_avx2: movq %r8,184(%rdi) .byte 0xf3,0xc3 + .globl _rsaz_1024_scatter5_avx2 .private_extern _rsaz_1024_scatter5_avx2 .p2align 5 _rsaz_1024_scatter5_avx2: + vzeroupper vmovdqu L$scatter_permd(%rip),%ymm5 shll $4,%edx @@ -1605,6 +1610,7 @@ L$oop_scatter_1024: .byte 0xf3,0xc3 + .globl _rsaz_1024_gather5_avx2 .private_extern _rsaz_1024_gather5_avx2 @@ -1727,24 +1733,6 @@ L$oop_gather_1024: L$SEH_end_rsaz_1024_gather5: - -.globl _rsaz_avx2_eligible -.private_extern _rsaz_avx2_eligible - -.p2align 5 -_rsaz_avx2_eligible: - leaq _OPENSSL_ia32cap_P(%rip),%rax - movl 8(%rax),%eax - movl $524544,%ecx - movl $0,%edx - andl %eax,%ecx - cmpl $524544,%ecx - cmovel %edx,%eax - andl $32,%eax - shrl $5,%eax - .byte 0xf3,0xc3 - - .p2align 6 L$and_mask: .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff diff --git a/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S b/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S index 312bf1d..8591618 100644 --- a/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S +++ b/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S @@ -31,6 +31,7 @@ .p2align 4 _vpaes_encrypt_core: + movq %rdx,%r9 movq $16,%r11 movl 240(%rdx),%eax @@ -119,8 +120,10 @@ L$enc_entry: + .p2align 4 _vpaes_decrypt_core: + movq %rdx,%r9 movl 240(%rdx),%eax movdqa %xmm9,%xmm1 @@ -225,6 +228,7 @@ L$dec_entry: + .p2align 4 _vpaes_schedule_core: @@ -232,6 +236,7 @@ _vpaes_schedule_core: + call _vpaes_preheat movdqa L$k_rcon(%rip),%xmm8 movdqu (%rdi),%xmm0 @@ -410,8 +415,10 @@ L$schedule_mangle_last_dec: + .p2align 4 _vpaes_schedule_192_smear: + pshufd $0x80,%xmm6,%xmm1 pshufd $0xFE,%xmm7,%xmm0 pxor %xmm1,%xmm6 @@ -439,11 +446,13 @@ _vpaes_schedule_192_smear: + .p2align 4 _vpaes_schedule_round: + pxor %xmm1,%xmm1 .byte 102,65,15,58,15,200,15 .byte 102,69,15,58,15,192,15 @@ -508,8 +517,10 @@ _vpaes_schedule_low_round: + .p2align 4 _vpaes_schedule_transform: + movdqa %xmm9,%xmm1 pandn %xmm0,%xmm1 psrld $4,%xmm1 @@ -544,10 +555,12 @@ _vpaes_schedule_transform: + .p2align 4 _vpaes_schedule_mangle: + movdqa %xmm0,%xmm4 movdqa L$k_mc_forward(%rip),%xmm5 testq %rcx,%rcx @@ -617,11 +630,20 @@ L$schedule_mangle_both: + .globl _vpaes_set_encrypt_key .private_extern _vpaes_set_encrypt_key .p2align 4 _vpaes_set_encrypt_key: + +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS + + movb $1,_BORINGSSL_function_hit+5(%rip) +#endif +#endif + movl %esi,%eax shrl $5,%eax addl $5,%eax @@ -634,11 +656,13 @@ _vpaes_set_encrypt_key: .byte 0xf3,0xc3 + .globl _vpaes_set_decrypt_key .private_extern _vpaes_set_decrypt_key .p2align 4 _vpaes_set_decrypt_key: + movl %esi,%eax shrl $5,%eax addl $5,%eax @@ -656,11 +680,19 @@ _vpaes_set_decrypt_key: .byte 0xf3,0xc3 + .globl _vpaes_encrypt .private_extern _vpaes_encrypt .p2align 4 _vpaes_encrypt: + +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS + + movb $1,_BORINGSSL_function_hit+4(%rip) +#endif +#endif movdqu (%rdi),%xmm0 call _vpaes_preheat call _vpaes_encrypt_core @@ -668,22 +700,26 @@ _vpaes_encrypt: .byte 0xf3,0xc3 + .globl _vpaes_decrypt .private_extern _vpaes_decrypt .p2align 4 _vpaes_decrypt: + movdqu (%rdi),%xmm0 call _vpaes_preheat call _vpaes_decrypt_core movdqu %xmm0,(%rsi) .byte 0xf3,0xc3 + .globl _vpaes_cbc_encrypt .private_extern _vpaes_cbc_encrypt .p2align 4 _vpaes_cbc_encrypt: + xchgq %rcx,%rdx subq $16,%rcx jc L$cbc_abort @@ -727,8 +763,10 @@ L$cbc_abort: + .p2align 4 _vpaes_preheat: + leaq L$k_s0F(%rip),%r10 movdqa -32(%r10),%xmm10 movdqa -16(%r10),%xmm11 @@ -745,6 +783,7 @@ _vpaes_preheat: + .p2align 6 _vpaes_consts: L$k_inv: diff --git a/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S b/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S index bfe2c15..4bd36fe 100644 --- a/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S +++ b/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S @@ -565,6 +565,7 @@ L$mul4x_epilogue: .p2align 5 mul4x_internal: + shlq $5,%r9 movd 8(%rax),%xmm5 leaq L$inc(%rip),%rax @@ -1087,6 +1088,7 @@ L$inner4x: movq 24(%rbp),%r15 jmp L$sqr4x_sub_entry + .globl _bn_power5 .private_extern _bn_power5 @@ -1302,6 +1304,7 @@ __bn_sqr8x_internal: + leaq 32(%r10),%rbp @@ -2007,8 +2010,10 @@ L$8x_no_tail: .byte 0xf3,0xc3 + .p2align 5 __bn_post4x_internal: + movq 0(%rbp),%r12 leaq (%rdi,%r9,1),%rbx movq %r9,%rcx @@ -2060,11 +2065,13 @@ L$sqr4x_sub_entry: negq %r9 .byte 0xf3,0xc3 + .globl _bn_from_montgomery .private_extern _bn_from_montgomery .p2align 5 _bn_from_montgomery: + testl $7,%r9d jz bn_from_mont8x xorl %eax,%eax @@ -2072,6 +2079,7 @@ _bn_from_montgomery: + .p2align 5 bn_from_mont8x: @@ -2353,6 +2361,7 @@ L$mulx4x_epilogue: .p2align 5 mulx4x_internal: + movq %r9,8(%rsp) movq %r9,%r10 negq %r9 @@ -2773,6 +2782,7 @@ L$mulx4x_inner: jmp L$sqrx4x_sub_entry + .p2align 5 bn_powerx5: @@ -2952,6 +2962,7 @@ __bn_sqrx8x_internal: + leaq 48+8(%rsp),%rdi @@ -3526,8 +3537,11 @@ L$sqrx8x_no_tail: jb L$sqrx8x_reduction_loop .byte 0xf3,0xc3 + .p2align 5 + __bn_postx4x_internal: + movq 0(%rbp),%r12 movq %rcx,%r10 movq %rcx,%r9 @@ -3576,11 +3590,13 @@ L$sqrx4x_sub_entry: .byte 0xf3,0xc3 + .globl _bn_scatter5 .private_extern _bn_scatter5 .p2align 4 _bn_scatter5: + cmpl $0,%esi jz L$scatter_epilogue leaq (%rdx,%rcx,8),%rdx @@ -3595,14 +3611,17 @@ L$scatter_epilogue: .byte 0xf3,0xc3 + .globl _bn_gather5 .private_extern _bn_gather5 .p2align 5 _bn_gather5: + L$SEH_begin_bn_gather5: .byte 0x4c,0x8d,0x14,0x24 + .byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 leaq L$inc(%rip),%rax andq $-16,%rsp @@ -3756,9 +3775,11 @@ L$gather: jnz L$gather leaq (%r10),%rsp + .byte 0xf3,0xc3 L$SEH_end_bn_gather5: + .p2align 6 L$inc: .long 0,0, 1,1 diff --git a/mac-x86_64/crypto/test/trampoline-x86_64.S b/mac-x86_64/crypto/test/trampoline-x86_64.S new file mode 100644 index 0000000..863e6b0 --- /dev/null +++ b/mac-x86_64/crypto/test/trampoline-x86_64.S @@ -0,0 +1,513 @@ +# This file is generated from a similarly-named Perl script in the BoringSSL +# source tree. Do not edit by hand. + +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + +#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#if defined(BORINGSSL_PREFIX) +#include +#endif +.text + + + + + + + + + +.globl _abi_test_trampoline +.private_extern _abi_test_trampoline +.p2align 4 +_abi_test_trampoline: +L$abi_test_trampoline_seh_begin: + + + + + + + + + + + subq $120,%rsp + +L$abi_test_trampoline_seh_prolog_alloc: + movq %r8,48(%rsp) + movq %rbx,64(%rsp) + +L$abi_test_trampoline_seh_prolog_rbx: + movq %rbp,72(%rsp) + +L$abi_test_trampoline_seh_prolog_rbp: + movq %r12,80(%rsp) + +L$abi_test_trampoline_seh_prolog_r12: + movq %r13,88(%rsp) + +L$abi_test_trampoline_seh_prolog_r13: + movq %r14,96(%rsp) + +L$abi_test_trampoline_seh_prolog_r14: + movq %r15,104(%rsp) + +L$abi_test_trampoline_seh_prolog_r15: +L$abi_test_trampoline_seh_prolog_end: + movq 0(%rsi),%rbx + movq 8(%rsi),%rbp + movq 16(%rsi),%r12 + movq 24(%rsi),%r13 + movq 32(%rsi),%r14 + movq 40(%rsi),%r15 + + movq %rdi,32(%rsp) + movq %rsi,40(%rsp) + + + + + movq %rdx,%r10 + movq %rcx,%r11 + decq %r11 + js L$args_done + movq (%r10),%rdi + addq $8,%r10 + decq %r11 + js L$args_done + movq (%r10),%rsi + addq $8,%r10 + decq %r11 + js L$args_done + movq (%r10),%rdx + addq $8,%r10 + decq %r11 + js L$args_done + movq (%r10),%rcx + addq $8,%r10 + decq %r11 + js L$args_done + movq (%r10),%r8 + addq $8,%r10 + decq %r11 + js L$args_done + movq (%r10),%r9 + addq $8,%r10 + leaq 0(%rsp),%rax +L$args_loop: + decq %r11 + js L$args_done + + + + + + + movq %r11,56(%rsp) + movq (%r10),%r11 + movq %r11,(%rax) + movq 56(%rsp),%r11 + + addq $8,%r10 + addq $8,%rax + jmp L$args_loop + +L$args_done: + movq 32(%rsp),%rax + movq 48(%rsp),%r10 + testq %r10,%r10 + jz L$no_unwind + + + pushfq + orq $0x100,0(%rsp) + popfq + + + + nop +.globl _abi_test_unwind_start +.private_extern _abi_test_unwind_start +_abi_test_unwind_start: + + call *%rax +.globl _abi_test_unwind_return +.private_extern _abi_test_unwind_return +_abi_test_unwind_return: + + + + + pushfq + andq $-0x101,0(%rsp) + popfq +.globl _abi_test_unwind_stop +.private_extern _abi_test_unwind_stop +_abi_test_unwind_stop: + + jmp L$call_done + +L$no_unwind: + call *%rax + +L$call_done: + + movq 40(%rsp),%rsi + movq %rbx,0(%rsi) + movq %rbp,8(%rsi) + movq %r12,16(%rsi) + movq %r13,24(%rsi) + movq %r14,32(%rsi) + movq %r15,40(%rsi) + movq 64(%rsp),%rbx + + movq 72(%rsp),%rbp + + movq 80(%rsp),%r12 + + movq 88(%rsp),%r13 + + movq 96(%rsp),%r14 + + movq 104(%rsp),%r15 + + addq $120,%rsp + + + + .byte 0xf3,0xc3 + +L$abi_test_trampoline_seh_end: + + +.globl _abi_test_clobber_rax +.private_extern _abi_test_clobber_rax +.p2align 4 +_abi_test_clobber_rax: + xorq %rax,%rax + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_rbx +.private_extern _abi_test_clobber_rbx +.p2align 4 +_abi_test_clobber_rbx: + xorq %rbx,%rbx + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_rcx +.private_extern _abi_test_clobber_rcx +.p2align 4 +_abi_test_clobber_rcx: + xorq %rcx,%rcx + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_rdx +.private_extern _abi_test_clobber_rdx +.p2align 4 +_abi_test_clobber_rdx: + xorq %rdx,%rdx + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_rdi +.private_extern _abi_test_clobber_rdi +.p2align 4 +_abi_test_clobber_rdi: + xorq %rdi,%rdi + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_rsi +.private_extern _abi_test_clobber_rsi +.p2align 4 +_abi_test_clobber_rsi: + xorq %rsi,%rsi + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_rbp +.private_extern _abi_test_clobber_rbp +.p2align 4 +_abi_test_clobber_rbp: + xorq %rbp,%rbp + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_r8 +.private_extern _abi_test_clobber_r8 +.p2align 4 +_abi_test_clobber_r8: + xorq %r8,%r8 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_r9 +.private_extern _abi_test_clobber_r9 +.p2align 4 +_abi_test_clobber_r9: + xorq %r9,%r9 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_r10 +.private_extern _abi_test_clobber_r10 +.p2align 4 +_abi_test_clobber_r10: + xorq %r10,%r10 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_r11 +.private_extern _abi_test_clobber_r11 +.p2align 4 +_abi_test_clobber_r11: + xorq %r11,%r11 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_r12 +.private_extern _abi_test_clobber_r12 +.p2align 4 +_abi_test_clobber_r12: + xorq %r12,%r12 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_r13 +.private_extern _abi_test_clobber_r13 +.p2align 4 +_abi_test_clobber_r13: + xorq %r13,%r13 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_r14 +.private_extern _abi_test_clobber_r14 +.p2align 4 +_abi_test_clobber_r14: + xorq %r14,%r14 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_r15 +.private_extern _abi_test_clobber_r15 +.p2align 4 +_abi_test_clobber_r15: + xorq %r15,%r15 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm0 +.private_extern _abi_test_clobber_xmm0 +.p2align 4 +_abi_test_clobber_xmm0: + pxor %xmm0,%xmm0 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm1 +.private_extern _abi_test_clobber_xmm1 +.p2align 4 +_abi_test_clobber_xmm1: + pxor %xmm1,%xmm1 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm2 +.private_extern _abi_test_clobber_xmm2 +.p2align 4 +_abi_test_clobber_xmm2: + pxor %xmm2,%xmm2 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm3 +.private_extern _abi_test_clobber_xmm3 +.p2align 4 +_abi_test_clobber_xmm3: + pxor %xmm3,%xmm3 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm4 +.private_extern _abi_test_clobber_xmm4 +.p2align 4 +_abi_test_clobber_xmm4: + pxor %xmm4,%xmm4 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm5 +.private_extern _abi_test_clobber_xmm5 +.p2align 4 +_abi_test_clobber_xmm5: + pxor %xmm5,%xmm5 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm6 +.private_extern _abi_test_clobber_xmm6 +.p2align 4 +_abi_test_clobber_xmm6: + pxor %xmm6,%xmm6 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm7 +.private_extern _abi_test_clobber_xmm7 +.p2align 4 +_abi_test_clobber_xmm7: + pxor %xmm7,%xmm7 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm8 +.private_extern _abi_test_clobber_xmm8 +.p2align 4 +_abi_test_clobber_xmm8: + pxor %xmm8,%xmm8 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm9 +.private_extern _abi_test_clobber_xmm9 +.p2align 4 +_abi_test_clobber_xmm9: + pxor %xmm9,%xmm9 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm10 +.private_extern _abi_test_clobber_xmm10 +.p2align 4 +_abi_test_clobber_xmm10: + pxor %xmm10,%xmm10 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm11 +.private_extern _abi_test_clobber_xmm11 +.p2align 4 +_abi_test_clobber_xmm11: + pxor %xmm11,%xmm11 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm12 +.private_extern _abi_test_clobber_xmm12 +.p2align 4 +_abi_test_clobber_xmm12: + pxor %xmm12,%xmm12 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm13 +.private_extern _abi_test_clobber_xmm13 +.p2align 4 +_abi_test_clobber_xmm13: + pxor %xmm13,%xmm13 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm14 +.private_extern _abi_test_clobber_xmm14 +.p2align 4 +_abi_test_clobber_xmm14: + pxor %xmm14,%xmm14 + .byte 0xf3,0xc3 + + +.globl _abi_test_clobber_xmm15 +.private_extern _abi_test_clobber_xmm15 +.p2align 4 +_abi_test_clobber_xmm15: + pxor %xmm15,%xmm15 + .byte 0xf3,0xc3 + + + + + +.globl _abi_test_bad_unwind_wrong_register +.private_extern _abi_test_bad_unwind_wrong_register +.p2align 4 +_abi_test_bad_unwind_wrong_register: + +L$abi_test_bad_unwind_wrong_register_seh_begin: + pushq %r12 + +L$abi_test_bad_unwind_wrong_register_seh_push_r13: + + + + nop + popq %r12 + + .byte 0xf3,0xc3 +L$abi_test_bad_unwind_wrong_register_seh_end: + + + + + + + +.globl _abi_test_bad_unwind_temporary +.private_extern _abi_test_bad_unwind_temporary +.p2align 4 +_abi_test_bad_unwind_temporary: + +L$abi_test_bad_unwind_temporary_seh_begin: + pushq %r12 + +L$abi_test_bad_unwind_temporary_seh_push_r12: + + movq %r12,%rax + incq %rax + movq %rax,(%rsp) + + + + movq %r12,(%rsp) + + + popq %r12 + + .byte 0xf3,0xc3 +L$abi_test_bad_unwind_temporary_seh_end: + + + + + + + +.globl _abi_test_get_and_clear_direction_flag +.private_extern _abi_test_get_and_clear_direction_flag +_abi_test_get_and_clear_direction_flag: + pushfq + popq %rax + andq $0x400,%rax + shrq $10,%rax + cld + .byte 0xf3,0xc3 + + + + + +.globl _abi_test_set_direction_flag +.private_extern _abi_test_set_direction_flag +_abi_test_set_direction_flag: + std + .byte 0xf3,0xc3 + +#endif diff --git a/sources.bp b/sources.bp index 1ff2059..c5d36a5 100644 --- a/sources.bp +++ b/sources.bp @@ -251,6 +251,7 @@ cc_defaults { "linux-aarch64/crypto/fipsmodule/sha1-armv8.S", "linux-aarch64/crypto/fipsmodule/sha256-armv8.S", "linux-aarch64/crypto/fipsmodule/sha512-armv8.S", + "linux-aarch64/crypto/test/trampoline-armv8.S", ], }, linux_arm: { @@ -265,6 +266,7 @@ cc_defaults { "linux-arm/crypto/fipsmodule/sha1-armv4-large.S", "linux-arm/crypto/fipsmodule/sha256-armv4.S", "linux-arm/crypto/fipsmodule/sha512-armv4.S", + "linux-arm/crypto/test/trampoline-armv4.S", "src/crypto/curve25519/asm/x25519-asm-arm.S", "src/crypto/poly1305/poly1305_arm_asm.S", ], @@ -283,6 +285,7 @@ cc_defaults { "linux-x86/crypto/fipsmodule/sha512-586.S", "linux-x86/crypto/fipsmodule/vpaes-x86.S", "linux-x86/crypto/fipsmodule/x86-mont.S", + "linux-x86/crypto/test/trampoline-x86.S", ], }, linux_x86_64: { @@ -294,6 +297,7 @@ cc_defaults { "linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S", "linux-x86_64/crypto/fipsmodule/aesni-x86_64.S", "linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S", + "linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S", "linux-x86_64/crypto/fipsmodule/ghash-x86_64.S", "linux-x86_64/crypto/fipsmodule/md5-x86_64.S", "linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S", @@ -306,6 +310,7 @@ cc_defaults { "linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S", "linux-x86_64/crypto/fipsmodule/x86_64-mont.S", "linux-x86_64/crypto/fipsmodule/x86_64-mont5.S", + "linux-x86_64/crypto/test/trampoline-x86_64.S", "src/crypto/hrss/asm/poly_rq_mul.S", ], }, @@ -389,6 +394,7 @@ cc_defaults { name: "boringssl_crypto_test_sources", srcs: [ "crypto_test_data.cc", + "src/crypto/abi_self_test.cc", "src/crypto/asn1/asn1_test.cc", "src/crypto/base64/base64_test.cc", "src/crypto/bio/bio_test.cc", @@ -418,11 +424,14 @@ cc_defaults { "src/crypto/fipsmodule/ec/ec_test.cc", "src/crypto/fipsmodule/ec/p256-x86_64_test.cc", "src/crypto/fipsmodule/ecdsa/ecdsa_test.cc", + "src/crypto/fipsmodule/md5/md5_test.cc", "src/crypto/fipsmodule/modes/gcm_test.cc", "src/crypto/fipsmodule/rand/ctrdrbg_test.cc", + "src/crypto/fipsmodule/sha/sha_test.cc", "src/crypto/hkdf/hkdf_test.cc", "src/crypto/hmac_extra/hmac_test.cc", "src/crypto/hrss/hrss_test.cc", + "src/crypto/impl_dispatch_test.cc", "src/crypto/lhash/lhash_test.cc", "src/crypto/obj/obj_test.cc", "src/crypto/pem/pem_test.cc", @@ -436,6 +445,7 @@ cc_defaults { "src/crypto/rsa_extra/rsa_test.cc", "src/crypto/self_test.cc", "src/crypto/stack/stack_test.cc", + "src/crypto/test/abi_test.cc", "src/crypto/test/file_test_gtest.cc", "src/crypto/test/gtest_main.cc", "src/crypto/thread_test.cc", @@ -449,6 +459,7 @@ cc_defaults { cc_defaults { name: "boringssl_ssl_test_sources", srcs: [ + "src/crypto/test/abi_test.cc", "src/crypto/test/gtest_main.cc", "src/ssl/span_test.cc", "src/ssl/ssl_test.cc", diff --git a/sources.mk b/sources.mk index bf72cba..34d9724 100644 --- a/sources.mk +++ b/sources.mk @@ -247,6 +247,7 @@ linux_aarch64_sources := \ linux-aarch64/crypto/fipsmodule/sha1-armv8.S\ linux-aarch64/crypto/fipsmodule/sha256-armv8.S\ linux-aarch64/crypto/fipsmodule/sha512-armv8.S\ + linux-aarch64/crypto/test/trampoline-armv8.S\ linux_arm_sources := \ linux-arm/crypto/chacha/chacha-armv4.S\ @@ -259,6 +260,7 @@ linux_arm_sources := \ linux-arm/crypto/fipsmodule/sha1-armv4-large.S\ linux-arm/crypto/fipsmodule/sha256-armv4.S\ linux-arm/crypto/fipsmodule/sha512-armv4.S\ + linux-arm/crypto/test/trampoline-armv4.S\ src/crypto/curve25519/asm/x25519-asm-arm.S\ src/crypto/poly1305/poly1305_arm_asm.S\ @@ -279,6 +281,7 @@ linux_x86_sources := \ linux-x86/crypto/fipsmodule/sha512-586.S\ linux-x86/crypto/fipsmodule/vpaes-x86.S\ linux-x86/crypto/fipsmodule/x86-mont.S\ + linux-x86/crypto/test/trampoline-x86.S\ linux_x86_64_sources := \ linux-x86_64/crypto/chacha/chacha-x86_64.S\ @@ -288,6 +291,7 @@ linux_x86_64_sources := \ linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S\ linux-x86_64/crypto/fipsmodule/aesni-x86_64.S\ linux-x86_64/crypto/fipsmodule/bsaes-x86_64.S\ + linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S\ linux-x86_64/crypto/fipsmodule/ghash-x86_64.S\ linux-x86_64/crypto/fipsmodule/md5-x86_64.S\ linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S\ @@ -300,5 +304,6 @@ linux_x86_64_sources := \ linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S\ linux-x86_64/crypto/fipsmodule/x86_64-mont.S\ linux-x86_64/crypto/fipsmodule/x86_64-mont5.S\ + linux-x86_64/crypto/test/trampoline-x86_64.S\ src/crypto/hrss/asm/poly_rq_mul.S\ diff --git a/src/.gitignore b/src/.gitignore index 9cb7251..41e32b9 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -1,5 +1,6 @@ build/ ssl/test/runner/runner +*.pyc *.swp *.swo doc/*.html @@ -23,5 +24,7 @@ util/bot/perl-win32 util/bot/perl-win32.zip util/bot/sde-linux64 util/bot/sde-linux64.tar.bz2 +util/bot/sde-win32 +util/bot/sde-win32.tar.bz2 util/bot/win_toolchain.json util/bot/yasm-win32.exe diff --git a/src/BUILDING.md b/src/BUILDING.md index 924f6c9..4fc1615 100644 --- a/src/BUILDING.md +++ b/src/BUILDING.md @@ -2,9 +2,18 @@ ## Build Prerequisites - * [CMake](https://cmake.org/download/) 2.8.11 or later is required. +The standalone CMake build is primarily intended for developers. If embedding +BoringSSL into another project with a pre-existing build system, see +[INCORPORATING.md](/INCORPORATING.md). - * Perl 5.6.1 or later is required. On Windows, +Unless otherwise noted, build tools must at most five years old, matching +[Abseil guidelines](https://abseil.io/about/compatibility). If in doubt, use the +most recent stable version of each tool. + + * [CMake](https://cmake.org/download/) 2.8.12 or later is required. Note we + will begin requiring CMake 3.0 in 2019. + + * A recent version of Perl is required. On Windows, [Active State Perl](http://www.activestate.com/activeperl/) has been reported to work, as has MSYS Perl. [Strawberry Perl](http://strawberryperl.com/) also works but it adds GCC @@ -13,28 +22,27 @@ If Perl is not found by CMake, it may be configured explicitly by setting `PERL_EXECUTABLE`. - * On Windows you currently must use [Ninja](https://ninja-build.org/) - to build; on other platforms, it is not required, but recommended, because - it makes builds faster. - - * If you need to build Ninja from source, then a recent version of - [Python](https://www.python.org/downloads/) is required (Python 2.7.5 works). + * Building with [Ninja](https://ninja-build.org/) instead of Make is + recommended, because it makes builds faster. On Windows, CMake's Visual + Studio generator may also work, but it not tested regularly and requires + recent versions of CMake for assembly support. * On Windows only, [NASM](https://www.nasm.us/) is required. If not found by CMake, it may be configured explicitly by setting `CMAKE_ASM_NASM_COMPILER`. - * A C compiler is required. On Windows, MSVC 14 (Visual Studio 2015) or later - with Platform SDK 8.1 or later are supported. Recent versions of GCC (4.8+) - and Clang should work on non-Windows platforms, and maybe on Windows too. - To build the tests, you also need a C++ compiler with C++11 support. + * C and C++ compilers with C++11 support are required. On Windows, MSVC 14 + (Visual Studio 2015) or later with Platform SDK 8.1 or later are supported. + Recent versions of GCC (4.8+) and Clang should work on non-Windows + platforms, and maybe on Windows too. * The most recent stable version of [Go](https://golang.org/dl/) is required. - If not found by CMake, the go executable may be configured explicitly by - setting `GO_EXECUTABLE`. + Note Go is exempt from the five year support window. If not found by CMake, + the go executable may be configured explicitly by setting `GO_EXECUTABLE`. - * To build the x86 and x86\_64 assembly, your assembler must support AVX2 - instructions and MOVBE. If using GNU binutils, you must have 2.22 or later + * On x86_64 Linux, the tests have an optional + [libunwind](https://www.nongnu.org/libunwind/) dependency to test the + assembly more thoroughly. ## Building @@ -96,12 +104,23 @@ Once you've run that, Ninja should produce Android-compatible binaries. You can replace `armeabi-v7a` in the above with `arm64-v8a` and use API level 21 or higher to build aarch64 binaries. -For older NDK versions, BoringSSL ships a third-party CMake toolchain file. Use -`../third_party/android-cmake/android.toolchain.cmake` for -`CMAKE_TOOLCHAIN_FILE` instead. - For other options, see the documentation in the toolchain file. +To debug the resulting binaries on an Android device with `gdb`, run the +commands below. Replace `ARCH` with the architecture of the target device, e.g. +`arm` or `arm64`. + + adb push ${ANDROID_NDK}/prebuilt/android-ARCH/gdbserver/gdbserver \ + /data/local/tmp + adb forward tcp:5039 tcp:5039 + adb shell /data/local/tmp/gdbserver :5039 /path/on/device/to/binary + +Then run the following in a separate shell. Replace `HOST` with the OS and +architecture of the host machine, e.g. `linux-x86_64`. + + ${ANDROID_NDK}/prebuilt/HOST/bin/gdb + target remote :5039 # in gdb + ### Building for iOS To build for iOS, pass `-DCMAKE_OSX_SYSROOT=iphoneos` and diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index bfde5d5..fd35326 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -39,6 +39,20 @@ else() find_program(GO_EXECUTABLE go) endif() +if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND NOT CMAKE_CROSSCOMPILING) + find_package(PkgConfig QUIET) + if (PkgConfig_FOUND) + pkg_check_modules(LIBUNWIND libunwind-generic) + if(LIBUNWIND_FOUND) + add_definitions(-DBORINGSSL_HAVE_LIBUNWIND) + else() + message("libunwind not found. Disabling unwind tests.") + endif() + else() + message("pkgconfig not found. Disabling unwind tests.") + endif() +endif() + if(NOT GO_EXECUTABLE) message(FATAL_ERROR "Could not find Go") endif() @@ -51,6 +65,18 @@ if(BORINGSSL_ALLOW_CXX_RUNTIME) add_definitions(-DBORINGSSL_ALLOW_CXX_RUNTIME) endif() +if(CMAKE_BUILD_TYPE STREQUAL "Release") + # Windows release builds don't set NDEBUG in NASM flags automatically. + set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DNDEBUG") +endif() + +# Add a RelWithAsserts build configuration. It is the same as Release, except it +# does not define NDEBUG, so asserts run. +foreach(VAR CMAKE_C_FLAGS CMAKE_CXX_FLAGS CMAKE_ASM_FLAGS) + string(REGEX REPLACE "(^| )[/-]DNDEBUG( |$)" " " "${VAR}_RELWITHASSERTS" + "${${VAR}_RELEASE}") +endforeach() + if(BORINGSSL_PREFIX AND BORINGSSL_PREFIX_SYMBOLS) add_definitions(-DBORINGSSL_PREFIX=${BORINGSSL_PREFIX}) # CMake automatically connects include_directories to the NASM command-line, @@ -316,6 +342,22 @@ if(TSAN) set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=thread") endif() +if(UBSAN) + if(NOT CLANG) + message(FATAL_ERROR "Cannot enable UBSAN unless using Clang") + endif() + + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=undefined") + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=undefined") + + if(NOT UBSAN_RECOVER) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-sanitize-recover=undefined") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-sanitize-recover=undefined") + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fno-sanitize-recover=undefined") + endif() +endif() + if(GCOV) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-arcs -ftest-coverage") @@ -336,6 +378,12 @@ if(OPENSSL_SMALL) add_definitions(-DOPENSSL_SMALL) endif() +if(CONSTANT_TIME_VALIDATION) + add_definitions(-DBORINGSSL_CONSTANT_TIME_VALIDATION) + # Asserts will often test secret data. + add_definitions(-DNDEBUG) +endif() + function(go_executable dest package) set(godeps "${CMAKE_SOURCE_DIR}/util/godeps.go") if(${CMAKE_VERSION} VERSION_LESS "3.7" OR @@ -522,6 +570,14 @@ add_subdirectory(tool) add_subdirectory(decrepit) if(FUZZ) + if(LIBFUZZER_FROM_DEPS) + file(GLOB LIBFUZZER_SOURCES "util/bot/libFuzzer/*.cpp") + add_library(Fuzzer STATIC ${LIBFUZZER_SOURCES}) + # libFuzzer does not pass our aggressive warnings. It also must be built + # without -fsanitize-coverage options or clang crashes. + set_target_properties(Fuzzer PROPERTIES COMPILE_FLAGS "-Wno-shadow -Wno-format-nonliteral -Wno-missing-prototypes -fsanitize-coverage=0") + endif() + add_subdirectory(fuzz) endif() diff --git a/src/crypto/CMakeLists.txt b/src/crypto/CMakeLists.txt index bf69649..5cdfa40 100644 --- a/src/crypto/CMakeLists.txt +++ b/src/crypto/CMakeLists.txt @@ -105,6 +105,7 @@ if(${ARCH} STREQUAL "arm") chacha/chacha-armv4.${ASM_EXT} curve25519/asm/x25519-asm-arm.S poly1305/poly1305_arm_asm.S + test/trampoline-armv4.${ASM_EXT} ) endif() @@ -113,6 +114,7 @@ if(${ARCH} STREQUAL "aarch64") CRYPTO_ARCH_SOURCES chacha/chacha-armv8.${ASM_EXT} + test/trampoline-armv8.${ASM_EXT} ) endif() @@ -121,6 +123,7 @@ if(${ARCH} STREQUAL "x86") CRYPTO_ARCH_SOURCES chacha/chacha-x86.${ASM_EXT} + test/trampoline-x86.${ASM_EXT} ) endif() @@ -132,6 +135,7 @@ if(${ARCH} STREQUAL "x86_64") cipher_extra/aes128gcmsiv-x86_64.${ASM_EXT} cipher_extra/chacha20_poly1305_x86_64.${ASM_EXT} hrss/asm/poly_rq_mul.S + test/trampoline-x86_64.${ASM_EXT} ) endif() @@ -141,6 +145,10 @@ perlasm(chacha/chacha-x86.${ASM_EXT} chacha/asm/chacha-x86.pl) perlasm(chacha/chacha-x86_64.${ASM_EXT} chacha/asm/chacha-x86_64.pl) perlasm(cipher_extra/aes128gcmsiv-x86_64.${ASM_EXT} cipher_extra/asm/aes128gcmsiv-x86_64.pl) perlasm(cipher_extra/chacha20_poly1305_x86_64.${ASM_EXT} cipher_extra/asm/chacha20_poly1305_x86_64.pl) +perlasm(test/trampoline-armv4.${ASM_EXT} test/asm/trampoline-armv4.pl) +perlasm(test/trampoline-armv8.${ASM_EXT} test/asm/trampoline-armv8.pl) +perlasm(test/trampoline-x86.${ASM_EXT} test/asm/trampoline-x86.pl) +perlasm(test/trampoline-x86_64.${ASM_EXT} test/asm/trampoline-x86_64.pl) add_custom_command( OUTPUT err_data.c @@ -424,6 +432,7 @@ endif() add_executable( crypto_test + abi_self_test.cc asn1/asn1_test.cc base64/base64_test.cc buf/buf_test.cc @@ -453,11 +462,14 @@ add_executable( fipsmodule/ec/ec_test.cc fipsmodule/ec/p256-x86_64_test.cc fipsmodule/ecdsa/ecdsa_test.cc + fipsmodule/md5/md5_test.cc fipsmodule/modes/gcm_test.cc fipsmodule/rand/ctrdrbg_test.cc + fipsmodule/sha/sha_test.cc hkdf/hkdf_test.cc hmac_extra/hmac_test.cc hrss/hrss_test.cc + impl_dispatch_test.cc lhash/lhash_test.cc obj/obj_test.cc pem/pem_test.cc @@ -480,12 +492,11 @@ add_executable( $ $ - $ ) add_dependencies(crypto_test global_target) -target_link_libraries(crypto_test crypto boringssl_gtest) +target_link_libraries(crypto_test test_support_lib boringssl_gtest crypto) if(WIN32) target_link_libraries(crypto_test ws2_32) endif() diff --git a/src/crypto/abi_self_test.cc b/src/crypto/abi_self_test.cc new file mode 100644 index 0000000..1fcf6bc --- /dev/null +++ b/src/crypto/abi_self_test.cc @@ -0,0 +1,523 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include + +#include "test/abi_test.h" + + +static bool test_function_ok; +static int TestFunction(int a1, int a2, int a3, int a4, int a5, int a6, int a7, + int a8) { + test_function_ok = a1 == 1 || a2 == 2 || a3 == 3 || a4 == 4 || a5 == 5 || + a6 == 6 || a7 == 7 || a8 == 8; + return 42; +} + +TEST(ABITest, SanityCheck) { + EXPECT_NE(0, CHECK_ABI_NO_UNWIND(strcmp, "hello", "world")); + + test_function_ok = false; + EXPECT_EQ(42, CHECK_ABI_SEH(TestFunction, 1, 2, 3, 4, 5, 6, 7, 8)); + EXPECT_TRUE(test_function_ok); + +#if defined(SUPPORTS_ABI_TEST) + abi_test::internal::CallerState state; + RAND_bytes(reinterpret_cast(&state), sizeof(state)); + crypto_word_t argv[] = { + 1, 2, 3, 4, 5, 6, 7, 8, + }; + CHECK_ABI_SEH(abi_test_trampoline, + reinterpret_cast(TestFunction), &state, argv, 8, + 0 /* no breakpoint */); + +#if defined(OPENSSL_X86_64) + if (abi_test::UnwindTestsEnabled()) { + EXPECT_NONFATAL_FAILURE(CHECK_ABI_SEH(abi_test_bad_unwind_wrong_register), + "was not recovered"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_SEH(abi_test_bad_unwind_temporary), + "was not recovered"); + + CHECK_ABI_NO_UNWIND(abi_test_bad_unwind_wrong_register); + CHECK_ABI_NO_UNWIND(abi_test_bad_unwind_temporary); + +#if defined(OPENSSL_WINDOWS) + // The invalid epilog makes Windows believe the epilog starts later than it + // actually does. As a result, immediately after the popq, it does not + // realize the stack has been unwound and repeats the work. + EXPECT_NONFATAL_FAILURE(CHECK_ABI_SEH(abi_test_bad_unwind_epilog), + "unwound past starting frame"); + CHECK_ABI_NO_UNWIND(abi_test_bad_unwind_epilog); +#endif // OPENSSL_WINDOWS + } +#endif // OPENSSL_X86_64 +#endif // SUPPORTS_ABI_TEST +} + +#if defined(OPENSSL_X86_64) && defined(SUPPORTS_ABI_TEST) +extern "C" { +void abi_test_clobber_rax(void); +void abi_test_clobber_rbx(void); +void abi_test_clobber_rcx(void); +void abi_test_clobber_rdx(void); +void abi_test_clobber_rsi(void); +void abi_test_clobber_rdi(void); +void abi_test_clobber_rbp(void); +void abi_test_clobber_r8(void); +void abi_test_clobber_r9(void); +void abi_test_clobber_r10(void); +void abi_test_clobber_r11(void); +void abi_test_clobber_r12(void); +void abi_test_clobber_r13(void); +void abi_test_clobber_r14(void); +void abi_test_clobber_r15(void); +void abi_test_clobber_xmm0(void); +void abi_test_clobber_xmm1(void); +void abi_test_clobber_xmm2(void); +void abi_test_clobber_xmm3(void); +void abi_test_clobber_xmm4(void); +void abi_test_clobber_xmm5(void); +void abi_test_clobber_xmm6(void); +void abi_test_clobber_xmm7(void); +void abi_test_clobber_xmm8(void); +void abi_test_clobber_xmm9(void); +void abi_test_clobber_xmm10(void); +void abi_test_clobber_xmm11(void); +void abi_test_clobber_xmm12(void); +void abi_test_clobber_xmm13(void); +void abi_test_clobber_xmm14(void); +void abi_test_clobber_xmm15(void); +} // extern "C" + +TEST(ABITest, X86_64) { + // abi_test_trampoline hides unsaved registers from the caller, so we can + // safely call the abi_test_clobber_* functions below. + abi_test::internal::CallerState state; + RAND_bytes(reinterpret_cast(&state), sizeof(state)); + CHECK_ABI_NO_UNWIND(abi_test_trampoline, + reinterpret_cast(abi_test_clobber_rbx), + &state, nullptr, 0, 0 /* no breakpoint */); + + CHECK_ABI_NO_UNWIND(abi_test_clobber_rax); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rbx), + "rbx was not restored after return"); + CHECK_ABI_NO_UNWIND(abi_test_clobber_rcx); + CHECK_ABI_NO_UNWIND(abi_test_clobber_rdx); +#if defined(OPENSSL_WINDOWS) + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rdi), + "rdi was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rsi), + "rsi was not restored after return"); +#else + CHECK_ABI_NO_UNWIND(abi_test_clobber_rdi); + CHECK_ABI_NO_UNWIND(abi_test_clobber_rsi); +#endif + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rbp), + "rbp was not restored after return"); + CHECK_ABI_NO_UNWIND(abi_test_clobber_r8); + CHECK_ABI_NO_UNWIND(abi_test_clobber_r9); + CHECK_ABI_NO_UNWIND(abi_test_clobber_r10); + CHECK_ABI_NO_UNWIND(abi_test_clobber_r11); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r12), + "r12 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r13), + "r13 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r14), + "r14 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r15), + "r15 was not restored after return"); + + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm0); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm1); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm2); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm3); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm4); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm5); +#if defined(OPENSSL_WINDOWS) + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm6), + "xmm6 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm7), + "xmm7 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm8), + "xmm8 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm9), + "xmm9 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm10), + "xmm10 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm11), + "xmm11 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm12), + "xmm12 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm13), + "xmm13 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm14), + "xmm14 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm15), + "xmm15 was not restored after return"); +#else + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm6); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm7); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm8); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm9); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm10); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm11); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm12); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm13); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm14); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm15); +#endif + + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_set_direction_flag), + "Direction flag set after return"); + EXPECT_EQ(0, abi_test_get_and_clear_direction_flag()) + << "CHECK_ABI did not insulate the caller from direction flag errors"; +} +#endif // OPENSSL_X86_64 && SUPPORTS_ABI_TEST + +#if defined(OPENSSL_X86) && defined(SUPPORTS_ABI_TEST) +extern "C" { +void abi_test_clobber_eax(void); +void abi_test_clobber_ebx(void); +void abi_test_clobber_ecx(void); +void abi_test_clobber_edx(void); +void abi_test_clobber_esi(void); +void abi_test_clobber_edi(void); +void abi_test_clobber_ebp(void); +void abi_test_clobber_xmm0(void); +void abi_test_clobber_xmm1(void); +void abi_test_clobber_xmm2(void); +void abi_test_clobber_xmm3(void); +void abi_test_clobber_xmm4(void); +void abi_test_clobber_xmm5(void); +void abi_test_clobber_xmm6(void); +void abi_test_clobber_xmm7(void); +} // extern "C" + +TEST(ABITest, X86) { + // abi_test_trampoline hides unsaved registers from the caller, so we can + // safely call the abi_test_clobber_* functions below. + abi_test::internal::CallerState state; + RAND_bytes(reinterpret_cast(&state), sizeof(state)); + CHECK_ABI_NO_UNWIND(abi_test_trampoline, + reinterpret_cast(abi_test_clobber_ebx), + &state, nullptr, 0, 0 /* no breakpoint */); + + CHECK_ABI_NO_UNWIND(abi_test_clobber_eax); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_ebx), + "ebx was not restored after return"); + CHECK_ABI_NO_UNWIND(abi_test_clobber_ecx); + CHECK_ABI_NO_UNWIND(abi_test_clobber_edx); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_edi), + "edi was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_esi), + "esi was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_ebp), + "ebp was not restored after return"); + + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm0); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm1); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm2); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm3); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm4); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm5); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm6); + CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm7); + + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_set_direction_flag), + "Direction flag set after return"); + EXPECT_EQ(0, abi_test_get_and_clear_direction_flag()) + << "CHECK_ABI did not insulate the caller from direction flag errors"; +} +#endif // OPENSSL_X86 && SUPPORTS_ABI_TEST + +#if defined(OPENSSL_ARM) && defined(SUPPORTS_ABI_TEST) +extern "C" { +void abi_test_clobber_r0(void); +void abi_test_clobber_r1(void); +void abi_test_clobber_r2(void); +void abi_test_clobber_r3(void); +void abi_test_clobber_r4(void); +void abi_test_clobber_r5(void); +void abi_test_clobber_r6(void); +void abi_test_clobber_r7(void); +void abi_test_clobber_r8(void); +void abi_test_clobber_r9(void); +void abi_test_clobber_r10(void); +void abi_test_clobber_r11(void); +void abi_test_clobber_r12(void); +// r13, r14, and r15, are sp, lr, and pc, respectively. + +void abi_test_clobber_d0(void); +void abi_test_clobber_d1(void); +void abi_test_clobber_d2(void); +void abi_test_clobber_d3(void); +void abi_test_clobber_d4(void); +void abi_test_clobber_d5(void); +void abi_test_clobber_d6(void); +void abi_test_clobber_d7(void); +void abi_test_clobber_d8(void); +void abi_test_clobber_d9(void); +void abi_test_clobber_d10(void); +void abi_test_clobber_d11(void); +void abi_test_clobber_d12(void); +void abi_test_clobber_d13(void); +void abi_test_clobber_d14(void); +void abi_test_clobber_d15(void); +} // extern "C" + +TEST(ABITest, ARM) { + // abi_test_trampoline hides unsaved registers from the caller, so we can + // safely call the abi_test_clobber_* functions below. + abi_test::internal::CallerState state; + RAND_bytes(reinterpret_cast(&state), sizeof(state)); + CHECK_ABI_NO_UNWIND(abi_test_trampoline, + reinterpret_cast(abi_test_clobber_r4), + &state, nullptr, 0, 0 /* no breakpoint */); + + CHECK_ABI_NO_UNWIND(abi_test_clobber_r0); + CHECK_ABI_NO_UNWIND(abi_test_clobber_r1); + CHECK_ABI_NO_UNWIND(abi_test_clobber_r2); + CHECK_ABI_NO_UNWIND(abi_test_clobber_r3); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r4), + "r4 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r5), + "r5 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r6), + "r6 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r7), + "r7 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r8), + "r8 was not restored after return"); +#if defined(OPENSSL_APPLE) + CHECK_ABI_NO_UNWIND(abi_test_clobber_r9); +#else + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r9), + "r9 was not restored after return"); +#endif + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r10), + "r10 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r11), + "r11 was not restored after return"); + CHECK_ABI_NO_UNWIND(abi_test_clobber_r12); + + CHECK_ABI_NO_UNWIND(abi_test_clobber_d0); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d1); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d2); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d3); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d4); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d5); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d6); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d7); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d8), + "d8 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d9), + "d9 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d10), + "d10 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d11), + "d11 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d12), + "d12 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d13), + "d13 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d14), + "d14 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d15), + "d15 was not restored after return"); +} +#endif // OPENSSL_ARM && SUPPORTS_ABI_TEST + + +#if defined(OPENSSL_AARCH64) && defined(SUPPORTS_ABI_TEST) +extern "C" { +void abi_test_clobber_x0(void); +void abi_test_clobber_x1(void); +void abi_test_clobber_x2(void); +void abi_test_clobber_x3(void); +void abi_test_clobber_x4(void); +void abi_test_clobber_x5(void); +void abi_test_clobber_x6(void); +void abi_test_clobber_x7(void); +void abi_test_clobber_x8(void); +void abi_test_clobber_x9(void); +void abi_test_clobber_x10(void); +void abi_test_clobber_x11(void); +void abi_test_clobber_x12(void); +void abi_test_clobber_x13(void); +void abi_test_clobber_x14(void); +void abi_test_clobber_x15(void); +void abi_test_clobber_x16(void); +void abi_test_clobber_x17(void); +// x18 is the platform register and off limits. +void abi_test_clobber_x19(void); +void abi_test_clobber_x20(void); +void abi_test_clobber_x21(void); +void abi_test_clobber_x22(void); +void abi_test_clobber_x23(void); +void abi_test_clobber_x24(void); +void abi_test_clobber_x25(void); +void abi_test_clobber_x26(void); +void abi_test_clobber_x27(void); +void abi_test_clobber_x28(void); +void abi_test_clobber_x29(void); + +void abi_test_clobber_d0(void); +void abi_test_clobber_d1(void); +void abi_test_clobber_d2(void); +void abi_test_clobber_d3(void); +void abi_test_clobber_d4(void); +void abi_test_clobber_d5(void); +void abi_test_clobber_d6(void); +void abi_test_clobber_d7(void); +void abi_test_clobber_d8(void); +void abi_test_clobber_d9(void); +void abi_test_clobber_d10(void); +void abi_test_clobber_d11(void); +void abi_test_clobber_d12(void); +void abi_test_clobber_d13(void); +void abi_test_clobber_d14(void); +void abi_test_clobber_d15(void); +void abi_test_clobber_d16(void); +void abi_test_clobber_d17(void); +void abi_test_clobber_d18(void); +void abi_test_clobber_d19(void); +void abi_test_clobber_d20(void); +void abi_test_clobber_d21(void); +void abi_test_clobber_d22(void); +void abi_test_clobber_d23(void); +void abi_test_clobber_d24(void); +void abi_test_clobber_d25(void); +void abi_test_clobber_d26(void); +void abi_test_clobber_d27(void); +void abi_test_clobber_d28(void); +void abi_test_clobber_d29(void); +void abi_test_clobber_d30(void); +void abi_test_clobber_d31(void); + +void abi_test_clobber_v8_upper(void); +void abi_test_clobber_v9_upper(void); +void abi_test_clobber_v10_upper(void); +void abi_test_clobber_v11_upper(void); +void abi_test_clobber_v12_upper(void); +void abi_test_clobber_v13_upper(void); +void abi_test_clobber_v14_upper(void); +void abi_test_clobber_v15_upper(void); +} // extern "C" + +TEST(ABITest, AArch64) { + // abi_test_trampoline hides unsaved registers from the caller, so we can + // safely call the abi_test_clobber_* functions below. + abi_test::internal::CallerState state; + RAND_bytes(reinterpret_cast(&state), sizeof(state)); + CHECK_ABI_NO_UNWIND(abi_test_trampoline, + reinterpret_cast(abi_test_clobber_x19), + &state, nullptr, 0, 0 /* no breakpoint */); + + CHECK_ABI_NO_UNWIND(abi_test_clobber_x0); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x1); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x2); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x3); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x4); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x5); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x6); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x7); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x8); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x9); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x10); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x11); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x12); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x13); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x14); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x15); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x16); + CHECK_ABI_NO_UNWIND(abi_test_clobber_x17); + + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x19), + "x19 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x20), + "x20 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x21), + "x21 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x22), + "x22 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x23), + "x23 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x24), + "x24 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x25), + "x25 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x26), + "x26 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x27), + "x27 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x28), + "x28 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x29), + "x29 was not restored after return"); + + CHECK_ABI_NO_UNWIND(abi_test_clobber_d0); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d1); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d2); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d3); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d4); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d5); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d6); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d7); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d8), + "d8 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d9), + "d9 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d10), + "d10 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d11), + "d11 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d12), + "d12 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d13), + "d13 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d14), + "d14 was not restored after return"); + EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d15), + "d15 was not restored after return"); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d16); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d18); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d19); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d20); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d21); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d22); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d23); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d24); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d25); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d26); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d27); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d28); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d29); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d30); + CHECK_ABI_NO_UNWIND(abi_test_clobber_d31); + + // The lower halves of v8-v15 (accessed as d8-d15) must be preserved, but not + // the upper halves. + CHECK_ABI_NO_UNWIND(abi_test_clobber_v8_upper); + CHECK_ABI_NO_UNWIND(abi_test_clobber_v9_upper); + CHECK_ABI_NO_UNWIND(abi_test_clobber_v10_upper); + CHECK_ABI_NO_UNWIND(abi_test_clobber_v11_upper); + CHECK_ABI_NO_UNWIND(abi_test_clobber_v12_upper); + CHECK_ABI_NO_UNWIND(abi_test_clobber_v13_upper); + CHECK_ABI_NO_UNWIND(abi_test_clobber_v14_upper); + CHECK_ABI_NO_UNWIND(abi_test_clobber_v15_upper); +} +#endif // OPENSSL_AARCH64 && SUPPORTS_ABI_TEST diff --git a/src/crypto/bn_extra/convert.c b/src/crypto/bn_extra/convert.c index 9a1a69e..6e930fc 100644 --- a/src/crypto/bn_extra/convert.c +++ b/src/crypto/bn_extra/convert.c @@ -460,3 +460,11 @@ BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) { } return out; } + +int BN_bn2binpad(const BIGNUM *in, uint8_t *out, int len) { + if (len < 0 || + !BN_bn2bin_padded(out, (size_t)len, in)) { + return -1; + } + return len; +} diff --git a/src/crypto/bytestring/bytestring_test.cc b/src/crypto/bytestring/bytestring_test.cc index e99744d..1f78799 100644 --- a/src/crypto/bytestring/bytestring_test.cc +++ b/src/crypto/bytestring/bytestring_test.cc @@ -42,10 +42,12 @@ TEST(CBSTest, Skip) { } TEST(CBSTest, GetUint) { - static const uint8_t kData[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12}; + static const uint8_t kData[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, + 11, 12, 13, 14, 15, 16, 17, 18, 19, 20}; uint8_t u8; uint16_t u16; uint32_t u32; + uint64_t u64; CBS data; CBS_init(&data, kData, sizeof(kData)); @@ -57,10 +59,12 @@ TEST(CBSTest, GetUint) { EXPECT_EQ(0x40506u, u32); ASSERT_TRUE(CBS_get_u32(&data, &u32)); EXPECT_EQ(0x708090au, u32); + ASSERT_TRUE(CBS_get_u64(&data, &u64)); + EXPECT_EQ(0xb0c0d0e0f101112u, u64); ASSERT_TRUE(CBS_get_last_u8(&data, &u8)); - EXPECT_EQ(0xcu, u8); + EXPECT_EQ(0x14u, u8); ASSERT_TRUE(CBS_get_last_u8(&data, &u8)); - EXPECT_EQ(0xbu, u8); + EXPECT_EQ(0x13u, u8); EXPECT_FALSE(CBS_get_u8(&data, &u8)); EXPECT_FALSE(CBS_get_last_u8(&data, &u8)); } @@ -310,7 +314,9 @@ TEST(CBBTest, InitUninitialized) { } TEST(CBBTest, Basic) { - static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc}; + static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7, + 8, 9, 0xa, 0xb, 0xc, 0xd, 0xe, + 0xf, 0x10, 0x11, 0x12, 0x13, 0x14}; uint8_t *buf; size_t buf_len; @@ -323,7 +329,8 @@ TEST(CBBTest, Basic) { ASSERT_TRUE(CBB_add_u16(cbb.get(), 0x203)); ASSERT_TRUE(CBB_add_u24(cbb.get(), 0x40506)); ASSERT_TRUE(CBB_add_u32(cbb.get(), 0x708090a)); - ASSERT_TRUE(CBB_add_bytes(cbb.get(), (const uint8_t *)"\x0b\x0c", 2)); + ASSERT_TRUE(CBB_add_u64(cbb.get(), 0xb0c0d0e0f101112)); + ASSERT_TRUE(CBB_add_bytes(cbb.get(), (const uint8_t *)"\x13\x14", 2)); ASSERT_TRUE(CBB_finish(cbb.get(), &buf, &buf_len)); bssl::UniquePtr scoper(buf); diff --git a/src/crypto/bytestring/cbb.c b/src/crypto/bytestring/cbb.c index 38e9a83..7998a48 100644 --- a/src/crypto/bytestring/cbb.c +++ b/src/crypto/bytestring/cbb.c @@ -144,7 +144,7 @@ static int cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, return 1; } -static int cbb_buffer_add_u(struct cbb_buffer_st *base, uint32_t v, +static int cbb_buffer_add_u(struct cbb_buffer_st *base, uint64_t v, size_t len_len) { if (len_len == 0) { return 1; @@ -459,6 +459,13 @@ int CBB_add_u32(CBB *cbb, uint32_t value) { return cbb_buffer_add_u(cbb->base, value, 4); } +int CBB_add_u64(CBB *cbb, uint64_t value) { + if (!CBB_flush(cbb)) { + return 0; + } + return cbb_buffer_add_u(cbb->base, value, 8); +} + void CBB_discard_child(CBB *cbb) { if (cbb->child == NULL) { return; diff --git a/src/crypto/bytestring/cbs.c b/src/crypto/bytestring/cbs.c index 372652c..f8a8353 100644 --- a/src/crypto/bytestring/cbs.c +++ b/src/crypto/bytestring/cbs.c @@ -88,8 +88,8 @@ int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) { return CRYPTO_memcmp(cbs->data, data, len) == 0; } -static int cbs_get_u(CBS *cbs, uint32_t *out, size_t len) { - uint32_t result = 0; +static int cbs_get_u(CBS *cbs, uint64_t *out, size_t len) { + uint64_t result = 0; const uint8_t *data; if (!cbs_get(cbs, &data, len)) { @@ -113,7 +113,7 @@ int CBS_get_u8(CBS *cbs, uint8_t *out) { } int CBS_get_u16(CBS *cbs, uint16_t *out) { - uint32_t v; + uint64_t v; if (!cbs_get_u(cbs, &v, 2)) { return 0; } @@ -122,11 +122,25 @@ int CBS_get_u16(CBS *cbs, uint16_t *out) { } int CBS_get_u24(CBS *cbs, uint32_t *out) { - return cbs_get_u(cbs, out, 3); + uint64_t v; + if (!cbs_get_u(cbs, &v, 3)) { + return 0; + } + *out = v; + return 1; } int CBS_get_u32(CBS *cbs, uint32_t *out) { - return cbs_get_u(cbs, out, 4); + uint64_t v; + if (!cbs_get_u(cbs, &v, 4)) { + return 0; + } + *out = v; + return 1; +} + +int CBS_get_u64(CBS *cbs, uint64_t *out) { + return cbs_get_u(cbs, out, 8); } int CBS_get_last_u8(CBS *cbs, uint8_t *out) { @@ -157,10 +171,13 @@ int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len) { } static int cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) { - uint32_t len; + uint64_t len; if (!cbs_get_u(cbs, &len, len_len)) { return 0; } + // If |len_len| <= 3 then we know that |len| will fit into a |size_t|, even on + // 32-bit systems. + assert(len_len <= 3); return CBS_get_bytes(cbs, out, len); } @@ -274,7 +291,7 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, // encode the number of subsequent octets used to encode the length (ITU-T // X.690 clause 8.1.3.5.b). const size_t num_bytes = length_byte & 0x7f; - uint32_t len32; + uint64_t len64; if (ber_ok && (tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) { // indefinite length @@ -290,20 +307,20 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, if (num_bytes == 0 || num_bytes > 4) { return 0; } - if (!cbs_get_u(&header, &len32, num_bytes)) { + if (!cbs_get_u(&header, &len64, num_bytes)) { return 0; } // ITU-T X.690 section 10.1 (DER length forms) requires encoding the length // with the minimum number of octets. - if (len32 < 128) { + if (len64 < 128) { // Length should have used short-form encoding. return 0; } - if ((len32 >> ((num_bytes-1)*8)) == 0) { + if ((len64 >> ((num_bytes-1)*8)) == 0) { // Length should have been at least one byte shorter. return 0; } - len = len32; + len = len64; if (len + header_len + num_bytes < len) { // Overflow. return 0; diff --git a/src/crypto/chacha/asm/chacha-x86_64.pl b/src/crypto/chacha/asm/chacha-x86_64.pl index 6b2065e..6be270e 100755 --- a/src/crypto/chacha/asm/chacha-x86_64.pl +++ b/src/crypto/chacha/asm/chacha-x86_64.pl @@ -228,6 +228,7 @@ $code.=<<___; .type ChaCha20_ctr32,\@function,5 .align 64 ChaCha20_ctr32: +.cfi_startproc cmp \$0,$len je .Lno_data mov OPENSSL_ia32cap_P+4(%rip),%r10 @@ -241,12 +242,19 @@ $code.=<<___; jnz .LChaCha20_ssse3 push %rbx +.cfi_push rbx push %rbp +.cfi_push rbp push %r12 +.cfi_push r12 push %r13 +.cfi_push r13 push %r14 +.cfi_push r14 push %r15 +.cfi_push r15 sub \$64+24,%rsp +.cfi_adjust_cfa_offset `64+24` .Lctr32_body: #movdqa .Lsigma(%rip),%xmm0 @@ -388,14 +396,22 @@ $code.=<<___; .Ldone: lea 64+24+48(%rsp),%rsi mov -48(%rsi),%r15 +.cfi_restore r15 mov -40(%rsi),%r14 +.cfi_restore r14 mov -32(%rsi),%r13 +.cfi_restore r13 mov -24(%rsi),%r12 +.cfi_restore r12 mov -16(%rsi),%rbp +.cfi_restore rbp mov -8(%rsi),%rbx +.cfi_restore rbx lea (%rsi),%rsp +.cfi_adjust_cfa_offset `-64-24-48` .Lno_data: ret +.cfi_endproc .size ChaCha20_ctr32,.-ChaCha20_ctr32 ___ @@ -435,7 +451,9 @@ $code.=<<___; .align 32 ChaCha20_ssse3: .LChaCha20_ssse3: +.cfi_startproc mov %rsp,%r9 # frame pointer +.cfi_def_cfa_register r9 ___ $code.=<<___; cmp \$128,$len # we might throw away some data, @@ -547,8 +565,10 @@ $code.=<<___ if ($win64); ___ $code.=<<___; lea (%r9),%rsp +.cfi_def_cfa_register rsp .Lssse3_epilogue: ret +.cfi_endproc .size ChaCha20_ssse3,.-ChaCha20_ssse3 ___ } @@ -691,7 +711,9 @@ $code.=<<___; .align 32 ChaCha20_4x: .LChaCha20_4x: +.cfi_startproc mov %rsp,%r9 # frame pointer +.cfi_def_cfa_register r9 mov %r10,%r11 ___ $code.=<<___ if ($avx>1); @@ -1131,8 +1153,10 @@ $code.=<<___ if ($win64); ___ $code.=<<___; lea (%r9),%rsp +.cfi_def_cfa_register rsp .L4x_epilogue: ret +.cfi_endproc .size ChaCha20_4x,.-ChaCha20_4x ___ } @@ -1266,7 +1290,9 @@ $code.=<<___; .align 32 ChaCha20_8x: .LChaCha20_8x: +.cfi_startproc mov %rsp,%r9 # frame register +.cfi_def_cfa_register r9 sub \$0x280+$xframe,%rsp and \$-32,%rsp ___ @@ -1772,8 +1798,10 @@ $code.=<<___ if ($win64); ___ $code.=<<___; lea (%r9),%rsp +.cfi_def_cfa_register rsp .L8x_epilogue: ret +.cfi_endproc .size ChaCha20_8x,.-ChaCha20_8x ___ } @@ -1811,7 +1839,9 @@ $code.=<<___; .align 32 ChaCha20_avx512: .LChaCha20_avx512: +.cfi_startproc mov %rsp,%r9 # frame pointer +.cfi_def_cfa_register r9 cmp \$512,$len ja .LChaCha20_16x @@ -1991,8 +2021,10 @@ $code.=<<___ if ($win64); ___ $code.=<<___; lea (%r9),%rsp +.cfi_def_cfa_register rsp .Lavx512_epilogue: ret +.cfi_endproc .size ChaCha20_avx512,.-ChaCha20_avx512 ___ } @@ -2075,7 +2107,9 @@ $code.=<<___; .align 32 ChaCha20_16x: .LChaCha20_16x: +.cfi_startproc mov %rsp,%r9 # frame register +.cfi_def_cfa_register r9 sub \$64+$xframe,%rsp and \$-64,%rsp ___ @@ -2493,8 +2527,10 @@ $code.=<<___ if ($win64); ___ $code.=<<___; lea (%r9),%rsp +.cfi_def_cfa_register rsp .L16x_epilogue: ret +.cfi_endproc .size ChaCha20_16x,.-ChaCha20_16x ___ } diff --git a/src/crypto/chacha/chacha.c b/src/crypto/chacha/chacha.c index eac51a5..b539f99 100644 --- a/src/crypto/chacha/chacha.c +++ b/src/crypto/chacha/chacha.c @@ -64,13 +64,7 @@ void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32], OPENSSL_memcpy(&out[16], &x[12], sizeof(uint32_t) * 4); } -#if !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ - defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) - -// ChaCha20_ctr32 is defined in asm/chacha-*.pl. -void ChaCha20_ctr32(uint8_t *out, const uint8_t *in, size_t in_len, - const uint32_t key[8], const uint32_t counter[4]); +#if defined(CHACHA20_ASM) void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len, const uint8_t key[32], const uint8_t nonce[12], diff --git a/src/crypto/chacha/chacha_test.cc b/src/crypto/chacha/chacha_test.cc index a40653f..25313ca 100644 --- a/src/crypto/chacha/chacha_test.cc +++ b/src/crypto/chacha/chacha_test.cc @@ -23,7 +23,9 @@ #include #include +#include "internal.h" #include "../internal.h" +#include "../test/abi_test.h" #include "../test/test_util.h" @@ -234,3 +236,25 @@ TEST(ChaChaTest, TestVector) { EXPECT_EQ(Bytes(kOutput, len), Bytes(buf.get(), len)); } } + +#if defined(CHACHA20_ASM) && defined(SUPPORTS_ABI_TEST) +TEST(ChaChaTest, ABI) { + uint32_t key[8]; + OPENSSL_memcpy(key, kKey, sizeof(key)); + + static const uint32_t kCounterNonce[4] = {0}; + + std::unique_ptr buf(new uint8_t[sizeof(kInput)]); + for (size_t len = 0; len <= 32; len++) { + SCOPED_TRACE(len); + CHECK_ABI(ChaCha20_ctr32, buf.get(), kInput, len, key, kCounterNonce); + } + + for (size_t len : {32 * 2, 32 * 4, 32 * 8, 32 * 16, 32 * 24}) { + SCOPED_TRACE(len); + CHECK_ABI(ChaCha20_ctr32, buf.get(), kInput, len, key, kCounterNonce); + // Cover the partial block paths. + CHECK_ABI(ChaCha20_ctr32, buf.get(), kInput, len + 15, key, kCounterNonce); + } +} +#endif // CHACHA20_ASM && SUPPORTS_ABI_TEST diff --git a/src/crypto/chacha/internal.h b/src/crypto/chacha/internal.h index 5a49811..1435e3b 100644 --- a/src/crypto/chacha/internal.h +++ b/src/crypto/chacha/internal.h @@ -27,6 +27,16 @@ extern "C" { void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32], const uint8_t nonce[16]); +#if !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ + defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) +#define CHACHA20_ASM + +// ChaCha20_ctr32 is defined in asm/chacha-*.pl. +void ChaCha20_ctr32(uint8_t *out, const uint8_t *in, size_t in_len, + const uint32_t key[8], const uint32_t counter[4]); +#endif + #if defined(__cplusplus) } // extern C diff --git a/src/crypto/cipher_extra/cipher_extra.c b/src/crypto/cipher_extra/cipher_extra.c index 1b23ad3..b132265 100644 --- a/src/crypto/cipher_extra/cipher_extra.c +++ b/src/crypto/cipher_extra/cipher_extra.c @@ -129,6 +129,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { return EVP_aes_192_ofb(); } else if (OPENSSL_strcasecmp(name, "aes-256-ofb") == 0) { return EVP_aes_256_ofb(); + } else if (OPENSSL_strcasecmp(name, "des-ecb") == 0) { + return EVP_des_ecb(); + } else if (OPENSSL_strcasecmp(name, "des-ede") == 0) { + return EVP_des_ede(); + } else if (OPENSSL_strcasecmp(name, "des-ede-cbc") == 0) { + return EVP_des_ede_cbc(); + } else if (OPENSSL_strcasecmp(name, "rc2-cbc") == 0) { + return EVP_rc2_cbc(); } return NULL; diff --git a/src/crypto/cipher_extra/e_aesccm.c b/src/crypto/cipher_extra/e_aesccm.c index 3e18659..144a909 100644 --- a/src/crypto/cipher_extra/e_aesccm.c +++ b/src/crypto/cipher_extra/e_aesccm.c @@ -66,7 +66,8 @@ static int aead_aes_ccm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, struct aead_aes_ccm_ctx *ccm_ctx = (struct aead_aes_ccm_ctx *)&ctx->state; block128_f block; - ctr128_f ctr = aes_ctr_set_key(&ccm_ctx->ks.ks, NULL, &block, key, key_len); + ctr128_f ctr = aes_ctr_set_key(&ccm_ctx->ks.ks, NULL, &block, key, key_len, + 1 /* large inputs */); ctx->tag_len = tag_len; if (!CRYPTO_ccm128_init(&ccm_ctx->ccm, &ccm_ctx->ks.ks, block, ctr, M, L)) { OPENSSL_PUT_ERROR(CIPHER, ERR_R_INTERNAL_ERROR); diff --git a/src/crypto/cipher_extra/e_aesctrhmac.c b/src/crypto/cipher_extra/e_aesctrhmac.c index 8c45c81..0834bd1 100644 --- a/src/crypto/cipher_extra/e_aesctrhmac.c +++ b/src/crypto/cipher_extra/e_aesctrhmac.c @@ -94,8 +94,8 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key, return 0; } - aes_ctx->ctr = - aes_ctr_set_key(&aes_ctx->ks.ks, NULL, &aes_ctx->block, key, aes_key_len); + aes_ctx->ctr = aes_ctr_set_key(&aes_ctx->ks.ks, NULL, &aes_ctx->block, key, + aes_key_len, 1 /* large inputs */); ctx->tag_len = tag_len; hmac_init(&aes_ctx->inner_init_state, &aes_ctx->outer_init_state, key + aes_key_len); diff --git a/src/crypto/cipher_extra/e_aesgcmsiv.c b/src/crypto/cipher_extra/e_aesgcmsiv.c index 71a71fa..0e5063c 100644 --- a/src/crypto/cipher_extra/e_aesgcmsiv.c +++ b/src/crypto/cipher_extra/e_aesgcmsiv.c @@ -595,7 +595,7 @@ static int aead_aes_gcm_siv_init(EVP_AEAD_CTX *ctx, const uint8_t *key, OPENSSL_memset(gcm_siv_ctx, 0, sizeof(struct aead_aes_gcm_siv_ctx)); aes_ctr_set_key(&gcm_siv_ctx->ks.ks, NULL, &gcm_siv_ctx->kgk_block, key, - key_len); + key_len, 1 /* large inputs */); gcm_siv_ctx->is_256 = (key_len == 32); ctx->tag_len = tag_len; @@ -719,7 +719,8 @@ static void gcm_siv_keys( OPENSSL_memcpy(out_keys->auth_key, key_material, 16); aes_ctr_set_key(&out_keys->enc_key.ks, NULL, &out_keys->enc_block, - key_material + 16, gcm_siv_ctx->is_256 ? 32 : 16); + key_material + 16, gcm_siv_ctx->is_256 ? 32 : 16, + 1 /* large inputs */); } static int aead_aes_gcm_siv_seal_scatter( diff --git a/src/crypto/cipher_extra/e_tls.c b/src/crypto/cipher_extra/e_tls.c index ff41989..c812b6b 100644 --- a/src/crypto/cipher_extra/e_tls.c +++ b/src/crypto/cipher_extra/e_tls.c @@ -299,6 +299,8 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, total += len; assert(total == in_len); + CONSTTIME_SECRET(out, total); + // Remove CBC padding. Code from here on is timing-sensitive with respect to // |padding_ok| and |data_plus_mac_len| for CBC ciphers. size_t data_plus_mac_len; @@ -375,11 +377,15 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, crypto_word_t good = constant_time_eq_int(CRYPTO_memcmp(record_mac, mac, mac_len), 0); good &= padding_ok; + CONSTTIME_DECLASSIFY(&good, sizeof(good)); if (!good) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } + CONSTTIME_DECLASSIFY(&data_len, sizeof(data_len)); + CONSTTIME_DECLASSIFY(out, data_len); + // End of timing-sensitive code. *out_len = data_len; diff --git a/src/crypto/crypto.c b/src/crypto/crypto.c index f7ac255..c86206a 100644 --- a/src/crypto/crypto.c +++ b/src/crypto/crypto.c @@ -36,8 +36,8 @@ #define BORINGSSL_NO_STATIC_INITIALIZER #endif -#endif /* !OPENSSL_NO_ASM && (OPENSSL_X86 || OPENSSL_X86_64 || - OPENSSL_ARM || OPENSSL_AARCH64) */ +#endif // !NO_ASM && !STATIC_ARMCAP && + // (X86 || X86_64 || ARM || AARCH64 || PPC64LE) // Our assembly does not use the GOT to reference symbols, which means @@ -60,8 +60,7 @@ // that tests the capability values will still skip the constructor but, so // far, the init constructor function only sets the capability variables. -#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) - +#if !defined(NDEBUG) && !defined(BORINGSSL_FIPS) // This value must be explicitly initialised to zero in order to work around a // bug in libtool or the linker on OS X. // @@ -69,6 +68,12 @@ // archive, linking on OS X will fail to resolve common symbols. By // initialising it to zero, it becomes a "data symbol", which isn't so // affected. +HIDDEN uint8_t BORINGSSL_function_hit[7] = {0}; +#endif + +#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) + +// This value must be explicitly initialized to zero. See similar comment above. HIDDEN uint32_t OPENSSL_ia32cap_P[4] = {0}; #elif defined(OPENSSL_PPC64LE) diff --git a/src/crypto/digest_extra/digest_test.cc b/src/crypto/digest_extra/digest_test.cc index 72e10b1..de2e9d1 100644 --- a/src/crypto/digest_extra/digest_test.cc +++ b/src/crypto/digest_extra/digest_test.cc @@ -17,6 +17,7 @@ #include #include +#include #include @@ -183,6 +184,20 @@ static void TestDigest(const TestVector *test) { EXPECT_EQ(EVP_MD_size(test->md.func()), digest_len); CompareDigest(test, digest.get(), digest_len); + // Test with unaligned input. + ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), NULL)); + std::vector unaligned(strlen(test->input) + 1); + char *ptr = unaligned.data(); + if ((reinterpret_cast(ptr) & 1) == 0) { + ptr++; + } + OPENSSL_memcpy(ptr, test->input, strlen(test->input)); + for (size_t i = 0; i < test->repeat; i++) { + ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), ptr, strlen(test->input))); + } + ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len)); + CompareDigest(test, digest.get(), digest_len); + // Test the one-shot function. if (test->md.one_shot_func && test->repeat == 1) { uint8_t *out = test->md.one_shot_func((const uint8_t *)test->input, diff --git a/src/crypto/err/ssl.errordata b/src/crypto/err/ssl.errordata index 171b9c7..ddb383c 100644 --- a/src/crypto/err/ssl.errordata +++ b/src/crypto/err/ssl.errordata @@ -75,12 +75,14 @@ SSL,157,INAPPROPRIATE_FALLBACK SSL,259,INVALID_ALPN_PROTOCOL SSL,158,INVALID_COMMAND SSL,256,INVALID_COMPRESSION_LIST +SSL,301,INVALID_DELEGATED_CREDENTIAL SSL,159,INVALID_MESSAGE SSL,251,INVALID_OUTER_RECORD_TYPE SSL,269,INVALID_SCT_LIST SSL,295,INVALID_SIGNATURE_ALGORITHM SSL,160,INVALID_SSL_SESSION SSL,161,INVALID_TICKET_KEYS_LENGTH +SSL,302,KEY_USAGE_BIT_INCORRECT SSL,162,LENGTH_MISMATCH SSL,164,MISSING_EXTENSION SSL,258,MISSING_KEY_SHARE @@ -193,7 +195,7 @@ SSL,218,TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG SSL,219,TOO_MANY_EMPTY_FRAGMENTS SSL,260,TOO_MANY_KEY_UPDATES SSL,220,TOO_MANY_WARNING_ALERTS -SSL,1117,TOO_MUCH_READ_EARLY_DATA +SSL,300,TOO_MUCH_READ_EARLY_DATA SSL,270,TOO_MUCH_SKIPPED_EARLY_DATA SSL,221,UNABLE_TO_FIND_ECDH_PARAMETERS SSL,293,UNCOMPRESSED_CERT_TOO_LARGE diff --git a/src/crypto/evp/evp_asn1.c b/src/crypto/evp/evp_asn1.c index 383e2f9..d56b93b 100644 --- a/src/crypto/evp/evp_asn1.c +++ b/src/crypto/evp/evp_asn1.c @@ -344,3 +344,44 @@ int i2d_PublicKey(const EVP_PKEY *key, uint8_t **outp) { return -1; } } + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **out, const uint8_t **inp, + long len) { + EVP_PKEY *ret = EVP_PKEY_new(); + if (ret == NULL) { + return NULL; + } + + CBS cbs; + CBS_init(&cbs, *inp, len < 0 ? 0 : (size_t)len); + switch (type) { + case EVP_PKEY_RSA: { + RSA *rsa = RSA_parse_public_key(&cbs); + if (rsa == NULL || !EVP_PKEY_assign_RSA(ret, rsa)) { + RSA_free(rsa); + goto err; + } + break; + } + + // Unlike OpenSSL, we do not support EC keys with this API. The raw EC + // public key serialization requires knowing the group. In OpenSSL, calling + // this function with |EVP_PKEY_EC| and setting |out| to NULL does not work. + // It requires |*out| to include a partially-initiazed |EVP_PKEY| to extract + // the group. + default: + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + goto err; + } + + *inp = CBS_data(&cbs); + if (out != NULL) { + EVP_PKEY_free(*out); + *out = ret; + } + return ret; + +err: + EVP_PKEY_free(ret); + return NULL; +} diff --git a/src/crypto/evp/evp_ctx.c b/src/crypto/evp/evp_ctx.c index 3599f77..daa1954 100644 --- a/src/crypto/evp/evp_ctx.c +++ b/src/crypto/evp/evp_ctx.c @@ -415,7 +415,7 @@ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) { return 1; } -int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **out_pkey) { if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; @@ -425,21 +425,60 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { return 0; } - if (!ppkey) { + if (!out_pkey) { return 0; } - if (!*ppkey) { - *ppkey = EVP_PKEY_new(); - if (!*ppkey) { + if (!*out_pkey) { + *out_pkey = EVP_PKEY_new(); + if (!*out_pkey) { OPENSSL_PUT_ERROR(EVP, ERR_LIB_EVP); return 0; } } - if (!ctx->pmeth->keygen(ctx, *ppkey)) { - EVP_PKEY_free(*ppkey); - *ppkey = NULL; + if (!ctx->pmeth->keygen(ctx, *out_pkey)) { + EVP_PKEY_free(*out_pkey); + *out_pkey = NULL; + return 0; + } + return 1; +} + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) { + if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) { + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return 0; + } + ctx->operation = EVP_PKEY_OP_PARAMGEN; + return 1; +} + +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **out_pkey) { + if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) { + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return 0; + } + if (ctx->operation != EVP_PKEY_OP_PARAMGEN) { + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED); + return 0; + } + + if (!out_pkey) { + return 0; + } + + if (!*out_pkey) { + *out_pkey = EVP_PKEY_new(); + if (!*out_pkey) { + OPENSSL_PUT_ERROR(EVP, ERR_LIB_EVP); + return 0; + } + } + + if (!ctx->pmeth->paramgen(ctx, *out_pkey)) { + EVP_PKEY_free(*out_pkey); + *out_pkey = NULL; return 0; } return 1; diff --git a/src/crypto/evp/evp_extra_test.cc b/src/crypto/evp/evp_extra_test.cc index f12650e..1f6a61d 100644 --- a/src/crypto/evp/evp_extra_test.cc +++ b/src/crypto/evp/evp_extra_test.cc @@ -638,3 +638,60 @@ TEST(EVPExtraTest, Ed25519) { EXPECT_FALSE(EVP_DigestVerifyFinal(ctx.get(), nullptr, 0)); ERR_clear_error(); } + +static void ExpectECGroupOnly(const EVP_PKEY *pkey, int nid) { + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + ASSERT_TRUE(ec); + const EC_GROUP *group = EC_KEY_get0_group(ec); + ASSERT_TRUE(group); + EXPECT_EQ(nid, EC_GROUP_get_curve_name(group)); + EXPECT_FALSE(EC_KEY_get0_public_key(ec)); + EXPECT_FALSE(EC_KEY_get0_private_key(ec)); +} + +static void ExpectECGroupAndKey(const EVP_PKEY *pkey, int nid) { + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + ASSERT_TRUE(ec); + const EC_GROUP *group = EC_KEY_get0_group(ec); + ASSERT_TRUE(group); + EXPECT_EQ(nid, EC_GROUP_get_curve_name(group)); + EXPECT_TRUE(EC_KEY_get0_public_key(ec)); + EXPECT_TRUE(EC_KEY_get0_private_key(ec)); +} + +TEST(EVPExtraTest, ECKeygen) { + // |EVP_PKEY_paramgen| may be used as an extremely roundabout way to get an + // |EC_GROUP|. + bssl::UniquePtr ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr)); + ASSERT_TRUE(ctx); + ASSERT_TRUE(EVP_PKEY_paramgen_init(ctx.get())); + ASSERT_TRUE( + EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx.get(), NID_X9_62_prime256v1)); + EVP_PKEY *raw = nullptr; + ASSERT_TRUE(EVP_PKEY_paramgen(ctx.get(), &raw)); + bssl::UniquePtr pkey(raw); + raw = nullptr; + ExpectECGroupOnly(pkey.get(), NID_X9_62_prime256v1); + + // That resulting |EVP_PKEY| may be used as a template for key generation. + ctx.reset(EVP_PKEY_CTX_new(pkey.get(), nullptr)); + ASSERT_TRUE(ctx); + ASSERT_TRUE(EVP_PKEY_keygen_init(ctx.get())); + raw = nullptr; + ASSERT_TRUE(EVP_PKEY_keygen(ctx.get(), &raw)); + pkey.reset(raw); + raw = nullptr; + ExpectECGroupAndKey(pkey.get(), NID_X9_62_prime256v1); + + // |EVP_PKEY_paramgen| may also be skipped. + ctx.reset(EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr)); + ASSERT_TRUE(ctx); + ASSERT_TRUE(EVP_PKEY_keygen_init(ctx.get())); + ASSERT_TRUE( + EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx.get(), NID_X9_62_prime256v1)); + raw = nullptr; + ASSERT_TRUE(EVP_PKEY_keygen(ctx.get(), &raw)); + pkey.reset(raw); + raw = nullptr; + ExpectECGroupAndKey(pkey.get(), NID_X9_62_prime256v1); +} diff --git a/src/crypto/evp/evp_test.cc b/src/crypto/evp/evp_test.cc index 70d016a..6571c30 100644 --- a/src/crypto/evp/evp_test.cc +++ b/src/crypto/evp/evp_test.cc @@ -432,9 +432,19 @@ static void RunWycheproofTest(const char *path) { t->IgnoreInstruction("keysize"); t->IgnoreInstruction("n"); t->IgnoreAttribute("padding"); + t->IgnoreInstruction("keyJwk.alg"); + t->IgnoreInstruction("keyJwk.e"); + t->IgnoreInstruction("keyJwk.kid"); + t->IgnoreInstruction("keyJwk.kty"); + t->IgnoreInstruction("keyJwk.n"); // Extra EdDSA fields. t->IgnoreInstruction("key.pk"); t->IgnoreInstruction("key.sk"); + t->IgnoreInstruction("jwk.crv"); + t->IgnoreInstruction("jwk.d"); + t->IgnoreInstruction("jwk.kid"); + t->IgnoreInstruction("jwk.kty"); + t->IgnoreInstruction("jwk.x"); // Extra DSA fields. t->IgnoreInstruction("key.g"); t->IgnoreInstruction("key.p"); diff --git a/src/crypto/evp/internal.h b/src/crypto/evp/internal.h index 4aefa35..43847ea 100644 --- a/src/crypto/evp/internal.h +++ b/src/crypto/evp/internal.h @@ -119,6 +119,7 @@ struct evp_pkey_asn1_method_st { #define EVP_PKEY_OP_ENCRYPT (1 << 6) #define EVP_PKEY_OP_DECRYPT (1 << 7) #define EVP_PKEY_OP_DERIVE (1 << 8) +#define EVP_PKEY_OP_PARAMGEN (1 << 9) #define EVP_PKEY_OP_TYPE_SIG \ (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER) @@ -128,7 +129,7 @@ struct evp_pkey_asn1_method_st { #define EVP_PKEY_OP_TYPE_NOGEN \ (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) -#define EVP_PKEY_OP_TYPE_GEN EVP_PKEY_OP_KEYGEN +#define EVP_PKEY_OP_TYPE_GEN (EVP_PKEY_OP_KEYGEN | EVP_PKEY_OP_PARAMGEN) // EVP_PKEY_CTX_ctrl performs |cmd| on |ctx|. The |keytype| and |optype| // arguments can be -1 to specify that any type and operation are acceptable, @@ -171,6 +172,7 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, #define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 10) #define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 11) #define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) +#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 13) struct evp_pkey_ctx_st { // Method associated with this operation @@ -219,6 +221,8 @@ struct evp_pkey_method_st { int (*derive)(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *keylen); + int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); } /* EVP_PKEY_METHOD */; diff --git a/src/crypto/evp/p_ec.c b/src/crypto/evp/p_ec.c index d311d22..9c325ae 100644 --- a/src/crypto/evp/p_ec.c +++ b/src/crypto/evp/p_ec.c @@ -76,6 +76,7 @@ typedef struct { // message digest const EVP_MD *md; + EC_GROUP *gen_group; } EC_PKEY_CTX; @@ -111,6 +112,7 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) { return; } + EC_GROUP_free(dctx->gen_group); OPENSSL_free(dctx); } @@ -199,6 +201,16 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { // Default behaviour is OK return 1; + case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: { + EC_GROUP *group = EC_GROUP_new_by_curve_name(p1); + if (group == NULL) { + return 0; + } + EC_GROUP_free(dctx->gen_group); + dctx->gen_group = group; + return 1; + } + default: OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED); return 0; @@ -206,14 +218,35 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { } static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - if (ctx->pkey == NULL) { + EC_PKEY_CTX *dctx = ctx->data; + const EC_GROUP *group = dctx->gen_group; + if (group == NULL) { + if (ctx->pkey == NULL) { + OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET); + return 0; + } + group = EC_KEY_get0_group(ctx->pkey->pkey.ec); + } + EC_KEY *ec = EC_KEY_new(); + if (ec == NULL || + !EC_KEY_set_group(ec, group) || + !EC_KEY_generate_key(ec)) { + EC_KEY_free(ec); + return 0; + } + EVP_PKEY_assign_EC_KEY(pkey, ec); + return 1; +} + +static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { + EC_PKEY_CTX *dctx = ctx->data; + if (dctx->gen_group == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET); return 0; } EC_KEY *ec = EC_KEY_new(); if (ec == NULL || - !EC_KEY_set_group(ec, EC_KEY_get0_group(ctx->pkey->pkey.ec)) || - !EC_KEY_generate_key(ec)) { + !EC_KEY_set_group(ec, dctx->gen_group)) { EC_KEY_free(ec); return 0; } @@ -235,5 +268,20 @@ const EVP_PKEY_METHOD ec_pkey_meth = { NULL /* encrypt */, NULL /* decrypt */, pkey_ec_derive, + pkey_ec_paramgen, pkey_ec_ctrl, }; + +int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) { + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN, + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL); +} + +int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int encoding) { + // BoringSSL only supports named curve syntax. + if (encoding != OPENSSL_EC_NAMED_CURVE) { + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PARAMETERS); + return 0; + } + return 1; +} diff --git a/src/crypto/evp/p_ed25519.c b/src/crypto/evp/p_ed25519.c index 554a379..062ea45 100644 --- a/src/crypto/evp/p_ed25519.c +++ b/src/crypto/evp/p_ed25519.c @@ -67,5 +67,6 @@ const EVP_PKEY_METHOD ed25519_pkey_meth = { NULL /* encrypt */, NULL /* decrypt */, NULL /* derive */, + NULL /* paramgen */, NULL /* ctrl */, }; diff --git a/src/crypto/evp/p_rsa.c b/src/crypto/evp/p_rsa.c index cfc6bea..eb59901 100644 --- a/src/crypto/evp/p_rsa.c +++ b/src/crypto/evp/p_rsa.c @@ -553,7 +553,8 @@ const EVP_PKEY_METHOD rsa_pkey_meth = { pkey_rsa_verify_recover, pkey_rsa_encrypt, pkey_rsa_decrypt, - 0 /* derive */, + NULL /* derive */, + NULL /* paramgen */, pkey_rsa_ctrl, }; diff --git a/src/crypto/fipsmodule/CMakeLists.txt b/src/crypto/fipsmodule/CMakeLists.txt index 463febb..b459263 100644 --- a/src/crypto/fipsmodule/CMakeLists.txt +++ b/src/crypto/fipsmodule/CMakeLists.txt @@ -8,6 +8,7 @@ if(${ARCH} STREQUAL "x86_64") aesni-x86_64.${ASM_EXT} aes-x86_64.${ASM_EXT} bsaes-x86_64.${ASM_EXT} + ghash-ssse3-x86_64.${ASM_EXT} ghash-x86_64.${ASM_EXT} md5-x86_64.${ASM_EXT} p256-x86_64-asm.${ASM_EXT} @@ -96,6 +97,7 @@ perlasm(co-586.${ASM_EXT} bn/asm/co-586.pl) perlasm(ghash-armv4.${ASM_EXT} modes/asm/ghash-armv4.pl) perlasm(ghashp8-ppc.${ASM_EXT} modes/asm/ghashp8-ppc.pl) perlasm(ghashv8-armx.${ASM_EXT} modes/asm/ghashv8-armx.pl) +perlasm(ghash-ssse3-x86_64.${ASM_EXT} modes/asm/ghash-ssse3-x86_64.pl) perlasm(ghash-x86_64.${ASM_EXT} modes/asm/ghash-x86_64.pl) perlasm(ghash-x86.${ASM_EXT} modes/asm/ghash-x86.pl) perlasm(md5-586.${ASM_EXT} md5/asm/md5-586.pl) diff --git a/src/crypto/fipsmodule/aes/aes.c b/src/crypto/fipsmodule/aes/aes.c index f654cb1..8a1ca31 100644 --- a/src/crypto/fipsmodule/aes/aes.c +++ b/src/crypto/fipsmodule/aes/aes.c @@ -534,8 +534,8 @@ static const uint32_t rcon[] = { // for 128-bit blocks, Rijndael never uses more than 10 rcon values }; -static int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey) { +int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey) { uint32_t *rk; int i = 0; uint32_t temp; @@ -630,8 +630,8 @@ static int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, return 0; } -static int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey) { +int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey) { uint32_t *rk; int i, j, status; uint32_t temp; @@ -679,8 +679,7 @@ static int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, return 0; } -static void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key) { +void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { const uint32_t *rk; uint32_t s0, s1, s2, s3, t0, t1, t2, t3; int r; @@ -741,8 +740,7 @@ static void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, PUTU32(out + 12, s3); } -static void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key) { +void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { const uint32_t *rk; uint32_t s0, s1, s2, s3, t0, t1, t2, t3; int r; @@ -808,27 +806,18 @@ static void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, PUTU32(out + 12, s3); } -#else // NO_ASM || (!X86 && !X86_64 && !ARM) - -// If not implemented in C, these functions will be provided by assembly code. -void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); -void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); -int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey); -int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey); - -#endif +#endif // NO_ASM || (!X86 && !X86_64 && !ARM) -// Be aware that on x86(-64), the |aes_nohw_*| functions are incompatible with -// the aes_hw_* functions. The latter set |AES_KEY.rounds| to one less than the -// true value, which breaks the former. Therefore the two functions cannot mix. -// Also, on Aarch64, the plain-C code, above, is incompatible with the -// |aes_hw_*| functions. +// Be aware that different sets of AES functions use incompatible key +// representations, varying in format of the key schedule, the |AES_KEY.rounds| +// value, or both. Therefore they cannot mix. Also, on AArch64, the plain-C +// code, above, is incompatible with the |aes_hw_*| functions. void AES_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { if (hwaes_capable()) { aes_hw_encrypt(in, out, key); + } else if (vpaes_capable()) { + vpaes_encrypt(in, out, key); } else { aes_nohw_encrypt(in, out, key); } @@ -837,6 +826,8 @@ void AES_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { void AES_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { if (hwaes_capable()) { aes_hw_decrypt(in, out, key); + } else if (vpaes_capable()) { + vpaes_decrypt(in, out, key); } else { aes_nohw_decrypt(in, out, key); } @@ -845,6 +836,8 @@ void AES_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { int AES_set_encrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) { if (hwaes_capable()) { return aes_hw_set_encrypt_key(key, bits, aeskey); + } else if (vpaes_capable()) { + return vpaes_set_encrypt_key(key, bits, aeskey); } else { return aes_nohw_set_encrypt_key(key, bits, aeskey); } @@ -853,6 +846,8 @@ int AES_set_encrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) { int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) { if (hwaes_capable()) { return aes_hw_set_decrypt_key(key, bits, aeskey); + } else if (vpaes_capable()) { + return vpaes_set_decrypt_key(key, bits, aeskey); } else { return aes_nohw_set_decrypt_key(key, bits, aeskey); } diff --git a/src/crypto/fipsmodule/aes/aes_test.cc b/src/crypto/fipsmodule/aes/aes_test.cc index ccec597..a0c9411 100644 --- a/src/crypto/fipsmodule/aes/aes_test.cc +++ b/src/crypto/fipsmodule/aes/aes_test.cc @@ -23,7 +23,9 @@ #include +#include "internal.h" #include "../../internal.h" +#include "../../test/abi_test.h" #include "../../test/file_test.h" #include "../../test/test_util.h" #include "../../test/wycheproof_util.h" @@ -186,3 +188,105 @@ TEST(AESTest, WrapBadLengths) { AES_wrap_key(&aes, nullptr, out.data(), in.data(), in.size())); } } + +#if defined(SUPPORTS_ABI_TEST) +TEST(AESTest, ABI) { + for (int bits : {128, 192, 256}) { + SCOPED_TRACE(bits); + const uint8_t kKey[256/8] = {0}; + AES_KEY key; + uint8_t block[AES_BLOCK_SIZE]; + uint8_t buf[AES_BLOCK_SIZE * 64] = {0}; + std::vector block_counts; + if (bits == 128) { + block_counts = {0, 1, 2, 3, 4, 8, 16, 31}; + } else { + // Unwind tests are very slow. Assume that the various input sizes do not + // differ significantly by round count for ABI purposes. + block_counts = {0, 1, 8}; + } + + CHECK_ABI(aes_nohw_set_encrypt_key, kKey, bits, &key); + CHECK_ABI(aes_nohw_encrypt, block, block, &key); +#if defined(AES_NOHW_CBC) + for (size_t blocks : block_counts) { + SCOPED_TRACE(blocks); + CHECK_ABI(aes_nohw_cbc_encrypt, buf, buf, AES_BLOCK_SIZE * blocks, &key, + block, AES_ENCRYPT); + } +#endif + + CHECK_ABI(aes_nohw_set_decrypt_key, kKey, bits, &key); + CHECK_ABI(aes_nohw_decrypt, block, block, &key); +#if defined(AES_NOHW_CBC) + for (size_t blocks : block_counts) { + SCOPED_TRACE(blocks); + CHECK_ABI(aes_nohw_cbc_encrypt, buf, buf, AES_BLOCK_SIZE * blocks, &key, + block, AES_DECRYPT); + } +#endif + + if (bsaes_capable()) { + aes_nohw_set_encrypt_key(kKey, bits, &key); + for (size_t blocks : block_counts) { + SCOPED_TRACE(blocks); + if (blocks != 0) { + CHECK_ABI(bsaes_ctr32_encrypt_blocks, buf, buf, blocks, &key, block); + } + } + + aes_nohw_set_decrypt_key(kKey, bits, &key); + for (size_t blocks : block_counts) { + SCOPED_TRACE(blocks); + CHECK_ABI(bsaes_cbc_encrypt, buf, buf, AES_BLOCK_SIZE * blocks, &key, + block, AES_DECRYPT); + } + } + + if (vpaes_capable()) { + CHECK_ABI(vpaes_set_encrypt_key, kKey, bits, &key); + CHECK_ABI(vpaes_encrypt, block, block, &key); + for (size_t blocks : block_counts) { + SCOPED_TRACE(blocks); + CHECK_ABI(vpaes_cbc_encrypt, buf, buf, AES_BLOCK_SIZE * blocks, &key, + block, AES_ENCRYPT); + } + + CHECK_ABI(vpaes_set_decrypt_key, kKey, bits, &key); + CHECK_ABI(vpaes_decrypt, block, block, &key); + for (size_t blocks : block_counts) { + SCOPED_TRACE(blocks); + CHECK_ABI(vpaes_cbc_encrypt, buf, buf, AES_BLOCK_SIZE * blocks, &key, + block, AES_DECRYPT); + } + } + + if (hwaes_capable()) { + CHECK_ABI(aes_hw_set_encrypt_key, kKey, bits, &key); + CHECK_ABI(aes_hw_encrypt, block, block, &key); + for (size_t blocks : block_counts) { + SCOPED_TRACE(blocks); + CHECK_ABI(aes_hw_cbc_encrypt, buf, buf, AES_BLOCK_SIZE * blocks, &key, + block, AES_ENCRYPT); + CHECK_ABI(aes_hw_ctr32_encrypt_blocks, buf, buf, blocks, &key, block); +#if defined(HWAES_ECB) + CHECK_ABI(aes_hw_ecb_encrypt, buf, buf, AES_BLOCK_SIZE * blocks, &key, + AES_ENCRYPT); +#endif + } + + CHECK_ABI(aes_hw_set_decrypt_key, kKey, bits, &key); + CHECK_ABI(aes_hw_decrypt, block, block, &key); + for (size_t blocks : block_counts) { + SCOPED_TRACE(blocks); + CHECK_ABI(aes_hw_cbc_encrypt, buf, buf, AES_BLOCK_SIZE * blocks, &key, + block, AES_DECRYPT); +#if defined(HWAES_ECB) + CHECK_ABI(aes_hw_ecb_encrypt, buf, buf, AES_BLOCK_SIZE * blocks, &key, + AES_DECRYPT); +#endif + } + } + } +} +#endif // SUPPORTS_ABI_TEST diff --git a/src/crypto/fipsmodule/aes/asm/aes-x86_64.pl b/src/crypto/fipsmodule/aes/asm/aes-x86_64.pl index 57c4e08..ea8b9a4 100755 --- a/src/crypto/fipsmodule/aes/asm/aes-x86_64.pl +++ b/src/crypto/fipsmodule/aes/asm/aes-x86_64.pl @@ -554,6 +554,7 @@ $code.=<<___; .type _x86_64_AES_encrypt_compact,\@abi-omnipotent .align 16 _x86_64_AES_encrypt_compact: +.cfi_startproc lea 128($sbox),$inp # size optimization mov 0-128($inp),$acc1 # prefetch Te4 mov 32-128($inp),$acc2 @@ -587,6 +588,7 @@ $code.=<<___; xor 8($key),$s2 xor 12($key),$s3 .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact ___ @@ -1159,6 +1161,7 @@ $code.=<<___; .type _x86_64_AES_decrypt_compact,\@abi-omnipotent .align 16 _x86_64_AES_decrypt_compact: +.cfi_startproc lea 128($sbox),$inp # size optimization mov 0-128($inp),$acc1 # prefetch Td4 mov 32-128($inp),$acc2 @@ -1201,6 +1204,7 @@ $code.=<<___; xor 8($key),$s2 xor 12($key),$s3 .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact ___ @@ -1360,6 +1364,7 @@ aes_nohw_set_encrypt_key: .type _x86_64_AES_set_encrypt_key,\@abi-omnipotent .align 16 _x86_64_AES_set_encrypt_key: +.cfi_startproc mov %esi,%ecx # %ecx=bits mov %rdi,%rsi # %rsi=userKey mov %rdx,%rdi # %rdi=key @@ -1541,6 +1546,7 @@ $code.=<<___; mov \$-1,%rax .Lexit: .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key ___ @@ -1720,7 +1726,9 @@ aes_nohw_cbc_encrypt: cmp \$0,%rdx # check length je .Lcbc_epilogue pushfq -.cfi_push 49 # %rflags +# This could be .cfi_push 49, but libunwind fails on registers it does not +# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087. +.cfi_adjust_cfa_offset 8 push %rbx .cfi_push %rbx push %rbp @@ -1743,6 +1751,7 @@ aes_nohw_cbc_encrypt: cmp \$0,%r9 cmoveq %r10,$sbox +.cfi_remember_state leaq OPENSSL_ia32cap_P(%rip),%r10 mov (%r10), %r10d cmp \$$speed_limit,%rdx @@ -1979,6 +1988,7 @@ aes_nohw_cbc_encrypt: #--------------------------- SLOW ROUTINE ---------------------------# .align 16 .Lcbc_slow_prologue: +.cfi_restore_state # allocate aligned stack frame... lea -88(%rsp),%rbp and \$-64,%rbp @@ -1990,8 +2000,10 @@ aes_nohw_cbc_encrypt: sub %r10,%rbp xchg %rsp,%rbp +.cfi_def_cfa_register %rbp #add \$8,%rsp # reserve for return address! mov %rbp,$_rsp # save %rsp +.cfi_cfa_expression $_rsp,deref,+64 .Lcbc_slow_body: #mov %rdi,$_inp # save copy of inp #mov %rsi,$_out # save copy of out @@ -2180,7 +2192,9 @@ aes_nohw_cbc_encrypt: .cfi_def_cfa %rsp,16 .Lcbc_popfq: popfq -.cfi_pop 49 # %rflags +# This could be .cfi_pop 49, but libunwind fails on registers it does not +# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087. +.cfi_adjust_cfa_offset -8 .Lcbc_epilogue: ret .cfi_endproc diff --git a/src/crypto/fipsmodule/aes/asm/aesni-x86.pl b/src/crypto/fipsmodule/aes/asm/aesni-x86.pl index aff2b40..fcb5b98 100644 --- a/src/crypto/fipsmodule/aes/asm/aesni-x86.pl +++ b/src/crypto/fipsmodule/aes/asm/aesni-x86.pl @@ -84,6 +84,9 @@ open OUT,">$output"; &asm_init($ARGV[0]); &external_label("OPENSSL_ia32cap_P"); +&preprocessor_ifndef("NDEBUG") +&external_label("BORINGSSL_function_hit"); +&preprocessor_endif(); &static_label("key_const"); if ($PREFIX eq $AESNI_PREFIX) { $movekey=\&movups; } @@ -193,6 +196,8 @@ sub aesni_generate1 # fully unrolled loop # void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key); &aesni_generate1("enc") if (!$inline); &function_begin_B("${PREFIX}_encrypt"); + &record_function_hit(1); + &mov ("eax",&wparam(0)); &mov ($key,&wparam(2)); &movups ($inout0,&QWP(0,"eax")); @@ -875,6 +880,8 @@ if ($PREFIX eq $AESNI_PREFIX) { # 80 saved %esp &function_begin("${PREFIX}_ctr32_encrypt_blocks"); + &record_function_hit(0); + &mov ($inp,&wparam(0)); &mov ($out,&wparam(1)); &mov ($len,&wparam(2)); @@ -2483,6 +2490,8 @@ if ($PREFIX eq $AESNI_PREFIX) { # int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits, # AES_KEY *key) &function_begin_B("${PREFIX}_set_encrypt_key"); + &record_function_hit(3); + &mov ("eax",&wparam(0)); &mov ($rounds,&wparam(1)); &mov ($key,&wparam(2)); diff --git a/src/crypto/fipsmodule/aes/asm/aesni-x86_64.pl b/src/crypto/fipsmodule/aes/asm/aesni-x86_64.pl index 6545274..b608425 100644 --- a/src/crypto/fipsmodule/aes/asm/aesni-x86_64.pl +++ b/src/crypto/fipsmodule/aes/asm/aesni-x86_64.pl @@ -274,6 +274,13 @@ $code.=<<___; .type ${PREFIX}_encrypt,\@abi-omnipotent .align 16 ${PREFIX}_encrypt: +.cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS +.extern BORINGSSL_function_hit + movb \$1,BORINGSSL_function_hit+1(%rip) +#endif +#endif movups ($inp),$inout0 # load input mov 240($key),$rounds # key->rounds ___ @@ -284,12 +291,14 @@ $code.=<<___; movups $inout0,($out) # output pxor $inout0,$inout0 ret +.cfi_endproc .size ${PREFIX}_encrypt,.-${PREFIX}_encrypt .globl ${PREFIX}_decrypt .type ${PREFIX}_decrypt,\@abi-omnipotent .align 16 ${PREFIX}_decrypt: +.cfi_startproc movups ($inp),$inout0 # load input mov 240($key),$rounds # key->rounds ___ @@ -300,6 +309,7 @@ $code.=<<___; movups $inout0,($out) # output pxor $inout0,$inout0 ret +.cfi_endproc .size ${PREFIX}_decrypt, .-${PREFIX}_decrypt ___ } @@ -325,6 +335,7 @@ $code.=<<___; .type _aesni_${dir}rypt2,\@abi-omnipotent .align 16 _aesni_${dir}rypt2: +.cfi_startproc $movkey ($key),$rndkey0 shl \$4,$rounds $movkey 16($key),$rndkey1 @@ -350,6 +361,7 @@ _aesni_${dir}rypt2: aes${dir}last $rndkey0,$inout0 aes${dir}last $rndkey0,$inout1 ret +.cfi_endproc .size _aesni_${dir}rypt2,.-_aesni_${dir}rypt2 ___ } @@ -361,6 +373,7 @@ $code.=<<___; .type _aesni_${dir}rypt3,\@abi-omnipotent .align 16 _aesni_${dir}rypt3: +.cfi_startproc $movkey ($key),$rndkey0 shl \$4,$rounds $movkey 16($key),$rndkey1 @@ -391,6 +404,7 @@ _aesni_${dir}rypt3: aes${dir}last $rndkey0,$inout1 aes${dir}last $rndkey0,$inout2 ret +.cfi_endproc .size _aesni_${dir}rypt3,.-_aesni_${dir}rypt3 ___ } @@ -406,6 +420,7 @@ $code.=<<___; .type _aesni_${dir}rypt4,\@abi-omnipotent .align 16 _aesni_${dir}rypt4: +.cfi_startproc $movkey ($key),$rndkey0 shl \$4,$rounds $movkey 16($key),$rndkey1 @@ -442,6 +457,7 @@ _aesni_${dir}rypt4: aes${dir}last $rndkey0,$inout2 aes${dir}last $rndkey0,$inout3 ret +.cfi_endproc .size _aesni_${dir}rypt4,.-_aesni_${dir}rypt4 ___ } @@ -453,6 +469,7 @@ $code.=<<___; .type _aesni_${dir}rypt6,\@abi-omnipotent .align 16 _aesni_${dir}rypt6: +.cfi_startproc $movkey ($key),$rndkey0 shl \$4,$rounds $movkey 16($key),$rndkey1 @@ -503,6 +520,7 @@ _aesni_${dir}rypt6: aes${dir}last $rndkey0,$inout4 aes${dir}last $rndkey0,$inout5 ret +.cfi_endproc .size _aesni_${dir}rypt6,.-_aesni_${dir}rypt6 ___ } @@ -514,6 +532,7 @@ $code.=<<___; .type _aesni_${dir}rypt8,\@abi-omnipotent .align 16 _aesni_${dir}rypt8: +.cfi_startproc $movkey ($key),$rndkey0 shl \$4,$rounds $movkey 16($key),$rndkey1 @@ -574,6 +593,7 @@ _aesni_${dir}rypt8: aes${dir}last $rndkey0,$inout6 aes${dir}last $rndkey0,$inout7 ret +.cfi_endproc .size _aesni_${dir}rypt8,.-_aesni_${dir}rypt8 ___ } @@ -598,6 +618,7 @@ $code.=<<___; .type ${PREFIX}_ecb_encrypt,\@function,5 .align 16 ${PREFIX}_ecb_encrypt: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp @@ -943,6 +964,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size ${PREFIX}_ecb_encrypt,.-${PREFIX}_ecb_encrypt ___ @@ -956,7 +978,7 @@ ___ # does not update *ivec! Nor does it finalize CMAC value # (see engine/eng_aesni.c for details) # -{ +if (0) { # Omit these functions in BoringSSL my $cmac="%r9"; # 6th argument my $increment="%xmm9"; @@ -1183,6 +1205,11 @@ $code.=<<___; .align 16 ${PREFIX}_ctr32_encrypt_blocks: .cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS + movb \$1,BORINGSSL_function_hit(%rip) +#endif +#endif cmp \$1,$len jne .Lctr32_bulk @@ -1743,7 +1770,7 @@ ___ # const AES_KEY *key1, const AES_KEY *key2 # const unsigned char iv[16]); # -{ +if (0) { # Omit these functions in BoringSSL my @tweak=map("%xmm$_",(10..15)); my ($twmask,$twres,$twtmp)=("%xmm8","%xmm9",@tweak[4]); my ($key2,$ivp,$len_)=("%r8","%r9","%r9"); @@ -2749,7 +2776,7 @@ ___ # unsigned char offset_i[16], const unsigned char L_[][16], # unsigned char checksum[16]); # -{ +if (0) { # Omit these functions in BoringSSL my @offset=map("%xmm$_",(10..15)); my ($checksum,$rndkey0l)=("%xmm8","%xmm9"); my ($block_num,$offset_p)=("%r8","%r9"); # 5th and 6th arguments @@ -4236,7 +4263,7 @@ $code.=<<___; .cfi_endproc .size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt ___ -} +} # int ${PREFIX}_set_decrypt_key(const unsigned char *inp, # int bits, AES_KEY *key) # @@ -4327,6 +4354,11 @@ $code.=<<___; ${PREFIX}_set_encrypt_key: __aesni_set_encrypt_key: .cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS + movb \$1,BORINGSSL_function_hit+3(%rip) +#endif +#endif .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 .cfi_adjust_cfa_offset 8 mov \$-1,%rax @@ -4822,6 +4854,9 @@ ctr_xts_se_handler: jmp .Lcommon_seh_tail .size ctr_xts_se_handler,.-ctr_xts_se_handler +___ +# BoringSSL omits the OCB functions. +$code.=<<___ if (0); .type ocb_se_handler,\@abi-omnipotent .align 16 ocb_se_handler: @@ -4973,33 +5008,9 @@ $code.=<<___ if ($PREFIX eq "aes_hw"); .rva .LSEH_end_${PREFIX}_ecb_encrypt .rva .LSEH_info_ecb - .rva .LSEH_begin_${PREFIX}_ccm64_encrypt_blocks - .rva .LSEH_end_${PREFIX}_ccm64_encrypt_blocks - .rva .LSEH_info_ccm64_enc - - .rva .LSEH_begin_${PREFIX}_ccm64_decrypt_blocks - .rva .LSEH_end_${PREFIX}_ccm64_decrypt_blocks - .rva .LSEH_info_ccm64_dec - .rva .LSEH_begin_${PREFIX}_ctr32_encrypt_blocks .rva .LSEH_end_${PREFIX}_ctr32_encrypt_blocks .rva .LSEH_info_ctr32 - - .rva .LSEH_begin_${PREFIX}_xts_encrypt - .rva .LSEH_end_${PREFIX}_xts_encrypt - .rva .LSEH_info_xts_enc - - .rva .LSEH_begin_${PREFIX}_xts_decrypt - .rva .LSEH_end_${PREFIX}_xts_decrypt - .rva .LSEH_info_xts_dec - - .rva .LSEH_begin_${PREFIX}_ocb_encrypt - .rva .LSEH_end_${PREFIX}_ocb_encrypt - .rva .LSEH_info_ocb_enc - - .rva .LSEH_begin_${PREFIX}_ocb_decrypt - .rva .LSEH_end_${PREFIX}_ocb_decrypt - .rva .LSEH_info_ocb_dec ___ $code.=<<___; .rva .LSEH_begin_${PREFIX}_cbc_encrypt @@ -5021,38 +5032,10 @@ $code.=<<___ if ($PREFIX eq "aes_hw"); .byte 9,0,0,0 .rva ecb_ccm64_se_handler .rva .Lecb_enc_body,.Lecb_enc_ret # HandlerData[] -.LSEH_info_ccm64_enc: - .byte 9,0,0,0 - .rva ecb_ccm64_se_handler - .rva .Lccm64_enc_body,.Lccm64_enc_ret # HandlerData[] -.LSEH_info_ccm64_dec: - .byte 9,0,0,0 - .rva ecb_ccm64_se_handler - .rva .Lccm64_dec_body,.Lccm64_dec_ret # HandlerData[] .LSEH_info_ctr32: .byte 9,0,0,0 .rva ctr_xts_se_handler .rva .Lctr32_body,.Lctr32_epilogue # HandlerData[] -.LSEH_info_xts_enc: - .byte 9,0,0,0 - .rva ctr_xts_se_handler - .rva .Lxts_enc_body,.Lxts_enc_epilogue # HandlerData[] -.LSEH_info_xts_dec: - .byte 9,0,0,0 - .rva ctr_xts_se_handler - .rva .Lxts_dec_body,.Lxts_dec_epilogue # HandlerData[] -.LSEH_info_ocb_enc: - .byte 9,0,0,0 - .rva ocb_se_handler - .rva .Locb_enc_body,.Locb_enc_epilogue # HandlerData[] - .rva .Locb_enc_pop - .long 0 -.LSEH_info_ocb_dec: - .byte 9,0,0,0 - .rva ocb_se_handler - .rva .Locb_dec_body,.Locb_dec_epilogue # HandlerData[] - .rva .Locb_dec_pop - .long 0 ___ $code.=<<___; .LSEH_info_cbc: diff --git a/src/crypto/fipsmodule/aes/asm/bsaes-armv7.pl b/src/crypto/fipsmodule/aes/asm/bsaes-armv7.pl index 775dbd5..11607d1 100644 --- a/src/crypto/fipsmodule/aes/asm/bsaes-armv7.pl +++ b/src/crypto/fipsmodule/aes/asm/bsaes-armv7.pl @@ -1113,8 +1113,11 @@ my ($inp,$out,$len,$key, $ivp,$fp,$rounds)=map("r$_",(0..3,8..10)); my ($keysched)=("sp"); $code.=<<___; +@ TODO(davidben): This should be aes_nohw_cbc_encrypt, but that function does +@ not exist. Rather than add it, patch this fallback out. See +@ https://crbug.com/boringssl/256. .extern AES_cbc_encrypt -.extern AES_decrypt +.extern aes_nohw_decrypt .global bsaes_cbc_encrypt .type bsaes_cbc_encrypt,%function @@ -1360,7 +1363,7 @@ bsaes_cbc_encrypt: mov r2, $key vmov @XMM[4],@XMM[15] @ just in case ensure that IV vmov @XMM[5],@XMM[0] @ and input are preserved - bl AES_decrypt + bl aes_nohw_decrypt vld1.8 {@XMM[0]}, [$fp] @ load result veor @XMM[0], @XMM[0], @XMM[4] @ ^= IV vmov @XMM[15], @XMM[5] @ @XMM[5] holds input @@ -1390,7 +1393,7 @@ my $const = "r6"; # shared with _bsaes_encrypt8_alt my $keysched = "sp"; $code.=<<___; -.extern AES_encrypt +.extern aes_nohw_encrypt .global bsaes_ctr32_encrypt_blocks .type bsaes_ctr32_encrypt_blocks,%function .align 5 @@ -1596,7 +1599,7 @@ bsaes_ctr32_encrypt_blocks: mov r1, sp @ output on the stack mov r2, r7 @ key - bl AES_encrypt + bl aes_nohw_encrypt vld1.8 {@XMM[0]}, [r4]! @ load input vld1.8 {@XMM[1]}, [sp] @ load encrypted counter @@ -1620,7 +1623,8 @@ bsaes_ctr32_encrypt_blocks: .size bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks ___ } -{ +# In BorinSSL, we patch XTS support out. +if (0) { ###################################################################### # void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len, # const AES_KEY *key1, const AES_KEY *key2, @@ -1657,7 +1661,7 @@ bsaes_xts_encrypt: ldr r0, [ip, #4] @ iv[] mov r1, sp ldr r2, [ip, #0] @ key2 - bl AES_encrypt + bl aes_nohw_encrypt mov r0,sp @ pointer to initial tweak #endif @@ -1975,7 +1979,7 @@ $code.=<<___; mov r2, $key mov r4, $fp @ preserve fp - bl AES_encrypt + bl aes_nohw_encrypt vld1.8 {@XMM[0]}, [sp,:128] veor @XMM[0], @XMM[0], @XMM[8] @@ -2007,7 +2011,7 @@ $code.=<<___; mov r2, $key mov r4, $fp @ preserve fp - bl AES_encrypt + bl aes_nohw_encrypt vld1.8 {@XMM[0]}, [sp,:128] veor @XMM[0], @XMM[0], @XMM[8] @@ -2061,7 +2065,7 @@ bsaes_xts_decrypt: ldr r0, [ip, #4] @ iv[] mov r1, sp ldr r2, [ip, #0] @ key2 - bl AES_encrypt + bl aes_nohw_encrypt mov r0, sp @ pointer to initial tweak #endif @@ -2387,7 +2391,7 @@ $code.=<<___; mov r2, $key mov r4, $fp @ preserve fp - bl AES_decrypt + bl aes_nohw_decrypt vld1.8 {@XMM[0]}, [sp,:128] veor @XMM[0], @XMM[0], @XMM[8] @@ -2419,7 +2423,7 @@ $code.=<<___; mov r2, $key mov r4, $fp @ preserve fp - bl AES_decrypt + bl aes_nohw_decrypt vld1.8 {@XMM[0]}, [sp,:128] veor @XMM[0], @XMM[0], @XMM[9] @@ -2442,7 +2446,7 @@ $code.=<<___; vst1.8 {@XMM[0]}, [sp,:128] mov r2, $key - bl AES_decrypt + bl aes_nohw_decrypt vld1.8 {@XMM[0]}, [sp,:128] veor @XMM[0], @XMM[0], @XMM[8] diff --git a/src/crypto/fipsmodule/aes/asm/bsaes-x86_64.pl b/src/crypto/fipsmodule/aes/asm/bsaes-x86_64.pl index c0ade37..81331bf 100644 --- a/src/crypto/fipsmodule/aes/asm/bsaes-x86_64.pl +++ b/src/crypto/fipsmodule/aes/asm/bsaes-x86_64.pl @@ -817,6 +817,7 @@ $code.=<<___; .type _bsaes_encrypt8,\@abi-omnipotent .align 64 _bsaes_encrypt8: +.cfi_startproc lea .LBS0(%rip), $const # constants table movdqa ($key), @XMM[9] # round 0 key @@ -876,11 +877,13 @@ $code.=<<___; pxor @XMM[8], @XMM[0] pxor @XMM[8], @XMM[1] ret +.cfi_endproc .size _bsaes_encrypt8,.-_bsaes_encrypt8 .type _bsaes_decrypt8,\@abi-omnipotent .align 64 _bsaes_decrypt8: +.cfi_startproc lea .LBS0(%rip), $const # constants table movdqa ($key), @XMM[9] # round 0 key @@ -938,6 +941,7 @@ $code.=<<___; pxor @XMM[8], @XMM[0] pxor @XMM[8], @XMM[1] ret +.cfi_endproc .size _bsaes_decrypt8,.-_bsaes_decrypt8 ___ } @@ -972,6 +976,7 @@ $code.=<<___; .type _bsaes_key_convert,\@abi-omnipotent .align 16 _bsaes_key_convert: +.cfi_startproc lea .Lmasks(%rip), $const movdqu ($inp), %xmm7 # load round 0 key lea 0x10($inp), $inp @@ -1050,6 +1055,7 @@ _bsaes_key_convert: movdqa 0x50($const), %xmm7 # .L63 #movdqa %xmm6, ($out) # don't save last round key ret +.cfi_endproc .size _bsaes_key_convert,.-_bsaes_key_convert ___ } @@ -1914,6 +1920,12 @@ $code.=<<___; .align 16 bsaes_ctr32_encrypt_blocks: .cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS +.extern BORINGSSL_function_hit + movb \$1, BORINGSSL_function_hit+6(%rip) +#endif +#endif mov %rsp, %rax .Lctr_enc_prologue: push %rbp diff --git a/src/crypto/fipsmodule/aes/asm/vpaes-x86.pl b/src/crypto/fipsmodule/aes/asm/vpaes-x86.pl index 5f4b208..81e7e84 100644 --- a/src/crypto/fipsmodule/aes/asm/vpaes-x86.pl +++ b/src/crypto/fipsmodule/aes/asm/vpaes-x86.pl @@ -69,6 +69,9 @@ $PREFIX="vpaes"; my ($round, $base, $magic, $key, $const, $inp, $out)= ("eax", "ebx", "ecx", "edx","ebp", "esi","edi"); +&preprocessor_ifndef("NDEBUG") +&external_label("BORINGSSL_function_hit"); +&preprocessor_endif(); &static_label("_vpaes_consts"); &static_label("_vpaes_schedule_low_round"); @@ -758,6 +761,8 @@ $k_dsbo=0x2c0; # decryption sbox final output # Interface to OpenSSL # &function_begin("${PREFIX}_set_encrypt_key"); + record_function_hit(5); + &mov ($inp,&wparam(0)); # inp &lea ($base,&DWP(-56,"esp")); &mov ($round,&wparam(1)); # bits @@ -812,6 +817,8 @@ $k_dsbo=0x2c0; # decryption sbox final output &function_end("${PREFIX}_set_decrypt_key"); &function_begin("${PREFIX}_encrypt"); + record_function_hit(4); + &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); &call ("_vpaes_preheat"); &set_label("pic_point"); diff --git a/src/crypto/fipsmodule/aes/asm/vpaes-x86_64.pl b/src/crypto/fipsmodule/aes/asm/vpaes-x86_64.pl index a583ca4..47d9972 100644 --- a/src/crypto/fipsmodule/aes/asm/vpaes-x86_64.pl +++ b/src/crypto/fipsmodule/aes/asm/vpaes-x86_64.pl @@ -91,6 +91,7 @@ $code.=<<___; .type _vpaes_encrypt_core,\@abi-omnipotent .align 16 _vpaes_encrypt_core: +.cfi_startproc mov %rdx, %r9 mov \$16, %r11 mov 240(%rdx),%eax @@ -171,6 +172,7 @@ _vpaes_encrypt_core: pxor %xmm4, %xmm0 # 0 = A pshufb %xmm1, %xmm0 ret +.cfi_endproc .size _vpaes_encrypt_core,.-_vpaes_encrypt_core ## @@ -181,6 +183,7 @@ _vpaes_encrypt_core: .type _vpaes_decrypt_core,\@abi-omnipotent .align 16 _vpaes_decrypt_core: +.cfi_startproc mov %rdx, %r9 # load key mov 240(%rdx),%eax movdqa %xmm9, %xmm1 @@ -277,6 +280,7 @@ _vpaes_decrypt_core: pxor %xmm4, %xmm0 # 0 = A pshufb %xmm2, %xmm0 ret +.cfi_endproc .size _vpaes_decrypt_core,.-_vpaes_decrypt_core ######################################################## @@ -287,6 +291,7 @@ _vpaes_decrypt_core: .type _vpaes_schedule_core,\@abi-omnipotent .align 16 _vpaes_schedule_core: +.cfi_startproc # rdi = key # rsi = size in bits # rdx = buffer @@ -453,6 +458,7 @@ _vpaes_schedule_core: pxor %xmm6, %xmm6 pxor %xmm7, %xmm7 ret +.cfi_endproc .size _vpaes_schedule_core,.-_vpaes_schedule_core ## @@ -472,6 +478,7 @@ _vpaes_schedule_core: .type _vpaes_schedule_192_smear,\@abi-omnipotent .align 16 _vpaes_schedule_192_smear: +.cfi_startproc pshufd \$0x80, %xmm6, %xmm1 # d c 0 0 -> c 0 0 0 pshufd \$0xFE, %xmm7, %xmm0 # b a _ _ -> b b b a pxor %xmm1, %xmm6 # -> c+d c 0 0 @@ -480,6 +487,7 @@ _vpaes_schedule_192_smear: movdqa %xmm6, %xmm0 movhlps %xmm1, %xmm6 # clobber low side with zeros ret +.cfi_endproc .size _vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear ## @@ -503,6 +511,7 @@ _vpaes_schedule_192_smear: .type _vpaes_schedule_round,\@abi-omnipotent .align 16 _vpaes_schedule_round: +.cfi_startproc # extract rcon from xmm8 pxor %xmm1, %xmm1 palignr \$15, %xmm8, %xmm1 @@ -556,6 +565,7 @@ _vpaes_schedule_low_round: pxor %xmm7, %xmm0 movdqa %xmm0, %xmm7 ret +.cfi_endproc .size _vpaes_schedule_round,.-_vpaes_schedule_round ## @@ -570,6 +580,7 @@ _vpaes_schedule_low_round: .type _vpaes_schedule_transform,\@abi-omnipotent .align 16 _vpaes_schedule_transform: +.cfi_startproc movdqa %xmm9, %xmm1 pandn %xmm0, %xmm1 psrld \$4, %xmm1 @@ -580,6 +591,7 @@ _vpaes_schedule_transform: pshufb %xmm1, %xmm0 pxor %xmm2, %xmm0 ret +.cfi_endproc .size _vpaes_schedule_transform,.-_vpaes_schedule_transform ## @@ -608,6 +620,7 @@ _vpaes_schedule_transform: .type _vpaes_schedule_mangle,\@abi-omnipotent .align 16 _vpaes_schedule_mangle: +.cfi_startproc movdqa %xmm0, %xmm4 # save xmm0 for later movdqa .Lk_mc_forward(%rip),%xmm5 test %rcx, %rcx @@ -672,6 +685,7 @@ _vpaes_schedule_mangle: and \$0x30, %r8 movdqu %xmm3, (%rdx) ret +.cfi_endproc .size _vpaes_schedule_mangle,.-_vpaes_schedule_mangle # @@ -681,6 +695,14 @@ _vpaes_schedule_mangle: .type ${PREFIX}_set_encrypt_key,\@function,3 .align 16 ${PREFIX}_set_encrypt_key: +.cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS +.extern BORINGSSL_function_hit + movb \$1, BORINGSSL_function_hit+5(%rip) +#endif +#endif + ___ $code.=<<___ if ($win64); lea -0xb8(%rsp),%rsp @@ -723,12 +745,14 @@ ___ $code.=<<___; xor %eax,%eax ret +.cfi_endproc .size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key .globl ${PREFIX}_set_decrypt_key .type ${PREFIX}_set_decrypt_key,\@function,3 .align 16 ${PREFIX}_set_decrypt_key: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0xb8(%rsp),%rsp @@ -776,12 +800,20 @@ ___ $code.=<<___; xor %eax,%eax ret +.cfi_endproc .size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key .globl ${PREFIX}_encrypt .type ${PREFIX}_encrypt,\@function,3 .align 16 ${PREFIX}_encrypt: +.cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS +.extern BORINGSSL_function_hit + movb \$1, BORINGSSL_function_hit+4(%rip) +#endif +#endif ___ $code.=<<___ if ($win64); lea -0xb8(%rsp),%rsp @@ -819,12 +851,14 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size ${PREFIX}_encrypt,.-${PREFIX}_encrypt .globl ${PREFIX}_decrypt .type ${PREFIX}_decrypt,\@function,3 .align 16 ${PREFIX}_decrypt: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0xb8(%rsp),%rsp @@ -862,6 +896,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size ${PREFIX}_decrypt,.-${PREFIX}_decrypt ___ { @@ -874,6 +909,7 @@ $code.=<<___; .type ${PREFIX}_cbc_encrypt,\@function,6 .align 16 ${PREFIX}_cbc_encrypt: +.cfi_startproc xchg $key,$len ___ ($len,$key)=($key,$len); @@ -944,6 +980,7 @@ ___ $code.=<<___; .Lcbc_abort: ret +.cfi_endproc .size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt ___ } @@ -957,6 +994,7 @@ $code.=<<___; .type _vpaes_preheat,\@abi-omnipotent .align 16 _vpaes_preheat: +.cfi_startproc lea .Lk_s0F(%rip), %r10 movdqa -0x20(%r10), %xmm10 # .Lk_inv movdqa -0x10(%r10), %xmm11 # .Lk_inv+16 @@ -966,6 +1004,7 @@ _vpaes_preheat: movdqa 0x50(%r10), %xmm15 # .Lk_sb2 movdqa 0x60(%r10), %xmm14 # .Lk_sb2+16 ret +.cfi_endproc .size _vpaes_preheat,.-_vpaes_preheat ######################################################## ## ## diff --git a/src/crypto/fipsmodule/aes/internal.h b/src/crypto/fipsmodule/aes/internal.h index 5f9ee31..0df30d9 100644 --- a/src/crypto/fipsmodule/aes/internal.h +++ b/src/crypto/fipsmodule/aes/internal.h @@ -30,19 +30,34 @@ extern "C" { #define HWAES #define HWAES_ECB -static int hwaes_capable(void) { +OPENSSL_INLINE int hwaes_capable(void) { return (OPENSSL_ia32cap_get()[1] & (1 << (57 - 32))) != 0; } + +#define VPAES +OPENSSL_INLINE char vpaes_capable(void) { + return (OPENSSL_ia32cap_get()[1] & (1 << (41 - 32))) != 0; +} + +#if defined(OPENSSL_X86_64) +#define BSAES +OPENSSL_INLINE char bsaes_capable(void) { return vpaes_capable(); } +#endif // X86_64 + #elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) #define HWAES -static int hwaes_capable(void) { - return CRYPTO_is_ARMv8_AES_capable(); -} +OPENSSL_INLINE int hwaes_capable(void) { return CRYPTO_is_ARMv8_AES_capable(); } + +#if defined(OPENSSL_ARM) +#define BSAES +OPENSSL_INLINE char bsaes_capable(void) { return CRYPTO_is_NEON_capable(); } +#endif + #elif defined(OPENSSL_PPC64LE) #define HWAES -static int hwaes_capable(void) { +OPENSSL_INLINE int hwaes_capable(void) { return CRYPTO_is_PPC64LE_vcrypto_capable(); } #endif @@ -67,36 +82,37 @@ void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len, // If HWAES isn't defined then we provide dummy functions for each of the hwaes // functions. -static int hwaes_capable(void) { return 0; } +OPENSSL_INLINE int hwaes_capable(void) { return 0; } -static int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, - AES_KEY *key) { +OPENSSL_INLINE int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, + AES_KEY *key) { abort(); } -static int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, - AES_KEY *key) { +OPENSSL_INLINE int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, + AES_KEY *key) { abort(); } -static void aes_hw_encrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key) { +OPENSSL_INLINE void aes_hw_encrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { abort(); } -static void aes_hw_decrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key) { +OPENSSL_INLINE void aes_hw_decrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { abort(); } -static void aes_hw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, - const AES_KEY *key, uint8_t *ivec, int enc) { +OPENSSL_INLINE void aes_hw_cbc_encrypt(const uint8_t *in, uint8_t *out, + size_t length, const AES_KEY *key, + uint8_t *ivec, int enc) { abort(); } -static void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, - size_t len, const AES_KEY *key, - const uint8_t ivec[16]) { +OPENSSL_INLINE void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, + size_t len, const AES_KEY *key, + const uint8_t ivec[16]) { abort(); } @@ -106,8 +122,90 @@ static void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, #if defined(HWAES_ECB) void aes_hw_ecb_encrypt(const uint8_t *in, uint8_t *out, size_t length, const AES_KEY *key, const int enc); +#endif // HWAES_ECB + + +#if defined(BSAES) +// On platforms where BSAES gets defined (just above), then these functions are +// provided by asm. +void bsaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, + const AES_KEY *key, uint8_t ivec[16], int enc); +void bsaes_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len, + const AES_KEY *key, const uint8_t ivec[16]); +#else +OPENSSL_INLINE char bsaes_capable(void) { return 0; } + +// On other platforms, bsaes_capable() will always return false and so the +// following will never be called. +OPENSSL_INLINE void bsaes_cbc_encrypt(const uint8_t *in, uint8_t *out, + size_t length, const AES_KEY *key, + uint8_t ivec[16], int enc) { + abort(); +} + +OPENSSL_INLINE void bsaes_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, + size_t len, const AES_KEY *key, + const uint8_t ivec[16]) { + abort(); +} +#endif // !BSAES + + +#if defined(VPAES) +// On platforms where VPAES gets defined (just above), then these functions are +// provided by asm. +int vpaes_set_encrypt_key(const uint8_t *userKey, int bits, AES_KEY *key); +int vpaes_set_decrypt_key(const uint8_t *userKey, int bits, AES_KEY *key); + +void vpaes_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); +void vpaes_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); + +void vpaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, + const AES_KEY *key, uint8_t *ivec, int enc); +#else +OPENSSL_INLINE char vpaes_capable(void) { return 0; } + +// On other platforms, vpaes_capable() will always return false and so the +// following will never be called. +OPENSSL_INLINE int vpaes_set_encrypt_key(const uint8_t *userKey, int bits, + AES_KEY *key) { + abort(); +} +OPENSSL_INLINE int vpaes_set_decrypt_key(const uint8_t *userKey, int bits, + AES_KEY *key) { + abort(); +} +OPENSSL_INLINE void vpaes_encrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { + abort(); +} +OPENSSL_INLINE void vpaes_decrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { + abort(); +} +OPENSSL_INLINE void vpaes_cbc_encrypt(const uint8_t *in, uint8_t *out, + size_t length, const AES_KEY *key, + uint8_t *ivec, int enc) { + abort(); +} +#endif // !VPAES + + +void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); +void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); +int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey); +int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey); + +#if !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) +#define AES_NOHW_CBC +void aes_nohw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, + const AES_KEY *key, uint8_t *ivec, const int enc); #endif + #if defined(__cplusplus) } // extern C #endif diff --git a/src/crypto/fipsmodule/aes/mode_wrappers.c b/src/crypto/fipsmodule/aes/mode_wrappers.c index 0140c70..ae8a91b 100644 --- a/src/crypto/fipsmodule/aes/mode_wrappers.c +++ b/src/crypto/fipsmodule/aes/mode_wrappers.c @@ -72,11 +72,6 @@ void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key, } } -#if !defined(OPENSSL_NO_ASM) && (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) -void aes_nohw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, - const AES_KEY *key, uint8_t *ivec, const int enc); -#endif - void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, uint8_t *ivec, const int enc) { if (hwaes_capable()) { @@ -84,16 +79,17 @@ void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, return; } -#if !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) - aes_nohw_cbc_encrypt(in, out, len, key, ivec, enc); -#else +#if defined(AES_NOHW_CBC) + if (!vpaes_capable()) { + aes_nohw_cbc_encrypt(in, out, len, key, ivec, enc); + return; + } +#endif if (enc) { CRYPTO_cbc128_encrypt(in, out, len, key, ivec, AES_encrypt); } else { CRYPTO_cbc128_decrypt(in, out, len, key, ivec, AES_decrypt); } -#endif } void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t length, diff --git a/src/crypto/fipsmodule/bn/asm/armv8-mont.pl b/src/crypto/fipsmodule/bn/asm/armv8-mont.pl index acad064..aab9eaa 100644 --- a/src/crypto/fipsmodule/bn/asm/armv8-mont.pl +++ b/src/crypto/fipsmodule/bn/asm/armv8-mont.pl @@ -61,7 +61,7 @@ $ap="x1"; # const BN_ULONG *ap, $bp="x2"; # const BN_ULONG *bp, $np="x3"; # const BN_ULONG *np, $n0="x4"; # const BN_ULONG *n0, -$num="x5"; # int num); +$num="x5"; # size_t num); $code.=<<___; .text diff --git a/src/crypto/fipsmodule/bn/asm/rsaz-avx2.pl b/src/crypto/fipsmodule/bn/asm/rsaz-avx2.pl index 72aa2a3..51feb69 100755 --- a/src/crypto/fipsmodule/bn/asm/rsaz-avx2.pl +++ b/src/crypto/fipsmodule/bn/asm/rsaz-avx2.pl @@ -52,7 +52,6 @@ die "can't locate x86_64-xlate.pl"; # versions, but BoringSSL is intended to be used with pre-generated perlasm # output, so this isn't useful anyway. $avx = 2; -$addx = 1; open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; *STDOUT = *OUT; @@ -1474,6 +1473,7 @@ $code.=<<___; .type rsaz_1024_red2norm_avx2,\@abi-omnipotent .align 32 rsaz_1024_red2norm_avx2: +.cfi_startproc sub \$-128,$inp # size optimization xor %rax,%rax ___ @@ -1507,12 +1507,14 @@ ___ } $code.=<<___; ret +.cfi_endproc .size rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2 .globl rsaz_1024_norm2red_avx2 .type rsaz_1024_norm2red_avx2,\@abi-omnipotent .align 32 rsaz_1024_norm2red_avx2: +.cfi_startproc sub \$-128,$out # size optimization mov ($inp),@T[0] mov \$0x1fffffff,%eax @@ -1544,6 +1546,7 @@ $code.=<<___; mov @T[0],`8*($j+2)-128`($out) mov @T[0],`8*($j+3)-128`($out) ret +.cfi_endproc .size rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2 ___ } @@ -1555,6 +1558,7 @@ $code.=<<___; .type rsaz_1024_scatter5_avx2,\@abi-omnipotent .align 32 rsaz_1024_scatter5_avx2: +.cfi_startproc vzeroupper vmovdqu .Lscatter_permd(%rip),%ymm5 shl \$4,$power @@ -1574,6 +1578,7 @@ rsaz_1024_scatter5_avx2: vzeroupper ret +.cfi_endproc .size rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2 .globl rsaz_1024_gather5_avx2 @@ -1733,27 +1738,6 @@ ___ } $code.=<<___; -.extern OPENSSL_ia32cap_P -.globl rsaz_avx2_eligible -.type rsaz_avx2_eligible,\@abi-omnipotent -.align 32 -rsaz_avx2_eligible: - leaq OPENSSL_ia32cap_P(%rip),%rax - mov 8(%rax),%eax -___ -$code.=<<___ if ($addx); - mov \$`1<<8|1<<19`,%ecx - mov \$0,%edx - and %eax,%ecx - cmp \$`1<<8|1<<19`,%ecx # check for BMI2+AD*X - cmove %edx,%eax -___ -$code.=<<___; - and \$`1<<5`,%eax - shr \$5,%eax - ret -.size rsaz_avx2_eligible,.-rsaz_avx2_eligible - .align 64 .Land_mask: .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff diff --git a/src/crypto/fipsmodule/bn/asm/x86_64-mont.pl b/src/crypto/fipsmodule/bn/asm/x86_64-mont.pl index 023143a..3d98e72 100755 --- a/src/crypto/fipsmodule/bn/asm/x86_64-mont.pl +++ b/src/crypto/fipsmodule/bn/asm/x86_64-mont.pl @@ -71,7 +71,9 @@ $ap="%rsi"; # const BN_ULONG *ap, $bp="%rdx"; # const BN_ULONG *bp, $np="%rcx"; # const BN_ULONG *np, $n0="%r8"; # const BN_ULONG *n0, -$num="%r9"; # int num); +# TODO(davidben): The code below treats $num as an int, but C passes in a +# size_t. +$num="%r9"; # size_t num); $lo0="%r10"; $hi0="%r11"; $hi1="%r13"; diff --git a/src/crypto/fipsmodule/bn/asm/x86_64-mont5.pl b/src/crypto/fipsmodule/bn/asm/x86_64-mont5.pl index 806e6f5..abcfe6a 100755 --- a/src/crypto/fipsmodule/bn/asm/x86_64-mont5.pl +++ b/src/crypto/fipsmodule/bn/asm/x86_64-mont5.pl @@ -566,6 +566,7 @@ $code.=<<___; .type mul4x_internal,\@abi-omnipotent .align 32 mul4x_internal: +.cfi_startproc shl \$5,$num # $num was in bytes movd `($win64?56:8)`(%rax),%xmm5 # load 7th argument, index lea .Linc(%rip),%rax @@ -1060,6 +1061,7 @@ $code.=<<___ ___ } $code.=<<___; +.cfi_endproc .size mul4x_internal,.-mul4x_internal ___ }}} @@ -1226,6 +1228,7 @@ $code.=<<___; .align 32 bn_sqr8x_internal: __bn_sqr8x_internal: +.cfi_startproc ############################################################## # Squaring part: # @@ -2017,6 +2020,7 @@ __bn_sqr8x_reduction: cmp %rdx,$tptr # end of t[]? jb .L8x_reduction_loop ret +.cfi_endproc .size bn_sqr8x_internal,.-bn_sqr8x_internal ___ } @@ -2029,6 +2033,7 @@ $code.=<<___; .type __bn_post4x_internal,\@abi-omnipotent .align 32 __bn_post4x_internal: +.cfi_startproc mov 8*0($nptr),%r12 lea (%rdi,$num),$tptr # %rdi was $tptr above mov $num,%rcx @@ -2079,6 +2084,7 @@ __bn_post4x_internal: mov $num,%r10 # prepare for back-to-back call neg $num # restore $num ret +.cfi_endproc .size __bn_post4x_internal,.-__bn_post4x_internal ___ } @@ -2088,10 +2094,12 @@ $code.=<<___; .type bn_from_montgomery,\@abi-omnipotent .align 32 bn_from_montgomery: +.cfi_startproc testl \$7,`($win64?"48(%rsp)":"%r9d")` jz bn_from_mont8x xor %eax,%eax ret +.cfi_endproc .size bn_from_montgomery,.-bn_from_montgomery .type bn_from_mont8x,\@function,6 @@ -2388,6 +2396,7 @@ bn_mulx4x_mont_gather5: .type mulx4x_internal,\@abi-omnipotent .align 32 mulx4x_internal: +.cfi_startproc mov $num,8(%rsp) # save -$num (it was in bytes) mov $num,%r10 neg $num # restore $num @@ -2738,6 +2747,7 @@ $code.=<<___; mov 8*2(%rbp),%r14 mov 8*3(%rbp),%r15 jmp .Lsqrx4x_sub_entry # common post-condition +.cfi_endproc .size mulx4x_internal,.-mulx4x_internal ___ } { @@ -2898,6 +2908,7 @@ bn_powerx5: .align 32 bn_sqrx8x_internal: __bn_sqrx8x_internal: +.cfi_startproc ################################################################## # Squaring part: # @@ -3530,6 +3541,7 @@ __bn_sqrx8x_reduction: cmp 8+8(%rsp),%r8 # end of t[]? jb .Lsqrx8x_reduction_loop ret +.cfi_endproc .size bn_sqrx8x_internal,.-bn_sqrx8x_internal ___ } @@ -3540,7 +3552,9 @@ ___ my ($rptr,$nptr)=("%rdx","%rbp"); $code.=<<___; .align 32 +.type __bn_postx4x_internal,\@abi-omnipotent __bn_postx4x_internal: +.cfi_startproc mov 8*0($nptr),%r12 mov %rcx,%r10 # -$num mov %rcx,%r9 # -$num @@ -3588,6 +3602,7 @@ __bn_postx4x_internal: neg %r9 # restore $num ret +.cfi_endproc .size __bn_postx4x_internal,.-__bn_postx4x_internal ___ } @@ -3604,6 +3619,7 @@ $code.=<<___; .type bn_scatter5,\@abi-omnipotent .align 16 bn_scatter5: +.cfi_startproc cmp \$0, $num jz .Lscatter_epilogue lea ($tbl,$idx,8),$tbl @@ -3616,15 +3632,18 @@ bn_scatter5: jnz .Lscatter .Lscatter_epilogue: ret +.cfi_endproc .size bn_scatter5,.-bn_scatter5 .globl bn_gather5 .type bn_gather5,\@abi-omnipotent .align 32 bn_gather5: +.cfi_startproc .LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases # I can't trust assembler to use specific encoding:-( .byte 0x4c,0x8d,0x14,0x24 #lea (%rsp),%r10 +.cfi_def_cfa_register %r10 .byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 #sub $0x108,%rsp lea .Linc(%rip),%rax and \$-16,%rsp # shouldn't be formally required @@ -3705,8 +3724,10 @@ $code.=<<___; jnz .Lgather lea (%r10),%rsp +.cfi_def_cfa_register %rsp ret .LSEH_end_bn_gather5: +.cfi_endproc .size bn_gather5,.-bn_gather5 ___ } diff --git a/src/crypto/fipsmodule/bn/bn_test.cc b/src/crypto/fipsmodule/bn/bn_test.cc index 258d01b..a61d6e1 100644 --- a/src/crypto/fipsmodule/bn/bn_test.cc +++ b/src/crypto/fipsmodule/bn/bn_test.cc @@ -86,7 +86,9 @@ #include #include "./internal.h" +#include "./rsaz_exp.h" #include "../../internal.h" +#include "../../test/abi_test.h" #include "../../test/file_test.h" #include "../../test/test_util.h" @@ -2377,3 +2379,109 @@ TEST_F(BNTest, WriteIntoNegative) { EXPECT_TRUE(BN_is_word(r.get(), 6)); EXPECT_FALSE(BN_is_negative(r.get())); } + +#if defined(OPENSSL_BN_ASM_MONT) && defined(SUPPORTS_ABI_TEST) +TEST_F(BNTest, BNMulMontABI) { + for (size_t words : {4, 5, 6, 7, 8, 16, 32}) { + SCOPED_TRACE(words); + + bssl::UniquePtr m(BN_new()); + ASSERT_TRUE(m); + ASSERT_TRUE(BN_set_bit(m.get(), 0)); + ASSERT_TRUE(BN_set_bit(m.get(), words * BN_BITS2 - 1)); + bssl::UniquePtr mont( + BN_MONT_CTX_new_for_modulus(m.get(), ctx())); + ASSERT_TRUE(mont); + + std::vector r(words), a(words), b(words); + a[0] = 1; + b[0] = 42; + + CHECK_ABI(bn_mul_mont, r.data(), a.data(), b.data(), mont->N.d, mont->n0, + words); + CHECK_ABI(bn_mul_mont, r.data(), a.data(), a.data(), mont->N.d, mont->n0, + words); + } +} +#endif // OPENSSL_BN_ASM_MONT && SUPPORTS_ABI_TEST + +#if defined(OPENSSL_BN_ASM_MONT5) && defined(SUPPORTS_ABI_TEST) +TEST_F(BNTest, BNMulMont5ABI) { + for (size_t words : {4, 5, 6, 7, 8, 16, 32}) { + SCOPED_TRACE(words); + + bssl::UniquePtr m(BN_new()); + ASSERT_TRUE(m); + ASSERT_TRUE(BN_set_bit(m.get(), 0)); + ASSERT_TRUE(BN_set_bit(m.get(), words * BN_BITS2 - 1)); + bssl::UniquePtr mont( + BN_MONT_CTX_new_for_modulus(m.get(), ctx())); + ASSERT_TRUE(mont); + + std::vector r(words), a(words), b(words), table(words * 32); + a[0] = 1; + b[0] = 42; + + bn_mul_mont(r.data(), a.data(), b.data(), mont->N.d, mont->n0, words); + CHECK_ABI(bn_scatter5, r.data(), words, table.data(), 13); + for (size_t i = 0; i < 32; i++) { + bn_mul_mont(r.data(), a.data(), b.data(), mont->N.d, mont->n0, words); + bn_scatter5(r.data(), words, table.data(), i); + } + CHECK_ABI(bn_gather5, r.data(), words, table.data(), 13); + + CHECK_ABI(bn_mul_mont_gather5, r.data(), r.data(), table.data(), m->d, + mont->n0, words, 13); + CHECK_ABI(bn_mul_mont_gather5, r.data(), a.data(), table.data(), m->d, + mont->n0, words, 13); + + if (words % 8 == 0) { + CHECK_ABI(bn_power5, r.data(), r.data(), table.data(), m->d, mont->n0, + words, 13); + CHECK_ABI(bn_power5, r.data(), a.data(), table.data(), m->d, mont->n0, + words, 13); + EXPECT_EQ(1, CHECK_ABI(bn_from_montgomery, r.data(), r.data(), nullptr, + m->d, mont->n0, words)); + EXPECT_EQ(1, CHECK_ABI(bn_from_montgomery, r.data(), a.data(), nullptr, + m->d, mont->n0, words)); + } else { + EXPECT_EQ(0, CHECK_ABI(bn_from_montgomery, r.data(), r.data(), nullptr, + m->d, mont->n0, words)); + EXPECT_EQ(0, CHECK_ABI(bn_from_montgomery, r.data(), a.data(), nullptr, + m->d, mont->n0, words)); + } + } +} +#endif // OPENSSL_BN_ASM_MONT5 && SUPPORTS_ABI_TEST + +#if defined(RSAZ_ENABLED) && defined(SUPPORTS_ABI_TEST) +TEST_F(BNTest, RSAZABI) { + if (!rsaz_avx2_capable()) { + return; + } + + alignas(64) BN_ULONG table[32 * 18] = {0}; + alignas(64) BN_ULONG rsaz1[40], rsaz2[40], rsaz3[40], n_rsaz[40]; + BN_ULONG norm[16], n_norm[16]; + + OPENSSL_memset(norm, 0x42, sizeof(norm)); + OPENSSL_memset(n_norm, 0x99, sizeof(n_norm)); + + bssl::UniquePtr n(BN_new()); + ASSERT_TRUE(n); + ASSERT_TRUE(bn_set_words(n.get(), n_norm, 16)); + bssl::UniquePtr mont( + BN_MONT_CTX_new_for_modulus(n.get(), nullptr)); + ASSERT_TRUE(mont); + const BN_ULONG k = mont->n0[0]; + + CHECK_ABI(rsaz_1024_norm2red_avx2, rsaz1, norm); + CHECK_ABI(rsaz_1024_norm2red_avx2, n_rsaz, n_norm); + CHECK_ABI(rsaz_1024_sqr_avx2, rsaz2, rsaz1, n_rsaz, k, 1); + CHECK_ABI(rsaz_1024_sqr_avx2, rsaz3, rsaz2, n_rsaz, k, 4); + CHECK_ABI(rsaz_1024_mul_avx2, rsaz3, rsaz1, rsaz2, n_rsaz, k); + CHECK_ABI(rsaz_1024_scatter5_avx2, table, rsaz3, 7); + CHECK_ABI(rsaz_1024_gather5_avx2, rsaz1, table, 7); + CHECK_ABI(rsaz_1024_red2norm_avx2, norm, rsaz1); +} +#endif // RSAZ_ENABLED && SUPPORTS_ABI_TEST diff --git a/src/crypto/fipsmodule/bn/exponentiation.c b/src/crypto/fipsmodule/bn/exponentiation.c index 1b9680f..9e40811 100644 --- a/src/crypto/fipsmodule/bn/exponentiation.c +++ b/src/crypto/fipsmodule/bn/exponentiation.c @@ -117,26 +117,8 @@ #include #include "internal.h" - - -#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) -#define OPENSSL_BN_ASM_MONT5 -#define RSAZ_ENABLED - #include "rsaz_exp.h" -void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power); -void bn_scatter5(const BN_ULONG *inp, size_t num, BN_ULONG *table, - size_t power); -void bn_gather5(BN_ULONG *out, size_t num, BN_ULONG *table, size_t power); -void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *table, - const BN_ULONG *np, const BN_ULONG *n0, int num, int power); -int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *not_used, const BN_ULONG *np, - const BN_ULONG *n0, int num); -#endif int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { int i, bits, ret = 0; @@ -974,12 +956,12 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, alignas(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH) BN_ULONG storage[MOD_EXP_CTIME_STORAGE_LEN]; #endif -#ifdef RSAZ_ENABLED - // If the size of the operands allow it, perform the optimized - // RSAZ exponentiation. For further information see - // crypto/bn/rsaz_exp.c and accompanying assembly modules. - if ((16 == a->width) && (16 == p->width) && (BN_num_bits(m) == 1024) && - rsaz_avx2_eligible()) { +#if defined(RSAZ_ENABLED) + // If the size of the operands allow it, perform the optimized RSAZ + // exponentiation. For further information see crypto/fipsmodule/bn/rsaz_exp.c + // and accompanying assembly modules. + if (a->width == 16 && p->width == 16 && BN_num_bits(m) == 1024 && + rsaz_avx2_preferred()) { if (!bn_wexpand(rr, 16)) { goto err; } diff --git a/src/crypto/fipsmodule/bn/internal.h b/src/crypto/fipsmodule/bn/internal.h index fb8d11f..c1e60fe 100644 --- a/src/crypto/fipsmodule/bn/internal.h +++ b/src/crypto/fipsmodule/bn/internal.h @@ -336,8 +336,64 @@ int bn_rand_range_words(BN_ULONG *out, BN_ULONG min_inclusive, int bn_rand_secret_range(BIGNUM *r, int *out_is_uniform, BN_ULONG min_inclusive, const BIGNUM *max_exclusive); +#if !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ + defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) +#define OPENSSL_BN_ASM_MONT +// bn_mul_mont writes |ap| * |bp| mod |np| to |rp|, each |num| words +// long. Inputs and outputs are in Montgomery form. |n0| is a pointer to the +// corresponding field in |BN_MONT_CTX|. It returns one if |bn_mul_mont| handles +// inputs of this size and zero otherwise. +// +// TODO(davidben): The x86_64 implementation expects a 32-bit input and masks +// off upper bits. The aarch64 implementation expects a 64-bit input and does +// not. |size_t| is the safer option but not strictly correct for x86_64. But +// this function implicitly already has a bound on the size of |num| because it +// internally creates |num|-sized stack allocation. +// +// See also discussion in |ToWord| in abi_test.h for notes on smaller-than-word +// inputs. int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); + const BN_ULONG *np, const BN_ULONG *n0, size_t num); +#endif + +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) +#define OPENSSL_BN_ASM_MONT5 + +// bn_mul_mont_gather5 multiples loads index |power| of |table|, multiplies it +// by |ap| modulo |np|, and stores the result in |rp|. The values are |num| +// words long and represented in Montgomery form. |n0| is a pointer to the +// corresponding field in |BN_MONT_CTX|. +void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, + const BN_ULONG *table, const BN_ULONG *np, + const BN_ULONG *n0, int num, int power); + +// bn_scatter5 stores |inp| to index |power| of |table|. |inp| and each entry of +// |table| are |num| words long. |power| must be less than 32. |table| must be +// 32*|num| words long. +void bn_scatter5(const BN_ULONG *inp, size_t num, BN_ULONG *table, + size_t power); + +// bn_gather5 loads index |power| of |table| and stores it in |out|. |out| and +// each entry of |table| are |num| words long. |power| must be less than 32. +void bn_gather5(BN_ULONG *out, size_t num, BN_ULONG *table, size_t power); + +// bn_power5 squares |ap| five times and multiplies it by the value stored at +// index |power| of |table|, modulo |np|. It stores the result in |rp|. The +// values are |num| words long and represented in Montgomery form. |n0| is a +// pointer to the corresponding field in |BN_MONT_CTX|. |num| must be divisible +// by 8. +void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *table, + const BN_ULONG *np, const BN_ULONG *n0, int num, int power); + +// bn_from_montgomery converts |ap| from Montgomery form modulo |np| and writes +// the result in |rp|, each of which is |num| words long. It returns one on +// success and zero if it cannot handle inputs of length |num|. |n0| is a +// pointer to the corresponding field in |BN_MONT_CTX|. +int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap, + const BN_ULONG *not_used, const BN_ULONG *np, + const BN_ULONG *n0, int num); +#endif // !OPENSSL_NO_ASM && OPENSSL_X86_64 uint64_t bn_mont_n0(const BIGNUM *n); diff --git a/src/crypto/fipsmodule/bn/montgomery.c b/src/crypto/fipsmodule/bn/montgomery.c index 006d2b2..b6eaf6a 100644 --- a/src/crypto/fipsmodule/bn/montgomery.c +++ b/src/crypto/fipsmodule/bn/montgomery.c @@ -122,13 +122,6 @@ #include "../../internal.h" -#if !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ - defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) -#define OPENSSL_BN_ASM_MONT -#endif - - BN_MONT_CTX *BN_MONT_CTX_new(void) { BN_MONT_CTX *ret = OPENSSL_malloc(sizeof(BN_MONT_CTX)); diff --git a/src/crypto/fipsmodule/bn/prime.c b/src/crypto/fipsmodule/bn/prime.c index b417d4f..1f3510d 100644 --- a/src/crypto/fipsmodule/bn/prime.c +++ b/src/crypto/fipsmodule/bn/prime.c @@ -316,7 +316,7 @@ static const uint16_t kPrimes[] = { // // This table is generated using the algorithm of FIPS PUB 186-4 // Digital Signature Standard (DSS), section F.1, page 117. -// (https://dx.doi.org/10.6028/NIST.FIPS.186-4) +// (https://doi.org/10.6028/NIST.FIPS.186-4) // The following magma script was used to generate the output: // securitybits:=125; // k:=1024; diff --git a/src/crypto/fipsmodule/bn/rsaz_exp.c b/src/crypto/fipsmodule/bn/rsaz_exp.c index 64dfff8..7e15aaf 100644 --- a/src/crypto/fipsmodule/bn/rsaz_exp.c +++ b/src/crypto/fipsmodule/bn/rsaz_exp.c @@ -12,28 +12,16 @@ * (2) University of Haifa, Israel */ -#include - -#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) - #include "rsaz_exp.h" +#if defined(RSAZ_ENABLED) + #include #include "internal.h" #include "../../internal.h" -// See crypto/bn/asm/rsaz-avx2.pl for further details. -void rsaz_1024_norm2red_avx2(void *red, const void *norm); -void rsaz_1024_mul_avx2(void *ret, const void *a, const void *b, const void *n, - BN_ULONG k); -void rsaz_1024_sqr_avx2(void *ret, const void *a, const void *n, BN_ULONG k, - int cnt); -void rsaz_1024_scatter5_avx2(void *tbl, const void *val, int i); -void rsaz_1024_gather5_avx2(void *val, const void *tbl, int i); -void rsaz_1024_red2norm_avx2(void *norm, const void *red); - // one is 1 in RSAZ's representation. alignas(64) static const BN_ULONG one[40] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -49,22 +37,21 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], const BN_ULONG exponent[16], const BN_ULONG m_norm[16], const BN_ULONG RR[16], BN_ULONG k0, - BN_ULONG storage_words[MOD_EXP_CTIME_STORAGE_LEN]) { + BN_ULONG storage[MOD_EXP_CTIME_STORAGE_LEN]) { OPENSSL_STATIC_ASSERT(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH % 64 == 0, "MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH is too small"); - unsigned char *storage = (unsigned char *)storage_words; assert((uintptr_t)storage % 64 == 0); - unsigned char *a_inv, *m, *result, *table_s = storage + (320 * 3), - *R2 = table_s; // borrow + BN_ULONG *a_inv, *m, *result, *table_s = storage + 40 * 3, *R2 = table_s; + // Note |R2| aliases |table_s|. if (((((uintptr_t)storage & 4095) + 320) >> 12) != 0) { result = storage; - a_inv = storage + 320; - m = storage + (320 * 2); // should not cross page + a_inv = storage + 40; + m = storage + 40 * 2; // should not cross page } else { m = storage; // should not cross page - result = storage + 320; - a_inv = storage + (320 * 2); + result = storage + 40; + a_inv = storage + 40 * 2; } rsaz_1024_norm2red_avx2(m, m_norm); @@ -233,7 +220,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], rsaz_1024_red2norm_avx2(result_norm, result); - OPENSSL_cleanse(storage, sizeof(storage)); + OPENSSL_cleanse(storage, MOD_EXP_CTIME_STORAGE_LEN * sizeof(BN_ULONG)); } -#endif // OPENSSL_X86_64 +#endif // RSAZ_ENABLED diff --git a/src/crypto/fipsmodule/bn/rsaz_exp.h b/src/crypto/fipsmodule/bn/rsaz_exp.h index b6aea14..3b06192 100644 --- a/src/crypto/fipsmodule/bn/rsaz_exp.h +++ b/src/crypto/fipsmodule/bn/rsaz_exp.h @@ -16,9 +16,18 @@ #define OPENSSL_HEADER_BN_RSAZ_EXP_H #include +#include #include "internal.h" +#if defined(__cplusplus) +extern "C" { +#endif + +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) +#define RSAZ_ENABLED + + // RSAZ_1024_mod_exp_avx2 sets |result| to |base_norm| raised to |exponent| // modulo |m_norm|. |base_norm| must be fully-reduced and |exponent| must have // the high bit set (it is 1024 bits wide). |RR| and |k0| must be |RR| and |n0|, @@ -31,8 +40,65 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16], const BN_ULONG base_norm[16], BN_ULONG k0, BN_ULONG storage_words[MOD_EXP_CTIME_STORAGE_LEN]); -// rsaz_avx2_eligible returns one if |RSAZ_1024_mod_exp_avx2| should be used and -// zero otherwise. -int rsaz_avx2_eligible(void); +OPENSSL_INLINE int rsaz_avx2_capable(void) { + const uint32_t *cap = OPENSSL_ia32cap_get(); + return (cap[2] & (1 << 5)) != 0; // AVX2 +} + +OPENSSL_INLINE int rsaz_avx2_preferred(void) { + const uint32_t *cap = OPENSSL_ia32cap_get(); + static const uint32_t kBMI2AndADX = (1 << 8) | (1 << 19); + if ((cap[2] & kBMI2AndADX) == kBMI2AndADX) { + // If BMI2 and ADX are available, x86_64-mont5.pl is faster. + return 0; + } + return (cap[2] & (1 << 5)) != 0; // AVX2 +} + + +// Assembly functions. + +// RSAZ represents 1024-bit integers using unsaturated 29-bit limbs stored in +// 64-bit integers. This requires 36 limbs but padded up to 40. +// +// See crypto/bn/asm/rsaz-avx2.pl for further details. + +// rsaz_1024_norm2red_avx2 converts |norm| from |BIGNUM| to RSAZ representation +// and writes the result to |red|. +void rsaz_1024_norm2red_avx2(BN_ULONG red[40], const BN_ULONG norm[16]); + +// rsaz_1024_mul_avx2 computes |a| * |b| mod |n| and writes the result to |ret|. +// Inputs and outputs are in Montgomery form, using RSAZ's representation. |k| +// is -|n|^-1 mod 2^64 or |n0| from |BN_MONT_CTX|. +void rsaz_1024_mul_avx2(BN_ULONG ret[40], const BN_ULONG a[40], + const BN_ULONG b[40], const BN_ULONG n[40], BN_ULONG k); + +// rsaz_1024_mul_avx2 computes |a|^(2*|count|) mod |n| and writes the result to +// |ret|. Inputs and outputs are in Montgomery form, using RSAZ's +// representation. |k| is -|n|^-1 mod 2^64 or |n0| from |BN_MONT_CTX|. +void rsaz_1024_sqr_avx2(BN_ULONG ret[40], const BN_ULONG a[40], + const BN_ULONG n[40], BN_ULONG k, int count); + +// rsaz_1024_scatter5_avx2 stores |val| at index |i| of |tbl|. |i| must be +// positive and at most 31. Note the table only uses 18 |BN_ULONG|s per entry +// instead of 40. It packs two 29-bit limbs into each |BN_ULONG| and only stores +// 36 limbs rather than the padded 40. +void rsaz_1024_scatter5_avx2(BN_ULONG tbl[32 * 18], const BN_ULONG val[40], + int i); + +// rsaz_1024_gather5_avx2 loads index |i| of |tbl| and writes it to |val|. +void rsaz_1024_gather5_avx2(BN_ULONG val[40], const BN_ULONG tbl[32 * 18], + int i); + +// rsaz_1024_red2norm_avx2 converts |red| from RSAZ to |BIGNUM| representation +// and writes the result to |norm|. +void rsaz_1024_red2norm_avx2(BN_ULONG norm[16], const BN_ULONG red[40]); + + +#endif // !OPENSSL_NO_ASM && OPENSSL_X86_64 + +#if defined(__cplusplus) +} // extern "C" +#endif #endif // OPENSSL_HEADER_BN_RSAZ_EXP_H diff --git a/src/crypto/fipsmodule/cipher/e_aes.c b/src/crypto/fipsmodule/cipher/e_aes.c index 2ccec44..460deed 100644 --- a/src/crypto/fipsmodule/cipher/e_aes.c +++ b/src/crypto/fipsmodule/cipher/e_aes.c @@ -46,6 +46,7 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ +#include #include #include @@ -63,10 +64,6 @@ #include "../modes/internal.h" #include "../delocate.h" -#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) -#include -#endif - OPENSSL_MSVC_PRAGMA(warning(push)) OPENSSL_MSVC_PRAGMA(warning(disable: 4702)) // Unreachable code. @@ -84,13 +81,13 @@ typedef struct { } EVP_AES_KEY; typedef struct { + GCM128_CONTEXT gcm; union { double align; AES_KEY ks; } ks; // AES key schedule to use int key_set; // Set if key initialised int iv_set; // Set if an iv is set - GCM128_CONTEXT gcm; uint8_t *iv; // Temporary IV store int ivlen; // IV length int taglen; @@ -98,97 +95,6 @@ typedef struct { ctr128_f ctr; } EVP_AES_GCM_CTX; -#if !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) -#define VPAES -static char vpaes_capable(void) { - return (OPENSSL_ia32cap_get()[1] & (1 << (41 - 32))) != 0; -} - -#if defined(OPENSSL_X86_64) -#define BSAES -static char bsaes_capable(void) { - return vpaes_capable(); -} -#endif - -#elif !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) - -#if defined(OPENSSL_ARM) && __ARM_MAX_ARCH__ >= 7 -#define BSAES -static char bsaes_capable(void) { - return CRYPTO_is_NEON_capable(); -} -#endif - -#endif - - -#if defined(BSAES) -// On platforms where BSAES gets defined (just above), then these functions are -// provided by asm. -void bsaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, - const AES_KEY *key, uint8_t ivec[16], int enc); -void bsaes_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len, - const AES_KEY *key, const uint8_t ivec[16]); -#else -static char bsaes_capable(void) { - return 0; -} - -// On other platforms, bsaes_capable() will always return false and so the -// following will never be called. -static void bsaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, - const AES_KEY *key, uint8_t ivec[16], int enc) { - abort(); -} - -static void bsaes_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, - size_t len, const AES_KEY *key, - const uint8_t ivec[16]) { - abort(); -} -#endif - -#if defined(VPAES) -// On platforms where VPAES gets defined (just above), then these functions are -// provided by asm. -int vpaes_set_encrypt_key(const uint8_t *userKey, int bits, AES_KEY *key); -int vpaes_set_decrypt_key(const uint8_t *userKey, int bits, AES_KEY *key); - -void vpaes_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); -void vpaes_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); - -void vpaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, - const AES_KEY *key, uint8_t *ivec, int enc); -#else -static char vpaes_capable(void) { - return 0; -} - -// On other platforms, vpaes_capable() will always return false and so the -// following will never be called. -static int vpaes_set_encrypt_key(const uint8_t *userKey, int bits, - AES_KEY *key) { - abort(); -} -static int vpaes_set_decrypt_key(const uint8_t *userKey, int bits, - AES_KEY *key) { - abort(); -} -static void vpaes_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { - abort(); -} -static void vpaes_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { - abort(); -} -static void vpaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, - const AES_KEY *key, uint8_t *ivec, int enc) { - abort(); -} -#endif - static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv, int enc) { int ret, mode; @@ -204,17 +110,22 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, dat->stream.cbc = aes_hw_cbc_encrypt; } } else if (bsaes_capable() && mode == EVP_CIPH_CBC_MODE) { - ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = AES_decrypt; + ret = aes_nohw_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = aes_nohw_decrypt; dat->stream.cbc = bsaes_cbc_encrypt; } else if (vpaes_capable()) { ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); dat->block = vpaes_decrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? vpaes_cbc_encrypt : NULL; } else { - ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = AES_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? AES_cbc_encrypt : NULL; + ret = aes_nohw_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = aes_nohw_decrypt; + dat->stream.cbc = NULL; +#if defined(AES_NOHW_CBC) + if (mode == EVP_CIPH_CBC_MODE) { + dat->stream.cbc = aes_nohw_cbc_encrypt; + } +#endif } } else if (hwaes_capable()) { ret = aes_hw_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); @@ -226,17 +137,22 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, dat->stream.ctr = aes_hw_ctr32_encrypt_blocks; } } else if (bsaes_capable() && mode == EVP_CIPH_CTR_MODE) { - ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = AES_encrypt; + ret = aes_nohw_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = aes_nohw_encrypt; dat->stream.ctr = bsaes_ctr32_encrypt_blocks; } else if (vpaes_capable()) { ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); dat->block = vpaes_encrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? vpaes_cbc_encrypt : NULL; } else { - ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); - dat->block = AES_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? AES_cbc_encrypt : NULL; + ret = aes_nohw_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = aes_nohw_encrypt; + dat->stream.cbc = NULL; +#if defined(AES_NOHW_CBC) + if (mode == EVP_CIPH_CBC_MODE) { + dat->stream.cbc = aes_nohw_cbc_encrypt; + } +#endif } if (ret < 0) { @@ -304,7 +220,7 @@ static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key, block128_f *out_block, const uint8_t *key, - size_t key_bytes) { + size_t key_bytes, int large_inputs) { if (hwaes_capable()) { aes_hw_set_encrypt_key(key, key_bytes * 8, aes_key); if (gcm_key != NULL) { @@ -316,18 +232,20 @@ ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key, return aes_hw_ctr32_encrypt_blocks; } - if (bsaes_capable()) { - AES_set_encrypt_key(key, key_bytes * 8, aes_key); + const int bsaes_ok = bsaes_capable(); + const int vpaes_ok = vpaes_capable(); + if (bsaes_ok && (large_inputs || !vpaes_ok)) { + aes_nohw_set_encrypt_key(key, key_bytes * 8, aes_key); if (gcm_key != NULL) { - CRYPTO_gcm128_init_key(gcm_key, aes_key, AES_encrypt, 0); + CRYPTO_gcm128_init_key(gcm_key, aes_key, aes_nohw_encrypt, 0); } if (out_block) { - *out_block = AES_encrypt; + *out_block = aes_nohw_encrypt; } return bsaes_ctr32_encrypt_blocks; } - if (vpaes_capable()) { + if (vpaes_ok) { vpaes_set_encrypt_key(key, key_bytes * 8, aes_key); if (out_block) { *out_block = vpaes_encrypt; @@ -338,26 +256,54 @@ ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key, return NULL; } - AES_set_encrypt_key(key, key_bytes * 8, aes_key); + aes_nohw_set_encrypt_key(key, key_bytes * 8, aes_key); if (gcm_key != NULL) { - CRYPTO_gcm128_init_key(gcm_key, aes_key, AES_encrypt, 0); + CRYPTO_gcm128_init_key(gcm_key, aes_key, aes_nohw_encrypt, 0); } if (out_block) { - *out_block = AES_encrypt; + *out_block = aes_nohw_encrypt; } return NULL; } +#if defined(OPENSSL_32_BIT) +#define EVP_AES_GCM_CTX_PADDING (4+8) +#else +#define EVP_AES_GCM_CTX_PADDING 8 +#endif + +static EVP_AES_GCM_CTX *aes_gcm_from_cipher_ctx(EVP_CIPHER_CTX *ctx) { +#if defined(__GNUC__) || defined(__clang__) + OPENSSL_STATIC_ASSERT( + alignof(EVP_AES_GCM_CTX) <= 16, + "EVP_AES_GCM_CTX needs more alignment than this function provides"); +#endif + + // |malloc| guarantees up to 4-byte alignment on 32-bit and 8-byte alignment + // on 64-bit systems, so we need to adjust to reach 16-byte alignment. + assert(ctx->cipher->ctx_size == + sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING); + + char *ptr = ctx->cipher_data; +#if defined(OPENSSL_32_BIT) + assert((uintptr_t)ptr % 4 == 0); + ptr += (uintptr_t)ptr & 4; +#endif + assert((uintptr_t)ptr % 8 == 0); + ptr += (uintptr_t)ptr & 8; + return (EVP_AES_GCM_CTX *)ptr; +} + static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv, int enc) { - EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + EVP_AES_GCM_CTX *gctx = aes_gcm_from_cipher_ctx(ctx); if (!iv && !key) { return 1; } if (key) { OPENSSL_memset(&gctx->gcm, 0, sizeof(gctx->gcm)); gctx->ctr = aes_ctr_set_key(&gctx->ks.ks, &gctx->gcm.gcm_key, NULL, key, - ctx->key_len); + ctx->key_len, 1 /* large inputs */); // If we have an iv can set it directly, otherwise use saved IV. if (iv == NULL && gctx->iv_set) { iv = gctx->iv; @@ -381,7 +327,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, } static void aes_gcm_cleanup(EVP_CIPHER_CTX *c) { - EVP_AES_GCM_CTX *gctx = c->cipher_data; + EVP_AES_GCM_CTX *gctx = aes_gcm_from_cipher_ctx(c); OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); if (gctx->iv != c->iv) { OPENSSL_free(gctx->iv); @@ -405,7 +351,7 @@ static void ctr64_inc(uint8_t *counter) { } static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_AES_GCM_CTX *gctx = c->cipher_data; + EVP_AES_GCM_CTX *gctx = aes_gcm_from_cipher_ctx(c); switch (type) { case EVP_CTRL_INIT: gctx->key_set = 0; @@ -497,7 +443,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { case EVP_CTRL_COPY: { EVP_CIPHER_CTX *out = ptr; - EVP_AES_GCM_CTX *gctx_out = out->cipher_data; + EVP_AES_GCM_CTX *gctx_out = aes_gcm_from_cipher_ctx(out); if (gctx->iv == c->iv) { gctx_out->iv = out->iv; } else { @@ -517,7 +463,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t len) { - EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + EVP_AES_GCM_CTX *gctx = aes_gcm_from_cipher_ctx(ctx); // If not set up, return error if (!gctx->key_set) { @@ -631,7 +577,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_gcm_generic) { out->block_size = 1; out->key_len = 16; out->iv_len = 12; - out->ctx_size = sizeof(EVP_AES_GCM_CTX); + out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING; out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_AEAD_CIPHER; @@ -699,7 +645,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_gcm_generic) { out->block_size = 1; out->key_len = 24; out->iv_len = 12; - out->ctx_size = sizeof(EVP_AES_GCM_CTX); + out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING; out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_AEAD_CIPHER; @@ -767,7 +713,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_gcm_generic) { out->block_size = 1; out->key_len = 32; out->iv_len = 12; - out->ctx_size = sizeof(EVP_AES_GCM_CTX); + out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING; out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_AEAD_CIPHER; @@ -900,8 +846,8 @@ static int aead_aes_gcm_init_impl(struct aead_aes_gcm_ctx *gcm_ctx, return 0; } - gcm_ctx->ctr = - aes_ctr_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm_key, NULL, key, key_len); + gcm_ctx->ctr = aes_ctr_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm_key, NULL, key, + key_len, 1 /* large inputs */); *out_tag_len = tag_len; return 1; } diff --git a/src/crypto/fipsmodule/cipher/e_des.c b/src/crypto/fipsmodule/cipher/e_des.c index eaba6d7..e77363b 100644 --- a/src/crypto/fipsmodule/cipher/e_des.c +++ b/src/crypto/fipsmodule/cipher/e_des.c @@ -231,3 +231,7 @@ DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_des_ede3) { out->init = des_ede3_init_key; out->cipher = des_ede_ecb_cipher; } + +const EVP_CIPHER* EVP_des_ede3_ecb(void) { + return EVP_des_ede3(); +} diff --git a/src/crypto/fipsmodule/cipher/internal.h b/src/crypto/fipsmodule/cipher/internal.h index 7c739fb..b9e61ec 100644 --- a/src/crypto/fipsmodule/cipher/internal.h +++ b/src/crypto/fipsmodule/cipher/internal.h @@ -116,11 +116,12 @@ struct evp_aead_st { // where |key_bytes| must either be 16, 24 or 32. If not NULL, |*out_block| is // set to a function that encrypts single blocks. If not NULL, |*gcm_key| is // initialised to do GHASH with the given key. It returns a function for -// optimised CTR-mode, or NULL if CTR-mode should be built using -// |*out_block|. +// optimised CTR-mode, or NULL if CTR-mode should be built using |*out_block|. +// |large_input| is a hint to select AES implementations. If it is one, the +// caller expects this key to be used with large inputs. ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key, block128_f *out_block, const uint8_t *key, - size_t key_bytes); + size_t key_bytes, int large_input); #if defined(__cplusplus) } // extern C diff --git a/src/crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl b/src/crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl index 1dc257d..5402885 100755 --- a/src/crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl +++ b/src/crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl @@ -488,7 +488,7 @@ $code.=<<___; # void ecp_nistz256_ord_sqr_mont( # uint64_t res[4], # uint64_t a[4], -# int rep); +# uint64_t rep); .globl ecp_nistz256_ord_sqr_mont .type ecp_nistz256_ord_sqr_mont,\@function,3 @@ -1320,6 +1320,7 @@ $code.=<<___; .type __ecp_nistz256_mul_montq,\@abi-omnipotent .align 32 __ecp_nistz256_mul_montq: +.cfi_startproc ######################################################################## # Multiply a by b[0] mov %rax, $t1 @@ -1531,6 +1532,7 @@ __ecp_nistz256_mul_montq: mov $acc1, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq ################################################################################ @@ -1615,6 +1617,7 @@ $code.=<<___; .type __ecp_nistz256_sqr_montq,\@abi-omnipotent .align 32 __ecp_nistz256_sqr_montq: +.cfi_startproc mov %rax, $acc5 mulq $acc6 # a[1]*a[0] mov %rax, $acc1 @@ -1772,6 +1775,7 @@ __ecp_nistz256_sqr_montq: mov $acc7, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq ___ @@ -1780,6 +1784,7 @@ $code.=<<___; .type __ecp_nistz256_mul_montx,\@abi-omnipotent .align 32 __ecp_nistz256_mul_montx: +.cfi_startproc ######################################################################## # Multiply by b[0] mulx $acc1, $acc0, $acc1 @@ -1942,11 +1947,13 @@ __ecp_nistz256_mul_montx: mov $acc1, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx .type __ecp_nistz256_sqr_montx,\@abi-omnipotent .align 32 __ecp_nistz256_sqr_montx: +.cfi_startproc mulx $acc6, $acc1, $acc2 # a[0]*a[1] mulx $acc7, $t0, $acc3 # a[0]*a[2] xor %eax, %eax @@ -2070,6 +2077,7 @@ __ecp_nistz256_sqr_montx: mov $acc7, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx ___ } @@ -2087,6 +2095,7 @@ $code.=<<___; .type ecp_nistz256_select_w5,\@abi-omnipotent .align 32 ecp_nistz256_select_w5: +.cfi_startproc ___ $code.=<<___ if ($avx>1); leaq OPENSSL_ia32cap_P(%rip), %rax @@ -2176,6 +2185,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .LSEH_end_ecp_nistz256_select_w5: .size ecp_nistz256_select_w5,.-ecp_nistz256_select_w5 @@ -2185,6 +2195,7 @@ $code.=<<___; .type ecp_nistz256_select_w7,\@abi-omnipotent .align 32 ecp_nistz256_select_w7: +.cfi_startproc ___ $code.=<<___ if ($avx>1); leaq OPENSSL_ia32cap_P(%rip), %rax @@ -2263,6 +2274,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .LSEH_end_ecp_nistz256_select_w7: .size ecp_nistz256_select_w7,.-ecp_nistz256_select_w7 ___ @@ -2279,6 +2291,7 @@ $code.=<<___; .type ecp_nistz256_avx2_select_w5,\@abi-omnipotent .align 32 ecp_nistz256_avx2_select_w5: +.cfi_startproc .Lavx2_select_w5: vzeroupper ___ @@ -2366,6 +2379,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .LSEH_end_ecp_nistz256_avx2_select_w5: .size ecp_nistz256_avx2_select_w5,.-ecp_nistz256_avx2_select_w5 ___ @@ -2385,6 +2399,7 @@ $code.=<<___; .type ecp_nistz256_avx2_select_w7,\@abi-omnipotent .align 32 ecp_nistz256_avx2_select_w7: +.cfi_startproc .Lavx2_select_w7: vzeroupper ___ @@ -2487,6 +2502,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .LSEH_end_ecp_nistz256_avx2_select_w7: .size ecp_nistz256_avx2_select_w7,.-ecp_nistz256_avx2_select_w7 ___ @@ -2556,6 +2572,7 @@ $code.=<<___; .type __ecp_nistz256_add_toq,\@abi-omnipotent .align 32 __ecp_nistz256_add_toq: +.cfi_startproc xor $t4,$t4 add 8*0($b_ptr), $a0 adc 8*1($b_ptr), $a1 @@ -2583,11 +2600,13 @@ __ecp_nistz256_add_toq: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq .type __ecp_nistz256_sub_fromq,\@abi-omnipotent .align 32 __ecp_nistz256_sub_fromq: +.cfi_startproc sub 8*0($b_ptr), $a0 sbb 8*1($b_ptr), $a1 mov $a0, $t0 @@ -2614,11 +2633,13 @@ __ecp_nistz256_sub_fromq: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq .type __ecp_nistz256_subq,\@abi-omnipotent .align 32 __ecp_nistz256_subq: +.cfi_startproc sub $a0, $t0 sbb $a1, $t1 mov $t0, $a0 @@ -2641,11 +2662,13 @@ __ecp_nistz256_subq: cmovnz $t3, $a3 ret +.cfi_endproc .size __ecp_nistz256_subq,.-__ecp_nistz256_subq .type __ecp_nistz256_mul_by_2q,\@abi-omnipotent .align 32 __ecp_nistz256_mul_by_2q: +.cfi_startproc xor $t4, $t4 add $a0, $a0 # a0:a3+a0:a3 adc $a1, $a1 @@ -2673,6 +2696,7 @@ __ecp_nistz256_mul_by_2q: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q ___ } @@ -3114,7 +3138,9 @@ $code.=<<___; movq %xmm1, $a_ptr # restore $a_ptr movq %xmm0, $r_ptr # restore $r_ptr add \$`32*(18-5)`, %rsp # difference in frame sizes +.cfi_adjust_cfa_offset `-32*(18-5)` jmp .Lpoint_double_shortcut$x +.cfi_adjust_cfa_offset `32*(18-5)` .align 32 .Ladd_proceed$x: @@ -3651,6 +3677,7 @@ $code.=<<___; .type __ecp_nistz256_add_tox,\@abi-omnipotent .align 32 __ecp_nistz256_add_tox: +.cfi_startproc xor $t4, $t4 adc 8*0($b_ptr), $a0 adc 8*1($b_ptr), $a1 @@ -3679,11 +3706,13 @@ __ecp_nistz256_add_tox: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox .type __ecp_nistz256_sub_fromx,\@abi-omnipotent .align 32 __ecp_nistz256_sub_fromx: +.cfi_startproc xor $t4, $t4 sbb 8*0($b_ptr), $a0 sbb 8*1($b_ptr), $a1 @@ -3712,11 +3741,13 @@ __ecp_nistz256_sub_fromx: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx .type __ecp_nistz256_subx,\@abi-omnipotent .align 32 __ecp_nistz256_subx: +.cfi_startproc xor $t4, $t4 sbb $a0, $t0 sbb $a1, $t1 @@ -3741,11 +3772,13 @@ __ecp_nistz256_subx: cmovc $t3, $a3 ret +.cfi_endproc .size __ecp_nistz256_subx,.-__ecp_nistz256_subx .type __ecp_nistz256_mul_by_2x,\@abi-omnipotent .align 32 __ecp_nistz256_mul_by_2x: +.cfi_startproc xor $t4, $t4 adc $a0, $a0 # a0:a3+a0:a3 adc $a1, $a1 @@ -3774,6 +3807,7 @@ __ecp_nistz256_mul_by_2x: mov $a3, 8*3($r_ptr) ret +.cfi_endproc .size __ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x ___ } diff --git a/src/crypto/fipsmodule/ec/asm/p256_beeu-x86_64-asm.pl b/src/crypto/fipsmodule/ec/asm/p256_beeu-x86_64-asm.pl index 12b9f5a..0bb6547 100644 --- a/src/crypto/fipsmodule/ec/asm/p256_beeu-x86_64-asm.pl +++ b/src/crypto/fipsmodule/ec/asm/p256_beeu-x86_64-asm.pl @@ -156,9 +156,6 @@ beeu_mod_inverse_vartime: .cfi_startproc push %rbp .cfi_push rbp - movq %rsp, %rbp -.cfi_def_cfa_register rbp - push %r12 .cfi_push r12 push %r13 @@ -173,6 +170,7 @@ beeu_mod_inverse_vartime: .cfi_push rsi sub \$$last_rsp_offset, %rsp +.cfi_adjust_cfa_offset $last_rsp_offset movq $out, $out_rsp(%rsp) # X=1, Y=0 @@ -380,6 +378,7 @@ beeu_mod_inverse_vartime: .Lbeeu_finish: add \$$last_rsp_offset, %rsp +.cfi_adjust_cfa_offset -$last_rsp_offset pop %rsi .cfi_pop rsi pop %rbx @@ -394,9 +393,8 @@ beeu_mod_inverse_vartime: .cfi_pop r12 pop %rbp .cfi_pop rbp -.cfi_def_cfa rsp, 8 -.cfi_endproc ret +.cfi_endproc .size beeu_mod_inverse_vartime, .-beeu_mod_inverse_vartime ___ diff --git a/src/crypto/fipsmodule/ec/ec.c b/src/crypto/fipsmodule/ec/ec.c index bd0662a..a0305a6 100644 --- a/src/crypto/fipsmodule/ec/ec.c +++ b/src/crypto/fipsmodule/ec/ec.c @@ -499,8 +499,8 @@ err: struct built_in_groups_st { EC_GROUP *groups[OPENSSL_NUM_BUILT_IN_CURVES]; }; -DEFINE_BSS_GET(struct built_in_groups_st, built_in_groups); -DEFINE_STATIC_MUTEX(built_in_groups_lock); +DEFINE_BSS_GET(struct built_in_groups_st, built_in_groups) +DEFINE_STATIC_MUTEX(built_in_groups_lock) EC_GROUP *EC_GROUP_new_by_curve_name(int nid) { struct built_in_groups_st *groups = built_in_groups_bss_get(); @@ -625,6 +625,10 @@ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) { return 1; } +int EC_GROUP_order_bits(const EC_GROUP *group) { + return BN_num_bits(&group->order); +} + int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) { // All |EC_GROUP|s have cofactor 1. @@ -656,6 +660,22 @@ const char *EC_curve_nid2nist(int nid) { return NULL; } +int EC_curve_nist2nid(const char *name) { + if (strcmp(name, "P-224") == 0) { + return NID_secp224r1; + } + if (strcmp(name, "P-256") == 0) { + return NID_X9_62_prime256v1; + } + if (strcmp(name, "P-384") == 0) { + return NID_secp384r1; + } + if (strcmp(name, "P-521") == 0) { + return NID_secp521r1; + } + return NID_undef; +} + EC_POINT *EC_POINT_new(const EC_GROUP *group) { if (group == NULL) { OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); diff --git a/src/crypto/fipsmodule/ec/ec_key.c b/src/crypto/fipsmodule/ec/ec_key.c index 632dc9b..04650ed 100644 --- a/src/crypto/fipsmodule/ec/ec_key.c +++ b/src/crypto/fipsmodule/ec/ec_key.c @@ -82,7 +82,7 @@ #include "../../internal.h" -DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class); +DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class) static EC_WRAPPED_SCALAR *ec_wrapped_scalar_new(const EC_GROUP *group) { EC_WRAPPED_SCALAR *wrapped = OPENSSL_malloc(sizeof(EC_WRAPPED_SCALAR)); @@ -394,6 +394,33 @@ err: return ok; } +size_t EC_KEY_key2buf(EC_KEY *key, point_conversion_form_t form, + unsigned char **out_buf, BN_CTX *ctx) { + if (key == NULL || key->pub_key == NULL || key->group == NULL) { + return 0; + } + + const size_t len = + EC_POINT_point2oct(key->group, key->pub_key, form, NULL, 0, ctx); + if (len == 0) { + return 0; + } + + uint8_t *buf = OPENSSL_malloc(len); + if (buf == NULL) { + return 0; + } + + if (EC_POINT_point2oct(key->group, key->pub_key, form, buf, len, ctx) != + len) { + OPENSSL_free(buf); + return 0; + } + + *out_buf = buf; + return len; +} + int EC_KEY_generate_key(EC_KEY *key) { if (key == NULL || key->group == NULL) { OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); diff --git a/src/crypto/fipsmodule/ec/make_p256-x86_64-table.go b/src/crypto/fipsmodule/ec/make_p256-x86_64-table.go index d10a4f9..8a9da2c 100644 --- a/src/crypto/fipsmodule/ec/make_p256-x86_64-table.go +++ b/src/crypto/fipsmodule/ec/make_p256-x86_64-table.go @@ -49,9 +49,7 @@ const fileHeader = `/* Copyright (c) 2015, Intel Inc. // This file is generated by make_p256-x86_64-table.go. -static const alignas(4096) BN_ULONG - ecp_nistz256_precomputed[37][64 * sizeof(P256_POINT_AFFINE) / - sizeof(BN_ULONG)] = { +static const alignas(4096) PRECOMP256_ROW ecp_nistz256_precomputed[37] = { ` func main() { @@ -75,23 +73,23 @@ func main() { toMontgomery(y, p) if multiple == 1 { - os.Stdout.WriteString(" {") + os.Stdout.WriteString(" {{") } else { - os.Stdout.WriteString(" ") + os.Stdout.WriteString(" {") } printNum(x, tmp) - os.Stdout.WriteString(",\n ") + os.Stdout.WriteString(",\n ") printNum(y, tmp) if multiple == 64 { - os.Stdout.WriteString("}") + os.Stdout.WriteString("}}") } else { - os.Stdout.WriteString(",\n") + os.Stdout.WriteString("},\n") } } - if shift + 7 < 256 { + if shift+7 < 256 { os.Stdout.WriteString(",\n") } else { os.Stdout.WriteString("};\n") @@ -108,6 +106,7 @@ func init() { } func printNum(n, tmp *big.Int) { + fmt.Printf("{") for i := 0; i < 4; i++ { tmp.And(n, mask) limb := tmp.Uint64() @@ -118,9 +117,10 @@ func printNum(n, tmp *big.Int) { case 0, 2: os.Stdout.WriteString(", ") case 1: - os.Stdout.WriteString(",\n ") + os.Stdout.WriteString(",\n ") } } + fmt.Printf("}") } // toMontgomery sets n to be n×R mod p diff --git a/src/crypto/fipsmodule/ec/make_p256-x86_64-tests.go b/src/crypto/fipsmodule/ec/make_p256-x86_64-tests.go new file mode 100644 index 0000000..958a97a --- /dev/null +++ b/src/crypto/fipsmodule/ec/make_p256-x86_64-tests.go @@ -0,0 +1,232 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +package main + +import ( + "crypto/aes" + "crypto/cipher" + "crypto/elliptic" + "crypto/rand" + "fmt" + "io" + "math/big" +) + +var ( + p256 elliptic.Curve + zero, one, p, R, Rinv *big.Int + deterministicRand io.Reader +) + +type coordinates int + +const ( + affine coordinates = iota + jacobian +) + +func init() { + p256 = elliptic.P256() + + zero = new(big.Int) + one = new(big.Int).SetInt64(1) + + p = p256.Params().P + + R = new(big.Int) + R.SetBit(R, 256, 1) + R.Mod(R, p) + + Rinv = new(big.Int).ModInverse(R, p) + + deterministicRand = newDeterministicRand() +} + +func modMul(z, x, y *big.Int) *big.Int { + z.Mul(x, y) + return z.Mod(z, p) +} + +func toMontgomery(z, x *big.Int) *big.Int { + return modMul(z, x, R) +} + +func fromMontgomery(z, x *big.Int) *big.Int { + return modMul(z, x, Rinv) +} + +func isAffineInfinity(x, y *big.Int) bool { + // Infinity, in affine coordinates, is represented as (0, 0) by + // both Go and p256-x86_64-asm.pl. + return x.Sign() == 0 && y.Sign() == 0 +} + +func randNonZeroInt(max *big.Int) *big.Int { + for { + r, err := rand.Int(deterministicRand, max) + if err != nil { + panic(err) + } + if r.Sign() != 0 { + return r + } + } +} + +func randPoint() (x, y *big.Int) { + k := randNonZeroInt(p256.Params().N) + return p256.ScalarBaseMult(k.Bytes()) +} + +func toJacobian(xIn, yIn *big.Int) (x, y, z *big.Int) { + if isAffineInfinity(xIn, yIn) { + // The Jacobian representation of infinity has Z = 0. Depending + // on the implementation, X and Y may be further constrained. + // Generalizing the curve equation to Jacobian coordinates for + // non-zero Z gives: + // + // y² = x³ - 3x + b, where x = X/Z² and y = Y/Z³ + // Y² = X³ + aXZ⁴ + bZ⁶ + // + // Taking that formula at Z = 0 gives Y² = X³. This constraint + // allows removing a special case in the point-on-curve check. + // + // BoringSSL, however, historically generated infinities with + // arbitrary X and Y and include the special case. We also have + // not verified that add and double preserve this + // property. Thus, generate test vectors with unrelated X and Y, + // to test that p256-x86_64-asm.pl correctly handles + // unconstrained representations of infinity. + x = randNonZeroInt(p) + y = randNonZeroInt(p) + z = zero + return + } + + z = randNonZeroInt(p) + + // X = xZ² + y = modMul(new(big.Int), z, z) + x = modMul(new(big.Int), xIn, y) + + // Y = yZ³ + modMul(y, y, z) + modMul(y, y, yIn) + return +} + +func printMontgomery(name string, a *big.Int) { + a = toMontgomery(new(big.Int), a) + fmt.Printf("%s = %064x\n", name, a) +} + +func printTestCase(ax, ay *big.Int, aCoord coordinates, bx, by *big.Int, bCoord coordinates) { + rx, ry := p256.Add(ax, ay, bx, by) + + var az *big.Int + if aCoord == jacobian { + ax, ay, az = toJacobian(ax, ay) + } else if isAffineInfinity(ax, ay) { + az = zero + } else { + az = one + } + + var bz *big.Int + if bCoord == jacobian { + bx, by, bz = toJacobian(bx, by) + } else if isAffineInfinity(bx, by) { + bz = zero + } else { + bz = one + } + + fmt.Printf("Test = PointAdd\n") + printMontgomery("A.X", ax) + printMontgomery("A.Y", ay) + printMontgomery("A.Z", az) + printMontgomery("B.X", bx) + printMontgomery("B.Y", by) + printMontgomery("B.Z", bz) + printMontgomery("Result.X", rx) + printMontgomery("Result.Y", ry) + fmt.Printf("\n") +} + +func main() { + fmt.Printf("# ∞ + ∞ = ∞.\n") + printTestCase(zero, zero, affine, zero, zero, affine) + + fmt.Printf("# ∞ + ∞ = ∞, with an alternate representation of ∞.\n") + printTestCase(zero, zero, jacobian, zero, zero, jacobian) + + gx, gy := p256.Params().Gx, p256.Params().Gy + fmt.Printf("# g + ∞ = g.\n") + printTestCase(gx, gy, affine, zero, zero, affine) + + fmt.Printf("# g + ∞ = g, with an alternate representation of ∞.\n") + printTestCase(gx, gy, affine, zero, zero, jacobian) + + fmt.Printf("# g + -g = ∞.\n") + minusGy := new(big.Int).Sub(p, gy) + printTestCase(gx, gy, affine, gx, minusGy, affine) + + fmt.Printf("# Test some random Jacobian sums.\n") + for i := 0; i < 4; i++ { + ax, ay := randPoint() + bx, by := randPoint() + printTestCase(ax, ay, jacobian, bx, by, jacobian) + } + + fmt.Printf("# Test some random Jacobian doublings.\n") + for i := 0; i < 4; i++ { + ax, ay := randPoint() + printTestCase(ax, ay, jacobian, ax, ay, jacobian) + } + + fmt.Printf("# Test some random affine sums.\n") + for i := 0; i < 4; i++ { + ax, ay := randPoint() + bx, by := randPoint() + printTestCase(ax, ay, affine, bx, by, affine) + } + + fmt.Printf("# Test some random affine doublings.\n") + for i := 0; i < 4; i++ { + ax, ay := randPoint() + printTestCase(ax, ay, affine, ax, ay, affine) + } +} + +type deterministicRandom struct { + stream cipher.Stream +} + +func newDeterministicRand() io.Reader { + block, err := aes.NewCipher(make([]byte, 128/8)) + if err != nil { + panic(err) + } + stream := cipher.NewCTR(block, make([]byte, block.BlockSize())) + return &deterministicRandom{stream} +} + +func (r *deterministicRandom) Read(b []byte) (n int, err error) { + for i := range b { + b[i] = 0 + } + r.stream.XORKeyStream(b, b) + return len(b), nil +} diff --git a/src/crypto/fipsmodule/ec/p224-64.c b/src/crypto/fipsmodule/ec/p224-64.c index dd3098f..2749686 100644 --- a/src/crypto/fipsmodule/ec/p224-64.c +++ b/src/crypto/fipsmodule/ec/p224-64.c @@ -1120,6 +1120,6 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp224_method) { out->scalar_inv_montgomery = ec_simple_scalar_inv_montgomery; out->scalar_inv_montgomery_vartime = ec_GFp_simple_mont_inv_mod_ord_vartime; out->cmp_x_coordinate = ec_GFp_simple_cmp_x_coordinate; -}; +} #endif // BORINGSSL_HAS_UINT128 && !SMALL diff --git a/src/crypto/fipsmodule/ec/p256-x86_64-table.h b/src/crypto/fipsmodule/ec/p256-x86_64-table.h index bcb05f6..8246b11 100644 --- a/src/crypto/fipsmodule/ec/p256-x86_64-table.h +++ b/src/crypto/fipsmodule/ec/p256-x86_64-table.h @@ -26,9478 +26,9476 @@ // This file is generated by make_p256-x86_64-table.go. -static const alignas(4096) BN_ULONG - ecp_nistz256_precomputed[37][64 * sizeof(P256_POINT_AFFINE) / - sizeof(BN_ULONG)] = { - {TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), - TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6), - TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), - TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85), - TOBN(0x850046d4, 0x10ddd64d), TOBN(0xaa6ae3c1, 0xa433827d), - TOBN(0x73220503, 0x8d1490d9), TOBN(0xf6bb32e4, 0x3dcf3a3b), - TOBN(0x2f3648d3, 0x61bee1a5), TOBN(0x152cd7cb, 0xeb236ff8), - TOBN(0x19a8fb0e, 0x92042dbe), TOBN(0x78c57751, 0x0a5b8a3b), - TOBN(0xffac3f90, 0x4eebc127), TOBN(0xb027f84a, 0x087d81fb), - TOBN(0x66ad77dd, 0x87cbbc98), TOBN(0x26936a3f, 0xb6ff747e), - TOBN(0xb04c5c1f, 0xc983a7eb), TOBN(0x583e47ad, 0x0861fe1a), - TOBN(0x78820831, 0x1a2ee98e), TOBN(0xd5f06a29, 0xe587cc07), - TOBN(0x74b0b50d, 0x46918dcc), TOBN(0x4650a6ed, 0xc623c173), - TOBN(0x0cdaacac, 0xe8100af2), TOBN(0x577362f5, 0x41b0176b), - TOBN(0x2d96f24c, 0xe4cbaba6), TOBN(0x17628471, 0xfad6f447), - TOBN(0x6b6c36de, 0xe5ddd22e), TOBN(0x84b14c39, 0x4c5ab863), - TOBN(0xbe1b8aae, 0xc45c61f5), TOBN(0x90ec649a, 0x94b9537d), - TOBN(0x941cb5aa, 0xd076c20c), TOBN(0xc9079605, 0x890523c8), - TOBN(0xeb309b4a, 0xe7ba4f10), TOBN(0x73c568ef, 0xe5eb882b), - TOBN(0x3540a987, 0x7e7a1f68), TOBN(0x73a076bb, 0x2dd1e916), - TOBN(0x40394737, 0x3e77664a), TOBN(0x55ae744f, 0x346cee3e), - TOBN(0xd50a961a, 0x5b17a3ad), TOBN(0x13074b59, 0x54213673), - TOBN(0x93d36220, 0xd377e44b), TOBN(0x299c2b53, 0xadff14b5), - TOBN(0xf424d44c, 0xef639f11), TOBN(0xa4c9916d, 0x4a07f75f), - TOBN(0x0746354e, 0xa0173b4f), TOBN(0x2bd20213, 0xd23c00f7), - TOBN(0xf43eaab5, 0x0c23bb08), TOBN(0x13ba5119, 0xc3123e03), - TOBN(0x2847d030, 0x3f5b9d4d), TOBN(0x6742f2f2, 0x5da67bdd), - TOBN(0xef933bdc, 0x77c94195), TOBN(0xeaedd915, 0x6e240867), - TOBN(0x27f14cd1, 0x9499a78f), TOBN(0x462ab5c5, 0x6f9b3455), - TOBN(0x8f90f02a, 0xf02cfc6b), TOBN(0xb763891e, 0xb265230d), - TOBN(0xf59da3a9, 0x532d4977), TOBN(0x21e3327d, 0xcf9eba15), - TOBN(0x123c7b84, 0xbe60bbf0), TOBN(0x56ec12f2, 0x7706df76), - TOBN(0x75c96e8f, 0x264e20e8), TOBN(0xabe6bfed, 0x59a7a841), - TOBN(0x2cc09c04, 0x44c8eb00), TOBN(0xe05b3080, 0xf0c4e16b), - TOBN(0x1eb7777a, 0xa45f3314), TOBN(0x56af7bed, 0xce5d45e3), - TOBN(0x2b6e019a, 0x88b12f1a), TOBN(0x086659cd, 0xfd835f9b), - TOBN(0x2c18dbd1, 0x9dc21ec8), TOBN(0x98f9868a, 0x0fcf8139), - TOBN(0x737d2cd6, 0x48250b49), TOBN(0xcc61c947, 0x24b3428f), - TOBN(0x0c2b4078, 0x80dd9e76), TOBN(0xc43a8991, 0x383fbe08), - TOBN(0x5f7d2d65, 0x779be5d2), TOBN(0x78719a54, 0xeb3b4ab5), - TOBN(0xea7d260a, 0x6245e404), TOBN(0x9de40795, 0x6e7fdfe0), - TOBN(0x1ff3a415, 0x8dac1ab5), TOBN(0x3e7090f1, 0x649c9073), - TOBN(0x1a768561, 0x2b944e88), TOBN(0x250f939e, 0xe57f61c8), - TOBN(0x0c0daa89, 0x1ead643d), TOBN(0x68930023, 0xe125b88e), - TOBN(0x04b71aa7, 0xd2697768), TOBN(0xabdedef5, 0xca345a33), - TOBN(0x2409d29d, 0xee37385e), TOBN(0x4ee1df77, 0xcb83e156), - TOBN(0x0cac12d9, 0x1cbb5b43), TOBN(0x170ed2f6, 0xca895637), - TOBN(0x28228cfa, 0x8ade6d66), TOBN(0x7ff57c95, 0x53238aca), - TOBN(0xccc42563, 0x4b2ed709), TOBN(0x0e356769, 0x856fd30d), - TOBN(0xbcbcd43f, 0x559e9811), TOBN(0x738477ac, 0x5395b759), - TOBN(0x35752b90, 0xc00ee17f), TOBN(0x68748390, 0x742ed2e3), - TOBN(0x7cd06422, 0xbd1f5bc1), TOBN(0xfbc08769, 0xc9e7b797), - TOBN(0xa242a35b, 0xb0cf664a), TOBN(0x126e48f7, 0x7f9707e3), - TOBN(0x1717bf54, 0xc6832660), TOBN(0xfaae7332, 0xfd12c72e), - TOBN(0x27b52db7, 0x995d586b), TOBN(0xbe29569e, 0x832237c2), - TOBN(0xe8e4193e, 0x2a65e7db), TOBN(0x152706dc, 0x2eaa1bbb), - TOBN(0x72bcd8b7, 0xbc60055b), TOBN(0x03cc23ee, 0x56e27e4b), - TOBN(0xee337424, 0xe4819370), TOBN(0xe2aa0e43, 0x0ad3da09), - TOBN(0x40b8524f, 0x6383c45d), TOBN(0xd7663554, 0x42a41b25), - TOBN(0x64efa6de, 0x778a4797), TOBN(0x2042170a, 0x7079adf4), - TOBN(0x808b0b65, 0x0bc6fb80), TOBN(0x5882e075, 0x3ffe2e6b), - TOBN(0xd5ef2f7c, 0x2c83f549), TOBN(0x54d63c80, 0x9103b723), - TOBN(0xf2f11bd6, 0x52a23f9b), TOBN(0x3670c319, 0x4b0b6587), - TOBN(0x55c4623b, 0xb1580e9e), TOBN(0x64edf7b2, 0x01efe220), - TOBN(0x97091dcb, 0xd53c5c9d), TOBN(0xf17624b6, 0xac0a177b), - TOBN(0xb0f13975, 0x2cfe2dff), TOBN(0xc1a35c0a, 0x6c7a574e), - TOBN(0x227d3146, 0x93e79987), TOBN(0x0575bf30, 0xe89cb80e), - TOBN(0x2f4e247f, 0x0d1883bb), TOBN(0xebd51226, 0x3274c3d0), - TOBN(0x5f3e51c8, 0x56ada97a), TOBN(0x4afc964d, 0x8f8b403e), - TOBN(0xa6f247ab, 0x412e2979), TOBN(0x675abd1b, 0x6f80ebda), - TOBN(0x66a2bd72, 0x5e485a1d), TOBN(0x4b2a5caf, 0x8f4f0b3c), - TOBN(0x2626927f, 0x1b847bba), TOBN(0x6c6fc7d9, 0x0502394d), - TOBN(0xfea912ba, 0xa5659ae8), TOBN(0x68363aba, 0x25e1a16e), - TOBN(0xb8842277, 0x752c41ac), TOBN(0xfe545c28, 0x2897c3fc), - TOBN(0x2d36e9e7, 0xdc4c696b), TOBN(0x5806244a, 0xfba977c5), - TOBN(0x85665e9b, 0xe39508c1), TOBN(0xf720ee25, 0x6d12597b), - TOBN(0x8a979129, 0xd2337a31), TOBN(0x5916868f, 0x0f862bdc), - TOBN(0x048099d9, 0x5dd283ba), TOBN(0xe2d1eeb6, 0xfe5bfb4e), - TOBN(0x82ef1c41, 0x7884005d), TOBN(0xa2d4ec17, 0xffffcbae), - TOBN(0x9161c53f, 0x8aa95e66), TOBN(0x5ee104e1, 0xc5fee0d0), - TOBN(0x562e4cec, 0xc135b208), TOBN(0x74e1b265, 0x4783f47d), - TOBN(0x6d2a506c, 0x5a3f3b30), TOBN(0xecead9f4, 0xc16762fc), - TOBN(0xf29dd4b2, 0xe286e5b9), TOBN(0x1b0fadc0, 0x83bb3c61), - TOBN(0x7a75023e, 0x7fac29a4), TOBN(0xc086d5f1, 0xc9477fa3), - TOBN(0x0fc61135, 0x2f6f3076), TOBN(0xc99ffa23, 0xe3912a9a), - TOBN(0x6a0b0685, 0xd2f8ba3d), TOBN(0xfdc777e8, 0xe93358a4), - TOBN(0x94a787bb, 0x35415f04), TOBN(0x640c2d6a, 0x4d23fea4), - TOBN(0x9de917da, 0x153a35b5), TOBN(0x793e8d07, 0x5d5cd074), - TOBN(0xf4f87653, 0x2de45068), TOBN(0x37c7a7e8, 0x9e2e1f6e), - TOBN(0xd0825fa2, 0xa3584069), TOBN(0xaf2cea7c, 0x1727bf42), - TOBN(0x0360a4fb, 0x9e4785a9), TOBN(0xe5fda49c, 0x27299f4a), - TOBN(0x48068e13, 0x71ac2f71), TOBN(0x83d0687b, 0x9077666f), - TOBN(0x6d3883b2, 0x15d02819), TOBN(0x6d0d7550, 0x40dd9a35), - TOBN(0x61d7cbf9, 0x1d2b469f), TOBN(0xf97b232f, 0x2efc3115), - TOBN(0xa551d750, 0xb24bcbc7), TOBN(0x11ea4949, 0x88a1e356), - TOBN(0x7669f031, 0x93cb7501), TOBN(0x595dc55e, 0xca737b8a), - TOBN(0xa4a319ac, 0xd837879f), TOBN(0x6fc1b49e, 0xed6b67b0), - TOBN(0xe3959933, 0x32f1f3af), TOBN(0x966742eb, 0x65432a2e), - TOBN(0x4b8dc9fe, 0xb4966228), TOBN(0x96cc6312, 0x43f43950), - TOBN(0x12068859, 0xc9b731ee), TOBN(0x7b948dc3, 0x56f79968), - TOBN(0x61e4ad32, 0xed1f8008), TOBN(0xe6c9267a, 0xd8b17538), - TOBN(0x1ac7c5eb, 0x857ff6fb), TOBN(0x994baaa8, 0x55f2fb10), - TOBN(0x84cf14e1, 0x1d248018), TOBN(0x5a39898b, 0x628ac508), - TOBN(0x14fde97b, 0x5fa944f5), TOBN(0xed178030, 0xd12e5ac7), - TOBN(0x042c2af4, 0x97e2feb4), TOBN(0xd36a42d7, 0xaebf7313), - TOBN(0x49d2c9eb, 0x084ffdd7), TOBN(0x9f8aa54b, 0x2ef7c76a), - TOBN(0x9200b7ba, 0x09895e70), TOBN(0x3bd0c66f, 0xddb7fb58), - TOBN(0x2d97d108, 0x78eb4cbb), TOBN(0x2d431068, 0xd84bde31), - TOBN(0x4b523eb7, 0x172ccd1f), TOBN(0x7323cb28, 0x30a6a892), - TOBN(0x97082ec0, 0xcfe153eb), TOBN(0xe97f6b6a, 0xf2aadb97), - TOBN(0x1d3d393e, 0xd1a83da1), TOBN(0xa6a7f9c7, 0x804b2a68), - TOBN(0x4a688b48, 0x2d0cb71e), TOBN(0xa9b4cc5f, 0x40585278), - TOBN(0x5e5db46a, 0xcb66e132), TOBN(0xf1be963a, 0x0d925880), - TOBN(0x944a7027, 0x0317b9e2), TOBN(0xe266f959, 0x48603d48), - TOBN(0x98db6673, 0x5c208899), TOBN(0x90472447, 0xa2fb18a3), - TOBN(0x8a966939, 0x777c619f), TOBN(0x3798142a, 0x2a3be21b), - TOBN(0xb4241cb1, 0x3298b343), TOBN(0xa3a14e49, 0xb44f65a1), - TOBN(0xc5f4d6cd, 0x3ac77acd), TOBN(0xd0288cb5, 0x52b6fc3c), - TOBN(0xd5cc8c2f, 0x1c040abc), TOBN(0xb675511e, 0x06bf9b4a), - TOBN(0xd667da37, 0x9b3aa441), TOBN(0x460d45ce, 0x51601f72), - TOBN(0xe2f73c69, 0x6755ff89), TOBN(0xdd3cf7e7, 0x473017e6), - TOBN(0x8ef5689d, 0x3cf7600d), TOBN(0x948dc4f8, 0xb1fc87b4), - TOBN(0xd9e9fe81, 0x4ea53299), TOBN(0x2d921ca2, 0x98eb6028), - TOBN(0xfaecedfd, 0x0c9803fc), TOBN(0xf38ae891, 0x4d7b4745), - TOBN(0xd8c5fccf, 0xc5e3a3d8), TOBN(0xbefd904c, 0x4079dfbf), - TOBN(0xbc6d6a58, 0xfead0197), TOBN(0x39227077, 0x695532a4), - TOBN(0x09e23e6d, 0xdbef42f5), TOBN(0x7e449b64, 0x480a9908), - TOBN(0x7b969c1a, 0xad9a2e40), TOBN(0x6231d792, 0x9591c2a4), - TOBN(0x87151456, 0x0f664534), TOBN(0x85ceae7c, 0x4b68f103), - TOBN(0xac09c4ae, 0x65578ab9), TOBN(0x33ec6868, 0xf044b10c), - TOBN(0x6ac4832b, 0x3a8ec1f1), TOBN(0x5509d128, 0x5847d5ef), - TOBN(0xf909604f, 0x763f1574), TOBN(0xb16c4303, 0xc32f63c4), - TOBN(0xb6ab2014, 0x7ca23cd3), TOBN(0xcaa7a5c6, 0xa391849d), - TOBN(0x5b0673a3, 0x75678d94), TOBN(0xc982ddd4, 0xdd303e64), - TOBN(0xfd7b000b, 0x5db6f971), TOBN(0xbba2cb1f, 0x6f876f92), - TOBN(0xc77332a3, 0x3c569426), TOBN(0xa159100c, 0x570d74f8), - TOBN(0xfd16847f, 0xdec67ef5), TOBN(0x742ee464, 0x233e76b7), - TOBN(0x0b8e4134, 0xefc2b4c8), TOBN(0xca640b86, 0x42a3e521), - TOBN(0x653a0190, 0x8ceb6aa9), TOBN(0x313c300c, 0x547852d5), - TOBN(0x24e4ab12, 0x6b237af7), TOBN(0x2ba90162, 0x8bb47af8), - TOBN(0x3d5e58d6, 0xa8219bb7), TOBN(0xc691d0bd, 0x1b06c57f), - TOBN(0x0ae4cb10, 0xd257576e), TOBN(0x3569656c, 0xd54a3dc3), - TOBN(0xe5ebaebd, 0x94cda03a), TOBN(0x934e82d3, 0x162bfe13), - TOBN(0x450ac0ba, 0xe251a0c6), TOBN(0x480b9e11, 0xdd6da526), - TOBN(0x00467bc5, 0x8cce08b5), TOBN(0xb636458c, 0x7f178d55), - TOBN(0xc5748bae, 0xa677d806), TOBN(0x2763a387, 0xdfa394eb), - TOBN(0xa12b448a, 0x7d3cebb6), TOBN(0xe7adda3e, 0x6f20d850), - TOBN(0xf63ebce5, 0x1558462c), TOBN(0x58b36143, 0x620088a8), - TOBN(0x8a2cc3ca, 0x4d63c0ee), TOBN(0x51233117, 0x0fe948ce), - TOBN(0x7463fd85, 0x222ef33b), TOBN(0xadf0c7dc, 0x7c603d6c), - TOBN(0x0ec32d3b, 0xfe7765e5), TOBN(0xccaab359, 0xbf380409), - TOBN(0xbdaa84d6, 0x8e59319c), TOBN(0xd9a4c280, 0x9c80c34d), - TOBN(0xa9d89488, 0xa059c142), TOBN(0x6f5ae714, 0xff0b9346), - TOBN(0x068f237d, 0x16fb3664), TOBN(0x5853e4c4, 0x363186ac), - TOBN(0xe2d87d23, 0x63c52f98), TOBN(0x2ec4a766, 0x81828876), - TOBN(0x47b864fa, 0xe14e7b1c), TOBN(0x0c0bc0e5, 0x69192408), - TOBN(0xe4d7681d, 0xb82e9f3e), TOBN(0x83200f0b, 0xdf25e13c), - TOBN(0x8909984c, 0x66f27280), TOBN(0x462d7b00, 0x75f73227), - TOBN(0xd90ba188, 0xf2651798), TOBN(0x74c6e18c, 0x36ab1c34), - TOBN(0xab256ea3, 0x5ef54359), TOBN(0x03466612, 0xd1aa702f), - TOBN(0x624d6049, 0x2ed22e91), TOBN(0x6fdfe0b5, 0x6f072822), - TOBN(0xeeca1115, 0x39ce2271), TOBN(0x98100a4f, 0xdb01614f), - TOBN(0xb6b0daa2, 0xa35c628f), TOBN(0xb6f94d2e, 0xc87e9a47), - TOBN(0xc6773259, 0x1d57d9ce), TOBN(0xf70bfeec, 0x03884a7b), - TOBN(0x5fb35ccf, 0xed2bad01), TOBN(0xa155cbe3, 0x1da6a5c7), - TOBN(0xc2e2594c, 0x30a92f8f), TOBN(0x649c89ce, 0x5bfafe43), - TOBN(0xd158667d, 0xe9ff257a), TOBN(0x9b359611, 0xf32c50ae), - TOBN(0x4b00b20b, 0x906014cf), TOBN(0xf3a8cfe3, 0x89bc7d3d), - TOBN(0x4ff23ffd, 0x248a7d06), TOBN(0x80c5bfb4, 0x878873fa), - TOBN(0xb7d9ad90, 0x05745981), TOBN(0x179c85db, 0x3db01994), - TOBN(0xba41b062, 0x61a6966c), TOBN(0x4d82d052, 0xeadce5a8), - TOBN(0x9e91cd3b, 0xa5e6a318), TOBN(0x47795f4f, 0x95b2dda0), - TOBN(0xecfd7c1f, 0xd55a897c), TOBN(0x009194ab, 0xb29110fb), - TOBN(0x5f0e2046, 0xe381d3b0), TOBN(0x5f3425f6, 0xa98dd291), - TOBN(0xbfa06687, 0x730d50da), TOBN(0x0423446c, 0x4b083b7f), - TOBN(0x397a247d, 0xd69d3417), TOBN(0xeb629f90, 0x387ba42a), - TOBN(0x1ee426cc, 0xd5cd79bf), TOBN(0x0032940b, 0x946c6e18), - TOBN(0x1b1e8ae0, 0x57477f58), TOBN(0xe94f7d34, 0x6d823278), - TOBN(0xc747cb96, 0x782ba21a), TOBN(0xc5254469, 0xf72b33a5), - TOBN(0x772ef6de, 0xc7f80c81), TOBN(0xd73acbfe, 0x2cd9e6b5), - TOBN(0x4075b5b1, 0x49ee90d9), TOBN(0x785c339a, 0xa06e9eba), - TOBN(0xa1030d5b, 0xabf825e0), TOBN(0xcec684c3, 0xa42931dc), - TOBN(0x42ab62c9, 0xc1586e63), TOBN(0x45431d66, 0x5ab43f2b), - TOBN(0x57c8b2c0, 0x55f7835d), TOBN(0x033da338, 0xc1b7f865), - TOBN(0x283c7513, 0xcaa76097), TOBN(0x0a624fa9, 0x36c83906), - TOBN(0x6b20afec, 0x715af2c7), TOBN(0x4b969974, 0xeba78bfd), - TOBN(0x220755cc, 0xd921d60e), TOBN(0x9b944e10, 0x7baeca13), - TOBN(0x04819d51, 0x5ded93d4), TOBN(0x9bbff86e, 0x6dddfd27), - TOBN(0x6b344130, 0x77adc612), TOBN(0xa7496529, 0xbbd803a0), - TOBN(0x1a1baaa7, 0x6d8805bd), TOBN(0xc8403902, 0x470343ad), - TOBN(0x39f59f66, 0x175adff1), TOBN(0x0b26d7fb, 0xb7d8c5b7), - TOBN(0xa875f5ce, 0x529d75e3), TOBN(0x85efc7e9, 0x41325cc2), - TOBN(0x21950b42, 0x1ff6acd3), TOBN(0xffe70484, 0x53dc6909), - TOBN(0xff4cd0b2, 0x28766127), TOBN(0xabdbe608, 0x4fb7db2b), - TOBN(0x837c9228, 0x5e1109e8), TOBN(0x26147d27, 0xf4645b5a), - TOBN(0x4d78f592, 0xf7818ed8), TOBN(0xd394077e, 0xf247fa36), - TOBN(0x0fb9c2d0, 0x488c171a), TOBN(0xa78bfbaa, 0x13685278), - TOBN(0xedfbe268, 0xd5b1fa6a), TOBN(0x0dceb8db, 0x2b7eaba7), - TOBN(0xbf9e8089, 0x9ae2b710), TOBN(0xefde7ae6, 0xa4449c96), - TOBN(0x43b7716b, 0xcc143a46), TOBN(0xd7d34194, 0xc3628c13), - TOBN(0x508cec1c, 0x3b3f64c9), TOBN(0xe20bc0ba, 0x1e5edf3f), - TOBN(0xda1deb85, 0x2f4318d4), TOBN(0xd20ebe0d, 0x5c3fa443), - TOBN(0x370b4ea7, 0x73241ea3), TOBN(0x61f1511c, 0x5e1a5f65), - TOBN(0x99a5e23d, 0x82681c62), TOBN(0xd731e383, 0xa2f54c2d), - TOBN(0x2692f36e, 0x83445904), TOBN(0x2e0ec469, 0xaf45f9c0), - TOBN(0x905a3201, 0xc67528b7), TOBN(0x88f77f34, 0xd0e5e542), - TOBN(0xf67a8d29, 0x5864687c), TOBN(0x23b92eae, 0x22df3562), - TOBN(0x5c27014b, 0x9bbec39e), TOBN(0x7ef2f226, 0x9c0f0f8d), - TOBN(0x97359638, 0x546c4d8d), TOBN(0x5f9c3fc4, 0x92f24679), - TOBN(0x912e8bed, 0xa8c8acd9), TOBN(0xec3a318d, 0x306634b0), - TOBN(0x80167f41, 0xc31cb264), TOBN(0x3db82f6f, 0x522113f2), - TOBN(0xb155bcd2, 0xdcafe197), TOBN(0xfba1da59, 0x43465283), - TOBN(0xa0425b8e, 0xb212cf53), TOBN(0x4f2e512e, 0xf8557c5f), - TOBN(0xc1286ff9, 0x25c4d56c), TOBN(0xbb8a0fea, 0xee26c851), - TOBN(0xc28f70d2, 0xe7d6107e), TOBN(0x7ee0c444, 0xe76265aa), - TOBN(0x3df277a4, 0x1d1936b1), TOBN(0x1a556e3f, 0xea9595eb), - TOBN(0x258bbbf9, 0xe7305683), TOBN(0x31eea5bf, 0x07ef5be6), - TOBN(0x0deb0e4a, 0x46c814c1), TOBN(0x5cee8449, 0xa7b730dd), - TOBN(0xeab495c5, 0xa0182bde), TOBN(0xee759f87, 0x9e27a6b4), - TOBN(0xc2cf6a68, 0x80e518ca), TOBN(0x25e8013f, 0xf14cf3f4), - TOBN(0x8fc44140, 0x7e8d7a14), TOBN(0xbb1ff3ca, 0x9556f36a), - TOBN(0x6a844385, 0x14600044), TOBN(0xba3f0c4a, 0x7451ae63), - TOBN(0xdfcac25b, 0x1f9af32a), TOBN(0x01e0db86, 0xb1f2214b), - TOBN(0x4e9a5bc2, 0xa4b596ac), TOBN(0x83927681, 0x026c2c08), - TOBN(0x3ec832e7, 0x7acaca28), TOBN(0x1bfeea57, 0xc7385b29), - TOBN(0x068212e3, 0xfd1eaf38), TOBN(0xc1329830, 0x6acf8ccc), - TOBN(0xb909f2db, 0x2aac9e59), TOBN(0x5748060d, 0xb661782a), - TOBN(0xc5ab2632, 0xc79b7a01), TOBN(0xda44c6c6, 0x00017626), - TOBN(0xf26c00e8, 0xa7ea82f0), TOBN(0x99cac80d, 0xe4299aaf), - TOBN(0xd66fe3b6, 0x7ed78be1), TOBN(0x305f725f, 0x648d02cd), - TOBN(0x33ed1bc4, 0x623fb21b), TOBN(0xfa70533e, 0x7a6319ad), - TOBN(0x17ab562d, 0xbe5ffb3e), TOBN(0x06374994, 0x56674741), - TOBN(0x69d44ed6, 0x5c46aa8e), TOBN(0x2100d5d3, 0xa8d063d1), - TOBN(0xcb9727ea, 0xa2d17c36), TOBN(0x4c2bab1b, 0x8add53b7), - TOBN(0xa084e90c, 0x15426704), TOBN(0x778afcd3, 0xa837ebea), - TOBN(0x6651f701, 0x7ce477f8), TOBN(0xa0624998, 0x46fb7a8b), - TOBN(0xdc1e6828, 0xed8a6e19), TOBN(0x33fc2336, 0x4189d9c7), - TOBN(0x026f8fe2, 0x671c39bc), TOBN(0xd40c4ccd, 0xbc6f9915), - TOBN(0xafa135bb, 0xf80e75ca), TOBN(0x12c651a0, 0x22adff2c), - TOBN(0xc40a04bd, 0x4f51ad96), TOBN(0x04820109, 0xbbe4e832), - TOBN(0x3667eb1a, 0x7f4c04cc), TOBN(0x59556621, 0xa9404f84), - TOBN(0x71cdf653, 0x7eceb50a), TOBN(0x994a44a6, 0x9b8335fa), - TOBN(0xd7faf819, 0xdbeb9b69), TOBN(0x473c5680, 0xeed4350d), - TOBN(0xb6658466, 0xda44bba2), TOBN(0x0d1bc780, 0x872bdbf3), - TOBN(0xe535f175, 0xa1962f91), TOBN(0x6ed7e061, 0xed58f5a7), - TOBN(0x177aa4c0, 0x2089a233), TOBN(0x0dbcb03a, 0xe539b413), - TOBN(0xe3dc424e, 0xbb32e38e), TOBN(0x6472e5ef, 0x6806701e), - TOBN(0xdd47ff98, 0x814be9ee), TOBN(0x6b60cfff, 0x35ace009), - TOBN(0xb8d3d931, 0x9ff91fe5), TOBN(0x039c4800, 0xf0518eed), - TOBN(0x95c37632, 0x9182cb26), TOBN(0x0763a434, 0x82fc568d), - TOBN(0x707c04d5, 0x383e76ba), TOBN(0xac98b930, 0x824e8197), - TOBN(0x92bf7c8f, 0x91230de0), TOBN(0x90876a01, 0x40959b70), - TOBN(0xdb6d96f3, 0x05968b80), TOBN(0x380a0913, 0x089f73b9), - TOBN(0x7da70b83, 0xc2c61e01), TOBN(0x95fb8394, 0x569b38c7), - TOBN(0x9a3c6512, 0x80edfe2f), TOBN(0x8f726bb9, 0x8faeaf82), - TOBN(0x8010a4a0, 0x78424bf8), TOBN(0x29672044, 0x0e844970)}, - {TOBN(0x63c5cb81, 0x7a2ad62a), TOBN(0x7ef2b6b9, 0xac62ff54), - TOBN(0x3749bba4, 0xb3ad9db5), TOBN(0xad311f2c, 0x46d5a617), - TOBN(0xb77a8087, 0xc2ff3b6d), TOBN(0xb46feaf3, 0x367834ff), - TOBN(0xf8aa266d, 0x75d6b138), TOBN(0xfa38d320, 0xec008188), - TOBN(0x486d8ffa, 0x696946fc), TOBN(0x50fbc6d8, 0xb9cba56d), - TOBN(0x7e3d423e, 0x90f35a15), TOBN(0x7c3da195, 0xc0dd962c), - TOBN(0xe673fdb0, 0x3cfd5d8b), TOBN(0x0704b7c2, 0x889dfca5), - TOBN(0xf6ce581f, 0xf52305aa), TOBN(0x399d49eb, 0x914d5e53), - TOBN(0x380a496d, 0x6ec293cd), TOBN(0x733dbda7, 0x8e7051f5), - TOBN(0x037e388d, 0xb849140a), TOBN(0xee4b32b0, 0x5946dbf6), - TOBN(0xb1c4fda9, 0xcae368d1), TOBN(0x5001a7b0, 0xfdb0b2f3), - TOBN(0x6df59374, 0x2e3ac46e), TOBN(0x4af675f2, 0x39b3e656), - TOBN(0x44e38110, 0x39949296), TOBN(0x5b63827b, 0x361db1b5), - TOBN(0x3e5323ed, 0x206eaff5), TOBN(0x942370d2, 0xc21f4290), - TOBN(0xf2caaf2e, 0xe0d985a1), TOBN(0x192cc64b, 0x7239846d), - TOBN(0x7c0b8f47, 0xae6312f8), TOBN(0x7dc61f91, 0x96620108), - TOBN(0xb830fb5b, 0xc2da7de9), TOBN(0xd0e643df, 0x0ff8d3be), - TOBN(0x31ee77ba, 0x188a9641), TOBN(0x4e8aa3aa, 0xbcf6d502), - TOBN(0xf9fb6532, 0x9a49110f), TOBN(0xd18317f6, 0x2dd6b220), - TOBN(0x7e3ced41, 0x52c3ea5a), TOBN(0x0d296a14, 0x7d579c4a), - TOBN(0x35d6a53e, 0xed4c3717), TOBN(0x9f8240cf, 0x3d0ed2a3), - TOBN(0x8c0d4d05, 0xe5543aa5), TOBN(0x45d5bbfb, 0xdd33b4b4), - TOBN(0xfa04cc73, 0x137fd28e), TOBN(0x862ac6ef, 0xc73b3ffd), - TOBN(0x403ff9f5, 0x31f51ef2), TOBN(0x34d5e0fc, 0xbc73f5a2), - TOBN(0xf2526820, 0x08913f4f), TOBN(0xea20ed61, 0xeac93d95), - TOBN(0x51ed38b4, 0x6ca6b26c), TOBN(0x8662dcbc, 0xea4327b0), - TOBN(0x6daf295c, 0x725d2aaa), TOBN(0xbad2752f, 0x8e52dcda), - TOBN(0x2210e721, 0x0b17dacc), TOBN(0xa37f7912, 0xd51e8232), - TOBN(0x4f7081e1, 0x44cc3add), TOBN(0xd5ffa1d6, 0x87be82cf), - TOBN(0x89890b6c, 0x0edd6472), TOBN(0xada26e1a, 0x3ed17863), - TOBN(0x276f2715, 0x63483caa), TOBN(0xe6924cd9, 0x2f6077fd), - TOBN(0x05a7fe98, 0x0a466e3c), TOBN(0xf1c794b0, 0xb1902d1f), - TOBN(0xe5213688, 0x82a8042c), TOBN(0xd931cfaf, 0xcd278298), - TOBN(0x069a0ae0, 0xf597a740), TOBN(0x0adbb3f3, 0xeb59107c), - TOBN(0x983e951e, 0x5eaa8eb8), TOBN(0xe663a8b5, 0x11b48e78), - TOBN(0x1631cc0d, 0x8a03f2c5), TOBN(0x7577c11e, 0x11e271e2), - TOBN(0x33b2385c, 0x08369a90), TOBN(0x2990c59b, 0x190eb4f8), - TOBN(0x819a6145, 0xc68eac80), TOBN(0x7a786d62, 0x2ec4a014), - TOBN(0x33faadbe, 0x20ac3a8d), TOBN(0x31a21781, 0x5aba2d30), - TOBN(0x209d2742, 0xdba4f565), TOBN(0xdb2ce9e3, 0x55aa0fbb), - TOBN(0x8cef334b, 0x168984df), TOBN(0xe81dce17, 0x33879638), - TOBN(0xf6e6949c, 0x263720f0), TOBN(0x5c56feaf, 0xf593cbec), - TOBN(0x8bff5601, 0xfde58c84), TOBN(0x74e24117, 0x2eccb314), - TOBN(0xbcf01b61, 0x4c9a8a78), TOBN(0xa233e35e, 0x544c9868), - TOBN(0xb3156bf3, 0x8bd7aff1), TOBN(0x1b5ee4cb, 0x1d81b146), - TOBN(0x7ba1ac41, 0xd628a915), TOBN(0x8f3a8f9c, 0xfd89699e), - TOBN(0x7329b9c9, 0xa0748be7), TOBN(0x1d391c95, 0xa92e621f), - TOBN(0xe51e6b21, 0x4d10a837), TOBN(0xd255f53a, 0x4947b435), - TOBN(0x07669e04, 0xf1788ee3), TOBN(0xc14f27af, 0xa86938a2), - TOBN(0x8b47a334, 0xe93a01c0), TOBN(0xff627438, 0xd9366808), - TOBN(0x7a0985d8, 0xca2a5965), TOBN(0x3d9a5542, 0xd6e9b9b3), - TOBN(0xc23eb80b, 0x4cf972e8), TOBN(0x5c1c33bb, 0x4fdf72fd), - TOBN(0x0c4a58d4, 0x74a86108), TOBN(0xf8048a8f, 0xee4c5d90), - TOBN(0xe3c7c924, 0xe86d4c80), TOBN(0x28c889de, 0x056a1e60), - TOBN(0x57e2662e, 0xb214a040), TOBN(0xe8c48e98, 0x37e10347), - TOBN(0x87742862, 0x80ac748a), TOBN(0xf1c24022, 0x186b06f2), - TOBN(0xac2dd4c3, 0x5f74040a), TOBN(0x409aeb71, 0xfceac957), - TOBN(0x4fbad782, 0x55c4ec23), TOBN(0xb359ed61, 0x8a7b76ec), - TOBN(0x12744926, 0xed6f4a60), TOBN(0xe21e8d7f, 0x4b912de3), - TOBN(0xe2575a59, 0xfc705a59), TOBN(0x72f1d4de, 0xed2dbc0e), - TOBN(0x3d2b24b9, 0xeb7926b8), TOBN(0xbff88cb3, 0xcdbe5509), - TOBN(0xd0f399af, 0xe4dd640b), TOBN(0x3c5fe130, 0x2f76ed45), - TOBN(0x6f3562f4, 0x3764fb3d), TOBN(0x7b5af318, 0x3151b62d), - TOBN(0xd5bd0bc7, 0xd79ce5f3), TOBN(0xfdaf6b20, 0xec66890f), - TOBN(0x735c67ec, 0x6063540c), TOBN(0x50b259c2, 0xe5f9cb8f), - TOBN(0xb8734f9a, 0x3f99c6ab), TOBN(0xf8cc13d5, 0xa3a7bc85), - TOBN(0x80c1b305, 0xc5217659), TOBN(0xfe5364d4, 0x4ec12a54), - TOBN(0xbd87045e, 0x681345fe), TOBN(0x7f8efeb1, 0x582f897f), - TOBN(0xe8cbf1e5, 0xd5923359), TOBN(0xdb0cea9d, 0x539b9fb0), - TOBN(0x0c5b34cf, 0x49859b98), TOBN(0x5e583c56, 0xa4403cc6), - TOBN(0x11fc1a2d, 0xd48185b7), TOBN(0xc93fbc7e, 0x6e521787), - TOBN(0x47e7a058, 0x05105b8b), TOBN(0x7b4d4d58, 0xdb8260c8), - TOBN(0xe33930b0, 0x46eb842a), TOBN(0x8e844a9a, 0x7bdae56d), - TOBN(0x34ef3a9e, 0x13f7fdfc), TOBN(0xb3768f82, 0x636ca176), - TOBN(0x2821f4e0, 0x4e09e61c), TOBN(0x414dc3a1, 0xa0c7cddc), - TOBN(0xd5379437, 0x54945fcd), TOBN(0x151b6eef, 0xb3555ff1), - TOBN(0xb31bd613, 0x6339c083), TOBN(0x39ff8155, 0xdfb64701), - TOBN(0x7c3388d2, 0xe29604ab), TOBN(0x1e19084b, 0xa6b10442), - TOBN(0x17cf54c0, 0xeccd47ef), TOBN(0x89693385, 0x4a5dfb30), - TOBN(0x69d023fb, 0x47daf9f6), TOBN(0x9222840b, 0x7d91d959), - TOBN(0x439108f5, 0x803bac62), TOBN(0x0b7dd91d, 0x379bd45f), - TOBN(0xd651e827, 0xca63c581), TOBN(0x5c5d75f6, 0x509c104f), - TOBN(0x7d5fc738, 0x1f2dc308), TOBN(0x20faa7bf, 0xd98454be), - TOBN(0x95374bee, 0xa517b031), TOBN(0xf036b9b1, 0x642692ac), - TOBN(0xc5106109, 0x39842194), TOBN(0xb7e2353e, 0x49d05295), - TOBN(0xfc8c1d5c, 0xefb42ee0), TOBN(0xe04884eb, 0x08ce811c), - TOBN(0xf1f75d81, 0x7419f40e), TOBN(0x5b0ac162, 0xa995c241), - TOBN(0x120921bb, 0xc4c55646), TOBN(0x713520c2, 0x8d33cf97), - TOBN(0xb4a65a5c, 0xe98c5100), TOBN(0x6cec871d, 0x2ddd0f5a), - TOBN(0x251f0b7f, 0x9ba2e78b), TOBN(0x224a8434, 0xce3a2a5f), - TOBN(0x26827f61, 0x25f5c46f), TOBN(0x6a22bedc, 0x48545ec0), - TOBN(0x25ae5fa0, 0xb1bb5cdc), TOBN(0xd693682f, 0xfcb9b98f), - TOBN(0x32027fe8, 0x91e5d7d3), TOBN(0xf14b7d17, 0x73a07678), - TOBN(0xf88497b3, 0xc0dfdd61), TOBN(0xf7c2eec0, 0x2a8c4f48), - TOBN(0xaa5573f4, 0x3756e621), TOBN(0xc013a240, 0x1825b948), - TOBN(0x1c03b345, 0x63878572), TOBN(0xa0472bea, 0x653a4184), - TOBN(0xf4222e27, 0x0ac69a80), TOBN(0x34096d25, 0xf51e54f6), - TOBN(0x00a648cb, 0x8fffa591), TOBN(0x4e87acdc, 0x69b6527f), - TOBN(0x0575e037, 0xe285ccb4), TOBN(0x188089e4, 0x50ddcf52), - TOBN(0xaa96c9a8, 0x870ff719), TOBN(0x74a56cd8, 0x1fc7e369), - TOBN(0x41d04ee2, 0x1726931a), TOBN(0x0bbbb2c8, 0x3660ecfd), - TOBN(0xa6ef6de5, 0x24818e18), TOBN(0xe421cc51, 0xe7d57887), - TOBN(0xf127d208, 0xbea87be6), TOBN(0x16a475d3, 0xb1cdd682), - TOBN(0x9db1b684, 0x439b63f7), TOBN(0x5359b3db, 0xf0f113b6), - TOBN(0xdfccf1de, 0x8bf06e31), TOBN(0x1fdf8f44, 0xdd383901), - TOBN(0x10775cad, 0x5017e7d2), TOBN(0xdfc3a597, 0x58d11eef), - TOBN(0x6ec9c8a0, 0xb1ecff10), TOBN(0xee6ed6cc, 0x28400549), - TOBN(0xb5ad7bae, 0x1b4f8d73), TOBN(0x61b4f11d, 0xe00aaab9), - TOBN(0x7b32d69b, 0xd4eff2d7), TOBN(0x88ae6771, 0x4288b60f), - TOBN(0x159461b4, 0x37a1e723), TOBN(0x1f3d4789, 0x570aae8c), - TOBN(0x869118c0, 0x7f9871da), TOBN(0x35fbda78, 0xf635e278), - TOBN(0x738f3641, 0xe1541dac), TOBN(0x6794b13a, 0xc0dae45f), - TOBN(0x065064ac, 0x09cc0917), TOBN(0x27c53729, 0xc68540fd), - TOBN(0x0d2d4c8e, 0xef227671), TOBN(0xd23a9f80, 0xa1785a04), - TOBN(0x98c59528, 0x52650359), TOBN(0xfa09ad01, 0x74a1acad), - TOBN(0x082d5a29, 0x0b55bf5c), TOBN(0xa40f1c67, 0x419b8084), - TOBN(0x3a5c752e, 0xdcc18770), TOBN(0x4baf1f2f, 0x8825c3a5), - TOBN(0xebd63f74, 0x21b153ed), TOBN(0xa2383e47, 0xb2f64723), - TOBN(0xe7bf620a, 0x2646d19a), TOBN(0x56cb44ec, 0x03c83ffd), - TOBN(0xaf7267c9, 0x4f6be9f1), TOBN(0x8b2dfd7b, 0xc06bb5e9), - TOBN(0xb87072f2, 0xa672c5c7), TOBN(0xeacb11c8, 0x0d53c5e2), - TOBN(0x22dac29d, 0xff435932), TOBN(0x37bdb99d, 0x4408693c), - TOBN(0xf6e62fb6, 0x2899c20f), TOBN(0x3535d512, 0x447ece24), - TOBN(0xfbdc6b88, 0xff577ce3), TOBN(0x726693bd, 0x190575f2), - TOBN(0x6772b0e5, 0xab4b35a2), TOBN(0x1d8b6001, 0xf5eeaacf), - TOBN(0x728f7ce4, 0x795b9580), TOBN(0x4a20ed2a, 0x41fb81da), - TOBN(0x9f685cd4, 0x4fec01e6), TOBN(0x3ed7ddcc, 0xa7ff50ad), - TOBN(0x460fd264, 0x0c2d97fd), TOBN(0x3a241426, 0xeb82f4f9), - TOBN(0x17d1df2c, 0x6a8ea820), TOBN(0xb2b50d3b, 0xf22cc254), - TOBN(0x03856cba, 0xb7291426), TOBN(0x87fd26ae, 0x04f5ee39), - TOBN(0x9cb696cc, 0x02bee4ba), TOBN(0x53121804, 0x06820fd6), - TOBN(0xa5dfc269, 0x0212e985), TOBN(0x666f7ffa, 0x160f9a09), - TOBN(0xc503cd33, 0xbccd9617), TOBN(0x365dede4, 0xba7730a3), - TOBN(0x798c6355, 0x5ddb0786), TOBN(0xa6c3200e, 0xfc9cd3bc), - TOBN(0x060ffb2c, 0xe5e35efd), TOBN(0x99a4e25b, 0x5555a1c1), - TOBN(0x11d95375, 0xf70b3751), TOBN(0x0a57354a, 0x160e1bf6), - TOBN(0xecb3ae4b, 0xf8e4b065), TOBN(0x07a834c4, 0x2e53022b), - TOBN(0x1cd300b3, 0x8692ed96), TOBN(0x16a6f792, 0x61ee14ec), - TOBN(0x8f1063c6, 0x6a8649ed), TOBN(0xfbcdfcfe, 0x869f3e14), - TOBN(0x2cfb97c1, 0x00a7b3ec), TOBN(0xcea49b3c, 0x7130c2f1), - TOBN(0x462d044f, 0xe9d96488), TOBN(0x4b53d52e, 0x8182a0c1), - TOBN(0x84b6ddd3, 0x0391e9e9), TOBN(0x80ab7b48, 0xb1741a09), - TOBN(0xec0e15d4, 0x27d3317f), TOBN(0x8dfc1ddb, 0x1a64671e), - TOBN(0x93cc5d5f, 0xd49c5b92), TOBN(0xc995d53d, 0x3674a331), - TOBN(0x302e41ec, 0x090090ae), TOBN(0x2278a0cc, 0xedb06830), - TOBN(0x1d025932, 0xfbc99690), TOBN(0x0c32fbd2, 0xb80d68da), - TOBN(0xd79146da, 0xf341a6c1), TOBN(0xae0ba139, 0x1bef68a0), - TOBN(0xc6b8a563, 0x8d774b3a), TOBN(0x1cf307bd, 0x880ba4d7), - TOBN(0xc033bdc7, 0x19803511), TOBN(0xa9f97b3b, 0x8888c3be), - TOBN(0x3d68aebc, 0x85c6d05e), TOBN(0xc3b88a9d, 0x193919eb), - TOBN(0x2d300748, 0xc48b0ee3), TOBN(0x7506bc7c, 0x07a746c1), - TOBN(0xfc48437c, 0x6e6d57f3), TOBN(0x5bd71587, 0xcfeaa91a), - TOBN(0xa4ed0408, 0xc1bc5225), TOBN(0xd0b946db, 0x2719226d), - TOBN(0x109ecd62, 0x758d2d43), TOBN(0x75c8485a, 0x2751759b), - TOBN(0xb0b75f49, 0x9ce4177a), TOBN(0x4fa61a1e, 0x79c10c3d), - TOBN(0xc062d300, 0xa167fcd7), TOBN(0x4df3874c, 0x750f0fa8), - TOBN(0x29ae2cf9, 0x83dfedc9), TOBN(0xf8437134, 0x8d87631a), - TOBN(0xaf571711, 0x7429c8d2), TOBN(0x18d15867, 0x146d9272), - TOBN(0x83053ecf, 0x69769bb7), TOBN(0xc55eb856, 0xc479ab82), - TOBN(0x5ef7791c, 0x21b0f4b2), TOBN(0xaa5956ba, 0x3d491525), - TOBN(0x407a96c2, 0x9fe20eba), TOBN(0xf27168bb, 0xe52a5ad3), - TOBN(0x43b60ab3, 0xbf1d9d89), TOBN(0xe45c51ef, 0x710e727a), - TOBN(0xdfca5276, 0x099b4221), TOBN(0x8dc6407c, 0x2557a159), - TOBN(0x0ead8335, 0x91035895), TOBN(0x0a9db957, 0x9c55dc32), - TOBN(0xe40736d3, 0xdf61bc76), TOBN(0x13a619c0, 0x3f778cdb), - TOBN(0x6dd921a4, 0xc56ea28f), TOBN(0x76a52433, 0x2fa647b4), - TOBN(0x23591891, 0xac5bdc5d), TOBN(0xff4a1a72, 0xbac7dc01), - TOBN(0x9905e261, 0x62df8453), TOBN(0x3ac045df, 0xe63b265f), - TOBN(0x8a3f341b, 0xad53dba7), TOBN(0x8ec269cc, 0x837b625a), - TOBN(0xd71a2782, 0x3ae31189), TOBN(0x8fb4f9a3, 0x55e96120), - TOBN(0x804af823, 0xff9875cf), TOBN(0x23224f57, 0x5d442a9b), - TOBN(0x1c4d3b9e, 0xecc62679), TOBN(0x91da22fb, 0xa0e7ddb1), - TOBN(0xa370324d, 0x6c04a661), TOBN(0x9710d3b6, 0x5e376d17), - TOBN(0xed8c98f0, 0x3044e357), TOBN(0xc364ebbe, 0x6422701c), - TOBN(0x347f5d51, 0x7733d61c), TOBN(0xd55644b9, 0xcea826c3), - TOBN(0x80c6e0ad, 0x55a25548), TOBN(0x0aa7641d, 0x844220a7), - TOBN(0x1438ec81, 0x31810660), TOBN(0x9dfa6507, 0xde4b4043), - TOBN(0x10b515d8, 0xcc3e0273), TOBN(0x1b6066dd, 0x28d8cfb2), - TOBN(0xd3b04591, 0x9c9efebd), TOBN(0x425d4bdf, 0xa21c1ff4), - TOBN(0x5fe5af19, 0xd57607d3), TOBN(0xbbf773f7, 0x54481084), - TOBN(0x8435bd69, 0x94b03ed1), TOBN(0xd9ad1de3, 0x634cc546), - TOBN(0x2cf423fc, 0x00e420ca), TOBN(0xeed26d80, 0xa03096dd), - TOBN(0xd7f60be7, 0xa4db09d2), TOBN(0xf47f569d, 0x960622f7), - TOBN(0xe5925fd7, 0x7296c729), TOBN(0xeff2db26, 0x26ca2715), - TOBN(0xa6fcd014, 0xb913e759), TOBN(0x53da4786, 0x8ff4de93), - TOBN(0x14616d79, 0xc32068e1), TOBN(0xb187d664, 0xccdf352e), - TOBN(0xf7afb650, 0x1dc90b59), TOBN(0x8170e943, 0x7daa1b26), - TOBN(0xc8e3bdd8, 0x700c0a84), TOBN(0x6e8d345f, 0x6482bdfa), - TOBN(0x84cfbfa1, 0xc5c5ea50), TOBN(0xd3baf14c, 0x67960681), - TOBN(0x26398403, 0x0dd50942), TOBN(0xe4b7839c, 0x4716a663), - TOBN(0xd5f1f794, 0xe7de6dc0), TOBN(0x5cd0f4d4, 0x622aa7ce), - TOBN(0x5295f3f1, 0x59acfeec), TOBN(0x8d933552, 0x953e0607), - TOBN(0xc7db8ec5, 0x776c5722), TOBN(0xdc467e62, 0x2b5f290c), - TOBN(0xd4297e70, 0x4ff425a9), TOBN(0x4be924c1, 0x0cf7bb72), - TOBN(0x0d5dc5ae, 0xa1892131), TOBN(0x8bf8a8e3, 0xa705c992), - TOBN(0x73a0b064, 0x7a305ac5), TOBN(0x00c9ca4e, 0x9a8c77a8), - TOBN(0x5dfee80f, 0x83774bdd), TOBN(0x63131602, 0x85734485), - TOBN(0xa1b524ae, 0x914a69a9), TOBN(0xebc2ffaf, 0xd4e300d7), - TOBN(0x52c93db7, 0x7cfa46a5), TOBN(0x71e6161f, 0x21653b50), - TOBN(0x3574fc57, 0xa4bc580a), TOBN(0xc09015dd, 0xe1bc1253), - TOBN(0x4b7b47b2, 0xd174d7aa), TOBN(0x4072d8e8, 0xf3a15d04), - TOBN(0xeeb7d47f, 0xd6fa07ed), TOBN(0x6f2b9ff9, 0xedbdafb1), - TOBN(0x18c51615, 0x3760fe8a), TOBN(0x7a96e6bf, 0xf06c6c13), - TOBN(0x4d7a0410, 0x0ea2d071), TOBN(0xa1914e9b, 0x0be2a5ce), - TOBN(0x5726e357, 0xd8a3c5cf), TOBN(0x1197ecc3, 0x2abb2b13), - TOBN(0x6c0d7f7f, 0x31ae88dd), TOBN(0x15b20d1a, 0xfdbb3efe), - TOBN(0xcd06aa26, 0x70584039), TOBN(0x2277c969, 0xa7dc9747), - TOBN(0xbca69587, 0x7855d815), TOBN(0x899ea238, 0x5188b32a), - TOBN(0x37d9228b, 0x760c1c9d), TOBN(0xc7efbb11, 0x9b5c18da), - TOBN(0x7f0d1bc8, 0x19f6dbc5), TOBN(0x4875384b, 0x07e6905b), - TOBN(0xc7c50baa, 0x3ba8cd86), TOBN(0xb0ce40fb, 0xc2905de0), - TOBN(0x70840673, 0x7a231952), TOBN(0xa912a262, 0xcf43de26), - TOBN(0x9c38ddcc, 0xeb5b76c1), TOBN(0x746f5285, 0x26fc0ab4), - TOBN(0x52a63a50, 0xd62c269f), TOBN(0x60049c55, 0x99458621), - TOBN(0xe7f48f82, 0x3c2f7c9e), TOBN(0x6bd99043, 0x917d5cf3), - TOBN(0xeb1317a8, 0x8701f469), TOBN(0xbd3fe2ed, 0x9a449fe0), - TOBN(0x421e79ca, 0x12ef3d36), TOBN(0x9ee3c36c, 0x3e7ea5de), - TOBN(0xe48198b5, 0xcdff36f7), TOBN(0xaff4f967, 0xc6b82228), - TOBN(0x15e19dd0, 0xc47adb7e), TOBN(0x45699b23, 0x032e7dfa), - TOBN(0x40680c8b, 0x1fae026a), TOBN(0x5a347a48, 0x550dbf4d), - TOBN(0xe652533b, 0x3cef0d7d), TOBN(0xd94f7b18, 0x2bbb4381), - TOBN(0x838752be, 0x0e80f500), TOBN(0x8e6e2488, 0x9e9c9bfb), - TOBN(0xc9751697, 0x16caca6a), TOBN(0x866c49d8, 0x38531ad9), - TOBN(0xc917e239, 0x7151ade1), TOBN(0x2d016ec1, 0x6037c407), - TOBN(0xa407ccc9, 0x00eac3f9), TOBN(0x835f6280, 0xe2ed4748), - TOBN(0xcc54c347, 0x1cc98e0d), TOBN(0x0e969937, 0xdcb572eb), - TOBN(0x1b16c8e8, 0x8f30c9cb), TOBN(0xa606ae75, 0x373c4661), - TOBN(0x47aa689b, 0x35502cab), TOBN(0xf89014ae, 0x4d9bb64f), - TOBN(0x202f6a9c, 0x31c71f7b), TOBN(0x01f95aa3, 0x296ffe5c), - TOBN(0x5fc06014, 0x53cec3a3), TOBN(0xeb991237, 0x5f498a45), - TOBN(0xae9a935e, 0x5d91ba87), TOBN(0xc6ac6281, 0x0b564a19), - TOBN(0x8a8fe81c, 0x3bd44e69), TOBN(0x7c8b467f, 0x9dd11d45), - TOBN(0xf772251f, 0xea5b8e69), TOBN(0xaeecb3bd, 0xc5b75fbc), - TOBN(0x1aca3331, 0x887ff0e5), TOBN(0xbe5d49ff, 0x19f0a131), - TOBN(0x582c13aa, 0xe5c8646f), TOBN(0xdbaa12e8, 0x20e19980), - TOBN(0x8f40f31a, 0xf7abbd94), TOBN(0x1f13f5a8, 0x1dfc7663), - TOBN(0x5d81f1ee, 0xaceb4fc0), TOBN(0x36256002, 0x5e6f0f42), - TOBN(0x4b67d6d7, 0x751370c8), TOBN(0x2608b698, 0x03e80589), - TOBN(0xcfc0d2fc, 0x05268301), TOBN(0xa6943d39, 0x40309212), - TOBN(0x192a90c2, 0x1fd0e1c2), TOBN(0xb209f113, 0x37f1dc76), - TOBN(0xefcc5e06, 0x97bf1298), TOBN(0xcbdb6730, 0x219d639e), - TOBN(0xd009c116, 0xb81e8c6f), TOBN(0xa3ffdde3, 0x1a7ce2e5), - TOBN(0xc53fbaaa, 0xa914d3ba), TOBN(0x836d500f, 0x88df85ee), - TOBN(0xd98dc71b, 0x66ee0751), TOBN(0x5a3d7005, 0x714516fd), - TOBN(0x21d3634d, 0x39eedbba), TOBN(0x35cd2e68, 0x0455a46d), - TOBN(0xc8cafe65, 0xf9d7eb0c), TOBN(0xbda3ce9e, 0x00cefb3e), - TOBN(0xddc17a60, 0x2c9cf7a4), TOBN(0x01572ee4, 0x7bcb8773), - TOBN(0xa92b2b01, 0x8c7548df), TOBN(0x732fd309, 0xa84600e3), - TOBN(0xe22109c7, 0x16543a40), TOBN(0x9acafd36, 0xfede3c6c), - TOBN(0xfb206852, 0x6824e614), TOBN(0x2a4544a9, 0xda25dca0), - TOBN(0x25985262, 0x91d60b06), TOBN(0x281b7be9, 0x28753545), - TOBN(0xec667b1a, 0x90f13b27), TOBN(0x33a83aff, 0x940e2eb4), - TOBN(0x80009862, 0xd5d721d5), TOBN(0x0c3357a3, 0x5bd3a182), - TOBN(0x27f3a83b, 0x7aa2cda4), TOBN(0xb58ae74e, 0xf6f83085), - TOBN(0x2a911a81, 0x2e6dad6b), TOBN(0xde286051, 0xf43d6c5b), - TOBN(0x4bdccc41, 0xf996c4d8), TOBN(0xe7312ec0, 0x0ae1e24e)}, - {TOBN(0xf8d112e7, 0x6e6485b3), TOBN(0x4d3e24db, 0x771c52f8), - TOBN(0x48e3ee41, 0x684a2f6d), TOBN(0x7161957d, 0x21d95551), - TOBN(0x19631283, 0xcdb12a6c), TOBN(0xbf3fa882, 0x2e50e164), - TOBN(0xf6254b63, 0x3166cc73), TOBN(0x3aefa7ae, 0xaee8cc38), - TOBN(0x79b0fe62, 0x3b36f9fd), TOBN(0x26543b23, 0xfde19fc0), - TOBN(0x136e64a0, 0x958482ef), TOBN(0x23f63771, 0x9b095825), - TOBN(0x14cfd596, 0xb6a1142e), TOBN(0x5ea6aac6, 0x335aac0b), - TOBN(0x86a0e8bd, 0xf3081dd5), TOBN(0x5fb89d79, 0x003dc12a), - TOBN(0xf615c33a, 0xf72e34d4), TOBN(0x0bd9ea40, 0x110eec35), - TOBN(0x1c12bc5b, 0xc1dea34e), TOBN(0x686584c9, 0x49ae4699), - TOBN(0x13ad95d3, 0x8c97b942), TOBN(0x4609561a, 0x4e5c7562), - TOBN(0x9e94a4ae, 0xf2737f89), TOBN(0xf57594c6, 0x371c78b6), - TOBN(0x0f0165fc, 0xe3779ee3), TOBN(0xe00e7f9d, 0xbd495d9e), - TOBN(0x1fa4efa2, 0x20284e7a), TOBN(0x4564bade, 0x47ac6219), - TOBN(0x90e6312a, 0xc4708e8e), TOBN(0x4f5725fb, 0xa71e9adf), - TOBN(0xe95f55ae, 0x3d684b9f), TOBN(0x47f7ccb1, 0x1e94b415), - TOBN(0x7322851b, 0x8d946581), TOBN(0xf0d13133, 0xbdf4a012), - TOBN(0xa3510f69, 0x6584dae0), TOBN(0x03a7c171, 0x3c9f6c6d), - TOBN(0x5be97f38, 0xe475381a), TOBN(0xca1ba422, 0x85823334), - TOBN(0xf83cc5c7, 0x0be17dda), TOBN(0x158b1494, 0x0b918c0f), - TOBN(0xda3a77e5, 0x522e6b69), TOBN(0x69c908c3, 0xbbcd6c18), - TOBN(0x1f1b9e48, 0xd924fd56), TOBN(0x37c64e36, 0xaa4bb3f7), - TOBN(0x5a4fdbdf, 0xee478d7d), TOBN(0xba75c8bc, 0x0193f7a0), - TOBN(0x84bc1e84, 0x56cd16df), TOBN(0x1fb08f08, 0x46fad151), - TOBN(0x8a7cabf9, 0x842e9f30), TOBN(0xa331d4bf, 0x5eab83af), - TOBN(0xd272cfba, 0x017f2a6a), TOBN(0x27560abc, 0x83aba0e3), - TOBN(0x94b83387, 0x0e3a6b75), TOBN(0x25c6aea2, 0x6b9f50f5), - TOBN(0x803d691d, 0xb5fdf6d0), TOBN(0x03b77509, 0xe6333514), - TOBN(0x36178903, 0x61a341c1), TOBN(0x3604dc60, 0x0cfd6142), - TOBN(0x022295eb, 0x8533316c), TOBN(0x3dbde4ac, 0x44af2922), - TOBN(0x898afc5d, 0x1c7eef69), TOBN(0x58896805, 0xd14f4fa1), - TOBN(0x05002160, 0x203c21ca), TOBN(0x6f0d1f30, 0x40ef730b), - TOBN(0x8e8c44d4, 0x196224f8), TOBN(0x75a4ab95, 0x374d079d), - TOBN(0x79085ecc, 0x7d48f123), TOBN(0x56f04d31, 0x1bf65ad8), - TOBN(0xe220bf1c, 0xbda602b2), TOBN(0x73ee1742, 0xf9612c69), - TOBN(0x76008fc8, 0x084fd06b), TOBN(0x4000ef9f, 0xf11380d1), - TOBN(0x48201b4b, 0x12cfe297), TOBN(0x3eee129c, 0x292f74e5), - TOBN(0xe1fe114e, 0xc9e874e8), TOBN(0x899b055c, 0x92c5fc41), - TOBN(0x4e477a64, 0x3a39c8cf), TOBN(0x82f09efe, 0x78963cc9), - TOBN(0x6fd3fd8f, 0xd333f863), TOBN(0x85132b2a, 0xdc949c63), - TOBN(0x7e06a3ab, 0x516eb17b), TOBN(0x73bec06f, 0xd2c7372b), - TOBN(0xe4f74f55, 0xba896da6), TOBN(0xbb4afef8, 0x8e9eb40f), - TOBN(0x2d75bec8, 0xe61d66b0), TOBN(0x02bda4b4, 0xef29300b), - TOBN(0x8bbaa8de, 0x026baa5a), TOBN(0xff54befd, 0xa07f4440), - TOBN(0xbd9b8b1d, 0xbe7a2af3), TOBN(0xec51caa9, 0x4fb74a72), - TOBN(0xb9937a4b, 0x63879697), TOBN(0x7c9a9d20, 0xec2687d5), - TOBN(0x1773e44f, 0x6ef5f014), TOBN(0x8abcf412, 0xe90c6900), - TOBN(0x387bd022, 0x8142161e), TOBN(0x50393755, 0xfcb6ff2a), - TOBN(0x9813fd56, 0xed6def63), TOBN(0x53cf6482, 0x7d53106c), - TOBN(0x991a35bd, 0x431f7ac1), TOBN(0xf1e274dd, 0x63e65faf), - TOBN(0xf63ffa3c, 0x44cc7880), TOBN(0x411a426b, 0x7c256981), - TOBN(0xb698b9fd, 0x93a420e0), TOBN(0x89fdddc0, 0xae53f8fe), - TOBN(0x766e0722, 0x32398baa), TOBN(0x205fee42, 0x5cfca031), - TOBN(0xa49f5341, 0x7a029cf2), TOBN(0xa88c68b8, 0x4023890d), - TOBN(0xbc275041, 0x7337aaa8), TOBN(0x9ed364ad, 0x0eb384f4), - TOBN(0xe0816f85, 0x29aba92f), TOBN(0x2e9e1941, 0x04e38a88), - TOBN(0x57eef44a, 0x3dafd2d5), TOBN(0x35d1fae5, 0x97ed98d8), - TOBN(0x50628c09, 0x2307f9b1), TOBN(0x09d84aae, 0xd6cba5c6), - TOBN(0x67071bc7, 0x88aaa691), TOBN(0x2dea57a9, 0xafe6cb03), - TOBN(0xdfe11bb4, 0x3d78ac01), TOBN(0x7286418c, 0x7fd7aa51), - TOBN(0xfabf7709, 0x77f7195a), TOBN(0x8ec86167, 0xadeb838f), - TOBN(0xea1285a8, 0xbb4f012d), TOBN(0xd6883503, 0x9a3eab3f), - TOBN(0xee5d24f8, 0x309004c2), TOBN(0xa96e4b76, 0x13ffe95e), - TOBN(0x0cdffe12, 0xbd223ea4), TOBN(0x8f5c2ee5, 0xb6739a53), - TOBN(0x5cb4aaa5, 0xdd968198), TOBN(0xfa131c52, 0x72413a6c), - TOBN(0x53d46a90, 0x9536d903), TOBN(0xb270f0d3, 0x48606d8e), - TOBN(0x518c7564, 0xa053a3bc), TOBN(0x088254b7, 0x1a86caef), - TOBN(0xb3ba8cb4, 0x0ab5efd0), TOBN(0x5c59900e, 0x4605945d), - TOBN(0xecace1dd, 0xa1887395), TOBN(0x40960f36, 0x932a65de), - TOBN(0x9611ff5c, 0x3aa95529), TOBN(0xc58215b0, 0x7c1e5a36), - TOBN(0xd48c9b58, 0xf0e1a524), TOBN(0xb406856b, 0xf590dfb8), - TOBN(0xc7605e04, 0x9cd95662), TOBN(0x0dd036ee, 0xa33ecf82), - TOBN(0xa50171ac, 0xc33156b3), TOBN(0xf09d24ea, 0x4a80172e), - TOBN(0x4e1f72c6, 0x76dc8eef), TOBN(0xe60caadc, 0x5e3d44ee), - TOBN(0x006ef8a6, 0x979b1d8f), TOBN(0x60908a1c, 0x97788d26), - TOBN(0x6e08f95b, 0x266feec0), TOBN(0x618427c2, 0x22e8c94e), - TOBN(0x3d613339, 0x59145a65), TOBN(0xcd9bc368, 0xfa406337), - TOBN(0x82d11be3, 0x2d8a52a0), TOBN(0xf6877b27, 0x97a1c590), - TOBN(0x837a819b, 0xf5cbdb25), TOBN(0x2a4fd1d8, 0xde090249), - TOBN(0x622a7de7, 0x74990e5f), TOBN(0x840fa5a0, 0x7945511b), - TOBN(0x30b974be, 0x6558842d), TOBN(0x70df8c64, 0x17f3d0a6), - TOBN(0x7c803520, 0x7542e46d), TOBN(0x7251fe7f, 0xe4ecc823), - TOBN(0xe59134cb, 0x5e9aac9a), TOBN(0x11bb0934, 0xf0045d71), - TOBN(0x53e5d9b5, 0xdbcb1d4e), TOBN(0x8d97a905, 0x92defc91), - TOBN(0xfe289327, 0x7946d3f9), TOBN(0xe132bd24, 0x07472273), - TOBN(0xeeeb510c, 0x1eb6ae86), TOBN(0x777708c5, 0xf0595067), - TOBN(0x18e2c8cd, 0x1297029e), TOBN(0x2c61095c, 0xbbf9305e), - TOBN(0xe466c258, 0x6b85d6d9), TOBN(0x8ac06c36, 0xda1ea530), - TOBN(0xa365dc39, 0xa1304668), TOBN(0xe4a9c885, 0x07f89606), - TOBN(0x65a4898f, 0xacc7228d), TOBN(0x3e2347ff, 0x84ca8303), - TOBN(0xa5f6fb77, 0xea7d23a3), TOBN(0x2fac257d, 0x672a71cd), - TOBN(0x6908bef8, 0x7e6a44d3), TOBN(0x8ff87566, 0x891d3d7a), - TOBN(0xe58e90b3, 0x6b0cf82e), TOBN(0x6438d246, 0x2615b5e7), - TOBN(0x07b1f8fc, 0x669c145a), TOBN(0xb0d8b2da, 0x36f1e1cb), - TOBN(0x54d5dadb, 0xd9184c4d), TOBN(0x3dbb18d5, 0xf93d9976), - TOBN(0x0a3e0f56, 0xd1147d47), TOBN(0x2afa8c8d, 0xa0a48609), - TOBN(0x275353e8, 0xbc36742c), TOBN(0x898f427e, 0xeea0ed90), - TOBN(0x26f4947e, 0x3e477b00), TOBN(0x8ad8848a, 0x308741e3), - TOBN(0x6c703c38, 0xd74a2a46), TOBN(0x5e3e05a9, 0x9ba17ba2), - TOBN(0xc1fa6f66, 0x4ab9a9e4), TOBN(0x474a2d9a, 0x3841d6ec), - TOBN(0x871239ad, 0x653ae326), TOBN(0x14bcf72a, 0xa74cbb43), - TOBN(0x8737650e, 0x20d4c083), TOBN(0x3df86536, 0x110ed4af), - TOBN(0xd2d86fe7, 0xb53ca555), TOBN(0x688cb00d, 0xabd5d538), - TOBN(0xcf81bda3, 0x1ad38468), TOBN(0x7ccfe3cc, 0xf01167b6), - TOBN(0xcf4f47e0, 0x6c4c1fe6), TOBN(0x557e1f1a, 0x298bbb79), - TOBN(0xf93b974f, 0x30d45a14), TOBN(0x174a1d2d, 0x0baf97c4), - TOBN(0x7a003b30, 0xc51fbf53), TOBN(0xd8940991, 0xee68b225), - TOBN(0x5b0aa7b7, 0x1c0f4173), TOBN(0x975797c9, 0xa20a7153), - TOBN(0x26e08c07, 0xe3533d77), TOBN(0xd7222e6a, 0x2e341c99), - TOBN(0x9d60ec3d, 0x8d2dc4ed), TOBN(0xbdfe0d8f, 0x7c476cf8), - TOBN(0x1fe59ab6, 0x1d056605), TOBN(0xa9ea9df6, 0x86a8551f), - TOBN(0x8489941e, 0x47fb8d8c), TOBN(0xfeb874eb, 0x4a7f1b10), - TOBN(0xfe5fea86, 0x7ee0d98f), TOBN(0x201ad34b, 0xdbf61864), - TOBN(0x45d8fe47, 0x37c031d4), TOBN(0xd5f49fae, 0x795f0822), - TOBN(0xdb0fb291, 0xc7f4a40c), TOBN(0x2e69d9c1, 0x730ddd92), - TOBN(0x754e1054, 0x49d76987), TOBN(0x8a24911d, 0x7662db87), - TOBN(0x61fc1810, 0x60a71676), TOBN(0xe852d1a8, 0xf66a8ad1), - TOBN(0x172bbd65, 0x6417231e), TOBN(0x0d6de7bd, 0x3babb11f), - TOBN(0x6fde6f88, 0xc8e347f8), TOBN(0x1c587547, 0x9bd99cc3), - TOBN(0x78e54ed0, 0x34076950), TOBN(0x97f0f334, 0x796e83ba), - TOBN(0xe4dbe1ce, 0x4924867a), TOBN(0xbd5f51b0, 0x60b84917), - TOBN(0x37530040, 0x3cb09a79), TOBN(0xdb3fe0f8, 0xff1743d8), - TOBN(0xed7894d8, 0x556fa9db), TOBN(0xfa262169, 0x23412fbf), - TOBN(0x563be0db, 0xba7b9291), TOBN(0x6ca8b8c0, 0x0c9fb234), - TOBN(0xed406aa9, 0xbd763802), TOBN(0xc21486a0, 0x65303da1), - TOBN(0x61ae291e, 0xc7e62ec4), TOBN(0x622a0492, 0xdf99333e), - TOBN(0x7fd80c9d, 0xbb7a8ee0), TOBN(0xdc2ed3bc, 0x6c01aedb), - TOBN(0x35c35a12, 0x08be74ec), TOBN(0xd540cb1a, 0x469f671f), - TOBN(0xd16ced4e, 0xcf84f6c7), TOBN(0x8561fb9c, 0x2d090f43), - TOBN(0x7e693d79, 0x6f239db4), TOBN(0xa736f928, 0x77bd0d94), - TOBN(0x07b4d929, 0x2c1950ee), TOBN(0xda177543, 0x56dc11b3), - TOBN(0xa5dfbbaa, 0x7a6a878e), TOBN(0x1c70cb29, 0x4decb08a), - TOBN(0xfba28c8b, 0x6f0f7c50), TOBN(0xa8eba2b8, 0x854dcc6d), - TOBN(0x5ff8e89a, 0x36b78642), TOBN(0x070c1c8e, 0xf6873adf), - TOBN(0xbbd3c371, 0x6484d2e4), TOBN(0xfb78318f, 0x0d414129), - TOBN(0x2621a39c, 0x6ad93b0b), TOBN(0x979d74c2, 0xa9e917f7), - TOBN(0xfc195647, 0x61fb0428), TOBN(0x4d78954a, 0xbee624d4), - TOBN(0xb94896e0, 0xb8ae86fd), TOBN(0x6667ac0c, 0xc91c8b13), - TOBN(0x9f180512, 0x43bcf832), TOBN(0xfbadf8b7, 0xa0010137), - TOBN(0xc69b4089, 0xb3ba8aa7), TOBN(0xfac4bacd, 0xe687ce85), - TOBN(0x9164088d, 0x977eab40), TOBN(0x51f4c5b6, 0x2760b390), - TOBN(0xd238238f, 0x340dd553), TOBN(0x358566c3, 0xdb1d31c9), - TOBN(0x3a5ad69e, 0x5068f5ff), TOBN(0xf31435fc, 0xdaff6b06), - TOBN(0xae549a5b, 0xd6debff0), TOBN(0x59e5f0b7, 0x75e01331), - TOBN(0x5d492fb8, 0x98559acf), TOBN(0x96018c2e, 0x4db79b50), - TOBN(0x55f4a48f, 0x609f66aa), TOBN(0x1943b3af, 0x4900a14f), - TOBN(0xc22496df, 0x15a40d39), TOBN(0xb2a44684, 0x4c20f7c5), - TOBN(0x76a35afa, 0x3b98404c), TOBN(0xbec75725, 0xff5d1b77), - TOBN(0xb67aa163, 0xbea06444), TOBN(0x27e95bb2, 0xf724b6f2), - TOBN(0x3c20e3e9, 0xd238c8ab), TOBN(0x1213754e, 0xddd6ae17), - TOBN(0x8c431020, 0x716e0f74), TOBN(0x6679c82e, 0xffc095c2), - TOBN(0x2eb3adf4, 0xd0ac2932), TOBN(0x2cc970d3, 0x01bb7a76), - TOBN(0x70c71f2f, 0x740f0e66), TOBN(0x545c616b, 0x2b6b23cc), - TOBN(0x4528cfcb, 0xb40a8bd7), TOBN(0xff839633, 0x2ab27722), - TOBN(0x049127d9, 0x025ac99a), TOBN(0xd314d4a0, 0x2b63e33b), - TOBN(0xc8c310e7, 0x28d84519), TOBN(0x0fcb8983, 0xb3bc84ba), - TOBN(0x2cc52261, 0x38634818), TOBN(0x501814f4, 0xb44c2e0b), - TOBN(0xf7e181aa, 0x54dfdba3), TOBN(0xcfd58ff0, 0xe759718c), - TOBN(0xf90cdb14, 0xd3b507a8), TOBN(0x57bd478e, 0xc50bdad8), - TOBN(0x29c197e2, 0x50e5f9aa), TOBN(0x4db6eef8, 0xe40bc855), - TOBN(0x2cc8f21a, 0xd1fc0654), TOBN(0xc71cc963, 0x81269d73), - TOBN(0xecfbb204, 0x077f49f9), TOBN(0xdde92571, 0xca56b793), - TOBN(0x9abed6a3, 0xf97ad8f7), TOBN(0xe6c19d3f, 0x924de3bd), - TOBN(0x8dce92f4, 0xa140a800), TOBN(0x85f44d1e, 0x1337af07), - TOBN(0x5953c08b, 0x09d64c52), TOBN(0xa1b5e49f, 0xf5df9749), - TOBN(0x336a8fb8, 0x52735f7d), TOBN(0xb332b6db, 0x9add676b), - TOBN(0x558b88a0, 0xb4511aa4), TOBN(0x09788752, 0xdbd5cc55), - TOBN(0x16b43b9c, 0xd8cd52bd), TOBN(0x7f0bc5a0, 0xc2a2696b), - TOBN(0x146e12d4, 0xc11f61ef), TOBN(0x9ce10754, 0x3a83e79e), - TOBN(0x08ec73d9, 0x6cbfca15), TOBN(0x09ff29ad, 0x5b49653f), - TOBN(0xe31b72bd, 0xe7da946e), TOBN(0xebf9eb3b, 0xee80a4f2), - TOBN(0xd1aabd08, 0x17598ce4), TOBN(0x18b5fef4, 0x53f37e80), - TOBN(0xd5d5cdd3, 0x5958cd79), TOBN(0x3580a1b5, 0x1d373114), - TOBN(0xa36e4c91, 0xfa935726), TOBN(0xa38c534d, 0xef20d760), - TOBN(0x7088e40a, 0x2ff5845b), TOBN(0xe5bb40bd, 0xbd78177f), - TOBN(0x4f06a7a8, 0x857f9920), TOBN(0xe3cc3e50, 0xe968f05d), - TOBN(0x1d68b7fe, 0xe5682d26), TOBN(0x5206f76f, 0xaec7f87c), - TOBN(0x41110530, 0x041951ab), TOBN(0x58ec52c1, 0xd4b5a71a), - TOBN(0xf3488f99, 0x0f75cf9a), TOBN(0xf411951f, 0xba82d0d5), - TOBN(0x27ee75be, 0x618895ab), TOBN(0xeae060d4, 0x6d8aab14), - TOBN(0x9ae1df73, 0x7fb54dc2), TOBN(0x1f3e391b, 0x25963649), - TOBN(0x242ec32a, 0xfe055081), TOBN(0x5bd450ef, 0x8491c9bd), - TOBN(0x367efc67, 0x981eb389), TOBN(0xed7e1928, 0x3a0550d5), - TOBN(0x362e776b, 0xab3ce75c), TOBN(0xe890e308, 0x1f24c523), - TOBN(0xb961b682, 0xfeccef76), TOBN(0x8b8e11f5, 0x8bba6d92), - TOBN(0x8f2ccc4c, 0x2b2375c4), TOBN(0x0d7f7a52, 0xe2f86cfa), - TOBN(0xfd94d30a, 0x9efe5633), TOBN(0x2d8d246b, 0x5451f934), - TOBN(0x2234c6e3, 0x244e6a00), TOBN(0xde2b5b0d, 0xddec8c50), - TOBN(0x2ce53c5a, 0xbf776f5b), TOBN(0x6f724071, 0x60357b05), - TOBN(0xb2593717, 0x71bf3f7a), TOBN(0x87d2501c, 0x440c4a9f), - TOBN(0x440552e1, 0x87b05340), TOBN(0xb7bf7cc8, 0x21624c32), - TOBN(0x4155a6ce, 0x22facddb), TOBN(0x5a4228cb, 0x889837ef), - TOBN(0xef87d6d6, 0xfd4fd671), TOBN(0xa233687e, 0xc2daa10e), - TOBN(0x75622244, 0x03c0eb96), TOBN(0x7632d184, 0x8bf19be6), - TOBN(0x05d0f8e9, 0x40735ff4), TOBN(0x3a3e6e13, 0xc00931f1), - TOBN(0x31ccde6a, 0xdafe3f18), TOBN(0xf381366a, 0xcfe51207), - TOBN(0x24c222a9, 0x60167d92), TOBN(0x62f9d6f8, 0x7529f18c), - TOBN(0x412397c0, 0x0353b114), TOBN(0x334d89dc, 0xef808043), - TOBN(0xd9ec63ba, 0x2a4383ce), TOBN(0xcec8e937, 0x5cf92ba0), - TOBN(0xfb8b4288, 0xc8be74c0), TOBN(0x67d6912f, 0x105d4391), - TOBN(0x7b996c46, 0x1b913149), TOBN(0x36aae2ef, 0x3a4e02da), - TOBN(0xb68aa003, 0x972de594), TOBN(0x284ec70d, 0x4ec6d545), - TOBN(0xf3d2b2d0, 0x61391d54), TOBN(0x69c5d5d6, 0xfe114e92), - TOBN(0xbe0f00b5, 0xb4482dff), TOBN(0xe1596fa5, 0xf5bf33c5), - TOBN(0x10595b56, 0x96a71cba), TOBN(0x944938b2, 0xfdcadeb7), - TOBN(0xa282da4c, 0xfccd8471), TOBN(0x98ec05f3, 0x0d37bfe1), - TOBN(0xe171ce1b, 0x0698304a), TOBN(0x2d691444, 0x21bdf79b), - TOBN(0xd0cd3b74, 0x1b21dec1), TOBN(0x712ecd8b, 0x16a15f71), - TOBN(0x8d4c00a7, 0x00fd56e1), TOBN(0x02ec9692, 0xf9527c18), - TOBN(0x21c44937, 0x4a3e42e1), TOBN(0x9176fbab, 0x1392ae0a), - TOBN(0x8726f1ba, 0x44b7b618), TOBN(0xb4d7aae9, 0xf1de491c), - TOBN(0xf91df7b9, 0x07b582c0), TOBN(0x7e116c30, 0xef60aa3a), - TOBN(0x99270f81, 0x466265d7), TOBN(0xb15b6fe2, 0x4df7adf0), - TOBN(0xfe33b2d3, 0xf9738f7f), TOBN(0x48553ab9, 0xd6d70f95), - TOBN(0x2cc72ac8, 0xc21e94db), TOBN(0x795ac38d, 0xbdc0bbee), - TOBN(0x0a1be449, 0x2e40478f), TOBN(0x81bd3394, 0x052bde55), - TOBN(0x63c8dbe9, 0x56b3c4f2), TOBN(0x017a99cf, 0x904177cc), - TOBN(0x947bbddb, 0x4d010fc1), TOBN(0xacf9b00b, 0xbb2c9b21), - TOBN(0x2970bc8d, 0x47173611), TOBN(0x1a4cbe08, 0xac7d756f), - TOBN(0x06d9f4aa, 0x67d541a2), TOBN(0xa3e8b689, 0x59c2cf44), - TOBN(0xaad066da, 0x4d88f1dd), TOBN(0xc604f165, 0x7ad35dea), - TOBN(0x7edc0720, 0x4478ca67), TOBN(0xa10dfae0, 0xba02ce06), - TOBN(0xeceb1c76, 0xaf36f4e4), TOBN(0x994b2292, 0xaf3f8f48), - TOBN(0xbf9ed77b, 0x77c8a68c), TOBN(0x74f544ea, 0x51744c9d), - TOBN(0x82d05bb9, 0x8113a757), TOBN(0x4ef2d2b4, 0x8a9885e4), - TOBN(0x1e332be5, 0x1aa7865f), TOBN(0x22b76b18, 0x290d1a52), - TOBN(0x308a2310, 0x44351683), TOBN(0x9d861896, 0xa3f22840), - TOBN(0x5959ddcd, 0x841ed947), TOBN(0x0def0c94, 0x154b73bf), - TOBN(0xf0105417, 0x4c7c15e0), TOBN(0x539bfb02, 0x3a277c32), - TOBN(0xe699268e, 0xf9dccf5f), TOBN(0x9f5796a5, 0x0247a3bd), - TOBN(0x8b839de8, 0x4f157269), TOBN(0xc825c1e5, 0x7a30196b), - TOBN(0x6ef0aabc, 0xdc8a5a91), TOBN(0xf4a8ce6c, 0x498b7fe6), - TOBN(0x1cce35a7, 0x70cbac78), TOBN(0x83488e9b, 0xf6b23958), - TOBN(0x0341a070, 0xd76cb011), TOBN(0xda6c9d06, 0xae1b2658), - TOBN(0xb701fb30, 0xdd648c52), TOBN(0x994ca02c, 0x52fb9fd1), - TOBN(0x06933117, 0x6f563086), TOBN(0x3d2b8100, 0x17856bab), - TOBN(0xe89f48c8, 0x5963a46e), TOBN(0x658ab875, 0xa99e61c7), - TOBN(0x6e296f87, 0x4b8517b4), TOBN(0x36c4fcdc, 0xfc1bc656), - TOBN(0xde5227a1, 0xa3906def), TOBN(0x9fe95f57, 0x62418945), - TOBN(0x20c91e81, 0xfdd96cde), TOBN(0x5adbe47e, 0xda4480de), - TOBN(0xa009370f, 0x396de2b6), TOBN(0x98583d4b, 0xf0ecc7bd), - TOBN(0xf44f6b57, 0xe51d0672), TOBN(0x03d6b078, 0x556b1984), - TOBN(0x27dbdd93, 0xb0b64912), TOBN(0x9b3a3434, 0x15687b09), - TOBN(0x0dba6461, 0x51ec20a9), TOBN(0xec93db7f, 0xff28187c), - TOBN(0x00ff8c24, 0x66e48bdd), TOBN(0x2514f2f9, 0x11ccd78e), - TOBN(0xeba11f4f, 0xe1250603), TOBN(0x8a22cd41, 0x243fa156), - TOBN(0xa4e58df4, 0xb283e4c6), TOBN(0x78c29859, 0x8b39783f), - TOBN(0x5235aee2, 0xa5259809), TOBN(0xc16284b5, 0x0e0227dd), - TOBN(0xa5f57916, 0x1338830d), TOBN(0x6d4b8a6b, 0xd2123fca), - TOBN(0x236ea68a, 0xf9c546f8), TOBN(0xc1d36873, 0xfa608d36), - TOBN(0xcd76e495, 0x8d436d13), TOBN(0xd4d9c221, 0x8fb080af), - TOBN(0x665c1728, 0xe8ad3fb5), TOBN(0xcf1ebe4d, 0xb3d572e0), - TOBN(0xa7a8746a, 0x584c5e20), TOBN(0x267e4ea1, 0xb9dc7035), - TOBN(0x593a15cf, 0xb9548c9b), TOBN(0x5e6e2135, 0x4bd012f3), - TOBN(0xdf31cc6a, 0x8c8f936e), TOBN(0x8af84d04, 0xb5c241dc), - TOBN(0x63990a6f, 0x345efb86), TOBN(0x6fef4e61, 0xb9b962cb)}, - {TOBN(0xf6368f09, 0x25722608), TOBN(0x131260db, 0x131cf5c6), - TOBN(0x40eb353b, 0xfab4f7ac), TOBN(0x85c78880, 0x37eee829), - TOBN(0x4c1581ff, 0xc3bdf24e), TOBN(0x5bff75cb, 0xf5c3c5a8), - TOBN(0x35e8c83f, 0xa14e6f40), TOBN(0xb81d1c0f, 0x0295e0ca), - TOBN(0xfcde7cc8, 0xf43a730f), TOBN(0xe89b6f3c, 0x33ab590e), - TOBN(0xc823f529, 0xad03240b), TOBN(0x82b79afe, 0x98bea5db), - TOBN(0x568f2856, 0x962fe5de), TOBN(0x0c590adb, 0x60c591f3), - TOBN(0x1fc74a14, 0x4a28a858), TOBN(0x3b662498, 0xb3203f4c), - TOBN(0x91e3cf0d, 0x6c39765a), TOBN(0xa2db3acd, 0xac3cca0b), - TOBN(0x288f2f08, 0xcb953b50), TOBN(0x2414582c, 0xcf43cf1a), - TOBN(0x8dec8bbc, 0x60eee9a8), TOBN(0x54c79f02, 0x729aa042), - TOBN(0xd81cd5ec, 0x6532f5d5), TOBN(0xa672303a, 0xcf82e15f), - TOBN(0x376aafa8, 0x719c0563), TOBN(0xcd8ad2dc, 0xbc5fc79f), - TOBN(0x303fdb9f, 0xcb750cd3), TOBN(0x14ff052f, 0x4418b08e), - TOBN(0xf75084cf, 0x3e2d6520), TOBN(0x7ebdf0f8, 0x144ed509), - TOBN(0xf43bf0f2, 0xd3f25b98), TOBN(0x86ad71cf, 0xa354d837), - TOBN(0xb827fe92, 0x26f43572), TOBN(0xdfd3ab5b, 0x5d824758), - TOBN(0x315dd23a, 0x539094c1), TOBN(0x85c0e37a, 0x66623d68), - TOBN(0x575c7972, 0x7be19ae0), TOBN(0x616a3396, 0xdf0d36b5), - TOBN(0xa1ebb3c8, 0x26b1ff7e), TOBN(0x635b9485, 0x140ad453), - TOBN(0x92bf3cda, 0xda430c0b), TOBN(0x4702850e, 0x3a96dac6), - TOBN(0xc91cf0a5, 0x15ac326a), TOBN(0x95de4f49, 0xab8c25e4), - TOBN(0xb01bad09, 0xe265c17c), TOBN(0x24e45464, 0x087b3881), - TOBN(0xd43e583c, 0xe1fac5ca), TOBN(0xe17cb318, 0x6ead97a6), - TOBN(0x6cc39243, 0x74dcec46), TOBN(0x33cfc02d, 0x54c2b73f), - TOBN(0x82917844, 0xf26cd99c), TOBN(0x8819dd95, 0xd1773f89), - TOBN(0x09572aa6, 0x0871f427), TOBN(0x8e0cf365, 0xf6f01c34), - TOBN(0x7fa52988, 0xbff1f5af), TOBN(0x4eb357ea, 0xe75e8e50), - TOBN(0xd9d0c8c4, 0x868af75d), TOBN(0xd7325cff, 0x45c8c7ea), - TOBN(0xab471996, 0xcc81ecb0), TOBN(0xff5d55f3, 0x611824ed), - TOBN(0xbe314541, 0x1977a0ee), TOBN(0x5085c4c5, 0x722038c6), - TOBN(0x2d5335bf, 0xf94bb495), TOBN(0x894ad8a6, 0xc8e2a082), - TOBN(0x5c3e2341, 0xada35438), TOBN(0xf4a9fc89, 0x049b8c4e), - TOBN(0xbeeb355a, 0x9f17cf34), TOBN(0x3f311e0e, 0x6c91fe10), - TOBN(0xc2d20038, 0x92ab9891), TOBN(0x257bdcc1, 0x3e8ce9a9), - TOBN(0x1b2d9789, 0x88c53bee), TOBN(0x927ce89a, 0xcdba143a), - TOBN(0xb0a32cca, 0x523db280), TOBN(0x5c889f8a, 0x50d43783), - TOBN(0x503e04b3, 0x4897d16f), TOBN(0x8cdb6e78, 0x08f5f2e8), - TOBN(0x6ab91cf0, 0x179c8e74), TOBN(0xd8874e52, 0x48211d60), - TOBN(0xf948d4d5, 0xea851200), TOBN(0x4076d41e, 0xe6f9840a), - TOBN(0xc20e263c, 0x47b517ea), TOBN(0x79a448fd, 0x30685e5e), - TOBN(0xe55f6f78, 0xf90631a0), TOBN(0x88a790b1, 0xa79e6346), - TOBN(0x62160c7d, 0x80969fe8), TOBN(0x54f92fd4, 0x41491bb9), - TOBN(0xa6645c23, 0x5c957526), TOBN(0xf44cc5ae, 0xbea3ce7b), - TOBN(0xf7628327, 0x8b1e68b7), TOBN(0xc731ad7a, 0x303f29d3), - TOBN(0xfe5a9ca9, 0x57d03ecb), TOBN(0x96c0d50c, 0x41bc97a7), - TOBN(0xc4669fe7, 0x9b4f7f24), TOBN(0xfdd781d8, 0x3d9967ef), - TOBN(0x7892c7c3, 0x5d2c208d), TOBN(0x8bf64f7c, 0xae545cb3), - TOBN(0xc01f862c, 0x467be912), TOBN(0xf4c85ee9, 0xc73d30cc), - TOBN(0x1fa6f4be, 0x6ab83ec7), TOBN(0xa07a3c1c, 0x4e3e3cf9), - TOBN(0x87f8ef45, 0x0c00beb3), TOBN(0x30e2c2b3, 0x000d4c3e), - TOBN(0x1aa00b94, 0xfe08bf5b), TOBN(0x32c133aa, 0x9224ef52), - TOBN(0x38df16bb, 0x32e5685d), TOBN(0x68a9e069, 0x58e6f544), - TOBN(0x495aaff7, 0xcdc5ebc6), TOBN(0xf894a645, 0x378b135f), - TOBN(0xf316350a, 0x09e27ecf), TOBN(0xeced201e, 0x58f7179d), - TOBN(0x2eec273c, 0xe97861ba), TOBN(0x47ec2cae, 0xd693be2e), - TOBN(0xfa4c97c4, 0xf68367ce), TOBN(0xe4f47d0b, 0xbe5a5755), - TOBN(0x17de815d, 0xb298a979), TOBN(0xd7eca659, 0xc177dc7d), - TOBN(0x20fdbb71, 0x49ded0a3), TOBN(0x4cb2aad4, 0xfb34d3c5), - TOBN(0x2cf31d28, 0x60858a33), TOBN(0x3b6873ef, 0xa24aa40f), - TOBN(0x540234b2, 0x2c11bb37), TOBN(0x2d0366dd, 0xed4c74a3), - TOBN(0xf9a968da, 0xeec5f25d), TOBN(0x36601068, 0x67b63142), - TOBN(0x07cd6d2c, 0x68d7b6d4), TOBN(0xa8f74f09, 0x0c842942), - TOBN(0xe2751404, 0x7768b1ee), TOBN(0x4b5f7e89, 0xfe62aee4), - TOBN(0xc6a77177, 0x89070d26), TOBN(0xa1f28e4e, 0xdd1c8bc7), - TOBN(0xea5f4f06, 0x469e1f17), TOBN(0x78fc242a, 0xfbdb78e0), - TOBN(0xc9c7c592, 0x8b0588f1), TOBN(0xb6b7a0fd, 0x1535921e), - TOBN(0xcc5bdb91, 0xbde5ae35), TOBN(0xb42c485e, 0x12ff1864), - TOBN(0xa1113e13, 0xdbab98aa), TOBN(0xde9d469b, 0xa17b1024), - TOBN(0x23f48b37, 0xc0462d3a), TOBN(0x3752e537, 0x7c5c078d), - TOBN(0xe3a86add, 0x15544eb9), TOBN(0xf013aea7, 0x80fba279), - TOBN(0x8b5bb76c, 0xf22001b5), TOBN(0xe617ba14, 0xf02891ab), - TOBN(0xd39182a6, 0x936219d3), TOBN(0x5ce1f194, 0xae51cb19), - TOBN(0xc78f8598, 0xbf07a74c), TOBN(0x6d7158f2, 0x22cbf1bc), - TOBN(0x3b846b21, 0xe300ce18), TOBN(0x35fba630, 0x2d11275d), - TOBN(0x5fe25c36, 0xa0239b9b), TOBN(0xd8beb35d, 0xdf05d940), - TOBN(0x4db02bb0, 0x1f7e320d), TOBN(0x0641c364, 0x6da320ea), - TOBN(0x6d95fa5d, 0x821389a3), TOBN(0x92699748, 0x8fcd8e3d), - TOBN(0x316fef17, 0xceb6c143), TOBN(0x67fcb841, 0xd933762b), - TOBN(0xbb837e35, 0x118b17f8), TOBN(0x4b92552f, 0x9fd24821), - TOBN(0xae6bc70e, 0x46aca793), TOBN(0x1cf0b0e4, 0xe579311b), - TOBN(0x8dc631be, 0x5802f716), TOBN(0x099bdc6f, 0xbddbee4d), - TOBN(0xcc352bb2, 0x0caf8b05), TOBN(0xf74d505a, 0x72d63df2), - TOBN(0xb9876d4b, 0x91c4f408), TOBN(0x1ce18473, 0x9e229b2d), - TOBN(0x49507597, 0x83abdb4a), TOBN(0x850fbcb6, 0xdee84b18), - TOBN(0x6325236e, 0x609e67dc), TOBN(0x04d831d9, 0x9336c6d8), - TOBN(0x8deaae3b, 0xfa12d45d), TOBN(0xe425f8ce, 0x4746e246), - TOBN(0x8004c175, 0x24f5f31e), TOBN(0xaca16d8f, 0xad62c3b7), - TOBN(0x0dc15a6a, 0x9152f934), TOBN(0xf1235e5d, 0xed0e12c1), - TOBN(0xc33c06ec, 0xda477dac), TOBN(0x76be8732, 0xb2ea0006), - TOBN(0xcf3f7831, 0x0c0cd313), TOBN(0x3c524553, 0xa614260d), - TOBN(0x31a756f8, 0xcab22d15), TOBN(0x03ee10d1, 0x77827a20), - TOBN(0xd1e059b2, 0x1994ef20), TOBN(0x2a653b69, 0x638ae318), - TOBN(0x70d5eb58, 0x2f699010), TOBN(0x279739f7, 0x09f5f84a), - TOBN(0x5da4663c, 0x8b799336), TOBN(0xfdfdf14d, 0x203c37eb), - TOBN(0x32d8a9dc, 0xa1dbfb2d), TOBN(0xab40cff0, 0x77d48f9b), - TOBN(0xc018b383, 0xd20b42d5), TOBN(0xf9a810ef, 0x9f78845f), - TOBN(0x40af3753, 0xbdba9df0), TOBN(0xb90bdcfc, 0x131dfdf9), - TOBN(0x18720591, 0xf01ab782), TOBN(0xc823f211, 0x6af12a88), - TOBN(0xa51b80f3, 0x0dc14401), TOBN(0xde248f77, 0xfb2dfbe3), - TOBN(0xef5a44e5, 0x0cafe751), TOBN(0x73997c9c, 0xd4dcd221), - TOBN(0x32fd86d1, 0xde854024), TOBN(0xd5b53adc, 0xa09b84bb), - TOBN(0x008d7a11, 0xdcedd8d1), TOBN(0x406bd1c8, 0x74b32c84), - TOBN(0x5d4472ff, 0x05dde8b1), TOBN(0x2e25f2cd, 0xfce2b32f), - TOBN(0xbec0dd5e, 0x29dfc254), TOBN(0x4455fcf6, 0x2b98b267), - TOBN(0x0b4d43a5, 0xc72df2ad), TOBN(0xea70e6be, 0x48a75397), - TOBN(0x2aad6169, 0x5820f3bf), TOBN(0xf410d2dd, 0x9e37f68f), - TOBN(0x70fb7dba, 0x7be5ac83), TOBN(0x636bb645, 0x36ec3eec), - TOBN(0x27104ea3, 0x9754e21c), TOBN(0xbc87a3e6, 0x8d63c373), - TOBN(0x483351d7, 0x4109db9a), TOBN(0x0fa724e3, 0x60134da7), - TOBN(0x9ff44c29, 0xb0720b16), TOBN(0x2dd0cf13, 0x06aceead), - TOBN(0x5942758c, 0xe26929a6), TOBN(0x96c5db92, 0xb766a92b), - TOBN(0xcec7d4c0, 0x5f18395e), TOBN(0xd3f22744, 0x1f80d032), - TOBN(0x7a68b37a, 0xcb86075b), TOBN(0x074764dd, 0xafef92db), - TOBN(0xded1e950, 0x7bc7f389), TOBN(0xc580c850, 0xb9756460), - TOBN(0xaeeec2a4, 0x7da48157), TOBN(0x3f0b4e7f, 0x82c587b3), - TOBN(0x231c6de8, 0xa9f19c53), TOBN(0x5717bd73, 0x6974e34e), - TOBN(0xd9e1d216, 0xf1508fa9), TOBN(0x9f112361, 0xdadaa124), - TOBN(0x80145e31, 0x823b7348), TOBN(0x4dd8f0d5, 0xac634069), - TOBN(0xe3d82fc7, 0x2297c258), TOBN(0x276fcfee, 0x9cee7431), - TOBN(0x8eb61b5e, 0x2bc0aea9), TOBN(0x4f668fd5, 0xde329431), - TOBN(0x03a32ab1, 0x38e4b87e), TOBN(0xe1374517, 0x73d0ef0b), - TOBN(0x1a46f7e6, 0x853ac983), TOBN(0xc3bdf42e, 0x68e78a57), - TOBN(0xacf20785, 0x2ea96dd1), TOBN(0xa10649b9, 0xf1638460), - TOBN(0xf2369f0b, 0x879fbbed), TOBN(0x0ff0ae86, 0xda9d1869), - TOBN(0x5251d759, 0x56766f45), TOBN(0x4984d8c0, 0x2be8d0fc), - TOBN(0x7ecc95a6, 0xd21008f0), TOBN(0x29bd54a0, 0x3a1a1c49), - TOBN(0xab9828c5, 0xd26c50f3), TOBN(0x32c0087c, 0x51d0d251), - TOBN(0x9bac3ce6, 0x0c1cdb26), TOBN(0xcd94d947, 0x557ca205), - TOBN(0x1b1bd598, 0x9db1fdcd), TOBN(0x0eda0108, 0xa3d8b149), - TOBN(0x95066610, 0x56152fcc), TOBN(0xc2f037e6, 0xe7192b33), - TOBN(0xdeffb41a, 0xc92e05a4), TOBN(0x1105f6c2, 0xc2f6c62e), - TOBN(0x68e73500, 0x8733913c), TOBN(0xcce86163, 0x3f3adc40), - TOBN(0xf407a942, 0x38a278e9), TOBN(0xd13c1b9d, 0x2ab21292), - TOBN(0x93ed7ec7, 0x1c74cf5c), TOBN(0x8887dc48, 0xf1a4c1b4), - TOBN(0x3830ff30, 0x4b3a11f1), TOBN(0x358c5a3c, 0x58937cb6), - TOBN(0x027dc404, 0x89022829), TOBN(0x40e93977, 0x3b798f79), - TOBN(0x90ad3337, 0x38be6ead), TOBN(0x9c23f6bc, 0xf34c0a5d), - TOBN(0xd1711a35, 0xfbffd8bb), TOBN(0x60fcfb49, 0x1949d3dd), - TOBN(0x09c8ef4b, 0x7825d93a), TOBN(0x24233cff, 0xa0a8c968), - TOBN(0x67ade46c, 0xe6d982af), TOBN(0xebb6bf3e, 0xe7544d7c), - TOBN(0xd6b9ba76, 0x3d8bd087), TOBN(0x46fe382d, 0x4dc61280), - TOBN(0xbd39a7e8, 0xb5bdbd75), TOBN(0xab381331, 0xb8f228fe), - TOBN(0x0709a77c, 0xce1c4300), TOBN(0x6a247e56, 0xf337ceac), - TOBN(0x8f34f21b, 0x636288be), TOBN(0x9dfdca74, 0xc8a7c305), - TOBN(0x6decfd1b, 0xea919e04), TOBN(0xcdf2688d, 0x8e1991f8), - TOBN(0xe607df44, 0xd0f8a67e), TOBN(0xd985df4b, 0x0b58d010), - TOBN(0x57f834c5, 0x0c24f8f4), TOBN(0xe976ef56, 0xa0bf01ae), - TOBN(0x536395ac, 0xa1c32373), TOBN(0x351027aa, 0x734c0a13), - TOBN(0xd2f1b5d6, 0x5e6bd5bc), TOBN(0x2b539e24, 0x223debed), - TOBN(0xd4994cec, 0x0eaa1d71), TOBN(0x2a83381d, 0x661dcf65), - TOBN(0x5f1aed2f, 0x7b54c740), TOBN(0x0bea3fa5, 0xd6dda5ee), - TOBN(0x9d4fb684, 0x36cc6134), TOBN(0x8eb9bbf3, 0xc0a443dd), - TOBN(0xfc500e2e, 0x383b7d2a), TOBN(0x7aad621c, 0x5b775257), - TOBN(0x69284d74, 0x0a8f7cc0), TOBN(0xe820c2ce, 0x07562d65), - TOBN(0xbf9531b9, 0x499758ee), TOBN(0x73e95ca5, 0x6ee0cc2d), - TOBN(0xf61790ab, 0xfbaf50a5), TOBN(0xdf55e76b, 0x684e0750), - TOBN(0xec516da7, 0xf176b005), TOBN(0x575553bb, 0x7a2dddc7), - TOBN(0x37c87ca3, 0x553afa73), TOBN(0x315f3ffc, 0x4d55c251), - TOBN(0xe846442a, 0xaf3e5d35), TOBN(0x61b91149, 0x6495ff28), - TOBN(0x23cc95d3, 0xfa326dc3), TOBN(0x1df4da1f, 0x18fc2cea), - TOBN(0x24bf9adc, 0xd0a37d59), TOBN(0xb6710053, 0x320d6e1e), - TOBN(0x96f9667e, 0x618344d1), TOBN(0xcc7ce042, 0xa06445af), - TOBN(0xa02d8514, 0xd68dbc3a), TOBN(0x4ea109e4, 0x280b5a5b), - TOBN(0x5741a7ac, 0xb40961bf), TOBN(0x4ada5937, 0x6aa56bfa), - TOBN(0x7feb9145, 0x02b765d1), TOBN(0x561e97be, 0xe6ad1582), - TOBN(0xbbc4a5b6, 0xda3982f5), TOBN(0x0c2659ed, 0xb546f468), - TOBN(0xb8e7e6aa, 0x59612d20), TOBN(0xd83dfe20, 0xac19e8e0), - TOBN(0x8530c45f, 0xb835398c), TOBN(0x6106a8bf, 0xb38a41c2), - TOBN(0x21e8f9a6, 0x35f5dcdb), TOBN(0x39707137, 0xcae498ed), - TOBN(0x70c23834, 0xd8249f00), TOBN(0x9f14b58f, 0xab2537a0), - TOBN(0xd043c365, 0x5f61c0c2), TOBN(0xdc5926d6, 0x09a194a7), - TOBN(0xddec0339, 0x8e77738a), TOBN(0xd07a63ef, 0xfba46426), - TOBN(0x2e58e79c, 0xee7f6e86), TOBN(0xe59b0459, 0xff32d241), - TOBN(0xc5ec84e5, 0x20fa0338), TOBN(0x97939ac8, 0xeaff5ace), - TOBN(0x0310a4e3, 0xb4a38313), TOBN(0x9115fba2, 0x8f9d9885), - TOBN(0x8dd710c2, 0x5fadf8c3), TOBN(0x66be38a2, 0xce19c0e2), - TOBN(0xd42a279c, 0x4cfe5022), TOBN(0x597bb530, 0x0e24e1b8), - TOBN(0x3cde86b7, 0xc153ca7f), TOBN(0xa8d30fb3, 0x707d63bd), - TOBN(0xac905f92, 0xbd60d21e), TOBN(0x98e7ffb6, 0x7b9a54ab), - TOBN(0xd7147df8, 0xe9726a30), TOBN(0xb5e216ff, 0xafce3533), - TOBN(0xb550b799, 0x2ff1ec40), TOBN(0x6b613b87, 0xa1e953fd), - TOBN(0x87b88dba, 0x792d5610), TOBN(0x2ee1270a, 0xa190fbe1), - TOBN(0x02f4e2dc, 0x2ef581da), TOBN(0x016530e4, 0xeff82a95), - TOBN(0xcbb93dfd, 0x8fd6ee89), TOBN(0x16d3d986, 0x46848fff), - TOBN(0x600eff24, 0x1da47adf), TOBN(0x1b9754a0, 0x0ad47a71), - TOBN(0x8f9266df, 0x70c33b98), TOBN(0xaadc87ae, 0xdf34186e), - TOBN(0x0d2ce8e1, 0x4ad24132), TOBN(0x8a47cbfc, 0x19946eba), - TOBN(0x47feeb66, 0x62b5f3af), TOBN(0xcefab561, 0x0abb3734), - TOBN(0x449de60e, 0x19f35cb1), TOBN(0x39f8db14, 0x157f0eb9), - TOBN(0xffaecc5b, 0x3c61bfd6), TOBN(0xa5a4d41d, 0x41216703), - TOBN(0x7f8fabed, 0x224e1cc2), TOBN(0x0d5a8186, 0x871ad953), - TOBN(0xf10774f7, 0xd22da9a9), TOBN(0x45b8a678, 0xcc8a9b0d), - TOBN(0xd9c2e722, 0xbdc32cff), TOBN(0xbf71b5f5, 0x337202a5), - TOBN(0x95c57f2f, 0x69fc4db9), TOBN(0xb6dad34c, 0x765d01e1), - TOBN(0x7e0bd13f, 0xcb904635), TOBN(0x61751253, 0x763a588c), - TOBN(0xd85c2997, 0x81af2c2d), TOBN(0xc0f7d9c4, 0x81b9d7da), - TOBN(0x838a34ae, 0x08533e8d), TOBN(0x15c4cb08, 0x311d8311), - TOBN(0x97f83285, 0x8e121e14), TOBN(0xeea7dc1e, 0x85000a5f), - TOBN(0x0c6059b6, 0x5d256274), TOBN(0xec9beace, 0xb95075c0), - TOBN(0x173daad7, 0x1df97828), TOBN(0xbf851cb5, 0xa8937877), - TOBN(0xb083c594, 0x01646f3c), TOBN(0x3bad30cf, 0x50c6d352), - TOBN(0xfeb2b202, 0x496bbcea), TOBN(0x3cf9fd4f, 0x18a1e8ba), - TOBN(0xd26de7ff, 0x1c066029), TOBN(0x39c81e9e, 0x4e9ed4f8), - TOBN(0xd8be0cb9, 0x7b390d35), TOBN(0x01df2bbd, 0x964aab27), - TOBN(0x3e8c1a65, 0xc3ef64f8), TOBN(0x567291d1, 0x716ed1dd), - TOBN(0x95499c6c, 0x5f5406d3), TOBN(0x71fdda39, 0x5ba8e23f), - TOBN(0xcfeb320e, 0xd5096ece), TOBN(0xbe7ba92b, 0xca66dd16), - TOBN(0x4608d36b, 0xc6fb5a7d), TOBN(0xe3eea15a, 0x6d2dd0e0), - TOBN(0x75b0a3eb, 0x8f97a36a), TOBN(0xf59814cc, 0x1c83de1e), - TOBN(0x56c9c5b0, 0x1c33c23f), TOBN(0xa96c1da4, 0x6faa4136), - TOBN(0x46bf2074, 0xde316551), TOBN(0x3b866e7b, 0x1f756c8f), - TOBN(0x727727d8, 0x1495ed6b), TOBN(0xb2394243, 0xb682dce7), - TOBN(0x8ab8454e, 0x758610f3), TOBN(0xc243ce84, 0x857d72a4), - TOBN(0x7b320d71, 0xdbbf370f), TOBN(0xff9afa37, 0x78e0f7ca), - TOBN(0x0119d1e0, 0xea7b523f), TOBN(0xb997f8cb, 0x058c7d42), - TOBN(0x285bcd2a, 0x37bbb184), TOBN(0x51dcec49, 0xa45d1fa6), - TOBN(0x6ade3b64, 0xe29634cb), TOBN(0x080c94a7, 0x26b86ef1), - TOBN(0xba583db1, 0x2283fbe3), TOBN(0x902bddc8, 0x5a9315ed), - TOBN(0x07c1ccb3, 0x86964bec), TOBN(0x78f4eacf, 0xb6258301), - TOBN(0x4bdf3a49, 0x56f90823), TOBN(0xba0f5080, 0x741d777b), - TOBN(0x091d71c3, 0xf38bf760), TOBN(0x9633d50f, 0x9b625b02), - TOBN(0x03ecb743, 0xb8c9de61), TOBN(0xb4751254, 0x5de74720), - TOBN(0x9f9defc9, 0x74ce1cb2), TOBN(0x774a4f6a, 0x00bd32ef), - TOBN(0xaca385f7, 0x73848f22), TOBN(0x53dad716, 0xf3f8558e), - TOBN(0xab7b34b0, 0x93c471f9), TOBN(0xf530e069, 0x19644bc7), - TOBN(0x3d9fb1ff, 0xdd59d31a), TOBN(0x4382e0df, 0x08daa795), - TOBN(0x165c6f4b, 0xd5cc88d7), TOBN(0xeaa392d5, 0x4a18c900), - TOBN(0x94203c67, 0x648024ee), TOBN(0x188763f2, 0x8c2fabcd), - TOBN(0xa80f87ac, 0xbbaec835), TOBN(0x632c96e0, 0xf29d8d54), - TOBN(0x29b0a60e, 0x4c00a95e), TOBN(0x2ef17f40, 0xe011e9fa), - TOBN(0xf6c0e1d1, 0x15b77223), TOBN(0xaaec2c62, 0x14b04e32), - TOBN(0xd35688d8, 0x3d84e58c), TOBN(0x2af5094c, 0x958571db), - TOBN(0x4fff7e19, 0x760682a6), TOBN(0x4cb27077, 0xe39a407c), - TOBN(0x0f59c547, 0x4ff0e321), TOBN(0x169f34a6, 0x1b34c8ff), - TOBN(0x2bff1096, 0x52bc1ba7), TOBN(0xa25423b7, 0x83583544), - TOBN(0x5d55d5d5, 0x0ac8b782), TOBN(0xff6622ec, 0x2db3c892), - TOBN(0x48fce741, 0x6b8bb642), TOBN(0x31d6998c, 0x69d7e3dc), - TOBN(0xdbaf8004, 0xcadcaed0), TOBN(0x801b0142, 0xd81d053c), - TOBN(0x94b189fc, 0x59630ec6), TOBN(0x120e9934, 0xaf762c8e), - TOBN(0x53a29aa4, 0xfdc6a404), TOBN(0x19d8e01e, 0xa1909948), - TOBN(0x3cfcabf1, 0xd7e89681), TOBN(0x3321a50d, 0x4e132d37), - TOBN(0xd0496863, 0xe9a86111), TOBN(0x8c0cde61, 0x06a3bc65), - TOBN(0xaf866c49, 0xfc9f8eef), TOBN(0x2066350e, 0xff7f5141), - TOBN(0x4f8a4689, 0xe56ddfbd), TOBN(0xea1b0c07, 0xfe32983a), - TOBN(0x2b317462, 0x873cb8cb), TOBN(0x658deddc, 0x2d93229f), - TOBN(0x65efaf4d, 0x0f64ef58), TOBN(0xfe43287d, 0x730cc7a8), - TOBN(0xaebc0c72, 0x3d047d70), TOBN(0x92efa539, 0xd92d26c9), - TOBN(0x06e78457, 0x94b56526), TOBN(0x415cb80f, 0x0961002d), - TOBN(0x89e5c565, 0x76dcb10f), TOBN(0x8bbb6982, 0xff9259fe), - TOBN(0x4fe8795b, 0x9abc2668), TOBN(0xb5d4f534, 0x1e678fb1), - TOBN(0x6601f3be, 0x7b7da2b9), TOBN(0x98da59e2, 0xa13d6805), - TOBN(0x190d8ea6, 0x01799a52), TOBN(0xa20cec41, 0xb86d2952), - TOBN(0x3062ffb2, 0x7fff2a7c), TOBN(0x741b32e5, 0x79f19d37), - TOBN(0xf80d8181, 0x4eb57d47), TOBN(0x7a2d0ed4, 0x16aef06b), - TOBN(0x09735fb0, 0x1cecb588), TOBN(0x1641caaa, 0xc6061f5b)}, - {TOBN(0x7f99824f, 0x20151427), TOBN(0x206828b6, 0x92430206), - TOBN(0xaa9097d7, 0xe1112357), TOBN(0xacf9a2f2, 0x09e414ec), - TOBN(0xdbdac9da, 0x27915356), TOBN(0x7e0734b7, 0x001efee3), - TOBN(0x54fab5bb, 0xd2b288e2), TOBN(0x4c630fc4, 0xf62dd09c), - TOBN(0x8537107a, 0x1ac2703b), TOBN(0xb49258d8, 0x6bc857b5), - TOBN(0x57df14de, 0xbcdaccd1), TOBN(0x24ab68d7, 0xc4ae8529), - TOBN(0x7ed8b5d4, 0x734e59d0), TOBN(0x5f8740c8, 0xc495cc80), - TOBN(0x84aedd5a, 0x291db9b3), TOBN(0x80b360f8, 0x4fb995be), - TOBN(0xae915f5d, 0x5fa067d1), TOBN(0x4134b57f, 0x9668960c), - TOBN(0xbd3656d6, 0xa48edaac), TOBN(0xdac1e3e4, 0xfc1d7436), - TOBN(0x674ff869, 0xd81fbb26), TOBN(0x449ed3ec, 0xb26c33d4), - TOBN(0x85138705, 0xd94203e8), TOBN(0xccde538b, 0xbeeb6f4a), - TOBN(0x55d5c68d, 0xa61a76fa), TOBN(0x598b441d, 0xca1554dc), - TOBN(0xd39923b9, 0x773b279c), TOBN(0x33331d3c, 0x36bf9efc), - TOBN(0x2d4c848e, 0x298de399), TOBN(0xcfdb8e77, 0xa1a27f56), - TOBN(0x94c855ea, 0x57b8ab70), TOBN(0xdcdb9dae, 0x6f7879ba), - TOBN(0x7bdff8c2, 0x019f2a59), TOBN(0xb3ce5bb3, 0xcb4fbc74), - TOBN(0xea907f68, 0x8a9173dd), TOBN(0x6cd3d0d3, 0x95a75439), - TOBN(0x92ecc4d6, 0xefed021c), TOBN(0x09a9f9b0, 0x6a77339a), - TOBN(0x87ca6b15, 0x7188c64a), TOBN(0x10c29968, 0x44899158), - TOBN(0x5859a229, 0xed6e82ef), TOBN(0x16f338e3, 0x65ebaf4e), - TOBN(0x0cd31387, 0x5ead67ae), TOBN(0x1c73d228, 0x54ef0bb4), - TOBN(0x4cb55131, 0x74a5c8c7), TOBN(0x01cd2970, 0x7f69ad6a), - TOBN(0xa04d00dd, 0xe966f87e), TOBN(0xd96fe447, 0x0b7b0321), - TOBN(0x342ac06e, 0x88fbd381), TOBN(0x02cd4a84, 0x5c35a493), - TOBN(0xe8fa89de, 0x54f1bbcd), TOBN(0x341d6367, 0x2575ed4c), - TOBN(0xebe357fb, 0xd238202b), TOBN(0x600b4d1a, 0xa984ead9), - TOBN(0xc35c9f44, 0x52436ea0), TOBN(0x96fe0a39, 0xa370751b), - TOBN(0x4c4f0736, 0x7f636a38), TOBN(0x9f943fb7, 0x0e76d5cb), - TOBN(0xb03510ba, 0xa8b68b8b), TOBN(0xc246780a, 0x9ed07a1f), - TOBN(0x3c051415, 0x6d549fc2), TOBN(0xc2953f31, 0x607781ca), - TOBN(0x955e2c69, 0xd8d95413), TOBN(0xb300fadc, 0x7bd282e3), - TOBN(0x81fe7b50, 0x87e9189f), TOBN(0xdb17375c, 0xf42dda27), - TOBN(0x22f7d896, 0xcf0a5904), TOBN(0xa0e57c5a, 0xebe348e6), - TOBN(0xa61011d3, 0xf40e3c80), TOBN(0xb1189321, 0x8db705c5), - TOBN(0x4ed9309e, 0x50fedec3), TOBN(0xdcf14a10, 0x4d6d5c1d), - TOBN(0x056c265b, 0x55691342), TOBN(0xe8e08504, 0x91049dc7), - TOBN(0x131329f5, 0xc9bae20a), TOBN(0x96c8b3e8, 0xd9dccdb4), - TOBN(0x8c5ff838, 0xfb4ee6b4), TOBN(0xfc5a9aeb, 0x41e8ccf0), - TOBN(0x7417b764, 0xfae050c6), TOBN(0x0953c3d7, 0x00452080), - TOBN(0x21372682, 0x38dfe7e8), TOBN(0xea417e15, 0x2bb79d4b), - TOBN(0x59641f1c, 0x76e7cf2d), TOBN(0x271e3059, 0xea0bcfcc), - TOBN(0x624c7dfd, 0x7253ecbd), TOBN(0x2f552e25, 0x4fca6186), - TOBN(0xcbf84ecd, 0x4d866e9c), TOBN(0x73967709, 0xf68d4610), - TOBN(0xa14b1163, 0xc27901b4), TOBN(0xfd9236e0, 0x899b8bf3), - TOBN(0x42b091ec, 0xcbc6da0a), TOBN(0xbb1dac6f, 0x5ad1d297), - TOBN(0x80e61d53, 0xa91cf76e), TOBN(0x4110a412, 0xd31f1ee7), - TOBN(0x2d87c3ba, 0x13efcf77), TOBN(0x1f374bb4, 0xdf450d76), - TOBN(0x5e78e2f2, 0x0d188dab), TOBN(0xe3968ed0, 0xf4b885ef), - TOBN(0x46c0568e, 0x7314570f), TOBN(0x31616338, 0x01170521), - TOBN(0x18e1e7e2, 0x4f0c8afe), TOBN(0x4caa75ff, 0xdeea78da), - TOBN(0x82db67f2, 0x7c5d8a51), TOBN(0x36a44d86, 0x6f505370), - TOBN(0xd72c5bda, 0x0333974f), TOBN(0x5db516ae, 0x27a70146), - TOBN(0x34705281, 0x210ef921), TOBN(0xbff17a8f, 0x0c9c38e5), - TOBN(0x78f4814e, 0x12476da1), TOBN(0xc1e16613, 0x33c16980), - TOBN(0x9e5b386f, 0x424d4bca), TOBN(0x4c274e87, 0xc85740de), - TOBN(0xb6a9b88d, 0x6c2f5226), TOBN(0x14d1b944, 0x550d7ca8), - TOBN(0x580c85fc, 0x1fc41709), TOBN(0xc1da368b, 0x54c6d519), - TOBN(0x2b0785ce, 0xd5113cf7), TOBN(0x0670f633, 0x5a34708f), - TOBN(0x46e23767, 0x15cc3f88), TOBN(0x1b480cfa, 0x50c72c8f), - TOBN(0x20288602, 0x4147519a), TOBN(0xd0981eac, 0x26b372f0), - TOBN(0xa9d4a7ca, 0xa785ebc8), TOBN(0xd953c50d, 0xdbdf58e9), - TOBN(0x9d6361cc, 0xfd590f8f), TOBN(0x72e9626b, 0x44e6c917), - TOBN(0x7fd96110, 0x22eb64cf), TOBN(0x863ebb7e, 0x9eb288f3), - TOBN(0x6e6ab761, 0x6aca8ee7), TOBN(0x97d10b39, 0xd7b40358), - TOBN(0x1687d377, 0x1e5feb0d), TOBN(0xc83e50e4, 0x8265a27a), - TOBN(0x8f75a9fe, 0xc954b313), TOBN(0xcc2e8f47, 0x310d1f61), - TOBN(0xf5ba81c5, 0x6557d0e0), TOBN(0x25f9680c, 0x3eaf6207), - TOBN(0xf95c6609, 0x4354080b), TOBN(0x5225bfa5, 0x7bf2fe1c), - TOBN(0xc5c004e2, 0x5c7d98fa), TOBN(0x3561bf1c, 0x019aaf60), - TOBN(0x5e6f9f17, 0xba151474), TOBN(0xdec2f934, 0xb04f6eca), - TOBN(0x64e368a1, 0x269acb1e), TOBN(0x1332d9e4, 0x0cdda493), - TOBN(0x60d6cf69, 0xdf23de05), TOBN(0x66d17da2, 0x009339a0), - TOBN(0x9fcac985, 0x0a693923), TOBN(0xbcf057fc, 0xed7c6a6d), - TOBN(0xc3c5c8c5, 0xf0b5662c), TOBN(0x25318dd8, 0xdcba4f24), - TOBN(0x60e8cb75, 0x082b69ff), TOBN(0x7c23b3ee, 0x1e728c01), - TOBN(0x15e10a0a, 0x097e4403), TOBN(0xcb3d0a86, 0x19854665), - TOBN(0x88d8e211, 0xd67d4826), TOBN(0xb39af66e, 0x0b9d2839), - TOBN(0xa5f94588, 0xbd475ca8), TOBN(0xe06b7966, 0xc077b80b), - TOBN(0xfedb1485, 0xda27c26c), TOBN(0xd290d33a, 0xfe0fd5e0), - TOBN(0xa40bcc47, 0xf34fb0fa), TOBN(0xb4760cc8, 0x1fb1ab09), - TOBN(0x8fca0993, 0xa273bfe3), TOBN(0x13e4fe07, 0xf70b213c), - TOBN(0x3bcdb992, 0xfdb05163), TOBN(0x8c484b11, 0x0c2b19b6), - TOBN(0x1acb815f, 0xaaf2e3e2), TOBN(0xc6905935, 0xb89ff1b4), - TOBN(0xb2ad6f9d, 0x586e74e1), TOBN(0x488883ad, 0x67b80484), - TOBN(0x758aa2c7, 0x369c3ddb), TOBN(0x8ab74e69, 0x9f9afd31), - TOBN(0x10fc2d28, 0x5e21beb1), TOBN(0x3484518a, 0x318c42f9), - TOBN(0x377427dc, 0x53cf40c3), TOBN(0x9de0781a, 0x391bc1d9), - TOBN(0x8faee858, 0x693807e1), TOBN(0xa3865327, 0x4e81ccc7), - TOBN(0x02c30ff2, 0x6f835b84), TOBN(0xb604437b, 0x0d3d38d4), - TOBN(0xb3fc8a98, 0x5ca1823d), TOBN(0xb82f7ec9, 0x03be0324), - TOBN(0xee36d761, 0xcf684a33), TOBN(0x5a01df0e, 0x9f29bf7d), - TOBN(0x686202f3, 0x1306583d), TOBN(0x05b10da0, 0x437c622e), - TOBN(0xbf9aaa0f, 0x076a7bc8), TOBN(0x25e94efb, 0x8f8f4e43), - TOBN(0x8a35c9b7, 0xfa3dc26d), TOBN(0xe0e5fb93, 0x96ff03c5), - TOBN(0xa77e3843, 0xebc394ce), TOBN(0xcede6595, 0x8361de60), - TOBN(0xd27c22f6, 0xa1993545), TOBN(0xab01cc36, 0x24d671ba), - TOBN(0x63fa2877, 0xa169c28e), TOBN(0x925ef904, 0x2eb08376), - TOBN(0x3b2fa3cf, 0x53aa0b32), TOBN(0xb27beb5b, 0x71c49d7a), - TOBN(0xb60e1834, 0xd105e27f), TOBN(0xd6089788, 0x4f68570d), - TOBN(0x23094ce0, 0xd6fbc2ac), TOBN(0x738037a1, 0x815ff551), - TOBN(0xda73b1bb, 0x6bef119c), TOBN(0xdcf6c430, 0xeef506ba), - TOBN(0x00e4fe7b, 0xe3ef104a), TOBN(0xebdd9a2c, 0x0a065628), - TOBN(0x853a81c3, 0x8792043e), TOBN(0x22ad6ece, 0xb3b59108), - TOBN(0x9fb813c0, 0x39cd297d), TOBN(0x8ec7e16e, 0x05bda5d9), - TOBN(0x2834797c, 0x0d104b96), TOBN(0xcc11a2e7, 0x7c511510), - TOBN(0x96ca5a53, 0x96ee6380), TOBN(0x054c8655, 0xcea38742), - TOBN(0xb5946852, 0xd54dfa7d), TOBN(0x97c422e7, 0x1f4ab207), - TOBN(0xbf907509, 0x0c22b540), TOBN(0x2cde42aa, 0xb7c267d4), - TOBN(0xba18f9ed, 0x5ab0d693), TOBN(0x3ba62aa6, 0x6e4660d9), - TOBN(0xb24bf97b, 0xab9ea96a), TOBN(0x5d039642, 0xe3b60e32), - TOBN(0x4e6a4506, 0x7c4d9bd5), TOBN(0x666c5b9e, 0x7ed4a6a4), - TOBN(0xfa3fdcd9, 0x8edbd7cc), TOBN(0x4660bb87, 0xc6ccd753), - TOBN(0x9ae90820, 0x21e6b64f), TOBN(0x8a56a713, 0xb36bfb3f), - TOBN(0xabfce096, 0x5726d47f), TOBN(0x9eed01b2, 0x0b1a9a7f), - TOBN(0x30e9cad4, 0x4eb74a37), TOBN(0x7b2524cc, 0x53e9666d), - TOBN(0x6a29683b, 0x8f4b002f), TOBN(0xc2200d7a, 0x41f4fc20), - TOBN(0xcf3af47a, 0x3a338acc), TOBN(0x6539a4fb, 0xe7128975), - TOBN(0xcec31c14, 0xc33c7fcf), TOBN(0x7eb6799b, 0xc7be322b), - TOBN(0x119ef4e9, 0x6646f623), TOBN(0x7b7a26a5, 0x54d7299b), - TOBN(0xcb37f08d, 0x403f46f2), TOBN(0x94b8fc43, 0x1a0ec0c7), - TOBN(0xbb8514e3, 0xc332142f), TOBN(0xf3ed2c33, 0xe80d2a7a), - TOBN(0x8d2080af, 0xb639126c), TOBN(0xf7b6be60, 0xe3553ade), - TOBN(0x3950aa9f, 0x1c7e2b09), TOBN(0x847ff958, 0x6410f02b), - TOBN(0x877b7cf5, 0x678a31b0), TOBN(0xd50301ae, 0x3998b620), - TOBN(0x734257c5, 0xc00fb396), TOBN(0xf9fb18a0, 0x04e672a6), - TOBN(0xff8bd8eb, 0xe8758851), TOBN(0x1e64e4c6, 0x5d99ba44), - TOBN(0x4b8eaedf, 0x7dfd93b7), TOBN(0xba2f2a98, 0x04e76b8c), - TOBN(0x7d790cba, 0xe8053433), TOBN(0xc8e725a0, 0x3d2c9585), - TOBN(0x58c5c476, 0xcdd8f5ed), TOBN(0xd106b952, 0xefa9fe1d), - TOBN(0x3c5c775b, 0x0eff13a9), TOBN(0x242442ba, 0xe057b930), - TOBN(0xe9f458d4, 0xc9b70cbd), TOBN(0x69b71448, 0xa3cdb89a), - TOBN(0x41ee46f6, 0x0e2ed742), TOBN(0x573f1045, 0x40067493), - TOBN(0xb1e154ff, 0x9d54c304), TOBN(0x2ad0436a, 0x8d3a7502), - TOBN(0xee4aaa2d, 0x431a8121), TOBN(0xcd38b3ab, 0x886f11ed), - TOBN(0x57d49ea6, 0x034a0eb7), TOBN(0xd2b773bd, 0xf7e85e58), - TOBN(0x4a559ac4, 0x9b5c1f14), TOBN(0xc444be1a, 0x3e54df2b), - TOBN(0x13aad704, 0xeda41891), TOBN(0xcd927bec, 0x5eb5c788), - TOBN(0xeb3c8516, 0xe48c8a34), TOBN(0x1b7ac812, 0x4b546669), - TOBN(0x1815f896, 0x594df8ec), TOBN(0x87c6a79c, 0x79227865), - TOBN(0xae02a2f0, 0x9b56ddbd), TOBN(0x1339b5ac, 0x8a2f1cf3), - TOBN(0xf2b569c7, 0x839dff0d), TOBN(0xb0b9e864, 0xfee9a43d), - TOBN(0x4ff8ca41, 0x77bb064e), TOBN(0x145a2812, 0xfd249f63), - TOBN(0x3ab7beac, 0xf86f689a), TOBN(0x9bafec27, 0x01d35f5e), - TOBN(0x28054c65, 0x4265aa91), TOBN(0xa4b18304, 0x035efe42), - TOBN(0x6887b0e6, 0x9639dec7), TOBN(0xf4b8f6ad, 0x3d52aea5), - TOBN(0xfb9293cc, 0x971a8a13), TOBN(0x3f159e5d, 0x4c934d07), - TOBN(0x2c50e9b1, 0x09acbc29), TOBN(0x08eb65e6, 0x7154d129), - TOBN(0x4feff589, 0x30b75c3e), TOBN(0x0bb82fe2, 0x94491c93), - TOBN(0xd8ac377a, 0x89af62bb), TOBN(0xd7b51490, 0x9685e49f), - TOBN(0xabca9a7b, 0x04497f19), TOBN(0x1b35ed0a, 0x1a7ad13f), - TOBN(0x6b601e21, 0x3ec86ed6), TOBN(0xda91fcb9, 0xce0c76f1), - TOBN(0x9e28507b, 0xd7ab27e1), TOBN(0x7c19a555, 0x63945b7b), - TOBN(0x6b43f0a1, 0xaafc9827), TOBN(0x443b4fbd, 0x3aa55b91), - TOBN(0x962b2e65, 0x6962c88f), TOBN(0x139da8d4, 0xce0db0ca), - TOBN(0xb93f05dd, 0x1b8d6c4f), TOBN(0x779cdff7, 0x180b9824), - TOBN(0xbba23fdd, 0xae57c7b7), TOBN(0x345342f2, 0x1b932522), - TOBN(0xfd9c80fe, 0x556d4aa3), TOBN(0xa03907ba, 0x6525bb61), - TOBN(0x38b010e1, 0xff218933), TOBN(0xc066b654, 0xaa52117b), - TOBN(0x8e141920, 0x94f2e6ea), TOBN(0x66a27dca, 0x0d32f2b2), - TOBN(0x69c7f993, 0x048b3717), TOBN(0xbf5a989a, 0xb178ae1c), - TOBN(0x49fa9058, 0x564f1d6b), TOBN(0x27ec6e15, 0xd31fde4e), - TOBN(0x4cce0373, 0x7276e7fc), TOBN(0x64086d79, 0x89d6bf02), - TOBN(0x5a72f046, 0x4ccdd979), TOBN(0x909c3566, 0x47775631), - TOBN(0x1c07bc6b, 0x75dd7125), TOBN(0xb4c6bc97, 0x87a0428d), - TOBN(0x507ece52, 0xfdeb6b9d), TOBN(0xfca56512, 0xb2c95432), - TOBN(0x15d97181, 0xd0e8bd06), TOBN(0x384dd317, 0xc6bb46ea), - TOBN(0x5441ea20, 0x3952b624), TOBN(0xbcf70dee, 0x4e7dc2fb), - TOBN(0x372b016e, 0x6628e8c3), TOBN(0x07a0d667, 0xb60a7522), - TOBN(0xcf05751b, 0x0a344ee2), TOBN(0x0ec09a48, 0x118bdeec), - TOBN(0x6e4b3d4e, 0xd83dce46), TOBN(0x43a6316d, 0x99d2fc6e), - TOBN(0xa99d8989, 0x56cf044c), TOBN(0x7c7f4454, 0xae3e5fb7), - TOBN(0xb2e6b121, 0xfbabbe92), TOBN(0x281850fb, 0xe1330076), - TOBN(0x093581ec, 0x97890015), TOBN(0x69b1dded, 0x75ff77f5), - TOBN(0x7cf0b18f, 0xab105105), TOBN(0x953ced31, 0xa89ccfef), - TOBN(0x3151f85f, 0xeb914009), TOBN(0x3c9f1b87, 0x88ed48ad), - TOBN(0xc9aba1a1, 0x4a7eadcb), TOBN(0x928e7501, 0x522e71cf), - TOBN(0xeaede727, 0x3a2e4f83), TOBN(0x467e10d1, 0x1ce3bbd3), - TOBN(0xf3442ac3, 0xb955dcf0), TOBN(0xba96307d, 0xd3d5e527), - TOBN(0xf763a10e, 0xfd77f474), TOBN(0x5d744bd0, 0x6a6e1ff0), - TOBN(0xd287282a, 0xa777899e), TOBN(0xe20eda8f, 0xd03f3cde), - TOBN(0x6a7e75bb, 0x50b07d31), TOBN(0x0b7e2a94, 0x6f379de4), - TOBN(0x31cb64ad, 0x19f593cf), TOBN(0x7b1a9e4f, 0x1e76ef1d), - TOBN(0xe18c9c9d, 0xb62d609c), TOBN(0x439bad6d, 0xe779a650), - TOBN(0x219d9066, 0xe032f144), TOBN(0x1db632b8, 0xe8b2ec6a), - TOBN(0xff0d0fd4, 0xfda12f78), TOBN(0x56fb4c2d, 0x2a25d265), - TOBN(0x5f4e2ee1, 0x255a03f1), TOBN(0x61cd6af2, 0xe96af176), - TOBN(0xe0317ba8, 0xd068bc97), TOBN(0x927d6bab, 0x264b988e), - TOBN(0xa18f07e0, 0xe90fb21e), TOBN(0x00fd2b80, 0xbba7fca1), - TOBN(0x20387f27, 0x95cd67b5), TOBN(0x5b89a4e7, 0xd39707f7), - TOBN(0x8f83ad3f, 0x894407ce), TOBN(0xa0025b94, 0x6c226132), - TOBN(0xc79563c7, 0xf906c13b), TOBN(0x5f548f31, 0x4e7bb025), - TOBN(0x2b4c6b8f, 0xeac6d113), TOBN(0xa67e3f9c, 0x0e813c76), - TOBN(0x3982717c, 0x3fe1f4b9), TOBN(0x58865819, 0x26d8050e), - TOBN(0x99f3640c, 0xf7f06f20), TOBN(0xdc610216, 0x2a66ebc2), - TOBN(0x52f2c175, 0x767a1e08), TOBN(0x05660e1a, 0x5999871b), - TOBN(0x6b0f1762, 0x6d3c4693), TOBN(0xf0e7d627, 0x37ed7bea), - TOBN(0xc51758c7, 0xb75b226d), TOBN(0x40a88628, 0x1f91613b), - TOBN(0x889dbaa7, 0xbbb38ce0), TOBN(0xe0404b65, 0xbddcad81), - TOBN(0xfebccd3a, 0x8bc9671f), TOBN(0xfbf9a357, 0xee1f5375), - TOBN(0x5dc169b0, 0x28f33398), TOBN(0xb07ec11d, 0x72e90f65), - TOBN(0xae7f3b4a, 0xfaab1eb1), TOBN(0xd970195e, 0x5f17538a), - TOBN(0x52b05cbe, 0x0181e640), TOBN(0xf5debd62, 0x2643313d), - TOBN(0x76148154, 0x5df31f82), TOBN(0x23e03b33, 0x3a9e13c5), - TOBN(0xff758949, 0x4fde0c1f), TOBN(0xbf8a1abe, 0xe5b6ec20), - TOBN(0x702278fb, 0x87e1db6c), TOBN(0xc447ad7a, 0x35ed658f), - TOBN(0x48d4aa38, 0x03d0ccf2), TOBN(0x80acb338, 0x819a7c03), - TOBN(0x9bc7c89e, 0x6e17cecc), TOBN(0x46736b8b, 0x03be1d82), - TOBN(0xd65d7b60, 0xc0432f96), TOBN(0xddebe7a3, 0xdeb5442f), - TOBN(0x79a25307, 0x7dff69a2), TOBN(0x37a56d94, 0x02cf3122), - TOBN(0x8bab8aed, 0xf2350d0a), TOBN(0x13c3f276, 0x037b0d9a), - TOBN(0xc664957c, 0x44c65cae), TOBN(0x88b44089, 0xc2e71a88), - TOBN(0xdb88e5a3, 0x5cb02664), TOBN(0x5d4c0bf1, 0x8686c72e), - TOBN(0xea3d9b62, 0xa682d53e), TOBN(0x9b605ef4, 0x0b2ad431), - TOBN(0x71bac202, 0xc69645d0), TOBN(0xa115f03a, 0x6a1b66e7), - TOBN(0xfe2c563a, 0x158f4dc4), TOBN(0xf715b3a0, 0x4d12a78c), - TOBN(0x8f7f0a48, 0xd413213a), TOBN(0x2035806d, 0xc04becdb), - TOBN(0xecd34a99, 0x5d8587f5), TOBN(0x4d8c3079, 0x9f6d3a71), - TOBN(0x1b2a2a67, 0x8d95a8f6), TOBN(0xc58c9d7d, 0xf2110d0d), - TOBN(0xdeee81d5, 0xcf8fba3f), TOBN(0xa42be3c0, 0x0c7cdf68), - TOBN(0x2126f742, 0xd43b5eaa), TOBN(0x054a0766, 0xdfa59b85), - TOBN(0x9d0d5e36, 0x126bfd45), TOBN(0xa1f8fbd7, 0x384f8a8f), - TOBN(0x317680f5, 0xd563fccc), TOBN(0x48ca5055, 0xf280a928), - TOBN(0xe00b81b2, 0x27b578cf), TOBN(0x10aad918, 0x2994a514), - TOBN(0xd9e07b62, 0xb7bdc953), TOBN(0x9f0f6ff2, 0x5bc086dd), - TOBN(0x09d1ccff, 0x655eee77), TOBN(0x45475f79, 0x5bef7df1), - TOBN(0x3faa28fa, 0x86f702cc), TOBN(0x92e60905, 0x0f021f07), - TOBN(0xe9e62968, 0x7f8fa8c6), TOBN(0xbd71419a, 0xf036ea2c), - TOBN(0x171ee1cc, 0x6028da9a), TOBN(0x5352fe1a, 0xc251f573), - TOBN(0xf8ff236e, 0x3fa997f4), TOBN(0xd831b6c9, 0xa5749d5f), - TOBN(0x7c872e1d, 0xe350e2c2), TOBN(0xc56240d9, 0x1e0ce403), - TOBN(0xf9deb077, 0x6974f5cb), TOBN(0x7d50ba87, 0x961c3728), - TOBN(0xd6f89426, 0x5a3a2518), TOBN(0xcf817799, 0xc6303d43), - TOBN(0x510a0471, 0x619e5696), TOBN(0xab049ff6, 0x3a5e307b), - TOBN(0xe4cdf9b0, 0xfeb13ec7), TOBN(0xd5e97117, 0x9d8ff90c), - TOBN(0xf6f64d06, 0x9afa96af), TOBN(0x00d0bf5e, 0x9d2012a2), - TOBN(0xe63f301f, 0x358bcdc0), TOBN(0x07689e99, 0x0a9d47f8), - TOBN(0x1f689e2f, 0x4f43d43a), TOBN(0x4d542a16, 0x90920904), - TOBN(0xaea293d5, 0x9ca0a707), TOBN(0xd061fe45, 0x8ac68065), - TOBN(0x1033bf1b, 0x0090008c), TOBN(0x29749558, 0xc08a6db6), - TOBN(0x74b5fc59, 0xc1d5d034), TOBN(0xf712e9f6, 0x67e215e0), - TOBN(0xfd520cbd, 0x860200e6), TOBN(0x0229acb4, 0x3ea22588), - TOBN(0x9cd1e14c, 0xfff0c82e), TOBN(0x87684b62, 0x59c69e73), - TOBN(0xda85e61c, 0x96ccb989), TOBN(0x2d5dbb02, 0xa3d06493), - TOBN(0xf22ad33a, 0xe86b173c), TOBN(0xe8e41ea5, 0xa79ff0e3), - TOBN(0x01d2d725, 0xdd0d0c10), TOBN(0x31f39088, 0x032d28f9), - TOBN(0x7b3f71e1, 0x7829839e), TOBN(0x0cf691b4, 0x4502ae58), - TOBN(0xef658dbd, 0xbefc6115), TOBN(0xa5cd6ee5, 0xb3ab5314), - TOBN(0x206c8d7b, 0x5f1d2347), TOBN(0x794645ba, 0x4cc2253a), - TOBN(0xd517d8ff, 0x58389e08), TOBN(0x4fa20dee, 0x9f847288), - TOBN(0xeba072d8, 0xd797770a), TOBN(0x7360c91d, 0xbf429e26), - TOBN(0x7200a3b3, 0x80af8279), TOBN(0x6a1c9150, 0x82dadce3), - TOBN(0x0ee6d3a7, 0xc35d8794), TOBN(0x042e6558, 0x0356bae5), - TOBN(0x9f59698d, 0x643322fd), TOBN(0x9379ae15, 0x50a61967), - TOBN(0x64b9ae62, 0xfcc9981e), TOBN(0xaed3d631, 0x6d2934c6), - TOBN(0x2454b302, 0x5e4e65eb), TOBN(0xab09f647, 0xf9950428)}, - {TOBN(0xb2083a12, 0x22248acc), TOBN(0x1f6ec0ef, 0x3264e366), - TOBN(0x5659b704, 0x5afdee28), TOBN(0x7a823a40, 0xe6430bb5), - TOBN(0x24592a04, 0xe1900a79), TOBN(0xcde09d4a, 0xc9ee6576), - TOBN(0x52b6463f, 0x4b5ea54a), TOBN(0x1efe9ed3, 0xd3ca65a7), - TOBN(0xe27a6dbe, 0x305406dd), TOBN(0x8eb7dc7f, 0xdd5d1957), - TOBN(0xf54a6876, 0x387d4d8f), TOBN(0x9c479409, 0xc7762de4), - TOBN(0xbe4d5b5d, 0x99b30778), TOBN(0x25380c56, 0x6e793682), - TOBN(0x602d37f3, 0xdac740e3), TOBN(0x140deabe, 0x1566e4ae), - TOBN(0x4481d067, 0xafd32acf), TOBN(0xd8f0fcca, 0xe1f71ccf), - TOBN(0xd208dd0c, 0xb596f2da), TOBN(0xd049d730, 0x9aad93f9), - TOBN(0xc79f263d, 0x42ab580e), TOBN(0x09411bb1, 0x23f707b4), - TOBN(0x8cfde1ff, 0x835e0eda), TOBN(0x72707490, 0x90f03402), - TOBN(0xeaee6126, 0xc49a861e), TOBN(0x024f3b65, 0xe14f0d06), - TOBN(0x51a3f1e8, 0xc69bfc17), TOBN(0xc3c3a8e9, 0xa7686381), - TOBN(0x3400752c, 0xb103d4c8), TOBN(0x02bc4613, 0x9218b36b), - TOBN(0xc67f75eb, 0x7651504a), TOBN(0xd6848b56, 0xd02aebfa), - TOBN(0xbd9802e6, 0xc30fa92b), TOBN(0x5a70d96d, 0x9a552784), - TOBN(0x9085c4ea, 0x3f83169b), TOBN(0xfa9423bb, 0x06908228), - TOBN(0x2ffebe12, 0xfe97a5b9), TOBN(0x85da6049, 0x71b99118), - TOBN(0x9cbc2f7f, 0x63178846), TOBN(0xfd96bc70, 0x9153218e), - TOBN(0x958381db, 0x1782269b), TOBN(0xae34bf79, 0x2597e550), - TOBN(0xbb5c6064, 0x5f385153), TOBN(0x6f0e96af, 0xe3088048), - TOBN(0xbf6a0215, 0x77884456), TOBN(0xb3b5688c, 0x69310ea7), - TOBN(0x17c94295, 0x04fad2de), TOBN(0xe020f0e5, 0x17896d4d), - TOBN(0x730ba0ab, 0x0976505f), TOBN(0x567f6813, 0x095e2ec5), - TOBN(0x47062010, 0x6331ab71), TOBN(0x72cfa977, 0x41d22b9f), - TOBN(0x33e55ead, 0x8a2373da), TOBN(0xa8d0d5f4, 0x7ba45a68), - TOBN(0xba1d8f9c, 0x03029d15), TOBN(0x8f34f1cc, 0xfc55b9f3), - TOBN(0xcca4428d, 0xbbe5a1a9), TOBN(0x8187fd5f, 0x3126bd67), - TOBN(0x0036973a, 0x48105826), TOBN(0xa39b6663, 0xb8bd61a0), - TOBN(0x6d42deef, 0x2d65a808), TOBN(0x4969044f, 0x94636b19), - TOBN(0xf611ee47, 0xdd5d564c), TOBN(0x7b2f3a49, 0xd2873077), - TOBN(0x94157d45, 0x300eb294), TOBN(0x2b2a656e, 0x169c1494), - TOBN(0xc000dd76, 0xd3a47aa9), TOBN(0xa2864e4f, 0xa6243ea4), - TOBN(0x82716c47, 0xdb89842e), TOBN(0x12dfd7d7, 0x61479fb7), - TOBN(0x3b9a2c56, 0xe0b2f6dc), TOBN(0x46be862a, 0xd7f85d67), - TOBN(0x03b0d8dd, 0x0f82b214), TOBN(0x460c34f9, 0xf103cbc6), - TOBN(0xf32e5c03, 0x18d79e19), TOBN(0x8b8888ba, 0xa84117f8), - TOBN(0x8f3c37dc, 0xc0722677), TOBN(0x10d21be9, 0x1c1c0f27), - TOBN(0xd47c8468, 0xe0f7a0c6), TOBN(0x9bf02213, 0xadecc0e0), - TOBN(0x0baa7d12, 0x42b48b99), TOBN(0x1bcb665d, 0x48424096), - TOBN(0x8b847cd6, 0xebfb5cfb), TOBN(0x87c2ae56, 0x9ad4d10d), - TOBN(0xf1cbb122, 0x0de36726), TOBN(0xe7043c68, 0x3fdfbd21), - TOBN(0x4bd0826a, 0x4e79d460), TOBN(0x11f5e598, 0x4bd1a2cb), - TOBN(0x97554160, 0xb7fe7b6e), TOBN(0x7d16189a, 0x400a3fb2), - TOBN(0xd73e9bea, 0xe328ca1e), TOBN(0x0dd04b97, 0xe793d8cc), - TOBN(0xa9c83c9b, 0x506db8cc), TOBN(0x5cd47aae, 0xcf38814c), - TOBN(0x26fc430d, 0xb64b45e6), TOBN(0x079b5499, 0xd818ea84), - TOBN(0xebb01102, 0xc1c24a3b), TOBN(0xca24e568, 0x1c161c1a), - TOBN(0x103eea69, 0x36f00a4a), TOBN(0x9ad76ee8, 0x76176c7b), - TOBN(0x97451fc2, 0x538e0ff7), TOBN(0x94f89809, 0x6604b3b0), - TOBN(0x6311436e, 0x3249cfd7), TOBN(0x27b4a7bd, 0x41224f69), - TOBN(0x03b5d21a, 0xe0ac2941), TOBN(0x279b0254, 0xc2d31937), - TOBN(0x3307c052, 0xcac992d0), TOBN(0x6aa7cb92, 0xefa8b1f3), - TOBN(0x5a182580, 0x0d37c7a5), TOBN(0x13380c37, 0x342d5422), - TOBN(0x92ac2d66, 0xd5d2ef92), TOBN(0x035a70c9, 0x030c63c6), - TOBN(0xc16025dd, 0x4ce4f152), TOBN(0x1f419a71, 0xf9df7c06), - TOBN(0x6d5b2214, 0x91e4bb14), TOBN(0xfc43c6cc, 0x839fb4ce), - TOBN(0x49f06591, 0x925d6b2d), TOBN(0x4b37d9d3, 0x62186598), - TOBN(0x8c54a971, 0xd01b1629), TOBN(0xe1a9c29f, 0x51d50e05), - TOBN(0x5109b785, 0x71ba1861), TOBN(0x48b22d5c, 0xd0c8f93d), - TOBN(0xe8fa84a7, 0x8633bb93), TOBN(0x53fba6ba, 0x5aebbd08), - TOBN(0x7ff27df3, 0xe5eea7d8), TOBN(0x521c8796, 0x68ca7158), - TOBN(0xb9d5133b, 0xce6f1a05), TOBN(0x2d50cd53, 0xfd0ebee4), - TOBN(0xc82115d6, 0xc5a3ef16), TOBN(0x993eff9d, 0xba079221), - TOBN(0xe4da2c5e, 0x4b5da81c), TOBN(0x9a89dbdb, 0x8033fd85), - TOBN(0x60819ebf, 0x2b892891), TOBN(0x53902b21, 0x5d14a4d5), - TOBN(0x6ac35051, 0xd7fda421), TOBN(0xcc6ab885, 0x61c83284), - TOBN(0x14eba133, 0xf74cff17), TOBN(0x240aaa03, 0xecb813f2), - TOBN(0xcfbb6540, 0x6f665bee), TOBN(0x084b1fe4, 0xa425ad73), - TOBN(0x009d5d16, 0xd081f6a6), TOBN(0x35304fe8, 0xeef82c90), - TOBN(0xf20346d5, 0xaa9eaa22), TOBN(0x0ada9f07, 0xac1c91e3), - TOBN(0xa6e21678, 0x968a6144), TOBN(0x54c1f77c, 0x07b31a1e), - TOBN(0xd6bb787e, 0x5781fbe1), TOBN(0x61bd2ee0, 0xe31f1c4a), - TOBN(0xf25aa1e9, 0x781105fc), TOBN(0x9cf2971f, 0x7b2f8e80), - TOBN(0x26d15412, 0xcdff919b), TOBN(0x01db4ebe, 0x34bc896e), - TOBN(0x7d9b3e23, 0xb40df1cf), TOBN(0x59337373, 0x94e971b4), - TOBN(0xbf57bd14, 0x669cf921), TOBN(0x865daedf, 0x0c1a1064), - TOBN(0x3eb70bd3, 0x83279125), TOBN(0xbc3d5b9f, 0x34ecdaab), - TOBN(0x91e3ed7e, 0x5f755caf), TOBN(0x49699f54, 0xd41e6f02), - TOBN(0x185770e1, 0xd4a7a15b), TOBN(0x08f3587a, 0xeaac87e7), - TOBN(0x352018db, 0x473133ea), TOBN(0x674ce719, 0x04fd30fc), - TOBN(0x7b8d9835, 0x088b3e0e), TOBN(0x7a0356a9, 0x5d0d47a1), - TOBN(0x9d9e7659, 0x6474a3c4), TOBN(0x61ea48a7, 0xff66966c), - TOBN(0x30417758, 0x0f3e4834), TOBN(0xfdbb21c2, 0x17a9afcb), - TOBN(0x756fa17f, 0x2f9a67b3), TOBN(0x2a6b2421, 0xa245c1a8), - TOBN(0x64be2794, 0x4af02291), TOBN(0xade465c6, 0x2a5804fe), - TOBN(0x8dffbd39, 0xa6f08fd7), TOBN(0xc4efa84c, 0xaa14403b), - TOBN(0xa1b91b2a, 0x442b0f5c), TOBN(0xb748e317, 0xcf997736), - TOBN(0x8d1b62bf, 0xcee90e16), TOBN(0x907ae271, 0x0b2078c0), - TOBN(0xdf31534b, 0x0c9bcddd), TOBN(0x043fb054, 0x39adce83), - TOBN(0x99031043, 0xd826846a), TOBN(0x61a9c0d6, 0xb144f393), - TOBN(0xdab48046, 0x47718427), TOBN(0xdf17ff9b, 0x6e830f8b), - TOBN(0x408d7ee8, 0xe49a1347), TOBN(0x6ac71e23, 0x91c1d4ae), - TOBN(0xc8cbb9fd, 0x1defd73c), TOBN(0x19840657, 0xbbbbfec5), - TOBN(0x39db1cb5, 0x9e7ef8ea), TOBN(0x78aa8296, 0x64105f30), - TOBN(0xa3d9b7f0, 0xa3738c29), TOBN(0x0a2f235a, 0xbc3250a3), - TOBN(0x55e506f6, 0x445e4caf), TOBN(0x0974f73d, 0x33475f7a), - TOBN(0xd37dbba3, 0x5ba2f5a8), TOBN(0x542c6e63, 0x6af40066), - TOBN(0x26d99b53, 0xc5d73e2c), TOBN(0x06060d7d, 0x6c3ca33e), - TOBN(0xcdbef1c2, 0x065fef4a), TOBN(0x77e60f7d, 0xfd5b92e3), - TOBN(0xd7c549f0, 0x26708350), TOBN(0x201b3ad0, 0x34f121bf), - TOBN(0x5fcac2a1, 0x0334fc14), TOBN(0x8a9a9e09, 0x344552f6), - TOBN(0x7dd8a1d3, 0x97653082), TOBN(0x5fc0738f, 0x79d4f289), - TOBN(0x787d244d, 0x17d2d8c3), TOBN(0xeffc6345, 0x70830684), - TOBN(0x5ddb96dd, 0xe4f73ae5), TOBN(0x8efb14b1, 0x172549a5), - TOBN(0x6eb73eee, 0x2245ae7a), TOBN(0xbca4061e, 0xea11f13e), - TOBN(0xb577421d, 0x30b01f5d), TOBN(0xaa688b24, 0x782e152c), - TOBN(0x67608e71, 0xbd3502ba), TOBN(0x4ef41f24, 0xb4de75a0), - TOBN(0xb08dde5e, 0xfd6125e5), TOBN(0xde484825, 0xa409543f), - TOBN(0x1f198d98, 0x65cc2295), TOBN(0x428a3771, 0x6e0edfa2), - TOBN(0x4f9697a2, 0xadf35fc7), TOBN(0x01a43c79, 0xf7cac3c7), - TOBN(0xb05d7059, 0x0fd3659a), TOBN(0x8927f30c, 0xbb7f2d9a), - TOBN(0x4023d1ac, 0x8cf984d3), TOBN(0x32125ed3, 0x02897a45), - TOBN(0xfb572dad, 0x3d414205), TOBN(0x73000ef2, 0xe3fa82a9), - TOBN(0x4c0868e9, 0xf10a5581), TOBN(0x5b61fc67, 0x6b0b3ca5), - TOBN(0xc1258d5b, 0x7cae440c), TOBN(0x21c08b41, 0x402b7531), - TOBN(0xf61a8955, 0xde932321), TOBN(0x3568faf8, 0x2d1408af), - TOBN(0x71b15e99, 0x9ecf965b), TOBN(0xf14ed248, 0xe917276f), - TOBN(0xc6f4caa1, 0x820cf9e2), TOBN(0x681b20b2, 0x18d83c7e), - TOBN(0x6cde738d, 0xc6c01120), TOBN(0x71db0813, 0xae70e0db), - TOBN(0x95fc0644, 0x74afe18c), TOBN(0x34619053, 0x129e2be7), - TOBN(0x80615cea, 0xdb2a3b15), TOBN(0x0a49a19e, 0xdb4c7073), - TOBN(0x0e1b84c8, 0x8fd2d367), TOBN(0xd74bf462, 0x033fb8aa), - TOBN(0x889f6d65, 0x533ef217), TOBN(0x7158c7e4, 0xc3ca2e87), - TOBN(0xfb670dfb, 0xdc2b4167), TOBN(0x75910a01, 0x844c257f), - TOBN(0xf336bf07, 0xcf88577d), TOBN(0x22245250, 0xe45e2ace), - TOBN(0x2ed92e8d, 0x7ca23d85), TOBN(0x29f8be4c, 0x2b812f58), - TOBN(0xdd9ebaa7, 0x076fe12b), TOBN(0x3f2400cb, 0xae1537f9), - TOBN(0x1aa93528, 0x17bdfb46), TOBN(0xc0f98430, 0x67883b41), - TOBN(0x5590ede1, 0x0170911d), TOBN(0x7562f5bb, 0x34d4b17f), - TOBN(0xe1fa1df2, 0x1826b8d2), TOBN(0xb40b796a, 0x6bd80d59), - TOBN(0xd65bf197, 0x3467ba92), TOBN(0x8c9b46db, 0xf70954b0), - TOBN(0x97c8a0f3, 0x0e78f15d), TOBN(0xa8f3a69a, 0x85a4c961), - TOBN(0x4242660f, 0x61e4ce9b), TOBN(0xbf06aab3, 0x6ea6790c), - TOBN(0xc6706f8e, 0xec986416), TOBN(0x9e56dec1, 0x9a9fc225), - TOBN(0x527c46f4, 0x9a9898d9), TOBN(0xd799e77b, 0x5633cdef), - TOBN(0x24eacc16, 0x7d9e4297), TOBN(0xabb61cea, 0x6b1cb734), - TOBN(0xbee2e8a7, 0xf778443c), TOBN(0x3bb42bf1, 0x29de2fe6), - TOBN(0xcbed86a1, 0x3003bb6f), TOBN(0xd3918e6c, 0xd781cdf6), - TOBN(0x4bee3271, 0x9a5103f1), TOBN(0x5243efc6, 0xf50eac06), - TOBN(0xb8e122cb, 0x6adcc119), TOBN(0x1b7faa84, 0xc0b80a08), - TOBN(0x32c3d1bd, 0x6dfcd08c), TOBN(0x129dec4e, 0x0be427de), - TOBN(0x98ab679c, 0x1d263c83), TOBN(0xafc83cb7, 0xcef64eff), - TOBN(0x85eb6088, 0x2fa6be76), TOBN(0x892585fb, 0x1328cbfe), - TOBN(0xc154d3ed, 0xcf618dda), TOBN(0xc44f601b, 0x3abaf26e), - TOBN(0x7bf57d0b, 0x2be1fdfd), TOBN(0xa833bd2d, 0x21137fee), - TOBN(0x9353af36, 0x2db591a8), TOBN(0xc76f26dc, 0x5562a056), - TOBN(0x1d87e47d, 0x3fdf5a51), TOBN(0x7afb5f93, 0x55c9cab0), - TOBN(0x91bbf58f, 0x89e0586e), TOBN(0x7c72c018, 0x0d843709), - TOBN(0xa9a5aafb, 0x99b5c3dc), TOBN(0xa48a0f1d, 0x3844aeb0), - TOBN(0x7178b7dd, 0xb667e482), TOBN(0x453985e9, 0x6e23a59a), - TOBN(0x4a54c860, 0x01b25dd8), TOBN(0x0dd37f48, 0xfb897c8a), - TOBN(0x5f8aa610, 0x0ea90cd9), TOBN(0xc8892c68, 0x16d5830d), - TOBN(0xeb4befc0, 0xef514ca5), TOBN(0x478eb679, 0xe72c9ee6), - TOBN(0x9bca20da, 0xdbc40d5f), TOBN(0xf015de21, 0xdde4f64a), - TOBN(0xaa6a4de0, 0xeaf4b8a5), TOBN(0x68cfd9ca, 0x4bc60e32), - TOBN(0x668a4b01, 0x7fd15e70), TOBN(0xd9f0694a, 0xf27dc09d), - TOBN(0xf6c3cad5, 0xba708bcd), TOBN(0x5cd2ba69, 0x5bb95c2a), - TOBN(0xaa28c1d3, 0x33c0a58f), TOBN(0x23e274e3, 0xabc77870), - TOBN(0x44c3692d, 0xdfd20a4a), TOBN(0x091c5fd3, 0x81a66653), - TOBN(0x6c0bb691, 0x09a0757d), TOBN(0x9072e8b9, 0x667343ea), - TOBN(0x31d40eb0, 0x80848bec), TOBN(0x95bd480a, 0x79fd36cc), - TOBN(0x01a77c61, 0x65ed43f5), TOBN(0xafccd127, 0x2e0d40bf), - TOBN(0xeccfc82d, 0x1cc1884b), TOBN(0xc85ac201, 0x5d4753b4), - TOBN(0xc7a6caac, 0x658e099f), TOBN(0xcf46369e, 0x04b27390), - TOBN(0xe2e7d049, 0x506467ea), TOBN(0x481b63a2, 0x37cdeccc), - TOBN(0x4029abd8, 0xed80143a), TOBN(0x28bfe3c7, 0xbcb00b88), - TOBN(0x3bec1009, 0x0643d84a), TOBN(0x885f3668, 0xabd11041), - TOBN(0xdb02432c, 0xf83a34d6), TOBN(0x32f7b360, 0x719ceebe), - TOBN(0xf06c7837, 0xdad1fe7a), TOBN(0x60a157a9, 0x5441a0b0), - TOBN(0x704970e9, 0xe2d47550), TOBN(0xcd2bd553, 0x271b9020), - TOBN(0xff57f82f, 0x33e24a0b), TOBN(0x9cbee23f, 0xf2565079), - TOBN(0x16353427, 0xeb5f5825), TOBN(0x276feec4, 0xe948d662), - TOBN(0xd1b62bc6, 0xda10032b), TOBN(0x718351dd, 0xf0e72a53), - TOBN(0x93452076, 0x2420e7ba), TOBN(0x96368fff, 0x3a00118d), - TOBN(0x00ce2d26, 0x150a49e4), TOBN(0x0c28b636, 0x3f04706b), - TOBN(0xbad65a46, 0x58b196d0), TOBN(0x6c8455fc, 0xec9f8b7c), - TOBN(0xe90c895f, 0x2d71867e), TOBN(0x5c0be31b, 0xedf9f38c), - TOBN(0x2a37a15e, 0xd8f6ec04), TOBN(0x239639e7, 0x8cd85251), - TOBN(0xd8975315, 0x9c7c4c6b), TOBN(0x603aa3c0, 0xd7409af7), - TOBN(0xb8d53d0c, 0x007132fb), TOBN(0x68d12af7, 0xa6849238), - TOBN(0xbe0607e7, 0xbf5d9279), TOBN(0x9aa50055, 0xaada74ce), - TOBN(0xe81079cb, 0xba7e8ccb), TOBN(0x610c71d1, 0xa5f4ff5e), - TOBN(0x9e2ee1a7, 0x5aa07093), TOBN(0xca84004b, 0xa75da47c), - TOBN(0x074d3951, 0x3de75401), TOBN(0xf938f756, 0xbb311592), - TOBN(0x96197618, 0x00a43421), TOBN(0x39a25362, 0x07bc78c8), - TOBN(0x278f710a, 0x0a171276), TOBN(0xb28446ea, 0x8d1a8f08), - TOBN(0x184781bf, 0xe3b6a661), TOBN(0x7751cb1d, 0xe6d279f7), - TOBN(0xf8ff95d6, 0xc59eb662), TOBN(0x186d90b7, 0x58d3dea7), - TOBN(0x0e4bb6c1, 0xdfb4f754), TOBN(0x5c5cf56b, 0x2b2801dc), - TOBN(0xc561e452, 0x1f54564d), TOBN(0xb4fb8c60, 0xf0dd7f13), - TOBN(0xf8849630, 0x33ff98c7), TOBN(0x9619fffa, 0xcf17769c), - TOBN(0xf8090bf6, 0x1bfdd80a), TOBN(0x14d9a149, 0x422cfe63), - TOBN(0xb354c360, 0x6f6df9ea), TOBN(0xdbcf770d, 0x218f17ea), - TOBN(0x207db7c8, 0x79eb3480), TOBN(0x213dbda8, 0x559b6a26), - TOBN(0xac4c200b, 0x29fc81b3), TOBN(0xebc3e09f, 0x171d87c1), - TOBN(0x91799530, 0x1481aa9e), TOBN(0x051b92e1, 0x92e114fa), - TOBN(0xdf8f92e9, 0xecb5537f), TOBN(0x44b1b2cc, 0x290c7483), - TOBN(0xa711455a, 0x2adeb016), TOBN(0x964b6856, 0x81a10c2c), - TOBN(0x4f159d99, 0xcec03623), TOBN(0x05532225, 0xef3271ea), - TOBN(0xb231bea3, 0xc5ee4849), TOBN(0x57a54f50, 0x7094f103), - TOBN(0x3e2d421d, 0x9598b352), TOBN(0xe865a49c, 0x67412ab4), - TOBN(0xd2998a25, 0x1cc3a912), TOBN(0x5d092808, 0x0c74d65d), - TOBN(0x73f45908, 0x4088567a), TOBN(0xeb6b280e, 0x1f214a61), - TOBN(0x8c9adc34, 0xcaf0c13d), TOBN(0x39d12938, 0xf561fb80), - TOBN(0xb2dc3a5e, 0xbc6edfb4), TOBN(0x7485b1b1, 0xfe4d210e), - TOBN(0x062e0400, 0xe186ae72), TOBN(0x91e32d5c, 0x6eeb3b88), - TOBN(0x6df574d7, 0x4be59224), TOBN(0xebc88ccc, 0x716d55f3), - TOBN(0x26c2e6d0, 0xcad6ed33), TOBN(0xc6e21e7d, 0x0d3e8b10), - TOBN(0x2cc5840e, 0x5bcc36bb), TOBN(0x9292445e, 0x7da74f69), - TOBN(0x8be8d321, 0x4e5193a8), TOBN(0x3ec23629, 0x8df06413), - TOBN(0xc7e9ae85, 0xb134defa), TOBN(0x6073b1d0, 0x1bb2d475), - TOBN(0xb9ad615e, 0x2863c00d), TOBN(0x9e29493d, 0x525f4ac4), - TOBN(0xc32b1dea, 0x4e9acf4f), TOBN(0x3e1f01c8, 0xa50db88d), - TOBN(0xb05d70ea, 0x04da916c), TOBN(0x714b0d0a, 0xd865803e), - TOBN(0x4bd493fc, 0x9920cb5e), TOBN(0x5b44b1f7, 0x92c7a3ac), - TOBN(0xa2a77293, 0xbcec9235), TOBN(0x5ee06e87, 0xcd378553), - TOBN(0xceff8173, 0xda621607), TOBN(0x2bb03e4c, 0x99f5d290), - TOBN(0x2945106a, 0xa6f734ac), TOBN(0xb5056604, 0xd25c4732), - TOBN(0x5945920c, 0xe079afee), TOBN(0x686e17a0, 0x6789831f), - TOBN(0x5966bee8, 0xb74a5ae5), TOBN(0x38a673a2, 0x1e258d46), - TOBN(0xbd1cc1f2, 0x83141c95), TOBN(0x3b2ecf4f, 0x0e96e486), - TOBN(0xcd3aa896, 0x74e5fc78), TOBN(0x415ec10c, 0x2482fa7a), - TOBN(0x15234419, 0x80503380), TOBN(0x513d917a, 0xd314b392), - TOBN(0xb0b52f4e, 0x63caecae), TOBN(0x07bf22ad, 0x2dc7780b), - TOBN(0xe761e8a1, 0xe4306839), TOBN(0x1b3be962, 0x5dd7feaa), - TOBN(0x4fe728de, 0x74c778f1), TOBN(0xf1fa0bda, 0x5e0070f6), - TOBN(0x85205a31, 0x6ec3f510), TOBN(0x2c7e4a14, 0xd2980475), - TOBN(0xde3c19c0, 0x6f30ebfd), TOBN(0xdb1c1f38, 0xd4b7e644), - TOBN(0xfe291a75, 0x5dce364a), TOBN(0xb7b22a3c, 0x058f5be3), - TOBN(0x2cd2c302, 0x37fea38c), TOBN(0x2930967a, 0x2e17be17), - TOBN(0x87f009de, 0x0c061c65), TOBN(0xcb014aac, 0xedc6ed44), - TOBN(0x49bd1cb4, 0x3bafb1eb), TOBN(0x81bd8b5c, 0x282d3688), - TOBN(0x1cdab87e, 0xf01a17af), TOBN(0x21f37ac4, 0xe710063b), - TOBN(0x5a6c5676, 0x42fc8193), TOBN(0xf4753e70, 0x56a6015c), - TOBN(0x020f795e, 0xa15b0a44), TOBN(0x8f37c8d7, 0x8958a958), - TOBN(0x63b7e89b, 0xa4b675b5), TOBN(0xb4fb0c0c, 0x0fc31aea), - TOBN(0xed95e639, 0xa7ff1f2e), TOBN(0x9880f5a3, 0x619614fb), - TOBN(0xdeb6ff02, 0x947151ab), TOBN(0x5bc5118c, 0xa868dcdb), - TOBN(0xd8da2055, 0x4c20cea5), TOBN(0xcac2776e, 0x14c4d69a), - TOBN(0xcccb22c1, 0x622d599b), TOBN(0xa4ddb653, 0x68a9bb50), - TOBN(0x2c4ff151, 0x1b4941b4), TOBN(0xe1ff19b4, 0x6efba588), - TOBN(0x35034363, 0xc48345e0), TOBN(0x45542e3d, 0x1e29dfc4), - TOBN(0xf197cb91, 0x349f7aed), TOBN(0x3b2b5a00, 0x8fca8420), - TOBN(0x7c175ee8, 0x23aaf6d8), TOBN(0x54dcf421, 0x35af32b6), - TOBN(0x0ba14307, 0x27d6561e), TOBN(0x879d5ee4, 0xd175b1e2), - TOBN(0xc7c43673, 0x99807db5), TOBN(0x77a54455, 0x9cd55bcd), - TOBN(0xe6c2ff13, 0x0105c072), TOBN(0x18f7a99f, 0x8dda7da4), - TOBN(0x4c301820, 0x0e2d35c1), TOBN(0x06a53ca0, 0xd9cc6c82), - TOBN(0xaa21cc1e, 0xf1aa1d9e), TOBN(0x32414334, 0x4a75b1e8), - TOBN(0x2a6d1328, 0x0ebe9fdc), TOBN(0x16bd173f, 0x98a4755a), - TOBN(0xfbb9b245, 0x2133ffd9), TOBN(0x39a8b2f1, 0x830f1a20), - TOBN(0x484bc97d, 0xd5a1f52a), TOBN(0xd6aebf56, 0xa40eddf8), - TOBN(0x32257acb, 0x76ccdac6), TOBN(0xaf4d36ec, 0x1586ff27), - TOBN(0x8eaa8863, 0xf8de7dd1), TOBN(0x0045d5cf, 0x88647c16)}, - {TOBN(0xa6f3d574, 0xc005979d), TOBN(0xc2072b42, 0x6a40e350), - TOBN(0xfca5c156, 0x8de2ecf9), TOBN(0xa8c8bf5b, 0xa515344e), - TOBN(0x97aee555, 0x114df14a), TOBN(0xd4374a4d, 0xfdc5ec6b), - TOBN(0x754cc28f, 0x2ca85418), TOBN(0x71cb9e27, 0xd3c41f78), - TOBN(0x89105079, 0x03605c39), TOBN(0xf0843d9e, 0xa142c96c), - TOBN(0xf3744934, 0x16923684), TOBN(0x732caa2f, 0xfa0a2893), - TOBN(0xb2e8c270, 0x61160170), TOBN(0xc32788cc, 0x437fbaa3), - TOBN(0x39cd818e, 0xa6eda3ac), TOBN(0xe2e94239, 0x9e2b2e07), - TOBN(0x6967d39b, 0x0260e52a), TOBN(0xd42585cc, 0x90653325), - TOBN(0x0d9bd605, 0x21ca7954), TOBN(0x4fa20877, 0x81ed57b3), - TOBN(0x60c1eff8, 0xe34a0bbe), TOBN(0x56b0040c, 0x84f6ef64), - TOBN(0x28be2b24, 0xb1af8483), TOBN(0xb2278163, 0xf5531614), - TOBN(0x8df27545, 0x5922ac1c), TOBN(0xa7b3ef5c, 0xa52b3f63), - TOBN(0x8e77b214, 0x71de57c4), TOBN(0x31682c10, 0x834c008b), - TOBN(0xc76824f0, 0x4bd55d31), TOBN(0xb6d1c086, 0x17b61c71), - TOBN(0x31db0903, 0xc2a5089d), TOBN(0x9c092172, 0x184e5d3f), - TOBN(0xdd7ced5b, 0xc00cc638), TOBN(0x1a2015eb, 0x61278fc2), - TOBN(0x2e8e5288, 0x6a37f8d6), TOBN(0xc457786f, 0xe79933ad), - TOBN(0xb3fe4cce, 0x2c51211a), TOBN(0xad9b10b2, 0x24c20498), - TOBN(0x90d87a4f, 0xd28db5e5), TOBN(0x698cd105, 0x3aca2fc3), - TOBN(0x4f112d07, 0xe91b536d), TOBN(0xceb982f2, 0x9eba09d6), - TOBN(0x3c157b2c, 0x197c396f), TOBN(0xe23c2d41, 0x7b66eb24), - TOBN(0x480c57d9, 0x3f330d37), TOBN(0xb3a4c8a1, 0x79108deb), - TOBN(0x702388de, 0xcb199ce5), TOBN(0x0b019211, 0xb944a8d4), - TOBN(0x24f2a692, 0x840bb336), TOBN(0x7c353bdc, 0xa669fa7b), - TOBN(0xda20d6fc, 0xdec9c300), TOBN(0x625fbe2f, 0xa13a4f17), - TOBN(0xa2b1b61a, 0xdbc17328), TOBN(0x008965bf, 0xa9515621), - TOBN(0x49690939, 0xc620ff46), TOBN(0x182dd27d, 0x8717e91c), - TOBN(0x5ace5035, 0xea6c3997), TOBN(0x54259aaa, 0xc2610bef), - TOBN(0xef18bb3f, 0x3c80dd39), TOBN(0x6910b95b, 0x5fc3fa39), - TOBN(0xfce2f510, 0x43e09aee), TOBN(0xced56c9f, 0xa7675665), - TOBN(0x10e265ac, 0xd872db61), TOBN(0x6982812e, 0xae9fce69), - TOBN(0x29be11c6, 0xce800998), TOBN(0x72bb1752, 0xb90360d9), - TOBN(0x2c193197, 0x5a4ad590), TOBN(0x2ba2f548, 0x9fc1dbc0), - TOBN(0x7fe4eebb, 0xe490ebe0), TOBN(0x12a0a4cd, 0x7fae11c0), - TOBN(0x7197cf81, 0xe903ba37), TOBN(0xcf7d4aa8, 0xde1c6dd8), - TOBN(0x92af6bf4, 0x3fd5684c), TOBN(0x2b26eecf, 0x80360aa1), - TOBN(0xbd960f30, 0x00546a82), TOBN(0x407b3c43, 0xf59ad8fe), - TOBN(0x86cae5fe, 0x249c82ba), TOBN(0x9e0faec7, 0x2463744c), - TOBN(0x87f551e8, 0x94916272), TOBN(0x033f9344, 0x6ceb0615), - TOBN(0x1e5eb0d1, 0x8be82e84), TOBN(0x89967f0e, 0x7a582fef), - TOBN(0xbcf687d5, 0xa6e921fa), TOBN(0xdfee4cf3, 0xd37a09ba), - TOBN(0x94f06965, 0xb493c465), TOBN(0x638b9a1c, 0x7635c030), - TOBN(0x76667864, 0x66f05e9f), TOBN(0xccaf6808, 0xc04da725), - TOBN(0xca2eb690, 0x768fccfc), TOBN(0xf402d37d, 0xb835b362), - TOBN(0x0efac0d0, 0xe2fdfcce), TOBN(0xefc9cdef, 0xb638d990), - TOBN(0x2af12b72, 0xd1669a8b), TOBN(0x33c536bc, 0x5774ccbd), - TOBN(0x30b21909, 0xfb34870e), TOBN(0xc38fa2f7, 0x7df25aca), - TOBN(0x74c5f02b, 0xbf81f3f5), TOBN(0x0525a5ae, 0xaf7e4581), - TOBN(0x88d2aaba, 0x433c54ae), TOBN(0xed9775db, 0x806a56c5), - TOBN(0xd320738a, 0xc0edb37d), TOBN(0x25fdb6ee, 0x66cc1f51), - TOBN(0xac661d17, 0x10600d76), TOBN(0x931ec1f3, 0xbdd1ed76), - TOBN(0x65c11d62, 0x19ee43f1), TOBN(0x5cd57c3e, 0x60829d97), - TOBN(0xd26c91a3, 0x984be6e8), TOBN(0xf08d9309, 0x8b0c53bd), - TOBN(0x94bc9e5b, 0xc016e4ea), TOBN(0xd3916839, 0x11d43d2b), - TOBN(0x886c5ad7, 0x73701155), TOBN(0xe0377626, 0x20b00715), - TOBN(0x7f01c9ec, 0xaa80ba59), TOBN(0x3083411a, 0x68538e51), - TOBN(0x970370f1, 0xe88128af), TOBN(0x625cc3db, 0x91dec14b), - TOBN(0xfef9666c, 0x01ac3107), TOBN(0xb2a8d577, 0xd5057ac3), - TOBN(0xb0f26299, 0x92be5df7), TOBN(0xf579c8e5, 0x00353924), - TOBN(0xb8fa3d93, 0x1341ed7a), TOBN(0x4223272c, 0xa7b59d49), - TOBN(0x3dcb1947, 0x83b8c4a4), TOBN(0x4e413c01, 0xed1302e4), - TOBN(0x6d999127, 0xe17e44ce), TOBN(0xee86bf75, 0x33b3adfb), - TOBN(0xf6902fe6, 0x25aa96ca), TOBN(0xb73540e4, 0xe5aae47d), - TOBN(0x32801d7b, 0x1b4a158c), TOBN(0xe571c99e, 0x27e2a369), - TOBN(0x40cb76c0, 0x10d9f197), TOBN(0xc308c289, 0x3167c0ae), - TOBN(0xa6ef9dd3, 0xeb7958f2), TOBN(0xa7226dfc, 0x300879b1), - TOBN(0x6cd0b362, 0x7edf0636), TOBN(0x4efbce6c, 0x7bc37eed), - TOBN(0x75f92a05, 0x8d699021), TOBN(0x586d4c79, 0x772566e3), - TOBN(0x378ca5f1, 0x761ad23a), TOBN(0x650d86fc, 0x1465a8ac), - TOBN(0x7a4ed457, 0x842ba251), TOBN(0x6b65e3e6, 0x42234933), - TOBN(0xaf1543b7, 0x31aad657), TOBN(0xa4cefe98, 0xcbfec369), - TOBN(0xb587da90, 0x9f47befb), TOBN(0x6562e9fb, 0x41312d13), - TOBN(0xa691ea59, 0xeff1cefe), TOBN(0xcc30477a, 0x05fc4cf6), - TOBN(0xa1632461, 0x0b0ffd3d), TOBN(0xa1f16f3b, 0x5b355956), - TOBN(0x5b148d53, 0x4224ec24), TOBN(0xdc834e7b, 0xf977012a), - TOBN(0x7bfc5e75, 0xb2c69dbc), TOBN(0x3aa77a29, 0x03c3da6c), - TOBN(0xde0df03c, 0xca910271), TOBN(0xcbd5ca4a, 0x7806dc55), - TOBN(0xe1ca5807, 0x6db476cb), TOBN(0xfde15d62, 0x5f37a31e), - TOBN(0xf49af520, 0xf41af416), TOBN(0x96c5c5b1, 0x7d342db5), - TOBN(0x155c43b7, 0xeb4ceb9b), TOBN(0x2e993010, 0x4e77371a), - TOBN(0x1d2987da, 0x675d43af), TOBN(0xef2bc1c0, 0x8599fd72), - TOBN(0x96894b7b, 0x9342f6b2), TOBN(0x201eadf2, 0x7c8e71f0), - TOBN(0xf3479d9f, 0x4a1f3efc), TOBN(0xe0f8a742, 0x702a9704), - TOBN(0xeafd44b6, 0xb3eba40c), TOBN(0xf9739f29, 0xc1c1e0d0), - TOBN(0x0091471a, 0x619d505e), TOBN(0xc15f9c96, 0x9d7c263e), - TOBN(0x5be47285, 0x83afbe33), TOBN(0xa3b6d6af, 0x04f1e092), - TOBN(0xe76526b9, 0x751a9d11), TOBN(0x2ec5b26d, 0x9a4ae4d2), - TOBN(0xeb66f4d9, 0x02f6fb8d), TOBN(0x4063c561, 0x96912164), - TOBN(0xeb7050c1, 0x80ef3000), TOBN(0x288d1c33, 0xeaa5b3f0), - TOBN(0xe87c68d6, 0x07806fd8), TOBN(0xb2f7f9d5, 0x4bbbf50f), - TOBN(0x25972f3a, 0xac8d6627), TOBN(0xf8547774, 0x10e8c13b), - TOBN(0xcc50ef6c, 0x872b4a60), TOBN(0xab2a34a4, 0x4613521b), - TOBN(0x39c5c190, 0x983e15d1), TOBN(0x61dde5df, 0x59905512), - TOBN(0xe417f621, 0x9f2275f3), TOBN(0x0750c8b6, 0x451d894b), - TOBN(0x75b04ab9, 0x78b0bdaa), TOBN(0x3bfd9fd4, 0x458589bd), - TOBN(0xf1013e30, 0xee9120b6), TOBN(0x2b51af93, 0x23a4743e), - TOBN(0xea96ffae, 0x48d14d9e), TOBN(0x71dc0dbe, 0x698a1d32), - TOBN(0x914962d2, 0x0180cca4), TOBN(0x1ae60677, 0xc3568963), - TOBN(0x8cf227b1, 0x437bc444), TOBN(0xc650c83b, 0xc9962c7a), - TOBN(0x23c2c7dd, 0xfe7ccfc4), TOBN(0xf925c89d, 0x1b929d48), - TOBN(0x4460f74b, 0x06783c33), TOBN(0xac2c8d49, 0xa590475a), - TOBN(0xfb40b407, 0xb807bba0), TOBN(0x9d1e362d, 0x69ff8f3a), - TOBN(0xa33e9681, 0xcbef64a4), TOBN(0x67ece5fa, 0x332fb4b2), - TOBN(0x6900a99b, 0x739f10e3), TOBN(0xc3341ca9, 0xff525925), - TOBN(0xee18a626, 0xa9e2d041), TOBN(0xa5a83685, 0x29580ddd), - TOBN(0xf3470c81, 0x9d7de3cd), TOBN(0xedf02586, 0x2062cf9c), - TOBN(0xf43522fa, 0xc010edb0), TOBN(0x30314135, 0x13a4b1ae), - TOBN(0xc792e02a, 0xdb22b94b), TOBN(0x993d8ae9, 0xa1eaa45b), - TOBN(0x8aad6cd3, 0xcd1e1c63), TOBN(0x89529ca7, 0xc5ce688a), - TOBN(0x2ccee3aa, 0xe572a253), TOBN(0xe02b6438, 0x02a21efb), - TOBN(0xa7091b6e, 0xc9430358), TOBN(0x06d1b1fa, 0x9d7db504), - TOBN(0x58846d32, 0xc4744733), TOBN(0x40517c71, 0x379f9e34), - TOBN(0x2f65655f, 0x130ef6ca), TOBN(0x526e4488, 0xf1f3503f), - TOBN(0x8467bd17, 0x7ee4a976), TOBN(0x1d9dc913, 0x921363d1), - TOBN(0xd8d24c33, 0xb069e041), TOBN(0x5eb5da0a, 0x2cdf7f51), - TOBN(0x1c0f3cb1, 0x197b994f), TOBN(0x3c95a6c5, 0x2843eae9), - TOBN(0x7766ffc9, 0xa6097ea5), TOBN(0x7bea4093, 0xd723b867), - TOBN(0xb48e1f73, 0x4db378f9), TOBN(0x70025b00, 0xe37b77ac), - TOBN(0x943dc8e7, 0xaf24ad46), TOBN(0xb98a15ac, 0x16d00a85), - TOBN(0x3adc38ba, 0x2743b004), TOBN(0xb1c7f4f7, 0x334415ee), - TOBN(0xea43df8f, 0x1e62d05a), TOBN(0x32618905, 0x9d76a3b6), - TOBN(0x2fbd0bb5, 0xa23a0f46), TOBN(0x5bc971db, 0x6a01918c), - TOBN(0x7801d94a, 0xb4743f94), TOBN(0xb94df65e, 0x676ae22b), - TOBN(0xaafcbfab, 0xaf95894c), TOBN(0x7b9bdc07, 0x276b2241), - TOBN(0xeaf98362, 0x5bdda48b), TOBN(0x5977faf2, 0xa3fcb4df), - TOBN(0xbed042ef, 0x052c4b5b), TOBN(0x9fe87f71, 0x067591f0), - TOBN(0xc89c73ca, 0x22f24ec7), TOBN(0x7d37fa9e, 0xe64a9f1b), - TOBN(0x2710841a, 0x15562627), TOBN(0x2c01a613, 0xc243b034), - TOBN(0x1d135c56, 0x2bc68609), TOBN(0xc2ca1715, 0x8b03f1f6), - TOBN(0xc9966c2d, 0x3eb81d82), TOBN(0xc02abf4a, 0x8f6df13e), - TOBN(0x77b34bd7, 0x8f72b43b), TOBN(0xaff6218f, 0x360c82b0), - TOBN(0x0aa5726c, 0x8d55b9d2), TOBN(0xdc0adbe9, 0x99e9bffb), - TOBN(0x9097549c, 0xefb9e72a), TOBN(0x16755712, 0x9dfb3111), - TOBN(0xdd8bf984, 0xf26847f9), TOBN(0xbcb8e387, 0xdfb30cb7), - TOBN(0xc1fd32a7, 0x5171ef9c), TOBN(0x977f3fc7, 0x389b363f), - TOBN(0x116eaf2b, 0xf4babda0), TOBN(0xfeab68bd, 0xf7113c8e), - TOBN(0xd1e3f064, 0xb7def526), TOBN(0x1ac30885, 0xe0b3fa02), - TOBN(0x1c5a6e7b, 0x40142d9d), TOBN(0x839b5603, 0x30921c0b), - TOBN(0x48f301fa, 0x36a116a3), TOBN(0x380e1107, 0xcfd9ee6d), - TOBN(0x7945ead8, 0x58854be1), TOBN(0x4111c12e, 0xcbd4d49d), - TOBN(0xece3b1ec, 0x3a29c2ef), TOBN(0x6356d404, 0x8d3616f5), - TOBN(0x9f0d6a8f, 0x594d320e), TOBN(0x0989316d, 0xf651ccd2), - TOBN(0x6c32117a, 0x0f8fdde4), TOBN(0x9abe5cc5, 0xa26a9bbc), - TOBN(0xcff560fb, 0x9723f671), TOBN(0x21b2a12d, 0x7f3d593c), - TOBN(0xe4cb18da, 0x24ba0696), TOBN(0x186e2220, 0xc3543384), - TOBN(0x722f64e0, 0x88312c29), TOBN(0x94282a99, 0x17dc7752), - TOBN(0x62467bbf, 0x5a85ee89), TOBN(0xf435c650, 0xf10076a0), - TOBN(0xc9ff1539, 0x43b3a50b), TOBN(0x7132130c, 0x1a53efbc), - TOBN(0x31bfe063, 0xf7b0c5b7), TOBN(0xb0179a7d, 0x4ea994cc), - TOBN(0x12d064b3, 0xc85f455b), TOBN(0x47259328, 0x8f6e0062), - TOBN(0xf64e590b, 0xb875d6d9), TOBN(0x22dd6225, 0xad92bcc7), - TOBN(0xb658038e, 0xb9c3bd6d), TOBN(0x00cdb0d6, 0xfbba27c8), - TOBN(0x0c681337, 0x1062c45d), TOBN(0xd8515b8c, 0x2d33407d), - TOBN(0xcb8f699e, 0x8cbb5ecf), TOBN(0x8c4347f8, 0xc608d7d8), - TOBN(0x2c11850a, 0xbb3e00db), TOBN(0x20a8dafd, 0xecb49d19), - TOBN(0xbd781480, 0x45ee2f40), TOBN(0x75e354af, 0x416b60cf), - TOBN(0xde0b58a1, 0x8d49a8c4), TOBN(0xe40e94e2, 0xfa359536), - TOBN(0xbd4fa59f, 0x62accd76), TOBN(0x05cf466a, 0x8c762837), - TOBN(0xb5abda99, 0x448c277b), TOBN(0x5a9e01bf, 0x48b13740), - TOBN(0x9d457798, 0x326aad8d), TOBN(0xbdef4954, 0xc396f7e7), - TOBN(0x6fb274a2, 0xc253e292), TOBN(0x2800bf0a, 0x1cfe53e7), - TOBN(0x22426d31, 0x44438fd4), TOBN(0xef233923, 0x5e259f9a), - TOBN(0x4188503c, 0x03f66264), TOBN(0x9e5e7f13, 0x7f9fdfab), - TOBN(0x565eb76c, 0x5fcc1aba), TOBN(0xea632548, 0x59b5bff8), - TOBN(0x5587c087, 0xaab6d3fa), TOBN(0x92b639ea, 0x6ce39c1b), - TOBN(0x0706e782, 0x953b135c), TOBN(0x7308912e, 0x425268ef), - TOBN(0x599e92c7, 0x090e7469), TOBN(0x83b90f52, 0x9bc35e75), - TOBN(0x4750b3d0, 0x244975b3), TOBN(0xf3a44358, 0x11965d72), - TOBN(0x179c6774, 0x9c8dc751), TOBN(0xff18cdfe, 0xd23d9ff0), - TOBN(0xc4013833, 0x2028e247), TOBN(0x96e280e2, 0xf3bfbc79), - TOBN(0xf60417bd, 0xd0880a84), TOBN(0x263c9f3d, 0x2a568151), - TOBN(0x36be15b3, 0x2d2ce811), TOBN(0x846dc0c2, 0xf8291d21), - TOBN(0x5cfa0ecb, 0x789fcfdb), TOBN(0x45a0beed, 0xd7535b9a), - TOBN(0xec8e9f07, 0x96d69af1), TOBN(0x31a7c5b8, 0x599ab6dc), - TOBN(0xd36d45ef, 0xf9e2e09f), TOBN(0x3cf49ef1, 0xdcee954b), - TOBN(0x6be34cf3, 0x086cff9b), TOBN(0x88dbd491, 0x39a3360f), - TOBN(0x1e96b8cc, 0x0dbfbd1d), TOBN(0xc1e5f7bf, 0xcb7e2552), - TOBN(0x0547b214, 0x28819d98), TOBN(0xc770dd9c, 0x7aea9dcb), - TOBN(0xaef0d4c7, 0x041d68c8), TOBN(0xcc2b9818, 0x13cb9ba8), - TOBN(0x7fc7bc76, 0xfe86c607), TOBN(0x6b7b9337, 0x502a9a95), - TOBN(0x1948dc27, 0xd14dab63), TOBN(0x249dd198, 0xdae047be), - TOBN(0xe8356584, 0xa981a202), TOBN(0x3531dd18, 0x3a893387), - TOBN(0x1be11f90, 0xc85c7209), TOBN(0x93d2fe1e, 0xe2a52b5a), - TOBN(0x8225bfe2, 0xec6d6b97), TOBN(0x9cf6d6f4, 0xbd0aa5de), - TOBN(0x911459cb, 0x54779f5f), TOBN(0x5649cddb, 0x86aeb1f3), - TOBN(0x32133579, 0x3f26ce5a), TOBN(0xc289a102, 0x550f431e), - TOBN(0x559dcfda, 0x73b84c6f), TOBN(0x84973819, 0xee3ac4d7), - TOBN(0xb51e55e6, 0xf2606a82), TOBN(0xe25f7061, 0x90f2fb57), - TOBN(0xacef6c2a, 0xb1a4e37c), TOBN(0x864e359d, 0x5dcf2706), - TOBN(0x479e6b18, 0x7ce57316), TOBN(0x2cab2500, 0x3a96b23d), - TOBN(0xed489862, 0x8ef16df7), TOBN(0x2056538c, 0xef3758b5), - TOBN(0xa7df865e, 0xf15d3101), TOBN(0x80c5533a, 0x61b553d7), - TOBN(0x366e1997, 0x4ed14294), TOBN(0x6620741f, 0xb3c0bcd6), - TOBN(0x21d1d9c4, 0xedc45418), TOBN(0x005b859e, 0xc1cc4a9d), - TOBN(0xdf01f630, 0xa1c462f0), TOBN(0x15d06cf3, 0xf26820c7), - TOBN(0x9f7f24ee, 0x3484be47), TOBN(0x2ff33e96, 0x4a0c902f), - TOBN(0x00bdf457, 0x5a0bc453), TOBN(0x2378dfaf, 0x1aa238db), - TOBN(0x272420ec, 0x856720f2), TOBN(0x2ad9d95b, 0x96797291), - TOBN(0xd1242cc6, 0x768a1558), TOBN(0x2e287f8b, 0x5cc86aa8), - TOBN(0x796873d0, 0x990cecaa), TOBN(0xade55f81, 0x675d4080), - TOBN(0x2645eea3, 0x21f0cd84), TOBN(0x7a1efa0f, 0xb4e17d02), - TOBN(0xf6858420, 0x037cc061), TOBN(0x682e05f0, 0xd5d43e12), - TOBN(0x59c36994, 0x27218710), TOBN(0x85cbba4d, 0x3f7cd2fc), - TOBN(0x726f9729, 0x7a3cd22a), TOBN(0x9f8cd5dc, 0x4a628397), - TOBN(0x17b93ab9, 0xc23165ed), TOBN(0xff5f5dbf, 0x122823d4), - TOBN(0xc1e4e4b5, 0x654a446d), TOBN(0xd1a9496f, 0x677257ba), - TOBN(0x6387ba94, 0xde766a56), TOBN(0x23608bc8, 0x521ec74a), - TOBN(0x16a522d7, 0x6688c4d4), TOBN(0x9d6b4282, 0x07373abd), - TOBN(0xa62f07ac, 0xb42efaa3), TOBN(0xf73e00f7, 0xe3b90180), - TOBN(0x36175fec, 0x49421c3e), TOBN(0xc4e44f9b, 0x3dcf2678), - TOBN(0x76df436b, 0x7220f09f), TOBN(0x172755fb, 0x3aa8b6cf), - TOBN(0xbab89d57, 0x446139cc), TOBN(0x0a0a6e02, 0x5fe0208f), - TOBN(0xcdbb63e2, 0x11e5d399), TOBN(0x33ecaa12, 0xa8977f0b), - TOBN(0x59598b21, 0xf7c42664), TOBN(0xb3e91b32, 0xab65d08a), - TOBN(0x035822ee, 0xf4502526), TOBN(0x1dcf0176, 0x720a82a9), - TOBN(0x50f8598f, 0x3d589e02), TOBN(0xdf0478ff, 0xb1d63d2c), - TOBN(0x8b8068bd, 0x1571cd07), TOBN(0x30c3aa4f, 0xd79670cd), - TOBN(0x25e8fd4b, 0x941ade7f), TOBN(0x3d1debdc, 0x32790011), - TOBN(0x65b6dcbd, 0x3a3f9ff0), TOBN(0x282736a4, 0x793de69c), - TOBN(0xef69a0c3, 0xd41d3bd3), TOBN(0xb533b8c9, 0x07a26bde), - TOBN(0xe2801d97, 0xdb2edf9f), TOBN(0xdc4a8269, 0xe1877af0), - TOBN(0x6c1c5851, 0x3d590dbe), TOBN(0x84632f6b, 0xee4e9357), - TOBN(0xd36d36b7, 0x79b33374), TOBN(0xb46833e3, 0x9bbca2e6), - TOBN(0x37893913, 0xf7fc0586), TOBN(0x385315f7, 0x66bf4719), - TOBN(0x72c56293, 0xb31855dc), TOBN(0xd1416d4e, 0x849061fe), - TOBN(0xbeb3ab78, 0x51047213), TOBN(0x447f6e61, 0xf040c996), - TOBN(0xd06d310d, 0x638b1d0c), TOBN(0xe28a413f, 0xbad1522e), - TOBN(0x685a76cb, 0x82003f86), TOBN(0x610d07f7, 0x0bcdbca3), - TOBN(0x6ff66021, 0x9ca4c455), TOBN(0x7df39b87, 0xcea10eec), - TOBN(0xb9255f96, 0xe22db218), TOBN(0x8cc6d9eb, 0x08a34c44), - TOBN(0xcd4ffb86, 0x859f9276), TOBN(0x8fa15eb2, 0x50d07335), - TOBN(0xdf553845, 0xcf2c24b5), TOBN(0x89f66a9f, 0x52f9c3ba), - TOBN(0x8f22b5b9, 0xe4a7ceb3), TOBN(0xaffef809, 0x0e134686), - TOBN(0x3e53e1c6, 0x8eb8fac2), TOBN(0x93c1e4eb, 0x28aec98e), - TOBN(0xb6b91ec5, 0x32a43bcb), TOBN(0x2dbfa947, 0xb2d74a51), - TOBN(0xe065d190, 0xca84bad7), TOBN(0xfb13919f, 0xad58e65c), - TOBN(0x3c41718b, 0xf1cb6e31), TOBN(0x688969f0, 0x06d05c3f), - TOBN(0xd4f94ce7, 0x21264d45), TOBN(0xfdfb65e9, 0x7367532b), - TOBN(0x5b1be8b1, 0x0945a39d), TOBN(0x229f789c, 0x2b8baf3b), - TOBN(0xd8f41f3e, 0x6f49f15d), TOBN(0x678ce828, 0x907f0792), - TOBN(0xc69ace82, 0xfca6e867), TOBN(0x106451ae, 0xd01dcc89), - TOBN(0x1bb4f7f0, 0x19fc32d2), TOBN(0x64633dfc, 0xb00c52d2), - TOBN(0x8f13549a, 0xad9ea445), TOBN(0x99a3bf50, 0xfb323705), - TOBN(0x0c9625a2, 0x534d4dbc), TOBN(0x45b8f1d1, 0xc2a2fea3), - TOBN(0x76ec21a1, 0xa530fc1a), TOBN(0x4bac9c2a, 0x9e5bd734), - TOBN(0x5996d76a, 0x7b4e3587), TOBN(0x0045cdee, 0x1182d9e3), - TOBN(0x1aee24b9, 0x1207f13d), TOBN(0x66452e97, 0x97345a41), - TOBN(0x16e5b054, 0x9f950cd0), TOBN(0x9cc72fb1, 0xd7fdd075), - TOBN(0x6edd61e7, 0x66249663), TOBN(0xde4caa4d, 0xf043cccb), - TOBN(0x11b1f57a, 0x55c7ac17), TOBN(0x779cbd44, 0x1a85e24d), - TOBN(0x78030f86, 0xe46081e7), TOBN(0xfd4a6032, 0x8e20f643), - TOBN(0xcc7a6488, 0x0a750c0f), TOBN(0x39bacfe3, 0x4e548e83), - TOBN(0x3d418c76, 0x0c110f05), TOBN(0x3e4daa4c, 0xb1f11588), - TOBN(0x2733e7b5, 0x5ffc69ff), TOBN(0x46f147bc, 0x92053127), - TOBN(0x885b2434, 0xd722df94), TOBN(0x6a444f65, 0xe6fc6b7c)}, - {TOBN(0x7a1a465a, 0xc3f16ea8), TOBN(0x115a461d, 0xb2f1d11c), - TOBN(0x4767dd95, 0x6c68a172), TOBN(0x3392f2eb, 0xd13a4698), - TOBN(0xc7a99ccd, 0xe526cdc7), TOBN(0x8e537fdc, 0x22292b81), - TOBN(0x76d8cf69, 0xa6d39198), TOBN(0xffc5ff43, 0x2446852d), - TOBN(0x97b14f7e, 0xa90567e6), TOBN(0x513257b7, 0xb6ae5cb7), - TOBN(0x85454a3c, 0x9f10903d), TOBN(0xd8d2c9ad, 0x69bc3724), - TOBN(0x38da9324, 0x6b29cb44), TOBN(0xb540a21d, 0x77c8cbac), - TOBN(0x9bbfe435, 0x01918e42), TOBN(0xfffa707a, 0x56c3614e), - TOBN(0x0ce4e3f1, 0xd4e353b7), TOBN(0x062d8a14, 0xef46b0a0), - TOBN(0x6408d5ab, 0x574b73fd), TOBN(0xbc41d1c9, 0xd3273ffd), - TOBN(0x3538e1e7, 0x6be77800), TOBN(0x71fe8b37, 0xc5655031), - TOBN(0x1cd91621, 0x6b9b331a), TOBN(0xad825d0b, 0xbb388f73), - TOBN(0x56c2e05b, 0x1cb76219), TOBN(0x0ec0bf91, 0x71567e7e), - TOBN(0xe7076f86, 0x61c4c910), TOBN(0xd67b085b, 0xbabc04d9), - TOBN(0x9fb90459, 0x5e93a96a), TOBN(0x7526c1ea, 0xfbdc249a), - TOBN(0x0d44d367, 0xecdd0bb7), TOBN(0x95399917, 0x9dc0d695), - TOBN(0x61360ee9, 0x9e240d18), TOBN(0x057cdcac, 0xb4b94466), - TOBN(0xe7667cd1, 0x2fe5325c), TOBN(0x1fa297b5, 0x21974e3b), - TOBN(0xfa4081e7, 0xdb083d76), TOBN(0x31993be6, 0xf206bd15), - TOBN(0x8949269b, 0x14c19f8c), TOBN(0x21468d72, 0xa9d92357), - TOBN(0x2ccbc583, 0xa4c506ec), TOBN(0x957ed188, 0xd1acfe97), - TOBN(0x8baed833, 0x12f1aea2), TOBN(0xef2a6cb4, 0x8325362d), - TOBN(0x130dde42, 0x8e195c43), TOBN(0xc842025a, 0x0e6050c6), - TOBN(0x2da972a7, 0x08686a5d), TOBN(0xb52999a1, 0xe508b4a8), - TOBN(0xd9f090b9, 0x10a5a8bd), TOBN(0xca91d249, 0x096864da), - TOBN(0x8e6a93be, 0x3f67dbc1), TOBN(0xacae6fba, 0xf5f4764c), - TOBN(0x1563c6e0, 0xd21411a0), TOBN(0x28fa787f, 0xda0a4ad8), - TOBN(0xd524491c, 0x908c8030), TOBN(0x1257ba0e, 0x4c795f07), - TOBN(0x83f49167, 0xceca9754), TOBN(0x426d2cf6, 0x4b7939a0), - TOBN(0x2555e355, 0x723fd0bf), TOBN(0xa96e6d06, 0xc4f144e2), - TOBN(0x4768a8dd, 0x87880e61), TOBN(0x15543815, 0xe508e4d5), - TOBN(0x09d7e772, 0xb1b65e15), TOBN(0x63439dd6, 0xac302fa0), - TOBN(0xb93f802f, 0xc14e35c2), TOBN(0x71735b7c, 0x4341333c), - TOBN(0x03a25104, 0x16d4f362), TOBN(0x3f4d069b, 0xbf433c8e), - TOBN(0x0d83ae01, 0xf78f5a7c), TOBN(0x50a8ffbe, 0x7c4eed07), - TOBN(0xc74f8906, 0x76e10f83), TOBN(0x7d080966, 0x9ddaf8e1), - TOBN(0xb11df8e1, 0x698e04cc), TOBN(0x877be203, 0x169005c8), - TOBN(0x32749e8c, 0x4f3c6179), TOBN(0x2dbc9d0a, 0x7853fc05), - TOBN(0x187d4f93, 0x9454d937), TOBN(0xe682ce9d, 0xb4800e1b), - TOBN(0xa9129ad8, 0x165e68e8), TOBN(0x0fe29735, 0xbe7f785b), - TOBN(0x5303f40c, 0x5b9e02b7), TOBN(0xa37c9692, 0x35ee04e8), - TOBN(0x5f46cc20, 0x34d6632b), TOBN(0x55ef72b2, 0x96ac545b), - TOBN(0xabec5c1f, 0x7b91b062), TOBN(0x0a79e1c7, 0xbb33e821), - TOBN(0xbb04b428, 0x3a9f4117), TOBN(0x0de1f28f, 0xfd2a475a), - TOBN(0x31019ccf, 0x3a4434b4), TOBN(0xa3458111, 0x1a7954dc), - TOBN(0xa9dac80d, 0xe34972a7), TOBN(0xb043d054, 0x74f6b8dd), - TOBN(0x021c319e, 0x11137b1a), TOBN(0x00a754ce, 0xed5cc03f), - TOBN(0x0aa2c794, 0xcbea5ad4), TOBN(0x093e67f4, 0x70c015b6), - TOBN(0x72cdfee9, 0xc97e3f6b), TOBN(0xc10bcab4, 0xb6da7461), - TOBN(0x3b02d2fc, 0xb59806b9), TOBN(0x85185e89, 0xa1de6f47), - TOBN(0x39e6931f, 0x0eb6c4d4), TOBN(0x4d4440bd, 0xd4fa5b04), - TOBN(0x5418786e, 0x34be7eb8), TOBN(0x6380e521, 0x9d7259bc), - TOBN(0x20ac0351, 0xd598d710), TOBN(0x272c4166, 0xcb3a4da4), - TOBN(0xdb82fe1a, 0xca71de1f), TOBN(0x746e79f2, 0xd8f54b0f), - TOBN(0x6e7fc736, 0x4b573e9b), TOBN(0x75d03f46, 0xfd4b5040), - TOBN(0x5c1cc36d, 0x0b98d87b), TOBN(0x513ba3f1, 0x1f472da1), - TOBN(0x79d0af26, 0xabb177dd), TOBN(0xf82ab568, 0x7891d564), - TOBN(0x2b6768a9, 0x72232173), TOBN(0xefbb3bb0, 0x8c1f6619), - TOBN(0xb29c11db, 0xa6d18358), TOBN(0x519e2797, 0xb0916d3a), - TOBN(0xd4dc18f0, 0x9188e290), TOBN(0x648e86e3, 0x98b0ca7f), - TOBN(0x859d3145, 0x983c38b5), TOBN(0xb14f176c, 0x637abc8b), - TOBN(0x2793fb9d, 0xcaff7be6), TOBN(0xebe5a55f, 0x35a66a5a), - TOBN(0x7cec1dcd, 0x9f87dc59), TOBN(0x7c595cd3, 0xfbdbf560), - TOBN(0x5b543b22, 0x26eb3257), TOBN(0x69080646, 0xc4c935fd), - TOBN(0x7f2e4403, 0x81e9ede3), TOBN(0x243c3894, 0xcaf6df0a), - TOBN(0x7c605bb1, 0x1c073b11), TOBN(0xcd06a541, 0xba6a4a62), - TOBN(0x29168949, 0x49d4e2e5), TOBN(0x33649d07, 0x4af66880), - TOBN(0xbfc0c885, 0xe9a85035), TOBN(0xb4e52113, 0xfc410f4b), - TOBN(0xdca3b706, 0x78a6513b), TOBN(0x92ea4a2a, 0x9edb1943), - TOBN(0x02642216, 0xdb6e2dd8), TOBN(0x9b45d0b4, 0x9fd57894), - TOBN(0x114e70db, 0xc69d11ae), TOBN(0x1477dd19, 0x4c57595f), - TOBN(0xbc2208b4, 0xec77c272), TOBN(0x95c5b4d7, 0xdb68f59c), - TOBN(0xb8c4fc63, 0x42e532b7), TOBN(0x386ba422, 0x9ae35290), - TOBN(0xfb5dda42, 0xd201ecbc), TOBN(0x2353dc8b, 0xa0e38fd6), - TOBN(0x9a0b85ea, 0x68f7e978), TOBN(0x96ec5682, 0x2ad6d11f), - TOBN(0x5e279d6c, 0xe5f6886d), TOBN(0xd3fe03cd, 0x3cb1914d), - TOBN(0xfe541fa4, 0x7ea67c77), TOBN(0x952bd2af, 0xe3ea810c), - TOBN(0x791fef56, 0x8d01d374), TOBN(0xa3a1c621, 0x0f11336e), - TOBN(0x5ad0d5a9, 0xc7ec6d79), TOBN(0xff7038af, 0x3225c342), - TOBN(0x003c6689, 0xbc69601b), TOBN(0x25059bc7, 0x45e8747d), - TOBN(0xfa4965b2, 0xf2086fbf), TOBN(0xf6840ea6, 0x86916078), - TOBN(0xd7ac7620, 0x70081d6c), TOBN(0xe600da31, 0xb5328645), - TOBN(0x01916f63, 0x529b8a80), TOBN(0xe80e4858, 0x2d7d6f3e), - TOBN(0x29eb0fe8, 0xd664ca7c), TOBN(0xf017637b, 0xe7b43b0c), - TOBN(0x9a75c806, 0x76cb2566), TOBN(0x8f76acb1, 0xb24892d9), - TOBN(0x7ae7b9cc, 0x1f08fe45), TOBN(0x19ef7329, 0x6a4907d8), - TOBN(0x2db4ab71, 0x5f228bf0), TOBN(0xf3cdea39, 0x817032d7), - TOBN(0x0b1f482e, 0xdcabe3c0), TOBN(0x3baf76b4, 0xbb86325c), - TOBN(0xd49065e0, 0x10089465), TOBN(0x3bab5d29, 0x8e77c596), - TOBN(0x7636c3a6, 0x193dbd95), TOBN(0xdef5d294, 0xb246e499), - TOBN(0xb22c58b9, 0x286b2475), TOBN(0xa0b93939, 0xcd80862b), - TOBN(0x3002c83a, 0xf0992388), TOBN(0x6de01f9b, 0xeacbe14c), - TOBN(0x6aac688e, 0xadd70482), TOBN(0x708de92a, 0x7b4a4e8a), - TOBN(0x75b6dd73, 0x758a6eef), TOBN(0xea4bf352, 0x725b3c43), - TOBN(0x10041f2c, 0x87912868), TOBN(0xb1b1be95, 0xef09297a), - TOBN(0x19ae23c5, 0xa9f3860a), TOBN(0xc4f0f839, 0x515dcf4b), - TOBN(0x3c7ecca3, 0x97f6306a), TOBN(0x744c44ae, 0x68a3a4b0), - TOBN(0x69cd13a0, 0xb3a1d8a2), TOBN(0x7cad0a1e, 0x5256b578), - TOBN(0xea653fcd, 0x33791d9e), TOBN(0x9cc2a05d, 0x74b2e05f), - TOBN(0x73b391dc, 0xfd7affa2), TOBN(0xddb7091e, 0xb6b05442), - TOBN(0xc71e27bf, 0x8538a5c6), TOBN(0x195c63dd, 0x89abff17), - TOBN(0xfd315285, 0x1b71e3da), TOBN(0x9cbdfda7, 0xfa680fa0), - TOBN(0x9db876ca, 0x849d7eab), TOBN(0xebe2764b, 0x3c273271), - TOBN(0x663357e3, 0xf208dcea), TOBN(0x8c5bd833, 0x565b1b70), - TOBN(0xccc3b4f5, 0x9837fc0d), TOBN(0x9b641ba8, 0xa79cf00f), - TOBN(0x7428243d, 0xdfdf3990), TOBN(0x83a594c4, 0x020786b1), - TOBN(0xb712451a, 0x526c4502), TOBN(0x9d39438e, 0x6adb3f93), - TOBN(0xfdb261e3, 0xe9ff0ccd), TOBN(0x80344e3c, 0xe07af4c3), - TOBN(0x75900d7c, 0x2fa4f126), TOBN(0x08a3b865, 0x5c99a232), - TOBN(0x2478b6bf, 0xdb25e0c3), TOBN(0x482cc2c2, 0x71db2edf), - TOBN(0x37df7e64, 0x5f321bb8), TOBN(0x8a93821b, 0x9a8005b4), - TOBN(0x3fa2f10c, 0xcc8c1958), TOBN(0x0d332218, 0x2c269d0a), - TOBN(0x20ab8119, 0xe246b0e6), TOBN(0xb39781e4, 0xd349fd17), - TOBN(0xd293231e, 0xb31aa100), TOBN(0x4b779c97, 0xbb032168), - TOBN(0x4b3f19e1, 0xc8470500), TOBN(0x45b7efe9, 0x0c4c869d), - TOBN(0xdb84f38a, 0xa1a6bbcc), TOBN(0x3b59cb15, 0xb2fddbc1), - TOBN(0xba5514df, 0x3fd165e8), TOBN(0x499fd6a9, 0x061f8811), - TOBN(0x72cd1fe0, 0xbfef9f00), TOBN(0x120a4bb9, 0x79ad7e8a), - TOBN(0xf2ffd095, 0x5f4a5ac5), TOBN(0xcfd174f1, 0x95a7a2f0), - TOBN(0xd42301ba, 0x9d17baf1), TOBN(0xd2fa487a, 0x77f22089), - TOBN(0x9cb09efe, 0xb1dc77e1), TOBN(0xe9566939, 0x21c99682), - TOBN(0x8c546901, 0x6c6067bb), TOBN(0xfd378574, 0x61c24456), - TOBN(0x2b6a6cbe, 0x81796b33), TOBN(0x62d550f6, 0x58e87f8b), - TOBN(0x1b763e1c, 0x7f1b01b4), TOBN(0x4b93cfea, 0x1b1b5e12), - TOBN(0xb9345238, 0x1d531696), TOBN(0x57201c00, 0x88cdde69), - TOBN(0xdde92251, 0x9a86afc7), TOBN(0xe3043895, 0xbd35cea8), - TOBN(0x7608c1e1, 0x8555970d), TOBN(0x8267dfa9, 0x2535935e), - TOBN(0xd4c60a57, 0x322ea38b), TOBN(0xe0bf7977, 0x804ef8b5), - TOBN(0x1a0dab28, 0xc06fece4), TOBN(0xd405991e, 0x94e7b49d), - TOBN(0xc542b6d2, 0x706dab28), TOBN(0xcb228da3, 0xa91618fb), - TOBN(0x224e4164, 0x107d1cea), TOBN(0xeb9fdab3, 0xd0f5d8f1), - TOBN(0xc02ba386, 0x0d6e41cd), TOBN(0x676a72c5, 0x9b1f7146), - TOBN(0xffd6dd98, 0x4d6cb00b), TOBN(0xcef9c5ca, 0xde2e8d7c), - TOBN(0xa1bbf5d7, 0x641c7936), TOBN(0x1b95b230, 0xee8f772e), - TOBN(0xf765a92e, 0xe8ac25b1), TOBN(0xceb04cfc, 0x3a18b7c6), - TOBN(0x27944cef, 0x0acc8966), TOBN(0xcbb3c957, 0x434c1004), - TOBN(0x9c9971a1, 0xa43ff93c), TOBN(0x5bc2db17, 0xa1e358a9), - TOBN(0x45b4862e, 0xa8d9bc82), TOBN(0x70ebfbfb, 0x2201e052), - TOBN(0xafdf64c7, 0x92871591), TOBN(0xea5bcae6, 0xb42d0219), - TOBN(0xde536c55, 0x2ad8f03c), TOBN(0xcd6c3f4d, 0xa76aa33c), - TOBN(0xbeb5f623, 0x0bca6de3), TOBN(0xdd20dd99, 0xb1e706fd), - TOBN(0x90b3ff9d, 0xac9059d4), TOBN(0x2d7b2902, 0x7ccccc4e), - TOBN(0x8a090a59, 0xce98840f), TOBN(0xa5d947e0, 0x8410680a), - TOBN(0x49ae346a, 0x923379a5), TOBN(0x7dbc84f9, 0xb28a3156), - TOBN(0xfd40d916, 0x54a1aff2), TOBN(0xabf318ba, 0x3a78fb9b), - TOBN(0x50152ed8, 0x3029f95e), TOBN(0x9fc1dd77, 0xc58ad7fa), - TOBN(0x5fa57915, 0x13595c17), TOBN(0xb9504668, 0x8f62b3a9), - TOBN(0x907b5b24, 0xff3055b0), TOBN(0x2e995e35, 0x9a84f125), - TOBN(0x87dacf69, 0x7e9bbcfb), TOBN(0x95d0c1d6, 0xe86d96e3), - TOBN(0x65726e3c, 0x2d95a75c), TOBN(0x2c3c9001, 0xacd27f21), - TOBN(0x1deab561, 0x6c973f57), TOBN(0x108b7e2c, 0xa5221643), - TOBN(0x5fee9859, 0xc4ef79d4), TOBN(0xbd62b88a, 0x40d4b8c6), - TOBN(0xb4dd29c4, 0x197c75d6), TOBN(0x266a6df2, 0xb7076feb), - TOBN(0x9512d0ea, 0x4bf2df11), TOBN(0x1320c24f, 0x6b0cc9ec), - TOBN(0x6bb1e0e1, 0x01a59596), TOBN(0x8317c5bb, 0xeff9aaac), - TOBN(0x65bb405e, 0x385aa6c9), TOBN(0x613439c1, 0x8f07988f), - TOBN(0xd730049f, 0x16a66e91), TOBN(0xe97f2820, 0xfa1b0e0d), - TOBN(0x4131e003, 0x304c28ea), TOBN(0x820ab732, 0x526bac62), - TOBN(0xb2ac9ef9, 0x28714423), TOBN(0x54ecfffa, 0xadb10cb2), - TOBN(0x8781476e, 0xf886a4cc), TOBN(0x4b2c87b5, 0xdb2f8d49), - TOBN(0xe857cd20, 0x0a44295d), TOBN(0x707d7d21, 0x58c6b044), - TOBN(0xae8521f9, 0xf596757c), TOBN(0x87448f03, 0x67b2b714), - TOBN(0x13a9bc45, 0x5ebcd58d), TOBN(0x79bcced9, 0x9122d3c1), - TOBN(0x3c644247, 0x9e076642), TOBN(0x0cf22778, 0x2df4767d), - TOBN(0x5e61aee4, 0x71d444b6), TOBN(0x211236bf, 0xc5084a1d), - TOBN(0x7e15bc9a, 0x4fd3eaf6), TOBN(0x68df2c34, 0xab622bf5), - TOBN(0x9e674f0f, 0x59bf4f36), TOBN(0xf883669b, 0xd7f34d73), - TOBN(0xc48ac1b8, 0x31497b1d), TOBN(0x323b925d, 0x5106703b), - TOBN(0x22156f42, 0x74082008), TOBN(0xeffc521a, 0xc8482bcb), - TOBN(0x5c6831bf, 0x12173479), TOBN(0xcaa2528f, 0xc4739490), - TOBN(0x84d2102a, 0x8f1b3c4d), TOBN(0xcf64dfc1, 0x2d9bec0d), - TOBN(0x433febad, 0x78a546ef), TOBN(0x1f621ec3, 0x7b73cef1), - TOBN(0x6aecd627, 0x37338615), TOBN(0x162082ab, 0x01d8edf6), - TOBN(0x833a8119, 0x19e86b66), TOBN(0x6023a251, 0xd299b5db), - TOBN(0xf5bb0c3a, 0xbbf04b89), TOBN(0x6735eb69, 0xae749a44), - TOBN(0xd0e058c5, 0x4713de3b), TOBN(0xfdf2593e, 0x2c3d4ccd), - TOBN(0x1b8f414e, 0xfdd23667), TOBN(0xdd52aaca, 0xfa2015ee), - TOBN(0x3e31b517, 0xbd9625ff), TOBN(0x5ec9322d, 0x8db5918c), - TOBN(0xbc73ac85, 0xa96f5294), TOBN(0x82aa5bf3, 0x61a0666a), - TOBN(0x49755810, 0xbf08ac42), TOBN(0xd21cdfd5, 0x891cedfc), - TOBN(0x918cb57b, 0x67f8be10), TOBN(0x365d1a7c, 0x56ffa726), - TOBN(0x2435c504, 0x6532de93), TOBN(0xc0fc5e10, 0x2674cd02), - TOBN(0x6e51fcf8, 0x9cbbb142), TOBN(0x1d436e5a, 0xafc50692), - TOBN(0x766bffff, 0x3fbcae22), TOBN(0x3148c2fd, 0xfd55d3b8), - TOBN(0x52c7fdc9, 0x233222fa), TOBN(0x89ff1092, 0xe419fb6b), - TOBN(0x3cd6db99, 0x25254977), TOBN(0x2e85a161, 0x1cf12ca7), - TOBN(0xadd2547c, 0xdc810bc9), TOBN(0xea3f458f, 0x9d257c22), - TOBN(0x642c1fbe, 0x27d6b19b), TOBN(0xed07e6b5, 0x140481a6), - TOBN(0x6ada1d42, 0x86d2e0f8), TOBN(0xe5920122, 0x0e8a9fd5), - TOBN(0x02c936af, 0x708c1b49), TOBN(0x60f30fee, 0x2b4bfaff), - TOBN(0x6637ad06, 0x858e6a61), TOBN(0xce4c7767, 0x3fd374d0), - TOBN(0x39d54b2d, 0x7188defb), TOBN(0xa8c9d250, 0xf56a6b66), - TOBN(0x58fc0f5e, 0xb24fe1dc), TOBN(0x9eaf9dee, 0x6b73f24c), - TOBN(0xa90d588b, 0x33650705), TOBN(0xde5b62c5, 0xaf2ec729), - TOBN(0x5c72cfae, 0xd3c2b36e), TOBN(0x868c19d5, 0x034435da), - TOBN(0x88605f93, 0xe17ee145), TOBN(0xaa60c4ee, 0x77a5d5b1), - TOBN(0xbcf5bfd2, 0x3b60c472), TOBN(0xaf4ef13c, 0xeb1d3049), - TOBN(0x373f44fc, 0xe13895c9), TOBN(0xf29b382f, 0x0cbc9822), - TOBN(0x1bfcb853, 0x73efaef6), TOBN(0xcf56ac9c, 0xa8c96f40), - TOBN(0xd7adf109, 0x7a191e24), TOBN(0x98035f44, 0xbf8a8dc2), - TOBN(0xf40a71b9, 0x1e750c84), TOBN(0xc57f7b0c, 0x5dc6c469), - TOBN(0x49a0e79c, 0x6fbc19c1), TOBN(0x6b0f5889, 0xa48ebdb8), - TOBN(0x5d3fd084, 0xa07c4e9f), TOBN(0xc3830111, 0xab27de14), - TOBN(0x0e4929fe, 0x33e08dcc), TOBN(0xf4a5ad24, 0x40bb73a3), - TOBN(0xde86c2bf, 0x490f97ca), TOBN(0x288f09c6, 0x67a1ce18), - TOBN(0x364bb886, 0x1844478d), TOBN(0x7840fa42, 0xceedb040), - TOBN(0x1269fdd2, 0x5a631b37), TOBN(0x94761f1e, 0xa47c8b7d), - TOBN(0xfc0c2e17, 0x481c6266), TOBN(0x85e16ea2, 0x3daa5fa7), - TOBN(0xccd86033, 0x92491048), TOBN(0x0c2f6963, 0xf4d402d7), - TOBN(0x6336f7df, 0xdf6a865c), TOBN(0x0a2a463c, 0xb5c02a87), - TOBN(0xb0e29be7, 0xbf2f12ee), TOBN(0xf0a22002, 0x66bad988), - TOBN(0x27f87e03, 0x9123c1d7), TOBN(0x21669c55, 0x328a8c98), - TOBN(0x186b9803, 0x92f14529), TOBN(0xd3d056cc, 0x63954df3), - TOBN(0x2f03fd58, 0x175a46f6), TOBN(0x63e34ebe, 0x11558558), - TOBN(0xe13fedee, 0x5b80cfa5), TOBN(0xe872a120, 0xd401dbd1), - TOBN(0x52657616, 0xe8a9d667), TOBN(0xbc8da4b6, 0xe08d6693), - TOBN(0x370fb9bb, 0x1b703e75), TOBN(0x6773b186, 0xd4338363), - TOBN(0x18dad378, 0xecef7bff), TOBN(0xaac787ed, 0x995677da), - TOBN(0x4801ea8b, 0x0437164b), TOBN(0xf430ad20, 0x73fe795e), - TOBN(0xb164154d, 0x8ee5eb73), TOBN(0x0884ecd8, 0x108f7c0e), - TOBN(0x0e6ec096, 0x5f520698), TOBN(0x640631fe, 0x44f7b8d9), - TOBN(0x92fd34fc, 0xa35a68b9), TOBN(0x9c5a4b66, 0x4d40cf4e), - TOBN(0x949454bf, 0x80b6783d), TOBN(0x80e701fe, 0x3a320a10), - TOBN(0x8d1a564a, 0x1a0a39b2), TOBN(0x1436d53d, 0x320587db), - TOBN(0xf5096e6d, 0x6556c362), TOBN(0xbc23a3c0, 0xe2455d7e), - TOBN(0x3a7aee54, 0x807230f9), TOBN(0x9ba1cfa6, 0x22ae82fd), - TOBN(0x833a057a, 0x99c5d706), TOBN(0x8be85f4b, 0x842315c9), - TOBN(0xd083179a, 0x66a72f12), TOBN(0x2fc77d5d, 0xcdcc73cd), - TOBN(0x22b88a80, 0x5616ee30), TOBN(0xfb09548f, 0xe7ab1083), - TOBN(0x8ad6ab0d, 0x511270cd), TOBN(0x61f6c57a, 0x6924d9ab), - TOBN(0xa0f7bf72, 0x90aecb08), TOBN(0x849f87c9, 0x0df784a4), - TOBN(0x27c79c15, 0xcfaf1d03), TOBN(0xbbf9f675, 0xc463face), - TOBN(0x91502c65, 0x765ba543), TOBN(0x18ce3cac, 0x42ea60dd), - TOBN(0xe5cee6ac, 0x6e43ecb3), TOBN(0x63e4e910, 0x68f2aeeb), - TOBN(0x26234fa3, 0xc85932ee), TOBN(0x96883e8b, 0x4c90c44d), - TOBN(0x29b9e738, 0xa18a50f6), TOBN(0xbfc62b2a, 0x3f0420df), - TOBN(0xd22a7d90, 0x6d3e1fa9), TOBN(0x17115618, 0xfe05b8a3), - TOBN(0x2a0c9926, 0xbb2b9c01), TOBN(0xc739fcc6, 0xe07e76a2), - TOBN(0x540e9157, 0x165e439a), TOBN(0x06353a62, 0x6a9063d8), - TOBN(0x84d95594, 0x61e927a3), TOBN(0x013b9b26, 0xe2e0be7f), - TOBN(0x4feaec3b, 0x973497f1), TOBN(0x15c0f94e, 0x093ebc2d), - TOBN(0x6af5f227, 0x33af0583), TOBN(0x0c2af206, 0xc61f3340), - TOBN(0xd25dbdf1, 0x4457397c), TOBN(0x2e8ed017, 0xcabcbae0), - TOBN(0xe3010938, 0xc2815306), TOBN(0xbaa99337, 0xe8c6cd68), - TOBN(0x08513182, 0x3b0ec7de), TOBN(0x1e1b822b, 0x58df05df), - TOBN(0x5c14842f, 0xa5c3b683), TOBN(0x98fe977e, 0x3eba34ce), - TOBN(0xfd2316c2, 0x0d5e8873), TOBN(0xe48d839a, 0xbd0d427d), - TOBN(0x495b2218, 0x623fc961), TOBN(0x24ee56e7, 0xb46fba5e), - TOBN(0x9184a55b, 0x91e4de58), TOBN(0xa7488ca5, 0xdfdea288), - TOBN(0xa723862e, 0xa8dcc943), TOBN(0x92d762b2, 0x849dc0fc), - TOBN(0x3c444a12, 0x091ff4a9), TOBN(0x581113fa, 0x0cada274), - TOBN(0xb9de0a45, 0x30d8eae2), TOBN(0x5e0fcd85, 0xdf6b41ea), - TOBN(0x6233ea68, 0xc094dbb5), TOBN(0xb77d062e, 0xd968d410), - TOBN(0x3e719bbc, 0x58b3002d), TOBN(0x68e7dd3d, 0x3dc49d58), - TOBN(0x8d825740, 0x013a5e58), TOBN(0x21311747, 0x3c9e3c1b), - TOBN(0x0cb0a2a7, 0x7c99b6ab), TOBN(0x5c48a3b3, 0xc2f888f2)}, - {TOBN(0xc7913e91, 0x991724f3), TOBN(0x5eda799c, 0x39cbd686), - TOBN(0xddb595c7, 0x63d4fc1e), TOBN(0x6b63b80b, 0xac4fed54), - TOBN(0x6ea0fc69, 0x7e5fb516), TOBN(0x737708ba, 0xd0f1c964), - TOBN(0x9628745f, 0x11a92ca5), TOBN(0x61f37958, 0x9a86967a), - TOBN(0x9af39b2c, 0xaa665072), TOBN(0x78322fa4, 0xefd324ef), - TOBN(0x3d153394, 0xc327bd31), TOBN(0x81d5f271, 0x3129dab0), - TOBN(0xc72e0c42, 0xf48027f5), TOBN(0xaa40cdbc, 0x8536e717), - TOBN(0xf45a657a, 0x2d369d0f), TOBN(0xb03bbfc4, 0xea7f74e6), - TOBN(0x46a8c418, 0x0d738ded), TOBN(0x6f1a5bb0, 0xe0de5729), - TOBN(0xf10230b9, 0x8ba81675), TOBN(0x32c6f30c, 0x112b33d4), - TOBN(0x7559129d, 0xd8fffb62), TOBN(0x6a281b47, 0xb459bf05), - TOBN(0x77c1bd3a, 0xfa3b6776), TOBN(0x0709b380, 0x7829973a), - TOBN(0x8c26b232, 0xa3326505), TOBN(0x38d69272, 0xee1d41bf), - TOBN(0x0459453e, 0xffe32afa), TOBN(0xce8143ad, 0x7cb3ea87), - TOBN(0x932ec1fa, 0x7e6ab666), TOBN(0x6cd2d230, 0x22286264), - TOBN(0x459a46fe, 0x6736f8ed), TOBN(0x50bf0d00, 0x9eca85bb), - TOBN(0x0b825852, 0x877a21ec), TOBN(0x300414a7, 0x0f537a94), - TOBN(0x3f1cba40, 0x21a9a6a2), TOBN(0x50824eee, 0x76943c00), - TOBN(0xa0dbfcec, 0xf83cba5d), TOBN(0xf9538148, 0x93b4f3c0), - TOBN(0x61744162, 0x48f24dd7), TOBN(0x5322d64d, 0xe4fb09dd), - TOBN(0x57447384, 0x3d9325f3), TOBN(0xa9bef2d0, 0xf371cb84), - TOBN(0x77d2188b, 0xa61e36c5), TOBN(0xbbd6a7d7, 0xc602df72), - TOBN(0xba3aa902, 0x8f61bc0b), TOBN(0xf49085ed, 0x6ed0b6a1), - TOBN(0x8bc625d6, 0xae6e8298), TOBN(0x832b0b1d, 0xa2e9c01d), - TOBN(0xa337c447, 0xf1f0ced1), TOBN(0x800cc793, 0x9492dd2b), - TOBN(0x4b93151d, 0xbea08efa), TOBN(0x820cf3f8, 0xde0a741e), - TOBN(0xff1982dc, 0x1c0f7d13), TOBN(0xef921960, 0x84dde6ca), - TOBN(0x1ad7d972, 0x45f96ee3), TOBN(0x319c8dbe, 0x29dea0c7), - TOBN(0xd3ea3871, 0x7b82b99b), TOBN(0x75922d4d, 0x470eb624), - TOBN(0x8f66ec54, 0x3b95d466), TOBN(0x66e673cc, 0xbee1e346), - TOBN(0x6afe67c4, 0xb5f2b89a), TOBN(0x3de9c1e6, 0x290e5cd3), - TOBN(0x8c278bb6, 0x310a2ada), TOBN(0x420fa384, 0x0bdb323b), - TOBN(0x0ae1d63b, 0x0eb919b0), TOBN(0xd74ee51d, 0xa74b9620), - TOBN(0x395458d0, 0xa674290c), TOBN(0x324c930f, 0x4620a510), - TOBN(0x2d1f4d19, 0xfbac27d4), TOBN(0x4086e8ca, 0x9bedeeac), - TOBN(0x0cdd211b, 0x9b679ab8), TOBN(0x5970167d, 0x7090fec4), - TOBN(0x3420f2c9, 0xfaf1fc63), TOBN(0x616d333a, 0x328c8bb4), - TOBN(0x7d65364c, 0x57f1fe4a), TOBN(0x9343e877, 0x55e5c73a), - TOBN(0x5795176b, 0xe970e78c), TOBN(0xa36ccebf, 0x60533627), - TOBN(0xfc7c7380, 0x09cdfc1b), TOBN(0xb39a2afe, 0xb3fec326), - TOBN(0xb7ff1ba1, 0x6224408a), TOBN(0xcc856e92, 0x247cfc5e), - TOBN(0x01f102e7, 0xc18bc493), TOBN(0x4613ab74, 0x2091c727), - TOBN(0xaa25e89c, 0xc420bf2b), TOBN(0x00a53176, 0x90337ec2), - TOBN(0xd2be9f43, 0x7d025fc7), TOBN(0x3316fb85, 0x6e6fe3dc), - TOBN(0x27520af5, 0x9ac50814), TOBN(0xfdf95e78, 0x9a8e4223), - TOBN(0xb7e7df2a, 0x56bec5a0), TOBN(0xf7022f7d, 0xdf159e5d), - TOBN(0x93eeeab1, 0xcac1fe8f), TOBN(0x8040188c, 0x37451168), - TOBN(0x7ee8aa8a, 0xd967dce6), TOBN(0xfa0e79e7, 0x3abc9299), - TOBN(0x67332cfc, 0x2064cfd1), TOBN(0x339c31de, 0xb0651934), - TOBN(0x719b28d5, 0x2a3bcbea), TOBN(0xee74c82b, 0x9d6ae5c6), - TOBN(0x0927d05e, 0xbaf28ee6), TOBN(0x82cecf2c, 0x9d719028), - TOBN(0x0b0d353e, 0xddb30289), TOBN(0xfe4bb977, 0xfddb2e29), - TOBN(0xbb5bb990, 0x640bfd9e), TOBN(0xd226e277, 0x82f62108), - TOBN(0x4bf00985, 0x02ffdd56), TOBN(0x7756758a, 0x2ca1b1b5), - TOBN(0xc32b62a3, 0x5285fe91), TOBN(0xedbc546a, 0x8c9cd140), - TOBN(0x1e47a013, 0xaf5cb008), TOBN(0xbca7e720, 0x073ce8f2), - TOBN(0xe10b2ab8, 0x17a91cae), TOBN(0xb89aab65, 0x08e27f63), - TOBN(0x7b3074a7, 0xdba3ddf9), TOBN(0x1c20ce09, 0x330c2972), - TOBN(0x6b9917b4, 0x5fcf7e33), TOBN(0xe6793743, 0x945ceb42), - TOBN(0x18fc2215, 0x5c633d19), TOBN(0xad1adb3c, 0xc7485474), - TOBN(0x646f9679, 0x6424c49b), TOBN(0xf888dfe8, 0x67c241c9), - TOBN(0xe12d4b93, 0x24f68b49), TOBN(0x9a6b62d8, 0xa571df20), - TOBN(0x81b4b26d, 0x179483cb), TOBN(0x666f9632, 0x9511fae2), - TOBN(0xd281b3e4, 0xd53aa51f), TOBN(0x7f96a765, 0x7f3dbd16), - TOBN(0xa7f8b5bf, 0x074a30ce), TOBN(0xd7f52107, 0x005a32e6), - TOBN(0x6f9e0907, 0x50237ed4), TOBN(0x2f21da47, 0x8096fa2b), - TOBN(0xf3e19cb4, 0xeec863a0), TOBN(0xd18f77fd, 0x9527620a), - TOBN(0x9505c81c, 0x407c1cf8), TOBN(0x9998db4e, 0x1b6ec284), - TOBN(0x7e3389e5, 0xc247d44d), TOBN(0x12507141, 0x3f4f3d80), - TOBN(0xd4ba0110, 0x4a78a6c7), TOBN(0x312874a0, 0x767720be), - TOBN(0xded059a6, 0x75944370), TOBN(0xd6123d90, 0x3b2c0bdd), - TOBN(0xa56b717b, 0x51c108e3), TOBN(0x9bb7940e, 0x070623e9), - TOBN(0x794e2d59, 0x84ac066c), TOBN(0xf5954a92, 0xe68c69a0), - TOBN(0x28c52458, 0x4fd99dcc), TOBN(0x60e639fc, 0xb1012517), - TOBN(0xc2e60125, 0x7de79248), TOBN(0xe9ef6404, 0xf12fc6d7), - TOBN(0x4c4f2808, 0x2a3b5d32), TOBN(0x865ad32e, 0xc768eb8a), - TOBN(0xac02331b, 0x13fb70b6), TOBN(0x037b44c1, 0x95599b27), - TOBN(0x1a860fc4, 0x60bd082c), TOBN(0xa2e25745, 0xc980cd01), - TOBN(0xee3387a8, 0x1da0263e), TOBN(0x931bfb95, 0x2d10f3d6), - TOBN(0x5b687270, 0xa1f24a32), TOBN(0xf140e65d, 0xca494b86), - TOBN(0x4f4ddf91, 0xb2f1ac7a), TOBN(0xf99eaabb, 0x760fee27), - TOBN(0x57f4008a, 0x49c228e5), TOBN(0x090be440, 0x1cf713bb), - TOBN(0xac91fbe4, 0x5004f022), TOBN(0xd838c2c2, 0x569e1af6), - TOBN(0xd6c7d20b, 0x0f1daaa5), TOBN(0xaa063ac1, 0x1bbb02c0), - TOBN(0x0938a422, 0x59558a78), TOBN(0x5343c669, 0x8435da2f), - TOBN(0x96f67b18, 0x034410dc), TOBN(0x7cc1e424, 0x84510804), - TOBN(0x86a1543f, 0x16dfbb7d), TOBN(0x921fa942, 0x5b5bd592), - TOBN(0x9dcccb6e, 0xb33dd03c), TOBN(0x8581ddd9, 0xb843f51e), - TOBN(0x54935fcb, 0x81d73c9e), TOBN(0x6d07e979, 0x0a5e97ab), - TOBN(0x4dc7b30a, 0xcf3a6bab), TOBN(0x147ab1f3, 0x170bee11), - TOBN(0x0aaf8e3d, 0x9fafdee4), TOBN(0xfab3dbcb, 0x538a8b95), - TOBN(0x405df4b3, 0x6ef13871), TOBN(0xf1f4e9cb, 0x088d5a49), - TOBN(0x9bcd24d3, 0x66b33f1d), TOBN(0x3b97b820, 0x5ce445c0), - TOBN(0xe2926549, 0xba93ff61), TOBN(0xd9c341ce, 0x4dafe616), - TOBN(0xfb30a76e, 0x16efb6f3), TOBN(0xdf24b8ca, 0x605b953c), - TOBN(0x8bd52afe, 0xc2fffb9f), TOBN(0xbbac5ff7, 0xe19d0b96), - TOBN(0x43c01b87, 0x459afccd), TOBN(0x6bd45143, 0xb7432652), - TOBN(0x84734530, 0x55b5d78e), TOBN(0x81088fdb, 0x1554ba7d), - TOBN(0xada0a52c, 0x1e269375), TOBN(0xf9f037c4, 0x2dc5ec10), - TOBN(0xc0660607, 0x94bfbc11), TOBN(0xc0a630bb, 0xc9c40d2f), - TOBN(0x5efc797e, 0xab64c31e), TOBN(0xffdb1dab, 0x74507144), - TOBN(0xf6124287, 0x1ca6790c), TOBN(0xe9609d81, 0xe69bf1bf), - TOBN(0xdb898595, 0x00d24fc9), TOBN(0x9c750333, 0xe51fb417), - TOBN(0x51830a91, 0xfef7bbde), TOBN(0x0ce67dc8, 0x945f585c), - TOBN(0x9a730ed4, 0x4763eb50), TOBN(0x24a0e221, 0xc1ab0d66), - TOBN(0x643b6393, 0x648748f3), TOBN(0x1982daa1, 0x6d3c6291), - TOBN(0x6f00a9f7, 0x8bbc5549), TOBN(0x7a1783e1, 0x7f36384e), - TOBN(0xe8346323, 0xde977f50), TOBN(0x91ab688d, 0xb245502a), - TOBN(0x331ab6b5, 0x6d0bdd66), TOBN(0x0a6ef32e, 0x64b71229), - TOBN(0x1028150e, 0xfe7c352f), TOBN(0x27e04350, 0xce7b39d3), - TOBN(0x2a3c8acd, 0xc1070c82), TOBN(0xfb2034d3, 0x80c9feef), - TOBN(0x2d729621, 0x709f3729), TOBN(0x8df290bf, 0x62cb4549), - TOBN(0x02f99f33, 0xfc2e4326), TOBN(0x3b30076d, 0x5eddf032), - TOBN(0xbb21f8cf, 0x0c652fb5), TOBN(0x314fb49e, 0xed91cf7b), - TOBN(0xa013eca5, 0x2f700750), TOBN(0x2b9e3c23, 0x712a4575), - TOBN(0xe5355557, 0xaf30fbb0), TOBN(0x1ada3516, 0x7c77e771), - TOBN(0x45f6ecb2, 0x7b135670), TOBN(0xe85d19df, 0x7cfc202e), - TOBN(0x0f1b50c7, 0x58d1be9f), TOBN(0x5ebf2c0a, 0xead2e344), - TOBN(0x1531fe4e, 0xabc199c9), TOBN(0xc7032592, 0x56bab0ae), - TOBN(0x16ab2e48, 0x6c1fec54), TOBN(0x0f87fda8, 0x04280188), - TOBN(0xdc9f46fc, 0x609e4a74), TOBN(0x2a44a143, 0xba667f91), - TOBN(0xbc3d8b95, 0xb4d83436), TOBN(0xa01e4bd0, 0xc7bd2958), - TOBN(0x7b182932, 0x73483c90), TOBN(0xa79c6aa1, 0xa7c7b598), - TOBN(0xbf3983c6, 0xeaaac07e), TOBN(0x8f18181e, 0x96e0d4e6), - TOBN(0x8553d37c, 0x051af62b), TOBN(0xe9a998eb, 0x0bf94496), - TOBN(0xe0844f9f, 0xb0d59aa1), TOBN(0x983fd558, 0xe6afb813), - TOBN(0x9670c0ca, 0x65d69804), TOBN(0x732b22de, 0x6ea5ff2d), - TOBN(0xd7640ba9, 0x5fd8623b), TOBN(0x9f619163, 0xa6351782), - TOBN(0x0bfc27ee, 0xacee5043), TOBN(0xae419e73, 0x2eb10f02), - TOBN(0x19c028d1, 0x8943fb05), TOBN(0x71f01cf7, 0xff13aa2a), - TOBN(0x7790737e, 0x8887a132), TOBN(0x67513309, 0x66318410), - TOBN(0x9819e8a3, 0x7ddb795e), TOBN(0xfecb8ef5, 0xdad100b2), - TOBN(0x59f74a22, 0x3021926a), TOBN(0xb7c28a49, 0x6f9b4c1c), - TOBN(0xed1a733f, 0x912ad0ab), TOBN(0x42a910af, 0x01a5659c), - TOBN(0x3842c6e0, 0x7bd68cab), TOBN(0x2b57fa38, 0x76d70ac8), - TOBN(0x8a6707a8, 0x3c53aaeb), TOBN(0x62c1c510, 0x65b4db18), - TOBN(0x8de2c1fb, 0xb2d09dc7), TOBN(0xc3dfed12, 0x266bd23b), - TOBN(0x927d039b, 0xd5b27db6), TOBN(0x2fb2f0f1, 0x103243da), - TOBN(0xf855a07b, 0x80be7399), TOBN(0xed9327ce, 0x1f9f27a8), - TOBN(0xa0bd99c7, 0x729bdef7), TOBN(0x2b67125e, 0x28250d88), - TOBN(0x784b26e8, 0x8670ced7), TOBN(0xe3dfe41f, 0xc31bd3b4), - TOBN(0x9e353a06, 0xbcc85cbc), TOBN(0x302e2909, 0x60178a9d), - TOBN(0x860abf11, 0xa6eac16e), TOBN(0x76447000, 0xaa2b3aac), - TOBN(0x46ff9d19, 0x850afdab), TOBN(0x35bdd6a5, 0xfdb2d4c1), - TOBN(0xe82594b0, 0x7e5c9ce9), TOBN(0x0f379e53, 0x20af346e), - TOBN(0x608b31e3, 0xbc65ad4a), TOBN(0x710c6b12, 0x267c4826), - TOBN(0x51c966f9, 0x71954cf1), TOBN(0xb1cec793, 0x0d0aa215), - TOBN(0x1f155989, 0x86bd23a8), TOBN(0xae2ff99c, 0xf9452e86), - TOBN(0xd8dd953c, 0x340ceaa2), TOBN(0x26355275, 0x2e2e9333), - TOBN(0x15d4e5f9, 0x8586f06d), TOBN(0xd6bf94a8, 0xf7cab546), - TOBN(0x33c59a0a, 0xb76a9af0), TOBN(0x52740ab3, 0xba095af7), - TOBN(0xc444de8a, 0x24389ca0), TOBN(0xcc6f9863, 0x706da0cb), - TOBN(0xb5a741a7, 0x6b2515cf), TOBN(0x71c41601, 0x9585c749), - TOBN(0x78350d4f, 0xe683de97), TOBN(0x31d61524, 0x63d0b5f5), - TOBN(0x7a0cc5e1, 0xfbce090b), TOBN(0xaac927ed, 0xfbcb2a5b), - TOBN(0xe920de49, 0x20d84c35), TOBN(0x8c06a0b6, 0x22b4de26), - TOBN(0xd34dd58b, 0xafe7ddf3), TOBN(0x55851fed, 0xc1e6e55b), - TOBN(0xd1395616, 0x960696e7), TOBN(0x940304b2, 0x5f22705f), - TOBN(0x6f43f861, 0xb0a2a860), TOBN(0xcf121282, 0x0e7cc981), - TOBN(0x12186212, 0x0ab64a96), TOBN(0x09215b9a, 0xb789383c), - TOBN(0x311eb305, 0x37387c09), TOBN(0xc5832fce, 0xf03ee760), - TOBN(0x30358f58, 0x32f7ea19), TOBN(0xe01d3c34, 0x91d53551), - TOBN(0x1ca5ee41, 0xda48ea80), TOBN(0x34e71e8e, 0xcf4fa4c1), - TOBN(0x312abd25, 0x7af1e1c7), TOBN(0xe3afcdeb, 0x2153f4a5), - TOBN(0x9d5c84d7, 0x00235e9a), TOBN(0x0308d3f4, 0x8c4c836f), - TOBN(0xc0a66b04, 0x89332de5), TOBN(0x610dd399, 0x89e566ef), - TOBN(0xf8eea460, 0xd1ac1635), TOBN(0x84cbb3fb, 0x20a2c0df), - TOBN(0x40afb488, 0xe74a48c5), TOBN(0x29738198, 0xd326b150), - TOBN(0x2a17747f, 0xa6d74081), TOBN(0x60ea4c05, 0x55a26214), - TOBN(0x53514bb4, 0x1f88c5fe), TOBN(0xedd64567, 0x7e83426c), - TOBN(0xd5d6cbec, 0x96460b25), TOBN(0xa12fd0ce, 0x68dc115e), - TOBN(0xc5bc3ed2, 0x697840ea), TOBN(0x969876a8, 0xa6331e31), - TOBN(0x60c36217, 0x472ff580), TOBN(0xf4229705, 0x4ad41393), - TOBN(0x4bd99ef0, 0xa03b8b92), TOBN(0x501c7317, 0xc144f4f6), - TOBN(0x159009b3, 0x18464945), TOBN(0x6d5e594c, 0x74c5c6be), - TOBN(0x2d587011, 0x321a3660), TOBN(0xd1e184b1, 0x3898d022), - TOBN(0x5ba04752, 0x4c6a7e04), TOBN(0x47fa1e2b, 0x45550b65), - TOBN(0x9419daf0, 0x48c0a9a5), TOBN(0x66362953, 0x7c243236), - TOBN(0xcd0744b1, 0x5cb12a88), TOBN(0x561b6f9a, 0x2b646188), - TOBN(0x599415a5, 0x66c2c0c0), TOBN(0xbe3f0859, 0x0f83f09a), - TOBN(0x9141c5be, 0xb92041b8), TOBN(0x01ae38c7, 0x26477d0d), - TOBN(0xca8b71f3, 0xd12c7a94), TOBN(0xfab5b31f, 0x765c70db), - TOBN(0x76ae7492, 0x487443e9), TOBN(0x8595a310, 0x990d1349), - TOBN(0xf8dbeda8, 0x7d460a37), TOBN(0x7f7ad082, 0x1e45a38f), - TOBN(0xed1d4db6, 0x1059705a), TOBN(0xa3dd492a, 0xe6b9c697), - TOBN(0x4b92ee3a, 0x6eb38bd5), TOBN(0xbab2609d, 0x67cc0bb7), - TOBN(0x7fc4fe89, 0x6e70ee82), TOBN(0xeff2c56e, 0x13e6b7e3), - TOBN(0x9b18959e, 0x34d26fca), TOBN(0x2517ab66, 0x889d6b45), - TOBN(0xf167b4e0, 0xbdefdd4f), TOBN(0x69958465, 0xf366e401), - TOBN(0x5aa368ab, 0xa73bbec0), TOBN(0x12148709, 0x7b240c21), - TOBN(0x378c3233, 0x18969006), TOBN(0xcb4d73ce, 0xe1fe53d1), - TOBN(0x5f50a80e, 0x130c4361), TOBN(0xd67f5951, 0x7ef5212b), - TOBN(0xf145e21e, 0x9e70c72e), TOBN(0xb2e52e29, 0x5566d2fb), - TOBN(0x44eaba4a, 0x032397f5), TOBN(0x5e56937b, 0x7e31a7de), - TOBN(0x68dcf517, 0x456c61e1), TOBN(0xbc2e954a, 0xa8b0a388), - TOBN(0xe3552fa7, 0x60a8b755), TOBN(0x03442dae, 0x73ad0cde), - TOBN(0x37ffe747, 0xceb26210), TOBN(0x983545e8, 0x787baef9), - TOBN(0x8b8c8535, 0x86a3de31), TOBN(0xc621dbcb, 0xfacd46db), - TOBN(0x82e442e9, 0x59266fbb), TOBN(0xa3514c37, 0x339d471c), - TOBN(0x3a11b771, 0x62cdad96), TOBN(0xf0cb3b3c, 0xecf9bdf0), - TOBN(0x3fcbdbce, 0x478e2135), TOBN(0x7547b5cf, 0xbda35342), - TOBN(0xa97e81f1, 0x8a677af6), TOBN(0xc8c2bf83, 0x28817987), - TOBN(0xdf07eaaf, 0x45580985), TOBN(0xc68d1f05, 0xc93b45cb), - TOBN(0x106aa2fe, 0xc77b4cac), TOBN(0x4c1d8afc, 0x04a7ae86), - TOBN(0xdb41c3fd, 0x9eb45ab2), TOBN(0x5b234b5b, 0xd4b22e74), - TOBN(0xda253dec, 0xf215958a), TOBN(0x67e0606e, 0xa04edfa0), - TOBN(0xabbbf070, 0xef751b11), TOBN(0xf352f175, 0xf6f06dce), - TOBN(0xdfc4b6af, 0x6839f6b4), TOBN(0x53ddf9a8, 0x9959848e), - TOBN(0xda49c379, 0xc21520b0), TOBN(0x90864ff0, 0xdbd5d1b6), - TOBN(0x2f055d23, 0x5f49c7f7), TOBN(0xe51e4e6a, 0xa796b2d8), - TOBN(0xc361a67f, 0x5c9dc340), TOBN(0x5ad53c37, 0xbca7c620), - TOBN(0xda1d6588, 0x32c756d0), TOBN(0xad60d911, 0x8bb67e13), - TOBN(0xd6c47bdf, 0x0eeec8c6), TOBN(0x4a27fec1, 0x078a1821), - TOBN(0x081f7415, 0xc3099524), TOBN(0x8effdf0b, 0x82cd8060), - TOBN(0xdb70ec1c, 0x65842df8), TOBN(0x8821b358, 0xd319a901), - TOBN(0x72ee56ee, 0xde42b529), TOBN(0x5bb39592, 0x236e4286), - TOBN(0xd1183316, 0xfd6f7140), TOBN(0xf9fadb5b, 0xbd8e81f7), - TOBN(0x701d5e0c, 0x5a02d962), TOBN(0xfdee4dbf, 0x1b601324), - TOBN(0xbed17407, 0x35d7620e), TOBN(0x04e3c2c3, 0xf48c0012), - TOBN(0x9ee29da7, 0x3455449a), TOBN(0x562cdef4, 0x91a836c4), - TOBN(0x8f682a5f, 0x47701097), TOBN(0x617125d8, 0xff88d0c2), - TOBN(0x948fda24, 0x57bb86dd), TOBN(0x348abb8f, 0x289f7286), - TOBN(0xeb10eab5, 0x99d94bbd), TOBN(0xd51ba28e, 0x4684d160), - TOBN(0xabe0e51c, 0x30c8f41a), TOBN(0x66588b45, 0x13254f4a), - TOBN(0x147ebf01, 0xfad097a5), TOBN(0x49883ea8, 0x610e815d), - TOBN(0xe44d60ba, 0x8a11de56), TOBN(0xa970de6e, 0x827a7a6d), - TOBN(0x2be41424, 0x5e17fc19), TOBN(0xd833c657, 0x01214057), - TOBN(0x1375813b, 0x363e723f), TOBN(0x6820bb88, 0xe6a52e9b), - TOBN(0x7e7f6970, 0xd875d56a), TOBN(0xd6a0a9ac, 0x51fbf6bf), - TOBN(0x54ba8790, 0xa3083c12), TOBN(0xebaeb23d, 0x6ae7eb64), - TOBN(0xa8685c3a, 0xb99a907a), TOBN(0xf1e74550, 0x026bf40b), - TOBN(0x7b73a027, 0xc802cd9e), TOBN(0x9a8a927c, 0x4fef4635), - TOBN(0xe1b6f60c, 0x08191224), TOBN(0xc4126ebb, 0xde4ec091), - TOBN(0xe1dff4dc, 0x4ae38d84), TOBN(0xde3f57db, 0x4f2ef985), - TOBN(0x34964337, 0xd446a1dd), TOBN(0x7bf217a0, 0x859e77f6), - TOBN(0x8ff10527, 0x8e1d13f5), TOBN(0xa304ef03, 0x74eeae27), - TOBN(0xfc6f5e47, 0xd19dfa5a), TOBN(0xdb007de3, 0x7fad982b), - TOBN(0x28205ad1, 0x613715f5), TOBN(0x251e6729, 0x7889529e), - TOBN(0x72705184, 0x1ae98e78), TOBN(0xf818537d, 0x271cac32), - TOBN(0xc8a15b7e, 0xb7f410f5), TOBN(0xc474356f, 0x81f62393), - TOBN(0x92dbdc5a, 0xc242316b), TOBN(0xabe060ac, 0xdbf4aff5), - TOBN(0x6e8c38fe, 0x909a8ec6), TOBN(0x43e514e5, 0x6116cb94), - TOBN(0x2078fa38, 0x07d784f9), TOBN(0x1161a880, 0xf4b5b357), - TOBN(0x5283ce79, 0x13adea3d), TOBN(0x0756c3e6, 0xcc6a910b), - TOBN(0x60bcfe01, 0xaaa79697), TOBN(0x04a73b29, 0x56391db1), - TOBN(0xdd8dad47, 0x189b45a0), TOBN(0xbfac0dd0, 0x48d5b8d9), - TOBN(0x34ab3af5, 0x7d3d2ec2), TOBN(0x6fa2fc2d, 0x207bd3af), - TOBN(0x9ff40092, 0x66550ded), TOBN(0x719b3e87, 0x1fd5b913), - TOBN(0xa573a496, 0x6d17fbc7), TOBN(0x0cd1a70a, 0x73d2b24e), - TOBN(0x34e2c5ca, 0xb2676937), TOBN(0xe7050b06, 0xbf669f21), - TOBN(0xfbe948b6, 0x1ede9046), TOBN(0xa0530051, 0x97662659), - TOBN(0x58cbd4ed, 0xf10124c5), TOBN(0xde2646e4, 0xdd6c06c8), - TOBN(0x332f8108, 0x8cad38c0), TOBN(0x471b7e90, 0x6bd68ae2), - TOBN(0x56ac3fb2, 0x0d8e27a3), TOBN(0xb54660db, 0x136b4b0d), - TOBN(0x123a1e11, 0xa6fd8de4), TOBN(0x44dbffea, 0xa37799ef), - TOBN(0x4540b977, 0xce6ac17c), TOBN(0x495173a8, 0xaf60acef)}, - {TOBN(0x9ebb284d, 0x391c2a82), TOBN(0xbcdd4863, 0x158308e8), - TOBN(0x006f16ec, 0x83f1edca), TOBN(0xa13e2c37, 0x695dc6c8), - TOBN(0x2ab756f0, 0x4a057a87), TOBN(0xa8765500, 0xa6b48f98), - TOBN(0x4252face, 0x68651c44), TOBN(0xa52b540b, 0xe1765e02), - TOBN(0x4f922fc5, 0x16a0d2bb), TOBN(0x0d5cc16c, 0x1a623499), - TOBN(0x9241cf3a, 0x57c62c8b), TOBN(0x2f5e6961, 0xfd1b667f), - TOBN(0x5c15c70b, 0xf5a01797), TOBN(0x3d20b44d, 0x60956192), - TOBN(0x04911b37, 0x071fdb52), TOBN(0xf648f916, 0x8d6f0f7b), - TOBN(0x6dc1acaf, 0xe60b7cf7), TOBN(0x25860a50, 0x84a9d869), - TOBN(0x56fc6f09, 0xe7ba8ac4), TOBN(0x828c5bd0, 0x6148d29e), - TOBN(0xac6b435e, 0xdc55ae5f), TOBN(0xa527f56c, 0xc0117411), - TOBN(0x94d5045e, 0xfd24342c), TOBN(0x2c4c0a35, 0x70b67c0d), - TOBN(0x027cc8b8, 0xfac61d9a), TOBN(0x7d25e062, 0xe3c6fe8a), - TOBN(0xe08805bf, 0xe5bff503), TOBN(0x13271e6c, 0x6ff632f7), - TOBN(0x55dca6c0, 0x232f76a5), TOBN(0x8957c32d, 0x701ef426), - TOBN(0xee728bcb, 0xa10a5178), TOBN(0x5ea60411, 0xb62c5173), - TOBN(0xfc4e964e, 0xd0b8892b), TOBN(0x9ea17683, 0x9301bb74), - TOBN(0x6265c5ae, 0xfcc48626), TOBN(0xe60cf82e, 0xbb3e9102), - TOBN(0x57adf797, 0xd4df5531), TOBN(0x235b59a1, 0x8deeefe2), - TOBN(0x60adcf58, 0x3f306eb1), TOBN(0x105c2753, 0x3d09492d), - TOBN(0x4090914b, 0xb5def996), TOBN(0x1cb69c83, 0x233dd1e7), - TOBN(0xc1e9c1d3, 0x9b3d5e76), TOBN(0x1f3338ed, 0xfccf6012), - TOBN(0xb1e95d0d, 0x2f5378a8), TOBN(0xacf4c2c7, 0x2f00cd21), - TOBN(0x6e984240, 0xeb5fe290), TOBN(0xd66c038d, 0x248088ae), - TOBN(0x804d264a, 0xf94d70cf), TOBN(0xbdb802ef, 0x7314bf7e), - TOBN(0x8fb54de2, 0x4333ed02), TOBN(0x740461e0, 0x285635d9), - TOBN(0x4113b2c8, 0x365e9383), TOBN(0xea762c83, 0x3fdef652), - TOBN(0x4eec6e2e, 0x47b956c1), TOBN(0xa3d814be, 0x65620fa4), - TOBN(0x9ad5462b, 0xb4d8bc50), TOBN(0x181c0b16, 0xa9195770), - TOBN(0xebd4fe1c, 0x78412a68), TOBN(0xae0341bc, 0xc0dff48c), - TOBN(0xb6bc45cf, 0x7003e866), TOBN(0xf11a6dea, 0x8a24a41b), - TOBN(0x5407151a, 0xd04c24c2), TOBN(0x62c9d27d, 0xda5b7b68), - TOBN(0x2e964235, 0x88cceff6), TOBN(0x8594c54f, 0x8b07ed69), - TOBN(0x1578e73c, 0xc84d0d0d), TOBN(0x7b4e1055, 0xff532868), - TOBN(0xa348c0d5, 0xb5ec995a), TOBN(0xbf4b9d55, 0x14289a54), - TOBN(0x9ba155a6, 0x58fbd777), TOBN(0x186ed7a8, 0x1a84491d), - TOBN(0xd4992b30, 0x614c0900), TOBN(0xda98d121, 0xbd00c24b), - TOBN(0x7f534dc8, 0x7ec4bfa1), TOBN(0x4a5ff674, 0x37dc34bc), - TOBN(0x68c196b8, 0x1d7ea1d7), TOBN(0x38cf2893, 0x80a6d208), - TOBN(0xfd56cd09, 0xe3cbbd6e), TOBN(0xec72e27e, 0x4205a5b6), - TOBN(0x15ea68f5, 0xa44f77f7), TOBN(0x7aa5f9fd, 0xb43c52bc), - TOBN(0x86ff676f, 0x94f0e609), TOBN(0xa4cde963, 0x2e2d432b), - TOBN(0x8cafa0c0, 0xeee470af), TOBN(0x84137d0e, 0x8a3f5ec8), - TOBN(0xebb40411, 0xfaa31231), TOBN(0xa239c13f, 0x6f7f7ccf), - TOBN(0x32865719, 0xa8afd30b), TOBN(0x86798328, 0x8a826dce), - TOBN(0xdf04e891, 0xc4a8fbe0), TOBN(0xbb6b6e1b, 0xebf56ad3), - TOBN(0x0a695b11, 0x471f1ff0), TOBN(0xd76c3389, 0xbe15baf0), - TOBN(0x018edb95, 0xbe96c43e), TOBN(0xf2beaaf4, 0x90794158), - TOBN(0x152db09e, 0xc3076a27), TOBN(0x5e82908e, 0xe416545d), - TOBN(0xa2c41272, 0x356d6f2e), TOBN(0xdc9c9642, 0x31fd74e1), - TOBN(0x66ceb88d, 0x519bf615), TOBN(0xe29ecd76, 0x05a2274e), - TOBN(0x3a0473c4, 0xbf5e2fa0), TOBN(0x6b6eb671, 0x64284e67), - TOBN(0xe8b97932, 0xb88756dd), TOBN(0xed4e8652, 0xf17e3e61), - TOBN(0xc2dd1499, 0x3ee1c4a4), TOBN(0xc0aaee17, 0x597f8c0e), - TOBN(0x15c4edb9, 0x6c168af3), TOBN(0x6563c7bf, 0xb39ae875), - TOBN(0xadfadb6f, 0x20adb436), TOBN(0xad55e8c9, 0x9a042ac0), - TOBN(0x975a1ed8, 0xb76da1f5), TOBN(0x10dfa466, 0xa58acb94), - TOBN(0x8dd7f7e3, 0xac060282), TOBN(0x6813e66a, 0x572a051e), - TOBN(0xb4ccae1e, 0x350cb901), TOBN(0xb653d656, 0x50cb7822), - TOBN(0x42484710, 0xdfab3b87), TOBN(0xcd7ee537, 0x9b670fd0), - TOBN(0x0a50b12e, 0x523b8bf6), TOBN(0x8009eb5b, 0x8f910c1b), - TOBN(0xf535af82, 0x4a167588), TOBN(0x0f835f9c, 0xfb2a2abd), - TOBN(0xf59b2931, 0x2afceb62), TOBN(0xc797df2a, 0x169d383f), - TOBN(0xeb3f5fb0, 0x66ac02b0), TOBN(0x029d4c6f, 0xdaa2d0ca), - TOBN(0xd4059bc1, 0xafab4bc5), TOBN(0x833f5c6f, 0x56783247), - TOBN(0xb5346630, 0x8d2d3605), TOBN(0x83387891, 0xd34d8433), - TOBN(0xd973b30f, 0xadd9419a), TOBN(0xbcca1099, 0xafe3fce8), - TOBN(0x08178315, 0x0809aac6), TOBN(0x01b7f21a, 0x540f0f11), - TOBN(0x65c29219, 0x909523c8), TOBN(0xa62f648f, 0xa3a1c741), - TOBN(0x88598d4f, 0x60c9e55a), TOBN(0xbce9141b, 0x0e4f347a), - TOBN(0x9af97d84, 0x35f9b988), TOBN(0x0210da62, 0x320475b6), - TOBN(0x3c076e22, 0x9191476c), TOBN(0x7520dbd9, 0x44fc7834), - TOBN(0x6a6b2cfe, 0xc1ab1bbd), TOBN(0xef8a65be, 0xdc650938), - TOBN(0x72855540, 0x805d7bc4), TOBN(0xda389396, 0xed11fdfd), - TOBN(0xa9d5bd36, 0x74660876), TOBN(0x11d67c54, 0xb45dff35), - TOBN(0x6af7d148, 0xa4f5da94), TOBN(0xbb8d4c3f, 0xc0bbeb31), - TOBN(0x87a7ebd1, 0xe0a1b12a), TOBN(0x1e4ef88d, 0x770ba95f), - TOBN(0x8c33345c, 0xdc2ae9cb), TOBN(0xcecf1276, 0x01cc8403), - TOBN(0x687c012e, 0x1b39b80f), TOBN(0xfd90d0ad, 0x35c33ba4), - TOBN(0xa3ef5a67, 0x5c9661c2), TOBN(0x368fc88e, 0xe017429e), - TOBN(0xd30c6761, 0x196a2fa2), TOBN(0x931b9817, 0xbd5b312e), - TOBN(0xba01000c, 0x72f54a31), TOBN(0xa203d2c8, 0x66eaa541), - TOBN(0xf2abdee0, 0x98939db3), TOBN(0xe37d6c2c, 0x3e606c02), - TOBN(0xf2921574, 0x521ff643), TOBN(0x2781b3c4, 0xd7e2fca3), - TOBN(0x664300b0, 0x7850ec06), TOBN(0xac5a38b9, 0x7d3a10cf), - TOBN(0x9233188d, 0xe34ab39d), TOBN(0xe77057e4, 0x5072cbb9), - TOBN(0xbcf0c042, 0xb59e78df), TOBN(0x4cfc91e8, 0x1d97de52), - TOBN(0x4661a26c, 0x3ee0ca4a), TOBN(0x5620a4c1, 0xfb8507bc), - TOBN(0x4b44d4aa, 0x049f842c), TOBN(0xceabc5d5, 0x1540e82b), - TOBN(0x306710fd, 0x15c6f156), TOBN(0xbe5ae52b, 0x63db1d72), - TOBN(0x06f1e7e6, 0x334957f1), TOBN(0x57e388f0, 0x31144a70), - TOBN(0xfb69bb2f, 0xdf96447b), TOBN(0x0f78ebd3, 0x73e38a12), - TOBN(0xb8222605, 0x2b7ce542), TOBN(0xe6d4ce99, 0x7472bde1), - TOBN(0x53e16ebe, 0x09d2f4da), TOBN(0x180ff42e, 0x53b92b2e), - TOBN(0xc59bcc02, 0x2c34a1c6), TOBN(0x3803d6f9, 0x422c46c2), - TOBN(0x18aff74f, 0x5c14a8a2), TOBN(0x55aebf80, 0x10a08b28), - TOBN(0x66097d58, 0x7135593f), TOBN(0x32e6eff7, 0x2be570cd), - TOBN(0x584e6a10, 0x2a8c860d), TOBN(0xcd185890, 0xa2eb4163), - TOBN(0x7ceae99d, 0x6d97e134), TOBN(0xd42c6b70, 0xdd8447ce), - TOBN(0x59ddbb4a, 0xb8c50273), TOBN(0x03c612df, 0x3cf34e1e), - TOBN(0x84b9ca15, 0x04b6c5a0), TOBN(0x35216f39, 0x18f0e3a3), - TOBN(0x3ec2d2bc, 0xbd986c00), TOBN(0x8bf546d9, 0xd19228fe), - TOBN(0xd1c655a4, 0x4cd623c3), TOBN(0x366ce718, 0x502b8e5a), - TOBN(0x2cfc84b4, 0xeea0bfe7), TOBN(0xe01d5cee, 0xcf443e8e), - TOBN(0x8ec045d9, 0x036520f8), TOBN(0xdfb3c3d1, 0x92d40e98), - TOBN(0x0bac4cce, 0xcc559a04), TOBN(0x35eccae5, 0x240ea6b1), - TOBN(0x180b32db, 0xf8a5a0ac), TOBN(0x547972a5, 0xeb699700), - TOBN(0xa3765801, 0xca26bca0), TOBN(0x57e09d0e, 0xa647f25a), - TOBN(0xb956970e, 0x2fdd23cc), TOBN(0xb80288bc, 0x5682e971), - TOBN(0xe6e6d91e, 0x9ae86ebc), TOBN(0x0564c83f, 0x8c9f1939), - TOBN(0x551932a2, 0x39560368), TOBN(0xe893752b, 0x049c28e2), - TOBN(0x0b03cee5, 0xa6a158c3), TOBN(0xe12d656b, 0x04964263), - TOBN(0x4b47554e, 0x63e3bc1d), TOBN(0xc719b6a2, 0x45044ff7), - TOBN(0x4f24d30a, 0xe48daa07), TOBN(0xa3f37556, 0xc8c1edc3), - TOBN(0x9a47bf76, 0x0700d360), TOBN(0xbb1a1824, 0x822ae4e2), - TOBN(0x22e275a3, 0x89f1fb4c), TOBN(0x72b1aa23, 0x9968c5f5), - TOBN(0xa75feaca, 0xbe063f64), TOBN(0x9b392f43, 0xbce47a09), - TOBN(0xd4241509, 0x1ad07aca), TOBN(0x4b0c591b, 0x8d26cd0f), - TOBN(0x2d42ddfd, 0x92f1169a), TOBN(0x63aeb1ac, 0x4cbf2392), - TOBN(0x1de9e877, 0x0691a2af), TOBN(0xebe79af7, 0xd98021da), - TOBN(0xcfdf2a4e, 0x40e50acf), TOBN(0xf0a98ad7, 0xaf01d665), - TOBN(0xefb640bf, 0x1831be1f), TOBN(0x6fe8bd2f, 0x80e9ada0), - TOBN(0x94c103a1, 0x6cafbc91), TOBN(0x170f8759, 0x8308e08c), - TOBN(0x5de2d2ab, 0x9780ff4f), TOBN(0x666466bc, 0x45b201f2), - TOBN(0x58af2010, 0xf5b343bc), TOBN(0x0f2e400a, 0xf2f142fe), - TOBN(0x3483bfde, 0xa85f4bdf), TOBN(0xf0b1d093, 0x03bfeaa9), - TOBN(0x2ea01b95, 0xc7081603), TOBN(0xe943e4c9, 0x3dba1097), - TOBN(0x47be92ad, 0xb438f3a6), TOBN(0x00bb7742, 0xe5bf6636), - TOBN(0x136b7083, 0x824297b4), TOBN(0x9d0e5580, 0x5584455f), - TOBN(0xab48cedc, 0xf1c7d69e), TOBN(0x53a9e481, 0x2a256e76), - TOBN(0x0402b0e0, 0x65eb2413), TOBN(0xdadbbb84, 0x8fc407a7), - TOBN(0xa65cd5a4, 0x8d7f5492), TOBN(0x21d44293, 0x74bae294), - TOBN(0x66917ce6, 0x3b5f1cc4), TOBN(0x37ae52ea, 0xce872e62), - TOBN(0xbb087b72, 0x2905f244), TOBN(0x12077086, 0x1e6af74f), - TOBN(0x4b644e49, 0x1058edea), TOBN(0x827510e3, 0xb638ca1d), - TOBN(0x8cf2b704, 0x6038591c), TOBN(0xffc8b47a, 0xfe635063), - TOBN(0x3ae220e6, 0x1b4d5e63), TOBN(0xbd864742, 0x9d961b4b), - TOBN(0x610c107e, 0x9bd16bed), TOBN(0x4270352a, 0x1127147b), - TOBN(0x7d17ffe6, 0x64cfc50e), TOBN(0x50dee01a, 0x1e36cb42), - TOBN(0x068a7622, 0x35dc5f9a), TOBN(0x9a08d536, 0xdf53f62c), - TOBN(0x4ed71457, 0x6be5f7de), TOBN(0xd93006f8, 0xc2263c9e), - TOBN(0xe073694c, 0xcacacb36), TOBN(0x2ff7a5b4, 0x3ae118ab), - TOBN(0x3cce53f1, 0xcd871236), TOBN(0xf156a39d, 0xc2aa6d52), - TOBN(0x9cc5f271, 0xb198d76d), TOBN(0xbc615b6f, 0x81383d39), - TOBN(0xa54538e8, 0xde3eee6b), TOBN(0x58c77538, 0xab910d91), - TOBN(0x31e5bdbc, 0x58d278bd), TOBN(0x3cde4adf, 0xb963acae), - TOBN(0xb1881fd2, 0x5302169c), TOBN(0x8ca60fa0, 0xa989ed8b), - TOBN(0xa1999458, 0xff96a0ee), TOBN(0xc1141f03, 0xac6c283d), - TOBN(0x7677408d, 0x6dfafed3), TOBN(0x33a01653, 0x39661588), - TOBN(0x3c9c15ec, 0x0b726fa0), TOBN(0x090cfd93, 0x6c9b56da), - TOBN(0xe34f4bae, 0xa3c40af5), TOBN(0x3469eadb, 0xd21129f1), - TOBN(0xcc51674a, 0x1e207ce8), TOBN(0x1e293b24, 0xc83b1ef9), - TOBN(0x17173d13, 0x1e6c0bb4), TOBN(0x19004695, 0x90776d35), - TOBN(0xe7980e34, 0x6de6f922), TOBN(0x873554cb, 0xf4dd9a22), - TOBN(0x0316c627, 0xcbf18a51), TOBN(0x4d93651b, 0x3032c081), - TOBN(0x207f2771, 0x3946834d), TOBN(0x2c08d7b4, 0x30cdbf80), - TOBN(0x137a4fb4, 0x86df2a61), TOBN(0xa1ed9c07, 0xecf7b4a2), - TOBN(0xb2e460e2, 0x7bd042ff), TOBN(0xb7f5e2fa, 0x5f62f5ec), - TOBN(0x7aa6ec6b, 0xcc2423b7), TOBN(0x75ce0a7f, 0xba63eea7), - TOBN(0x67a45fb1, 0xf250a6e1), TOBN(0x93bc919c, 0xe53cdc9f), - TOBN(0x9271f56f, 0x871942df), TOBN(0x2372ff6f, 0x7859ad66), - TOBN(0x5f4c2b96, 0x33cb1a78), TOBN(0xe3e29101, 0x5838aa83), - TOBN(0xa7ed1611, 0xe4e8110c), TOBN(0x2a2d70d5, 0x330198ce), - TOBN(0xbdf132e8, 0x6720efe0), TOBN(0xe61a8962, 0x66a471bf), - TOBN(0x796d3a85, 0x825808bd), TOBN(0x51dc3cb7, 0x3fd6e902), - TOBN(0x643c768a, 0x916219d1), TOBN(0x36cd7685, 0xa2ad7d32), - TOBN(0xe3db9d05, 0xb22922a4), TOBN(0x6494c87e, 0xdba29660), - TOBN(0xf0ac91df, 0xbcd2ebc7), TOBN(0x4deb57a0, 0x45107f8d), - TOBN(0x42271f59, 0xc3d12a73), TOBN(0x5f71687c, 0xa5c2c51d), - TOBN(0xcb1f50c6, 0x05797bcb), TOBN(0x29ed0ed9, 0xd6d34eb0), - TOBN(0xe5fe5b47, 0x4683c2eb), TOBN(0x4956eeb5, 0x97447c46), - TOBN(0x5b163a43, 0x71207167), TOBN(0x93fa2fed, 0x0248c5ef), - TOBN(0x67930af2, 0x31f63950), TOBN(0xa77797c1, 0x14caa2c9), - TOBN(0x526e80ee, 0x27ac7e62), TOBN(0xe1e6e626, 0x58b28aec), - TOBN(0x636178b0, 0xb3c9fef0), TOBN(0xaf7752e0, 0x6d5f90be), - TOBN(0x94ecaf18, 0xeece51cf), TOBN(0x2864d0ed, 0xca806e1f), - TOBN(0x6de2e383, 0x97c69134), TOBN(0x5a42c316, 0xeb291293), - TOBN(0xc7779219, 0x6a60bae0), TOBN(0xa24de346, 0x6b7599d1), - TOBN(0x49d374aa, 0xb75d4941), TOBN(0x98900586, 0x2d501ff0), - TOBN(0x9f16d40e, 0xeb7974cf), TOBN(0x1033860b, 0xcdd8c115), - TOBN(0xb6c69ac8, 0x2094cec3), TOBN(0x9976fb88, 0x403b770c), - TOBN(0x1dea026c, 0x4859590d), TOBN(0xb6acbb46, 0x8562d1fd), - TOBN(0x7cd6c461, 0x44569d85), TOBN(0xc3190a36, 0x97f0891d), - TOBN(0xc6f53195, 0x48d5a17d), TOBN(0x7d919966, 0xd749abc8), - TOBN(0x65104837, 0xdd1c8a20), TOBN(0x7e5410c8, 0x2f683419), - TOBN(0x958c3ca8, 0xbe94022e), TOBN(0x605c3197, 0x6145dac2), - TOBN(0x3fc07501, 0x01683d54), TOBN(0x1d7127c5, 0x595b1234), - TOBN(0x10b8f87c, 0x9481277f), TOBN(0x677db2a8, 0xe65a1adb), - TOBN(0xec2fccaa, 0xddce3345), TOBN(0x2a6811b7, 0x012a4350), - TOBN(0x96760ff1, 0xac598bdc), TOBN(0x054d652a, 0xd1bf4128), - TOBN(0x0a1151d4, 0x92a21005), TOBN(0xad7f3971, 0x33110fdf), - TOBN(0x8c95928c, 0x1960100f), TOBN(0x6c91c825, 0x7bf03362), - TOBN(0xc8c8b2a2, 0xce309f06), TOBN(0xfdb27b59, 0xca27204b), - TOBN(0xd223eaa5, 0x0848e32e), TOBN(0xb93e4b2e, 0xe7bfaf1e), - TOBN(0xc5308ae6, 0x44aa3ded), TOBN(0x317a666a, 0xc015d573), - TOBN(0xc888ce23, 0x1a979707), TOBN(0xf141c1e6, 0x0d5c4958), - TOBN(0xb53b7de5, 0x61906373), TOBN(0x858dbade, 0xeb999595), - TOBN(0x8cbb47b2, 0xa59e5c36), TOBN(0x660318b3, 0xdcf4e842), - TOBN(0xbd161ccd, 0x12ba4b7a), TOBN(0xf399daab, 0xf8c8282a), - TOBN(0x1587633a, 0xeeb2130d), TOBN(0xa465311a, 0xda38dd7d), - TOBN(0x5f75eec8, 0x64d3779b), TOBN(0x3c5d0476, 0xad64c171), - TOBN(0x87410371, 0x2a914428), TOBN(0x8096a891, 0x90e2fc29), - TOBN(0xd3d2ae9d, 0x23b3ebc2), TOBN(0x90bdd6db, 0xa580cfd6), - TOBN(0x52dbb7f3, 0xc5b01f6c), TOBN(0xe68eded4, 0xe102a2dc), - TOBN(0x17785b77, 0x99eb6df0), TOBN(0x26c3cc51, 0x7386b779), - TOBN(0x345ed988, 0x6417a48e), TOBN(0xe990b4e4, 0x07d6ef31), - TOBN(0x0f456b7e, 0x2586abba), TOBN(0x239ca6a5, 0x59c96e9a), - TOBN(0xe327459c, 0xe2eb4206), TOBN(0x3a4c3313, 0xa002b90a), - TOBN(0x2a114806, 0xf6a3f6fb), TOBN(0xad5cad2f, 0x85c251dd), - TOBN(0x92c1f613, 0xf5a784d3), TOBN(0xec7bfacf, 0x349766d5), - TOBN(0x04b3cd33, 0x3e23cb3b), TOBN(0x3979fe84, 0xc5a64b2d), - TOBN(0x192e2720, 0x7e589106), TOBN(0xa60c43d1, 0xa15b527f), - TOBN(0x2dae9082, 0xbe7cf3a6), TOBN(0xcc86ba92, 0xbc967274), - TOBN(0xf28a2ce8, 0xaea0a8a9), TOBN(0x404ca6d9, 0x6ee988b3), - TOBN(0xfd7e9c5d, 0x005921b8), TOBN(0xf56297f1, 0x44e79bf9), - TOBN(0xa163b460, 0x0d75ddc2), TOBN(0x30b23616, 0xa1f2be87), - TOBN(0x4b070d21, 0xbfe50e2b), TOBN(0x7ef8cfd0, 0xe1bfede1), - TOBN(0xadba0011, 0x2aac4ae0), TOBN(0x2a3e7d01, 0xb9ebd033), - TOBN(0x995277ec, 0xe38d9d1c), TOBN(0xb500249e, 0x9c5d2de3), - TOBN(0x8912b820, 0xf13ca8c9), TOBN(0xc8798114, 0x877793af), - TOBN(0x19e6125d, 0xec3f1dec), TOBN(0x07b1f040, 0x911178da), - TOBN(0xd93ededa, 0x904a6738), TOBN(0x55187a5a, 0x0bebedcd), - TOBN(0xf7d04722, 0xeb329d41), TOBN(0xf449099e, 0xf170b391), - TOBN(0xfd317a69, 0xca99f828), TOBN(0x50c3db2b, 0x34a4976d), - TOBN(0xe9ba7784, 0x3757b392), TOBN(0x326caefd, 0xaa3ca05a), - TOBN(0x78e5293b, 0xf1e593d4), TOBN(0x7842a937, 0x0d98fd13), - TOBN(0xe694bf96, 0x5f96b10d), TOBN(0x373a9df6, 0x06a8cd05), - TOBN(0x997d1e51, 0xe8f0c7fc), TOBN(0x1d019790, 0x63fd972e), - TOBN(0x0064d858, 0x5499fb32), TOBN(0x7b67bad9, 0x77a8aeb7), - TOBN(0x1d3eb977, 0x2d08eec5), TOBN(0x5fc047a6, 0xcbabae1d), - TOBN(0x0577d159, 0xe54a64bb), TOBN(0x8862201b, 0xc43497e4), - TOBN(0xad6b4e28, 0x2ce0608d), TOBN(0x8b687b7d, 0x0b167aac), - TOBN(0x6ed4d367, 0x8b2ecfa9), TOBN(0x24dfe62d, 0xa90c3c38), - TOBN(0xa1862e10, 0x3fe5c42b), TOBN(0x1ca73dca, 0xd5732a9f), - TOBN(0x35f038b7, 0x76bb87ad), TOBN(0x674976ab, 0xf242b81f), - TOBN(0x4f2bde7e, 0xb0fd90cd), TOBN(0x6efc172e, 0xa7fdf092), - TOBN(0x3806b69b, 0x92222f1f), TOBN(0x5a2459ca, 0x6cf7ae70), - TOBN(0x6789f69c, 0xa85217ee), TOBN(0x5f232b5e, 0xe3dc85ac), - TOBN(0x660e3ec5, 0x48e9e516), TOBN(0x124b4e47, 0x3197eb31), - TOBN(0x10a0cb13, 0xaafcca23), TOBN(0x7bd63ba4, 0x8213224f), - TOBN(0xaffad7cc, 0x290a7f4f), TOBN(0x6b409c9e, 0x0286b461), - TOBN(0x58ab809f, 0xffa407af), TOBN(0xc3122eed, 0xc68ac073), - TOBN(0x17bf9e50, 0x4ef24d7e), TOBN(0x5d929794, 0x3e2a5811), - TOBN(0x519bc867, 0x02902e01), TOBN(0x76bba5da, 0x39c8a851), - TOBN(0xe9f9669c, 0xda94951e), TOBN(0x4b6af58d, 0x66b8d418), - TOBN(0xfa321074, 0x17d426a4), TOBN(0xc78e66a9, 0x9dde6027), - TOBN(0x0516c083, 0x4a53b964), TOBN(0xfc659d38, 0xff602330), - TOBN(0x0ab55e5c, 0x58c5c897), TOBN(0x985099b2, 0x838bc5df), - TOBN(0x061d9efc, 0xc52fc238), TOBN(0x712b2728, 0x6ac1da3f), - TOBN(0xfb658149, 0x9283fe08), TOBN(0x4954ac94, 0xb8aaa2f7), - TOBN(0x85c0ada4, 0x7fb2e74f), TOBN(0xee8ba98e, 0xb89926b0), - TOBN(0xe4f9d37d, 0x23d1af5b), TOBN(0x14ccdbf9, 0xba9b015e), - TOBN(0xb674481b, 0x7bfe7178), TOBN(0x4e1debae, 0x65405868), - TOBN(0x061b2821, 0xc48c867d), TOBN(0x69c15b35, 0x513b30ea), - TOBN(0x3b4a1666, 0x36871088), TOBN(0xe5e29f5d, 0x1220b1ff), - TOBN(0x4b82bb35, 0x233d9f4d), TOBN(0x4e076333, 0x18cdc675)}, - {TOBN(0x0d53f5c7, 0xa3e6fced), TOBN(0xe8cbbdd5, 0xf45fbdeb), - TOBN(0xf85c01df, 0x13339a70), TOBN(0x0ff71880, 0x142ceb81), - TOBN(0x4c4e8774, 0xbd70437a), TOBN(0x5fb32891, 0xba0bda6a), - TOBN(0x1cdbebd2, 0xf18bd26e), TOBN(0x2f9526f1, 0x03a9d522), - TOBN(0x40ce3051, 0x92c4d684), TOBN(0x8b04d725, 0x7612efcd), - TOBN(0xb9dcda36, 0x6f9cae20), TOBN(0x0edc4d24, 0xf058856c), - TOBN(0x64f2e6bf, 0x85427900), TOBN(0x3de81295, 0xdc09dfea), - TOBN(0xd41b4487, 0x379bf26c), TOBN(0x50b62c6d, 0x6df135a9), - TOBN(0xd4f8e3b4, 0xc72dfe67), TOBN(0xc416b0f6, 0x90e19fdf), - TOBN(0x18b9098d, 0x4c13bd35), TOBN(0xac11118a, 0x15b8cb9e), - TOBN(0xf598a318, 0xf0062841), TOBN(0xbfe0602f, 0x89f356f4), - TOBN(0x7ae3637e, 0x30177a0c), TOBN(0x34097747, 0x61136537), - TOBN(0x0db2fb5e, 0xd005832a), TOBN(0x5f5efd3b, 0x91042e4f), - TOBN(0x8c4ffdc6, 0xed70f8ca), TOBN(0xe4645d0b, 0xb52da9cc), - TOBN(0x9596f58b, 0xc9001d1f), TOBN(0x52c8f0bc, 0x4e117205), - TOBN(0xfd4aa0d2, 0xe398a084), TOBN(0x815bfe3a, 0x104f49de), - TOBN(0x97e5443f, 0x23885e5f), TOBN(0xf72f8f99, 0xe8433aab), - TOBN(0xbd00b154, 0xe4d4e604), TOBN(0xd0b35e6a, 0xe5e173ff), - TOBN(0x57b2a048, 0x9164722d), TOBN(0x3e3c665b, 0x88761ec8), - TOBN(0x6bdd1397, 0x3da83832), TOBN(0x3c8b1a1e, 0x73dafe3b), - TOBN(0x4497ace6, 0x54317cac), TOBN(0xbe600ab9, 0x521771b3), - TOBN(0xb42e409e, 0xb0dfe8b8), TOBN(0x386a67d7, 0x3942310f), - TOBN(0x25548d8d, 0x4431cc28), TOBN(0xa7cff142, 0x985dc524), - TOBN(0x4d60f5a1, 0x93c4be32), TOBN(0x83ebd5c8, 0xd071c6e1), - TOBN(0xba3a80a7, 0xb1fd2b0b), TOBN(0x9b3ad396, 0x5bec33e8), - TOBN(0xb3868d61, 0x79743fb3), TOBN(0xcfd169fc, 0xfdb462fa), - TOBN(0xd3b499d7, 0x9ce0a6af), TOBN(0x55dc1cf1, 0xe42d3ff8), - TOBN(0x04fb9e6c, 0xc6c3e1b2), TOBN(0x47e6961d, 0x6f69a474), - TOBN(0x54eb3acc, 0xe548b37b), TOBN(0xb38e7542, 0x84d40549), - TOBN(0x8c3daa51, 0x7b341b4f), TOBN(0x2f6928ec, 0x690bf7fa), - TOBN(0x0496b323, 0x86ce6c41), TOBN(0x01be1c55, 0x10adadcd), - TOBN(0xc04e67e7, 0x4bb5faf9), TOBN(0x3cbaf678, 0xe15c9985), - TOBN(0x8cd12145, 0x50ca4247), TOBN(0xba1aa47a, 0xe7dd30aa), - TOBN(0x2f81ddf1, 0xe58fee24), TOBN(0x03452936, 0xeec9b0e8), - TOBN(0x8bdc3b81, 0x243aea96), TOBN(0x9a2919af, 0x15c3d0e5), - TOBN(0x9ea640ec, 0x10948361), TOBN(0x5ac86d5b, 0x6e0bcccf), - TOBN(0xf892d918, 0xc36cf440), TOBN(0xaed3e837, 0xc939719c), - TOBN(0xb07b08d2, 0xc0218b64), TOBN(0x6f1bcbba, 0xce9790dd), - TOBN(0x4a84d6ed, 0x60919b8e), TOBN(0xd8900791, 0x8ac1f9eb), - TOBN(0xf84941aa, 0x0dd5daef), TOBN(0xb22fe40a, 0x67fd62c5), - TOBN(0x97e15ba2, 0x157f2db3), TOBN(0xbda2fc8f, 0x8e28ca9c), - TOBN(0x5d050da4, 0x37b9f454), TOBN(0x3d57eb57, 0x2379d72e), - TOBN(0xe9b5eba2, 0xfb5ee997), TOBN(0x01648ca2, 0xe11538ca), - TOBN(0x32bb76f6, 0xf6327974), TOBN(0x338f14b8, 0xff3f4bb7), - TOBN(0x524d226a, 0xd7ab9a2d), TOBN(0x9c00090d, 0x7dfae958), - TOBN(0x0ba5f539, 0x8751d8c2), TOBN(0x8afcbcdd, 0x3ab8262d), - TOBN(0x57392729, 0xe99d043b), TOBN(0xef51263b, 0xaebc943a), - TOBN(0x9feace93, 0x20862935), TOBN(0x639efc03, 0xb06c817b), - TOBN(0x1fe054b3, 0x66b4be7a), TOBN(0x3f25a9de, 0x84a37a1e), - TOBN(0xf39ef1ad, 0x78d75cd9), TOBN(0xd7b58f49, 0x5062c1b5), - TOBN(0x6f74f9a9, 0xff563436), TOBN(0xf718ff29, 0xe8af51e7), - TOBN(0x5234d313, 0x15e97fec), TOBN(0xb6a8e2b1, 0x292f1c0a), - TOBN(0xa7f53aa8, 0x327720c1), TOBN(0x956ca322, 0xba092cc8), - TOBN(0x8f03d64a, 0x28746c4d), TOBN(0x51fe1782, 0x66d0d392), - TOBN(0xd19b34db, 0x3c832c80), TOBN(0x60dccc5c, 0x6da2e3b4), - TOBN(0x245dd62e, 0x0a104ccc), TOBN(0xa7ab1de1, 0x620b21fd), - TOBN(0xb293ae0b, 0x3893d123), TOBN(0xf7b75783, 0xb15ee71c), - TOBN(0x5aa3c614, 0x42a9468b), TOBN(0xd686123c, 0xdb15d744), - TOBN(0x8c616891, 0xa7ab4116), TOBN(0x6fcd72c8, 0xa4e6a459), - TOBN(0xac219110, 0x77e5fad7), TOBN(0xfb6a20e7, 0x704fa46b), - TOBN(0xe839be7d, 0x341d81dc), TOBN(0xcddb6889, 0x32148379), - TOBN(0xda6211a1, 0xf7026ead), TOBN(0xf3b2575f, 0xf4d1cc5e), - TOBN(0x40cfc8f6, 0xa7a73ae6), TOBN(0x83879a5e, 0x61d5b483), - TOBN(0xc5acb1ed, 0x41a50ebc), TOBN(0x59a60cc8, 0x3c07d8fa), - TOBN(0x1b73bdce, 0xb1876262), TOBN(0x2b0d79f0, 0x12af4ee9), - TOBN(0x8bcf3b0b, 0xd46e1d07), TOBN(0x17d6af9d, 0xe45d152f), - TOBN(0x73520461, 0x6d736451), TOBN(0x43cbbd97, 0x56b0bf5a), - TOBN(0xb0833a5b, 0xd5999b9d), TOBN(0x702614f0, 0xeb72e398), - TOBN(0x0aadf01a, 0x59c3e9f8), TOBN(0x40200e77, 0xce6b3d16), - TOBN(0xda22bdd3, 0xdeddafad), TOBN(0x76dedaf4, 0x310d72e1), - TOBN(0x49ef807c, 0x4bc2e88f), TOBN(0x6ba81291, 0x146dd5a5), - TOBN(0xa1a4077a, 0x7d8d59e9), TOBN(0x87b6a2e7, 0x802db349), - TOBN(0xd5679997, 0x1b4e598e), TOBN(0xf499ef1f, 0x06fe4b1d), - TOBN(0x3978d3ae, 0xfcb267c5), TOBN(0xb582b557, 0x235786d0), - TOBN(0x32b3b2ca, 0x1715cb07), TOBN(0x4c3de6a2, 0x8480241d), - TOBN(0x63b5ffed, 0xcb571ecd), TOBN(0xeaf53900, 0xed2fe9a9), - TOBN(0xdec98d4a, 0xc3b81990), TOBN(0x1cb83722, 0x9e0cc8fe), - TOBN(0xfe0b0491, 0xd2b427b9), TOBN(0x0f2386ac, 0xe983a66c), - TOBN(0x930c4d1e, 0xb3291213), TOBN(0xa2f82b2e, 0x59a62ae4), - TOBN(0x77233853, 0xf93e89e3), TOBN(0x7f8063ac, 0x11777c7f), - TOBN(0xff0eb567, 0x59ad2877), TOBN(0x6f454642, 0x9865c754), - TOBN(0xe6fe701a, 0x236e9a84), TOBN(0xc586ef16, 0x06e40fc3), - TOBN(0x3f62b6e0, 0x24bafad9), TOBN(0xc8b42bd2, 0x64da906a), - TOBN(0xc98e1eb4, 0xda3276a0), TOBN(0x30d0e5fc, 0x06cbf852), - TOBN(0x1b6b2ae1, 0xe8b4dfd4), TOBN(0xd754d5c7, 0x8301cbac), - TOBN(0x66097629, 0x112a39ac), TOBN(0xf86b5999, 0x93ba4ab9), - TOBN(0x26c9dea7, 0x99f9d581), TOBN(0x0473b1a8, 0xc2fafeaa), - TOBN(0x1469af55, 0x3b2505a5), TOBN(0x227d16d7, 0xd6a43323), - TOBN(0x3316f73c, 0xad3d97f9), TOBN(0x52bf3bb5, 0x1f137455), - TOBN(0x953eafeb, 0x09954e7c), TOBN(0xa721dfed, 0xdd732411), - TOBN(0xb4929821, 0x141d4579), TOBN(0x3411321c, 0xaa3bd435), - TOBN(0xafb355aa, 0x17fa6015), TOBN(0xb4e7ef4a, 0x18e42f0e), - TOBN(0x604ac97c, 0x59371000), TOBN(0xe1c48c70, 0x7f759c18), - TOBN(0x3f62ecc5, 0xa5db6b65), TOBN(0x0a78b173, 0x38a21495), - TOBN(0x6be1819d, 0xbcc8ad94), TOBN(0x70dc04f6, 0xd89c3400), - TOBN(0x462557b4, 0xa6b4840a), TOBN(0x544c6ade, 0x60bd21c0), - TOBN(0x6a00f24e, 0x907a544b), TOBN(0xa7520dcb, 0x313da210), - TOBN(0xfe939b75, 0x11e4994b), TOBN(0x918b6ba6, 0xbc275d70), - TOBN(0xd3e5e0fc, 0x644be892), TOBN(0x707a9816, 0xfdaf6c42), - TOBN(0x60145567, 0xf15c13fe), TOBN(0x4818ebaa, 0xe130a54a), - TOBN(0x28aad3ad, 0x58d2f767), TOBN(0xdc5267fd, 0xd7e7c773), - TOBN(0x4919cc88, 0xc3afcc98), TOBN(0xaa2e6ab0, 0x2db8cd4b), - TOBN(0xd46fec04, 0xd0c63eaa), TOBN(0xa1cb92c5, 0x19ffa832), - TOBN(0x678dd178, 0xe43a631f), TOBN(0xfb5ae1cd, 0x3dc788b3), - TOBN(0x68b4fb90, 0x6e77de04), TOBN(0x7992bcf0, 0xf06dbb97), - TOBN(0x896e6a13, 0xc417c01d), TOBN(0x8d96332c, 0xb956be01), - TOBN(0x902fc93a, 0x413aa2b9), TOBN(0x99a4d915, 0xfc98c8a5), - TOBN(0x52c29407, 0x565f1137), TOBN(0x4072690f, 0x21e4f281), - TOBN(0x36e607cf, 0x02ff6072), TOBN(0xa47d2ca9, 0x8ad98cdc), - TOBN(0xbf471d1e, 0xf5f56609), TOBN(0xbcf86623, 0xf264ada0), - TOBN(0xb70c0687, 0xaa9e5cb6), TOBN(0xc98124f2, 0x17401c6c), - TOBN(0x8189635f, 0xd4a61435), TOBN(0xd28fb8af, 0xa9d98ea6), - TOBN(0xb9a67c2a, 0x40c251f8), TOBN(0x88cd5d87, 0xa2da44be), - TOBN(0x437deb96, 0xe09b5423), TOBN(0x150467db, 0x64287dc1), - TOBN(0xe161debb, 0xcdabb839), TOBN(0xa79e9742, 0xf1839a3e), - TOBN(0xbb8dd3c2, 0x652d202b), TOBN(0x7b3e67f7, 0xe9f97d96), - TOBN(0x5aa5d78f, 0xb1cb6ac9), TOBN(0xffa13e8e, 0xca1d0d45), - TOBN(0x369295dd, 0x2ba5bf95), TOBN(0xd68bd1f8, 0x39aff05e), - TOBN(0xaf0d86f9, 0x26d783f2), TOBN(0x543a59b3, 0xfc3aafc1), - TOBN(0x3fcf81d2, 0x7b7da97c), TOBN(0xc990a056, 0xd25dee46), - TOBN(0x3e6775b8, 0x519cce2c), TOBN(0xfc9af71f, 0xae13d863), - TOBN(0x774a4a6f, 0x47c1605c), TOBN(0x46ba4245, 0x2fd205e8), - TOBN(0xa06feea4, 0xd3fd524d), TOBN(0x1e724641, 0x6de1acc2), - TOBN(0xf53816f1, 0x334e2b42), TOBN(0x49e5918e, 0x922f0024), - TOBN(0x439530b6, 0x65c7322d), TOBN(0xcf12cc01, 0xb3c1b3fb), - TOBN(0xc70b0186, 0x0172f685), TOBN(0xb915ee22, 0x1b58391d), - TOBN(0x9afdf03b, 0xa317db24), TOBN(0x87dec659, 0x17b8ffc4), - TOBN(0x7f46597b, 0xe4d3d050), TOBN(0x80a1c1ed, 0x006500e7), - TOBN(0x84902a96, 0x78bf030e), TOBN(0xfb5e9c9a, 0x50560148), - TOBN(0x6dae0a92, 0x63362426), TOBN(0xdcaeecf4, 0xa9e30c40), - TOBN(0xc0d887bb, 0x518d0c6b), TOBN(0x99181152, 0xcb985b9d), - TOBN(0xad186898, 0xef7bc381), TOBN(0x18168ffb, 0x9ee46201), - TOBN(0x9a04cdaa, 0x2502753c), TOBN(0xbb279e26, 0x51407c41), - TOBN(0xeacb03aa, 0xf23564e5), TOBN(0x18336582, 0x71e61016), - TOBN(0x8684b8c4, 0xeb809877), TOBN(0xb336e18d, 0xea0e672e), - TOBN(0xefb601f0, 0x34ee5867), TOBN(0x2733edbe, 0x1341cfd1), - TOBN(0xb15e809a, 0x26025c3c), TOBN(0xe6e981a6, 0x9350df88), - TOBN(0x92376237, 0x8502fd8e), TOBN(0x4791f216, 0x0c12be9b), - TOBN(0xb7256789, 0x25f02425), TOBN(0xec863194, 0x7a974443), - TOBN(0x7c0ce882, 0xfb41cc52), TOBN(0xc266ff7e, 0xf25c07f2), - TOBN(0x3d4da8c3, 0x017025f3), TOBN(0xefcf628c, 0xfb9579b4), - TOBN(0x5c4d0016, 0x1f3716ec), TOBN(0x9c27ebc4, 0x6801116e), - TOBN(0x5eba0ea1, 0x1da1767e), TOBN(0xfe151452, 0x47004c57), - TOBN(0x3ace6df6, 0x8c2373b7), TOBN(0x75c3dffe, 0x5dbc37ac), - TOBN(0x3dc32a73, 0xddc925fc), TOBN(0xb679c841, 0x2f65ee0b), - TOBN(0x715a3295, 0x451cbfeb), TOBN(0xd9889768, 0xf76e9a29), - TOBN(0xec20ce7f, 0xb28ad247), TOBN(0xe99146c4, 0x00894d79), - TOBN(0x71457d7c, 0x9f5e3ea7), TOBN(0x097b2662, 0x38030031), - TOBN(0xdb7f6ae6, 0xcf9f82a8), TOBN(0x319decb9, 0x438f473a), - TOBN(0xa63ab386, 0x283856c3), TOBN(0x13e3172f, 0xb06a361b), - TOBN(0x2959f8dc, 0x7d5a006c), TOBN(0x2dbc27c6, 0x75fba752), - TOBN(0xc1227ab2, 0x87c22c9e), TOBN(0x06f61f75, 0x71a268b2), - TOBN(0x1b6bb971, 0x04779ce2), TOBN(0xaca83812, 0x0aadcb1d), - TOBN(0x297ae0bc, 0xaeaab2d5), TOBN(0xa5c14ee7, 0x5bfb9f13), - TOBN(0xaa00c583, 0xf17a62c7), TOBN(0x39eb962c, 0x173759f6), - TOBN(0x1eeba1d4, 0x86c9a88f), TOBN(0x0ab6c37a, 0xdf016c5e), - TOBN(0xa2a147db, 0xa28a0749), TOBN(0x246c20d6, 0xee519165), - TOBN(0x5068d1b1, 0xd3810715), TOBN(0xb1e7018c, 0x748160b9), - TOBN(0x03f5b1fa, 0xf380ff62), TOBN(0xef7fb1dd, 0xf3cb2c1e), - TOBN(0xeab539a8, 0xfc91a7da), TOBN(0x83ddb707, 0xf3f9b561), - TOBN(0xc550e211, 0xfe7df7a4), TOBN(0xa7cd07f2, 0x063f6f40), - TOBN(0xb0de3635, 0x2976879c), TOBN(0xb5f83f85, 0xe55741da), - TOBN(0x4ea9d25e, 0xf3d8ac3d), TOBN(0x6fe2066f, 0x62819f02), - TOBN(0x4ab2b9c2, 0xcef4a564), TOBN(0x1e155d96, 0x5ffa2de3), - TOBN(0x0eb0a19b, 0xc3a72d00), TOBN(0x4037665b, 0x8513c31b), - TOBN(0x2fb2b6bf, 0x04c64637), TOBN(0x45c34d6e, 0x08cdc639), - TOBN(0x56f1e10f, 0xf01fd796), TOBN(0x4dfb8101, 0xfe3667b8), - TOBN(0xe0eda253, 0x9021d0c0), TOBN(0x7a94e9ff, 0x8a06c6ab), - TOBN(0x2d3bb0d9, 0xbb9aa882), TOBN(0xea20e4e5, 0xec05fd10), - TOBN(0xed7eeb5f, 0x1a1ca64e), TOBN(0x2fa6b43c, 0xc6327cbd), - TOBN(0xb577e3cf, 0x3aa91121), TOBN(0x8c6bd5ea, 0x3a34079b), - TOBN(0xd7e5ba39, 0x60e02fc0), TOBN(0xf16dd2c3, 0x90141bf8), - TOBN(0xb57276d9, 0x80101b98), TOBN(0x760883fd, 0xb82f0f66), - TOBN(0x89d7de75, 0x4bc3eff3), TOBN(0x03b60643, 0x5dc2ab40), - TOBN(0xcd6e53df, 0xe05beeac), TOBN(0xf2f1e862, 0xbc3325cd), - TOBN(0xdd0f7921, 0x774f03c3), TOBN(0x97ca7221, 0x4552cc1b), - TOBN(0x5a0d6afe, 0x1cd19f72), TOBN(0xa20915dc, 0xf183fbeb), - TOBN(0x9fda4b40, 0x832c403c), TOBN(0x32738edd, 0xbe425442), - TOBN(0x469a1df6, 0xb5eccf1a), TOBN(0x4b5aff42, 0x28bbe1f0), - TOBN(0x31359d7f, 0x570dfc93), TOBN(0xa18be235, 0xf0088628), - TOBN(0xa5b30fba, 0xb00ed3a9), TOBN(0x34c61374, 0x73cdf8be), - TOBN(0x2c5c5f46, 0xabc56797), TOBN(0x5cecf93d, 0xb82a8ae2), - TOBN(0x7d3dbe41, 0xa968fbf0), TOBN(0xd23d4583, 0x1a5c7f3d), - TOBN(0xf28f69a0, 0xc087a9c7), TOBN(0xc2d75471, 0x474471ca), - TOBN(0x36ec9f4a, 0x4eb732ec), TOBN(0x6c943bbd, 0xb1ca6bed), - TOBN(0xd64535e1, 0xf2457892), TOBN(0x8b84a8ea, 0xf7e2ac06), - TOBN(0xe0936cd3, 0x2499dd5f), TOBN(0x12053d7e, 0x0ed04e57), - TOBN(0x4bdd0076, 0xe4305d9d), TOBN(0x34a527b9, 0x1f67f0a2), - TOBN(0xe79a4af0, 0x9cec46ea), TOBN(0xb15347a1, 0x658b9bc7), - TOBN(0x6bd2796f, 0x35af2f75), TOBN(0xac957990, 0x4051c435), - TOBN(0x2669dda3, 0xc33a655d), TOBN(0x5d503c2e, 0x88514aa3), - TOBN(0xdfa11337, 0x3753dd41), TOBN(0x3f054673, 0x0b754f78), - TOBN(0xbf185677, 0x496125bd), TOBN(0xfb0023c8, 0x3775006c), - TOBN(0xfa0f072f, 0x3a037899), TOBN(0x4222b6eb, 0x0e4aea57), - TOBN(0x3dde5e76, 0x7866d25a), TOBN(0xb6eb04f8, 0x4837aa6f), - TOBN(0x5315591a, 0x2cf1cdb8), TOBN(0x6dfb4f41, 0x2d4e683c), - TOBN(0x7e923ea4, 0x48ee1f3a), TOBN(0x9604d9f7, 0x05a2afd5), - TOBN(0xbe1d4a33, 0x40ea4948), TOBN(0x5b45f1f4, 0xb44cbd2f), - TOBN(0x5faf8376, 0x4acc757e), TOBN(0xa7cf9ab8, 0x63d68ff7), - TOBN(0x8ad62f69, 0xdf0e404b), TOBN(0xd65f33c2, 0x12bdafdf), - TOBN(0xc365de15, 0xa377b14e), TOBN(0x6bf5463b, 0x8e39f60c), - TOBN(0x62030d2d, 0x2ce68148), TOBN(0xd95867ef, 0xe6f843a8), - TOBN(0xd39a0244, 0xef5ab017), TOBN(0x0bd2d8c1, 0x4ab55d12), - TOBN(0xc9503db3, 0x41639169), TOBN(0x2d4e25b0, 0xf7660c8a), - TOBN(0x760cb3b5, 0xe224c5d7), TOBN(0xfa3baf8c, 0x68616919), - TOBN(0x9fbca113, 0x8d142552), TOBN(0x1ab18bf1, 0x7669ebf5), - TOBN(0x55e6f53e, 0x9bdf25dd), TOBN(0x04cc0bf3, 0xcb6cd154), - TOBN(0x595bef49, 0x95e89080), TOBN(0xfe9459a8, 0x104a9ac1), - TOBN(0xad2d89ca, 0xcce9bb32), TOBN(0xddea65e1, 0xf7de8285), - TOBN(0x62ed8c35, 0xb351bd4b), TOBN(0x4150ff36, 0x0c0e19a7), - TOBN(0x86e3c801, 0x345f4e47), TOBN(0x3bf21f71, 0x203a266c), - TOBN(0x7ae110d4, 0x855b1f13), TOBN(0x5d6aaf6a, 0x07262517), - TOBN(0x1e0f12e1, 0x813d28f1), TOBN(0x6000e11d, 0x7ad7a523), - TOBN(0xc7d8deef, 0xc744a17b), TOBN(0x1e990b48, 0x14c05a00), - TOBN(0x68fddaee, 0x93e976d5), TOBN(0x696241d1, 0x46610d63), - TOBN(0xb204e7c3, 0x893dda88), TOBN(0x8bccfa65, 0x6a3a6946), - TOBN(0xb59425b4, 0xc5cd1411), TOBN(0x701b4042, 0xff3658b1), - TOBN(0xe3e56bca, 0x4784cf93), TOBN(0x27de5f15, 0x8fe68d60), - TOBN(0x4ab9cfce, 0xf8d53f19), TOBN(0xddb10311, 0xa40a730d), - TOBN(0x6fa73cd1, 0x4eee0a8a), TOBN(0xfd548748, 0x5249719d), - TOBN(0x49d66316, 0xa8123ef0), TOBN(0x73c32db4, 0xe7f95438), - TOBN(0x2e2ed209, 0x0d9e7854), TOBN(0xf98a9329, 0x9d9f0507), - TOBN(0xc5d33cf6, 0x0c6aa20a), TOBN(0x9a32ba14, 0x75279bb2), - TOBN(0x7e3202cb, 0x774a7307), TOBN(0x64ed4bc4, 0xe8c42dbd), - TOBN(0xc20f1a06, 0xd4caed0d), TOBN(0xb8021407, 0x171d22b3), - TOBN(0xd426ca04, 0xd13268d7), TOBN(0x92377007, 0x25f4d126), - TOBN(0x4204cbc3, 0x71f21a85), TOBN(0x18461b7a, 0xf82369ba), - TOBN(0xc0c07d31, 0x3fc858f9), TOBN(0x5deb5a50, 0xe2bab569), - TOBN(0xd5959d46, 0xd5eea89e), TOBN(0xfdff8424, 0x08437f4b), - TOBN(0xf21071e4, 0x3cfe254f), TOBN(0x72417696, 0x95468321), - TOBN(0x5d8288b9, 0x102cae3e), TOBN(0x2d143e3d, 0xf1965dff), - TOBN(0x00c9a376, 0xa078d847), TOBN(0x6fc0da31, 0x26028731), - TOBN(0xa2baeadf, 0xe45083a2), TOBN(0x66bc7218, 0x5e5b4bcd), - TOBN(0x2c826442, 0xd04b8e7f), TOBN(0xc19f5451, 0x6c4b586b), - TOBN(0x60182c49, 0x5b7eeed5), TOBN(0xd9954ecd, 0x7aa9dfa1), - TOBN(0xa403a8ec, 0xc73884ad), TOBN(0x7fb17de2, 0x9bb39041), - TOBN(0x694b64c5, 0xabb020e8), TOBN(0x3d18c184, 0x19c4eec7), - TOBN(0x9c4673ef, 0x1c4793e5), TOBN(0xc7b8aeb5, 0x056092e6), - TOBN(0x3aa1ca43, 0xf0f8c16b), TOBN(0x224ed5ec, 0xd679b2f6), - TOBN(0x0d56eeaf, 0x55a205c9), TOBN(0xbfe115ba, 0x4b8e028b), - TOBN(0x97e60849, 0x3927f4fe), TOBN(0xf91fbf94, 0x759aa7c5), - TOBN(0x985af769, 0x6be90a51), TOBN(0xc1277b78, 0x78ccb823), - TOBN(0x395b656e, 0xe7a75952), TOBN(0x00df7de0, 0x928da5f5), - TOBN(0x09c23175, 0x4ca4454f), TOBN(0x4ec971f4, 0x7aa2d3c1), - TOBN(0x45c3c507, 0xe75d9ccc), TOBN(0x63b7be8a, 0x3dc90306), - TOBN(0x37e09c66, 0x5db44bdc), TOBN(0x50d60da1, 0x6841c6a2), - TOBN(0x6f9b65ee, 0x08df1b12), TOBN(0x38734879, 0x7ff089df), - TOBN(0x9c331a66, 0x3fe8013d), TOBN(0x017f5de9, 0x5f42fcc8), - TOBN(0x43077866, 0xe8e57567), TOBN(0xc9f781ce, 0xf9fcdb18), - TOBN(0x38131dda, 0x9b12e174), TOBN(0x25d84aa3, 0x8a03752a), - TOBN(0x45e09e09, 0x4d0c0ce2), TOBN(0x1564008b, 0x92bebba5), - TOBN(0xf7e8ad31, 0xa87284c7), TOBN(0xb7c4b46c, 0x97e7bbaa), - TOBN(0x3e22a7b3, 0x97acf4ec), TOBN(0x0426c400, 0x5ea8b640), - TOBN(0x5e3295a6, 0x4e969285), TOBN(0x22aabc59, 0xa6a45670), - TOBN(0xb929714c, 0x5f5942bc), TOBN(0x9a6168bd, 0xfa3182ed), - TOBN(0x2216a665, 0x104152ba), TOBN(0x46908d03, 0xb6926368)}, - {TOBN(0xa9f5d874, 0x5a1251fb), TOBN(0x967747a8, 0xc72725c7), - TOBN(0x195c33e5, 0x31ffe89e), TOBN(0x609d210f, 0xe964935e), - TOBN(0xcafd6ca8, 0x2fe12227), TOBN(0xaf9b5b96, 0x0426469d), - TOBN(0x2e9ee04c, 0x5693183c), TOBN(0x1084a333, 0xc8146fef), - TOBN(0x96649933, 0xaed1d1f7), TOBN(0x566eaff3, 0x50563090), - TOBN(0x345057f0, 0xad2e39cf), TOBN(0x148ff65b, 0x1f832124), - TOBN(0x042e89d4, 0xcf94cf0d), TOBN(0x319bec84, 0x520c58b3), - TOBN(0x2a267626, 0x5361aa0d), TOBN(0xc86fa302, 0x8fbc87ad), - TOBN(0xfc83d2ab, 0x5c8b06d5), TOBN(0xb1a785a2, 0xfe4eac46), - TOBN(0xb99315bc, 0x846f7779), TOBN(0xcf31d816, 0xef9ea505), - TOBN(0x2391fe6a, 0x15d7dc85), TOBN(0x2f132b04, 0xb4016b33), - TOBN(0x29547fe3, 0x181cb4c7), TOBN(0xdb66d8a6, 0x650155a1), - TOBN(0x6b66d7e1, 0xadc1696f), TOBN(0x98ebe593, 0x0acd72d0), - TOBN(0x65f24550, 0xcc1b7435), TOBN(0xce231393, 0xb4b9a5ec), - TOBN(0x234a22d4, 0xdb067df9), TOBN(0x98dda095, 0xcaff9b00), - TOBN(0x1bbc75a0, 0x6100c9c1), TOBN(0x1560a9c8, 0x939cf695), - TOBN(0xcf006d3e, 0x99e0925f), TOBN(0x2dd74a96, 0x6322375a), - TOBN(0xc58b446a, 0xb56af5ba), TOBN(0x50292683, 0xe0b9b4f1), - TOBN(0xe2c34cb4, 0x1aeaffa3), TOBN(0x8b17203f, 0x9b9587c1), - TOBN(0x6d559207, 0xead1350c), TOBN(0x2b66a215, 0xfb7f9604), - TOBN(0x0850325e, 0xfe51bf74), TOBN(0x9c4f579e, 0x5e460094), - TOBN(0x5c87b92a, 0x76da2f25), TOBN(0x889de4e0, 0x6febef33), - TOBN(0x6900ec06, 0x646083ce), TOBN(0xbe2a0335, 0xbfe12773), - TOBN(0xadd1da35, 0xc5344110), TOBN(0x757568b7, 0xb802cd20), - TOBN(0x75559779, 0x00f7e6c8), TOBN(0x38e8b94f, 0x0facd2f0), - TOBN(0xfea1f3af, 0x03fde375), TOBN(0x5e11a1d8, 0x75881dfc), - TOBN(0xb3a6b02e, 0xc1e2f2ef), TOBN(0x193d2bbb, 0xc605a6c5), - TOBN(0x325ffeee, 0x339a0b2d), TOBN(0x27b6a724, 0x9e0c8846), - TOBN(0xe4050f1c, 0xf1c367ca), TOBN(0x9bc85a9b, 0xc90fbc7d), - TOBN(0xa373c4a2, 0xe1a11032), TOBN(0xb64232b7, 0xad0393a9), - TOBN(0xf5577eb0, 0x167dad29), TOBN(0x1604f301, 0x94b78ab2), - TOBN(0x0baa94af, 0xe829348b), TOBN(0x77fbd8dd, 0x41654342), - TOBN(0xdab50ea5, 0xb964e39a), TOBN(0xd4c29e3c, 0xd0d3c76e), - TOBN(0x80dae67c, 0x56d11964), TOBN(0x7307a8bf, 0xe5ffcc2f), - TOBN(0x65bbc1aa, 0x91708c3b), TOBN(0xa151e62c, 0x28bf0eeb), - TOBN(0x6cb53381, 0x6fa34db7), TOBN(0x5139e05c, 0xa29403a8), - TOBN(0x6ff651b4, 0x94a7cd2e), TOBN(0x5671ffd1, 0x0699336c), - TOBN(0x6f5fd2cc, 0x979a896a), TOBN(0x11e893a8, 0xd8148cef), - TOBN(0x988906a1, 0x65cf7b10), TOBN(0x81b67178, 0xc50d8485), - TOBN(0x7c0deb35, 0x8a35b3de), TOBN(0x423ac855, 0xc1d29799), - TOBN(0xaf580d87, 0xdac50b74), TOBN(0x28b2b89f, 0x5869734c), - TOBN(0x99a3b936, 0x874e28fb), TOBN(0xbb2c9190, 0x25f3f73a), - TOBN(0x199f6918, 0x84a9d5b7), TOBN(0x7ebe2325, 0x7e770374), - TOBN(0xf442e107, 0x0738efe2), TOBN(0xcf9f3f56, 0xcf9082d2), - TOBN(0x719f69e1, 0x09618708), TOBN(0xcc9e8364, 0xc183f9b1), - TOBN(0xec203a95, 0x366a21af), TOBN(0x6aec5d6d, 0x068b141f), - TOBN(0xee2df78a, 0x994f04e9), TOBN(0xb39ccae8, 0x271245b0), - TOBN(0xb875a4a9, 0x97e43f4f), TOBN(0x507dfe11, 0xdb2cea98), - TOBN(0x4fbf81cb, 0x489b03e9), TOBN(0xdb86ec5b, 0x6ec414fa), - TOBN(0xfad444f9, 0xf51b3ae5), TOBN(0xca7d33d6, 0x1914e3fe), - TOBN(0xa9c32f5c, 0x0ae6c4d0), TOBN(0xa9ca1d1e, 0x73969568), - TOBN(0x98043c31, 0x1aa7467e), TOBN(0xe832e75c, 0xe21b5ac6), - TOBN(0x314b7aea, 0x5232123d), TOBN(0x08307c8c, 0x65ae86db), - TOBN(0x06e7165c, 0xaa4668ed), TOBN(0xb170458b, 0xb4d3ec39), - TOBN(0x4d2e3ec6, 0xc19bb986), TOBN(0xc5f34846, 0xae0304ed), - TOBN(0x917695a0, 0x6c9f9722), TOBN(0x6c7f7317, 0x4cab1c0a), - TOBN(0x6295940e, 0x9d6d2e8b), TOBN(0xd318b8c1, 0x549f7c97), - TOBN(0x22453204, 0x97713885), TOBN(0x468d834b, 0xa8a440fe), - TOBN(0xd81fe5b2, 0xbfba796e), TOBN(0x152364db, 0x6d71f116), - TOBN(0xbb8c7c59, 0xb5b66e53), TOBN(0x0b12c61b, 0x2641a192), - TOBN(0x31f14802, 0xfcf0a7fd), TOBN(0x42fd0789, 0x5488b01e), - TOBN(0x71d78d6d, 0x9952b498), TOBN(0x8eb572d9, 0x07ac5201), - TOBN(0xe0a2a44c, 0x4d194a88), TOBN(0xd2b63fd9, 0xba017e66), - TOBN(0x78efc6c8, 0xf888aefc), TOBN(0xb76f6bda, 0x4a881a11), - TOBN(0x187f314b, 0xb46c2397), TOBN(0x004cf566, 0x5ded2819), - TOBN(0xa9ea5704, 0x38764d34), TOBN(0xbba45217, 0x78084709), - TOBN(0x06474571, 0x1171121e), TOBN(0xad7b7eb1, 0xe7c9b671), - TOBN(0xdacfbc40, 0x730f7507), TOBN(0x178cd8c6, 0xc7ad7bd1), - TOBN(0xbf0be101, 0xb2a67238), TOBN(0x3556d367, 0xaf9c14f2), - TOBN(0x104b7831, 0xa5662075), TOBN(0x58ca59bb, 0x79d9e60a), - TOBN(0x4bc45392, 0xa569a73b), TOBN(0x517a52e8, 0x5698f6c9), - TOBN(0x85643da5, 0xaeadd755), TOBN(0x1aed0cd5, 0x2a581b84), - TOBN(0xb9b4ff84, 0x80af1372), TOBN(0x244c3113, 0xf1ba5d1f), - TOBN(0x2a5dacbe, 0xf5f98d31), TOBN(0x2c3323e8, 0x4375bc2a), - TOBN(0x17a3ab4a, 0x5594b1dd), TOBN(0xa1928bfb, 0xceb4797e), - TOBN(0xe83af245, 0xe4886a19), TOBN(0x8979d546, 0x72b5a74a), - TOBN(0xa0f726bc, 0x19f9e967), TOBN(0xd9d03152, 0xe8fbbf4e), - TOBN(0xcfd6f51d, 0xb7707d40), TOBN(0x633084d9, 0x63f6e6e0), - TOBN(0xedcd9cdc, 0x55667eaf), TOBN(0x73b7f92b, 0x2e44d56f), - TOBN(0xfb2e39b6, 0x4e962b14), TOBN(0x7d408f6e, 0xf671fcbf), - TOBN(0xcc634ddc, 0x164a89bb), TOBN(0x74a42bb2, 0x3ef3bd05), - TOBN(0x1280dbb2, 0x428decbb), TOBN(0x6103f6bb, 0x402c8596), - TOBN(0xfa2bf581, 0x355a5752), TOBN(0x562f96a8, 0x00946674), - TOBN(0x4e4ca16d, 0x6da0223b), TOBN(0xfe47819f, 0x28d3aa25), - TOBN(0x9eea3075, 0xf8dfcf8a), TOBN(0xa284f0aa, 0x95669825), - TOBN(0xb3fca250, 0x867d3fd8), TOBN(0x20757b5f, 0x269d691e), - TOBN(0xf2c24020, 0x93b8a5de), TOBN(0xd3f93359, 0xebc06da6), - TOBN(0x1178293e, 0xb2739c33), TOBN(0xd2a3e770, 0xbcd686e5), - TOBN(0xa76f49f4, 0xcd941534), TOBN(0x0d37406b, 0xe3c71c0e), - TOBN(0x172d9397, 0x3b97f7e3), TOBN(0xec17e239, 0xbd7fd0de), - TOBN(0xe3290551, 0x6f496ba2), TOBN(0x6a693172, 0x36ad50e7), - TOBN(0xc4e539a2, 0x83e7eff5), TOBN(0x752737e7, 0x18e1b4cf), - TOBN(0xa2f7932c, 0x68af43ee), TOBN(0x5502468e, 0x703d00bd), - TOBN(0xe5dc978f, 0x2fb061f5), TOBN(0xc9a1904a, 0x28c815ad), - TOBN(0xd3af538d, 0x470c56a4), TOBN(0x159abc5f, 0x193d8ced), - TOBN(0x2a37245f, 0x20108ef3), TOBN(0xfa17081e, 0x223f7178), - TOBN(0x27b0fb2b, 0x10c8c0f5), TOBN(0x2102c3ea, 0x40650547), - TOBN(0x594564df, 0x8ac3bfa7), TOBN(0x98102033, 0x509dad96), - TOBN(0x6989643f, 0xf1d18a13), TOBN(0x35eebd91, 0xd7fc5af0), - TOBN(0x078d096a, 0xfaeaafd8), TOBN(0xb7a89341, 0xdef3de98), - TOBN(0x2a206e8d, 0xecf2a73a), TOBN(0x066a6397, 0x8e551994), - TOBN(0x3a6a088a, 0xb98d53a2), TOBN(0x0ce7c67c, 0x2d1124aa), - TOBN(0x48cec671, 0x759a113c), TOBN(0xe3b373d3, 0x4f6f67fa), - TOBN(0x5455d479, 0xfd36727b), TOBN(0xe5a428ee, 0xa13c0d81), - TOBN(0xb853dbc8, 0x1c86682b), TOBN(0xb78d2727, 0xb8d02b2a), - TOBN(0xaaf69bed, 0x8ebc329a), TOBN(0xdb6b40b3, 0x293b2148), - TOBN(0xe42ea77d, 0xb8c4961f), TOBN(0xb1a12f7c, 0x20e5e0ab), - TOBN(0xa0ec5274, 0x79e8b05e), TOBN(0x68027391, 0xfab60a80), - TOBN(0x6bfeea5f, 0x16b1bd5e), TOBN(0xf957e420, 0x4de30ad3), - TOBN(0xcbaf664e, 0x6a353b9e), TOBN(0x5c873312, 0x26d14feb), - TOBN(0x4e87f98c, 0xb65f57cb), TOBN(0xdb60a621, 0x5e0cdd41), - TOBN(0x67c16865, 0xa6881440), TOBN(0x1093ef1a, 0x46ab52aa), - TOBN(0xc095afb5, 0x3f4ece64), TOBN(0x6a6bb02e, 0x7604551a), - TOBN(0x55d44b4e, 0x0b26b8cd), TOBN(0xe5f9a999, 0xf971268a), - TOBN(0xc08ec425, 0x11a7de84), TOBN(0x83568095, 0xfda469dd), - TOBN(0x737bfba1, 0x6c6c90a2), TOBN(0x1cb9c4a0, 0xbe229831), - TOBN(0x93bccbba, 0xbb2eec64), TOBN(0xa0c23b64, 0xda03adbe), - TOBN(0x5f7aa00a, 0xe0e86ac4), TOBN(0x470b941e, 0xfc1401e6), - TOBN(0x5ad8d679, 0x9df43574), TOBN(0x4ccfb8a9, 0x0f65d810), - TOBN(0x1bce80e3, 0xaa7fbd81), TOBN(0x273291ad, 0x9508d20a), - TOBN(0xf5c4b46b, 0x42a92806), TOBN(0x810684ec, 0xa86ab44a), - TOBN(0x4591640b, 0xca0bc9f8), TOBN(0xb5efcdfc, 0x5c4b6054), - TOBN(0x16fc8907, 0x6e9edd12), TOBN(0xe29d0b50, 0xd4d792f9), - TOBN(0xa45fd01c, 0x9b03116d), TOBN(0x85035235, 0xc81765a4), - TOBN(0x1fe2a9b2, 0xb4b4b67c), TOBN(0xc1d10df0, 0xe8020604), - TOBN(0x9d64abfc, 0xbc8058d8), TOBN(0x8943b9b2, 0x712a0fbb), - TOBN(0x90eed914, 0x3b3def04), TOBN(0x85ab3aa2, 0x4ce775ff), - TOBN(0x605fd4ca, 0x7bbc9040), TOBN(0x8b34a564, 0xe2c75dfb), - TOBN(0x41ffc94a, 0x10358560), TOBN(0x2d8a5072, 0x9e5c28aa), - TOBN(0xe915a0fc, 0x4cc7eb15), TOBN(0xe9efab05, 0x8f6d0f5d), - TOBN(0xdbab47a9, 0xd19e9b91), TOBN(0x8cfed745, 0x0276154c), - TOBN(0x154357ae, 0x2cfede0d), TOBN(0x520630df, 0x19f5a4ef), - TOBN(0x25759f7c, 0xe382360f), TOBN(0xb6db05c9, 0x88bf5857), - TOBN(0x2917d61d, 0x6c58d46c), TOBN(0x14f8e491, 0xfd20cb7a), - TOBN(0xb68a727a, 0x11c20340), TOBN(0x0386f86f, 0xaf7ccbb6), - TOBN(0x5c8bc6cc, 0xfee09a20), TOBN(0x7d76ff4a, 0xbb7eea35), - TOBN(0xa7bdebe7, 0xdb15be7a), TOBN(0x67a08054, 0xd89f0302), - TOBN(0x56bf0ea9, 0xc1193364), TOBN(0xc8244467, 0x62837ebe), - TOBN(0x32bd8e8b, 0x20d841b8), TOBN(0x127a0548, 0xdbb8a54f), - TOBN(0x83dd4ca6, 0x63b20236), TOBN(0x87714718, 0x203491fa), - TOBN(0x4dabcaaa, 0xaa8a5288), TOBN(0x91cc0c8a, 0xaf23a1c9), - TOBN(0x34c72c6a, 0x3f220e0c), TOBN(0xbcc20bdf, 0x1232144a), - TOBN(0x6e2f42da, 0xa20ede1b), TOBN(0xc441f00c, 0x74a00515), - TOBN(0xbf46a5b6, 0x734b8c4b), TOBN(0x57409503, 0x7b56c9a4), - TOBN(0x9f735261, 0xe4585d45), TOBN(0x9231faed, 0x6734e642), - TOBN(0x1158a176, 0xbe70ee6c), TOBN(0x35f1068d, 0x7c3501bf), - TOBN(0x6beef900, 0xa2d26115), TOBN(0x649406f2, 0xef0afee3), - TOBN(0x3f43a60a, 0xbc2420a1), TOBN(0x509002a7, 0xd5aee4ac), - TOBN(0xb46836a5, 0x3ff3571b), TOBN(0x24f98b78, 0x837927c1), - TOBN(0x6254256a, 0x4533c716), TOBN(0xf27abb0b, 0xd07ee196), - TOBN(0xd7cf64fc, 0x5c6d5bfd), TOBN(0x6915c751, 0xf0cd7a77), - TOBN(0xd9f59012, 0x8798f534), TOBN(0x772b0da8, 0xf81d8b5f), - TOBN(0x1244260c, 0x2e03fa69), TOBN(0x36cf0e3a, 0x3be1a374), - TOBN(0x6e7c1633, 0xef06b960), TOBN(0xa71a4c55, 0x671f90f6), - TOBN(0x7a941251, 0x33c673db), TOBN(0xc0bea510, 0x73e8c131), - TOBN(0x61a8a699, 0xd4f6c734), TOBN(0x25e78c88, 0x341ed001), - TOBN(0x5c18acf8, 0x8e2f7d90), TOBN(0xfdbf33d7, 0x77be32cd), - TOBN(0x0a085cd7, 0xd2eb5ee9), TOBN(0x2d702cfb, 0xb3201115), - TOBN(0xb6e0ebdb, 0x85c88ce8), TOBN(0x23a3ce3c, 0x1e01d617), - TOBN(0x3041618e, 0x567333ac), TOBN(0x9dd0fd8f, 0x157edb6b), - TOBN(0x27f74702, 0xb57872b8), TOBN(0x2ef26b4f, 0x657d5fe1), - TOBN(0x95426f0a, 0x57cf3d40), TOBN(0x847e2ad1, 0x65a6067a), - TOBN(0xd474d9a0, 0x09996a74), TOBN(0x16a56acd, 0x2a26115c), - TOBN(0x02a615c3, 0xd16f4d43), TOBN(0xcc3fc965, 0xaadb85b7), - TOBN(0x386bda73, 0xce07d1b0), TOBN(0xd82910c2, 0x58ad4178), - TOBN(0x124f82cf, 0xcd2617f4), TOBN(0xcc2f5e8d, 0xef691770), - TOBN(0x82702550, 0xb8c30ccc), TOBN(0x7b856aea, 0x1a8e575a), - TOBN(0xbb822fef, 0xb1ab9459), TOBN(0x085928bc, 0xec24e38e), - TOBN(0x5d0402ec, 0xba8f4b4d), TOBN(0xc07cd4ba, 0x00b4d58b), - TOBN(0x5d8dffd5, 0x29227e7a), TOBN(0x61d44d0c, 0x31bf386f), - TOBN(0xe486dc2b, 0x135e6f4d), TOBN(0x680962eb, 0xe79410ef), - TOBN(0xa61bd343, 0xf10088b5), TOBN(0x6aa76076, 0xe2e28686), - TOBN(0x80463d11, 0x8fb98871), TOBN(0xcb26f5c3, 0xbbc76aff), - TOBN(0xd4ab8edd, 0xfbe03614), TOBN(0xc8eb579b, 0xc0cf2dee), - TOBN(0xcc004c15, 0xc93bae41), TOBN(0x46fbae5d, 0x3aeca3b2), - TOBN(0x671235cf, 0x0f1e9ab1), TOBN(0xadfba934, 0x9ec285c1), - TOBN(0x88ded013, 0xf216c980), TOBN(0xc8ac4fb8, 0xf79e0bc1), - TOBN(0xa29b89c6, 0xfb97a237), TOBN(0xb697b780, 0x9922d8e7), - TOBN(0x3142c639, 0xddb945b5), TOBN(0x447b06c7, 0xe094c3a9), - TOBN(0xcdcb3642, 0x72266c90), TOBN(0x633aad08, 0xa9385046), - TOBN(0xa36c936b, 0xb57c6477), TOBN(0x871f8b64, 0xe94dbcc6), - TOBN(0x28d0fb62, 0xa591a67b), TOBN(0x9d40e081, 0xc1d926f5), - TOBN(0x3111eaf6, 0xf2d84b5a), TOBN(0x228993f9, 0xa565b644), - TOBN(0x0ccbf592, 0x2c83188b), TOBN(0xf87b30ab, 0x3df3e197), - TOBN(0xb8658b31, 0x7642bca8), TOBN(0x1a032d7f, 0x52800f17), - TOBN(0x051dcae5, 0x79bf9445), TOBN(0xeba6b8ee, 0x54a2e253), - TOBN(0x5c8b9cad, 0xd4485692), TOBN(0x84bda40e, 0x8986e9be), - TOBN(0xd16d16a4, 0x2f0db448), TOBN(0x8ec80050, 0xa14d4188), - TOBN(0xb2b26107, 0x98fa7aaa), TOBN(0x41209ee4, 0xf073aa4e), - TOBN(0xf1570359, 0xf2d6b19b), TOBN(0xcbe6868c, 0xfc577caf), - TOBN(0x186c4bdc, 0x32c04dd3), TOBN(0xa6c35fae, 0xcfeee397), - TOBN(0xb4a1b312, 0xf086c0cf), TOBN(0xe0a5ccc6, 0xd9461fe2), - TOBN(0xc32278aa, 0x1536189f), TOBN(0x1126c55f, 0xba6df571), - TOBN(0x0f71a602, 0xb194560e), TOBN(0x8b2d7405, 0x324bd6e1), - TOBN(0x8481939e, 0x3738be71), TOBN(0xb5090b1a, 0x1a4d97a9), - TOBN(0x116c65a3, 0xf05ba915), TOBN(0x21863ad3, 0xaae448aa), - TOBN(0xd24e2679, 0xa7aae5d3), TOBN(0x7076013d, 0x0de5c1c4), - TOBN(0x2d50f8ba, 0xbb05b629), TOBN(0x73c1abe2, 0x6e66efbb), - TOBN(0xefd4b422, 0xf2488af7), TOBN(0xe4105d02, 0x663ba575), - TOBN(0x7eb60a8b, 0x53a69457), TOBN(0x62210008, 0xc945973b), - TOBN(0xfb255478, 0x77a50ec6), TOBN(0xbf0392f7, 0x0a37a72c), - TOBN(0xa0a7a19c, 0x4be18e7a), TOBN(0x90d8ea16, 0x25b1e0af), - TOBN(0x7582a293, 0xef953f57), TOBN(0x90a64d05, 0xbdc5465a), - TOBN(0xca79c497, 0xe2510717), TOBN(0x560dbb7c, 0x18cb641f), - TOBN(0x1d8e3286, 0x4b66abfb), TOBN(0xd26f52e5, 0x59030900), - TOBN(0x1ee3f643, 0x5584941a), TOBN(0x6d3b3730, 0x569f5958), - TOBN(0x9ff2a62f, 0x4789dba5), TOBN(0x91fcb815, 0x72b5c9b7), - TOBN(0xf446cb7d, 0x6c8f9a0e), TOBN(0x48f625c1, 0x39b7ecb5), - TOBN(0xbabae801, 0x1c6219b8), TOBN(0xe7a562d9, 0x28ac2f23), - TOBN(0xe1b48732, 0x26e20588), TOBN(0x06ee1cad, 0x775af051), - TOBN(0xda29ae43, 0xfaff79f7), TOBN(0xc141a412, 0x652ee9e0), - TOBN(0x1e127f6f, 0x195f4bd0), TOBN(0x29c6ab4f, 0x072f34f8), - TOBN(0x7b7c1477, 0x30448112), TOBN(0x82b51af1, 0xe4a38656), - TOBN(0x2bf2028a, 0x2f315010), TOBN(0xc9a4a01f, 0x6ea88cd4), - TOBN(0xf63e95d8, 0x257e5818), TOBN(0xdd8efa10, 0xb4519b16), - TOBN(0xed8973e0, 0x0da910bf), TOBN(0xed49d077, 0x5c0fe4a9), - TOBN(0xac3aac5e, 0xb7caee1e), TOBN(0x1033898d, 0xa7f4da57), - TOBN(0x42145c0e, 0x5c6669b9), TOBN(0x42daa688, 0xc1aa2aa0), - TOBN(0x629cc15c, 0x1a1d885a), TOBN(0x25572ec0, 0xf4b76817), - TOBN(0x8312e435, 0x9c8f8f28), TOBN(0x8107f8cd, 0x81965490), - TOBN(0x516ff3a3, 0x6fa6110c), TOBN(0x74fb1eb1, 0xfb93561f), - TOBN(0x6c0c9047, 0x8457522b), TOBN(0xcfd32104, 0x6bb8bdc6), - TOBN(0x2d6884a2, 0xcc80ad57), TOBN(0x7c27fc35, 0x86a9b637), - TOBN(0x3461baed, 0xadf4e8cd), TOBN(0x1d56251a, 0x617242f0), - TOBN(0x0b80d209, 0xc955bef4), TOBN(0xdf02cad2, 0x06adb047), - TOBN(0xf0d7cb91, 0x5ec74fee), TOBN(0xd2503375, 0x1111ba44), - TOBN(0x9671755e, 0xdf53cb36), TOBN(0x54dcb612, 0x3368551b), - TOBN(0x66d69aac, 0xc8a025a4), TOBN(0x6be946c6, 0xe77ef445), - TOBN(0x719946d1, 0xa995e094), TOBN(0x65e848f6, 0xe51e04d8), - TOBN(0xe62f3300, 0x6a1e3113), TOBN(0x1541c7c1, 0x501de503), - TOBN(0x4daac9fa, 0xf4acfade), TOBN(0x0e585897, 0x44cd0b71), - TOBN(0x544fd869, 0x0a51cd77), TOBN(0x60fc20ed, 0x0031016d), - TOBN(0x58b404ec, 0xa4276867), TOBN(0x46f6c3cc, 0x34f34993), - TOBN(0x477ca007, 0xc636e5bd), TOBN(0x8018f5e5, 0x7c458b47), - TOBN(0xa1202270, 0xe47b668f), TOBN(0xcef48ccd, 0xee14f203), - TOBN(0x23f98bae, 0x62ff9b4d), TOBN(0x55acc035, 0xc589eddd), - TOBN(0x3fe712af, 0x64db4444), TOBN(0x19e9d634, 0xbecdd480), - TOBN(0xe08bc047, 0xa930978a), TOBN(0x2dbf24ec, 0xa1280733), - TOBN(0x3c0ae38c, 0x2cd706b2), TOBN(0x5b012a5b, 0x359017b9), - TOBN(0x3943c38c, 0x72e0f5ae), TOBN(0x786167ea, 0x57176fa3), - TOBN(0xe5f9897d, 0x594881dc), TOBN(0x6b5efad8, 0xcfb820c1), - TOBN(0xb2179093, 0xd55018de), TOBN(0x39ad7d32, 0x0bac56ce), - TOBN(0xb55122e0, 0x2cfc0e81), TOBN(0x117c4661, 0xf6d89daa), - TOBN(0x362d01e1, 0xcb64fa09), TOBN(0x6a309b4e, 0x3e9c4ddd), - TOBN(0xfa979fb7, 0xabea49b1), TOBN(0xb4b1d27d, 0x10e2c6c5), - TOBN(0xbd61c2c4, 0x23afde7a), TOBN(0xeb6614f8, 0x9786d358), - TOBN(0x4a5d816b, 0x7f6f7459), TOBN(0xe431a44f, 0x09360e7b), - TOBN(0x8c27a032, 0xc309914c), TOBN(0xcea5d68a, 0xcaede3d8), - TOBN(0x3668f665, 0x3a0a3f95), TOBN(0x89369416, 0x7ceba27b), - TOBN(0x89981fad, 0xe4728fe9), TOBN(0x7102c8a0, 0x8a093562), - TOBN(0xbb80310e, 0x235d21c8), TOBN(0x505e55d1, 0xbefb7f7b), - TOBN(0xa0a90811, 0x12958a67), TOBN(0xd67e106a, 0x4d851fef), - TOBN(0xb84011a9, 0x431dd80e), TOBN(0xeb7c7cca, 0x73306cd9), - TOBN(0x20fadd29, 0xd1b3b730), TOBN(0x83858b5b, 0xfe37b3d3), - TOBN(0xbf4cd193, 0xb6251d5c), TOBN(0x1cca1fd3, 0x1352d952), - TOBN(0xc66157a4, 0x90fbc051), TOBN(0x7990a638, 0x89b98636)}, - {TOBN(0xe5aa692a, 0x87dec0e1), TOBN(0x010ded8d, 0xf7b39d00), - TOBN(0x7b1b80c8, 0x54cfa0b5), TOBN(0x66beb876, 0xa0f8ea28), - TOBN(0x50d7f531, 0x3476cd0e), TOBN(0xa63d0e65, 0xb08d3949), - TOBN(0x1a09eea9, 0x53479fc6), TOBN(0x82ae9891, 0xf499e742), - TOBN(0xab58b910, 0x5ca7d866), TOBN(0x582967e2, 0x3adb3b34), - TOBN(0x89ae4447, 0xcceac0bc), TOBN(0x919c667c, 0x7bf56af5), - TOBN(0x9aec17b1, 0x60f5dcd7), TOBN(0xec697b9f, 0xddcaadbc), - TOBN(0x0b98f341, 0x463467f5), TOBN(0xb187f1f7, 0xa967132f), - TOBN(0x90fe7a1d, 0x214aeb18), TOBN(0x1506af3c, 0x741432f7), - TOBN(0xbb5565f9, 0xe591a0c4), TOBN(0x10d41a77, 0xb44f1bc3), - TOBN(0xa09d65e4, 0xa84bde96), TOBN(0x42f060d8, 0xf20a6a1c), - TOBN(0x652a3bfd, 0xf27f9ce7), TOBN(0xb6bdb65c, 0x3b3d739f), - TOBN(0xeb5ddcb6, 0xec7fae9f), TOBN(0x995f2714, 0xefb66e5a), - TOBN(0xdee95d8e, 0x69445d52), TOBN(0x1b6c2d46, 0x09e27620), - TOBN(0x32621c31, 0x8129d716), TOBN(0xb03909f1, 0x0958c1aa), - TOBN(0x8c468ef9, 0x1af4af63), TOBN(0x162c429f, 0xfba5cdf6), - TOBN(0x2f682343, 0x753b9371), TOBN(0x29cab45a, 0x5f1f9cd7), - TOBN(0x571623ab, 0xb245db96), TOBN(0xc507db09, 0x3fd79999), - TOBN(0x4e2ef652, 0xaf036c32), TOBN(0x86f0cc78, 0x05018e5c), - TOBN(0xc10a73d4, 0xab8be350), TOBN(0x6519b397, 0x7e826327), - TOBN(0xe8cb5eef, 0x9c053df7), TOBN(0x8de25b37, 0xb300ea6f), - TOBN(0xdb03fa92, 0xc849cffb), TOBN(0x242e43a7, 0xe84169bb), - TOBN(0xe4fa51f4, 0xdd6f958e), TOBN(0x6925a77f, 0xf4445a8d), - TOBN(0xe6e72a50, 0xe90d8949), TOBN(0xc66648e3, 0x2b1f6390), - TOBN(0xb2ab1957, 0x173e460c), TOBN(0x1bbbce75, 0x30704590), - TOBN(0xc0a90dbd, 0xdb1c7162), TOBN(0x505e399e, 0x15cdd65d), - TOBN(0x68434dcb, 0x57797ab7), TOBN(0x60ad35ba, 0x6a2ca8e8), - TOBN(0x4bfdb1e0, 0xde3336c1), TOBN(0xbbef99eb, 0xd8b39015), - TOBN(0x6c3b96f3, 0x1711ebec), TOBN(0x2da40f1f, 0xce98fdc4), - TOBN(0xb99774d3, 0x57b4411f), TOBN(0x87c8bdf4, 0x15b65bb6), - TOBN(0xda3a89e3, 0xc2eef12d), TOBN(0xde95bb9b, 0x3c7471f3), - TOBN(0x600f225b, 0xd812c594), TOBN(0x54907c5d, 0x2b75a56b), - TOBN(0xa93cc5f0, 0x8db60e35), TOBN(0x743e3cd6, 0xfa833319), - TOBN(0x7dad5c41, 0xf81683c9), TOBN(0x70c1e7d9, 0x9c34107e), - TOBN(0x0edc4a39, 0xa6be0907), TOBN(0x36d47035, 0x86d0b7d3), - TOBN(0x8c76da03, 0x272bfa60), TOBN(0x0b4a07ea, 0x0f08a414), - TOBN(0x699e4d29, 0x45c1dd53), TOBN(0xcadc5898, 0x231debb5), - TOBN(0xdf49fcc7, 0xa77f00e0), TOBN(0x93057bbf, 0xa73e5a0e), - TOBN(0x2f8b7ecd, 0x027a4cd1), TOBN(0x114734b3, 0xc614011a), - TOBN(0xe7a01db7, 0x67677c68), TOBN(0x89d9be5e, 0x7e273f4f), - TOBN(0xd225cb2e, 0x089808ef), TOBN(0xf1f7a27d, 0xd59e4107), - TOBN(0x53afc761, 0x8211b9c9), TOBN(0x0361bc67, 0xe6819159), - TOBN(0x2a865d0b, 0x7f071426), TOBN(0x6a3c1810, 0xe7072567), - TOBN(0x3e3bca1e, 0x0d6bcabd), TOBN(0xa1b02bc1, 0x408591bc), - TOBN(0xe0deee59, 0x31fba239), TOBN(0xf47424d3, 0x98bd91d1), - TOBN(0x0f8886f4, 0x071a3c1d), TOBN(0x3f7d41e8, 0xa819233b), - TOBN(0x708623c2, 0xcf6eb998), TOBN(0x86bb49af, 0x609a287f), - TOBN(0x942bb249, 0x63c90762), TOBN(0x0ef6eea5, 0x55a9654b), - TOBN(0x5f6d2d72, 0x36f5defe), TOBN(0xfa9922dc, 0x56f99176), - TOBN(0x6c8c5ece, 0xf78ce0c7), TOBN(0x7b44589d, 0xbe09b55e), - TOBN(0xe11b3bca, 0x9ea83770), TOBN(0xd7fa2c7f, 0x2ab71547), - TOBN(0x2a3dd6fa, 0x2a1ddcc0), TOBN(0x09acb430, 0x5a7b7707), - TOBN(0x4add4a2e, 0x649d4e57), TOBN(0xcd53a2b0, 0x1917526e), - TOBN(0xc5262330, 0x20b44ac4), TOBN(0x4028746a, 0xbaa2c31d), - TOBN(0x51318390, 0x64291d4c), TOBN(0xbf48f151, 0xee5ad909), - TOBN(0xcce57f59, 0x7b185681), TOBN(0x7c3ac1b0, 0x4854d442), - TOBN(0x65587dc3, 0xc093c171), TOBN(0xae7acb24, 0x24f42b65), - TOBN(0x5a338adb, 0x955996cb), TOBN(0xc8e65675, 0x6051f91b), - TOBN(0x66711fba, 0x28b8d0b1), TOBN(0x15d74137, 0xb6c10a90), - TOBN(0x70cdd7eb, 0x3a232a80), TOBN(0xc9e2f07f, 0x6191ed24), - TOBN(0xa80d1db6, 0xf79588c0), TOBN(0xfa52fc69, 0xb55768cc), - TOBN(0x0b4df1ae, 0x7f54438a), TOBN(0x0cadd1a7, 0xf9b46a4f), - TOBN(0xb40ea6b3, 0x1803dd6f), TOBN(0x488e4fa5, 0x55eaae35), - TOBN(0x9f047d55, 0x382e4e16), TOBN(0xc9b5b7e0, 0x2f6e0c98), - TOBN(0x6b1bd2d3, 0x95762649), TOBN(0xa9604ee7, 0xc7aea3f6), - TOBN(0x3646ff27, 0x6dc6f896), TOBN(0x9bf0e7f5, 0x2860bad1), - TOBN(0x2d92c821, 0x7cb44b92), TOBN(0xa2f5ce63, 0xaea9c182), - TOBN(0xd0a2afb1, 0x9154a5fd), TOBN(0x482e474c, 0x95801da6), - TOBN(0xc19972d0, 0xb611c24b), TOBN(0x1d468e65, 0x60a8f351), - TOBN(0xeb758069, 0x7bcf6421), TOBN(0xec9dd0ee, 0x88fbc491), - TOBN(0x5b59d2bf, 0x956c2e32), TOBN(0x73dc6864, 0xdcddf94e), - TOBN(0xfd5e2321, 0xbcee7665), TOBN(0xa7b4f8ef, 0x5e9a06c4), - TOBN(0xfba918dd, 0x7280f855), TOBN(0xbbaac260, 0x8baec688), - TOBN(0xa3b3f00f, 0x33400f42), TOBN(0x3d2dba29, 0x66f2e6e4), - TOBN(0xb6f71a94, 0x98509375), TOBN(0x8f33031f, 0xcea423cc), - TOBN(0x009b8dd0, 0x4807e6fb), TOBN(0x5163cfe5, 0x5cdb954c), - TOBN(0x03cc8f17, 0xcf41c6e8), TOBN(0xf1f03c2a, 0x037b925c), - TOBN(0xc39c19cc, 0x66d2427c), TOBN(0x823d24ba, 0x7b6c18e4), - TOBN(0x32ef9013, 0x901f0b4f), TOBN(0x684360f1, 0xf8941c2e), - TOBN(0x0ebaff52, 0x2c28092e), TOBN(0x7891e4e3, 0x256c932f), - TOBN(0x51264319, 0xac445e3d), TOBN(0x553432e7, 0x8ea74381), - TOBN(0xe6eeaa69, 0x67e9c50a), TOBN(0x27ced284, 0x62e628c7), - TOBN(0x3f96d375, 0x7a4afa57), TOBN(0xde0a14c3, 0xe484c150), - TOBN(0x364a24eb, 0x38bd9923), TOBN(0x1df18da0, 0xe5177422), - TOBN(0x174e8f82, 0xd8d38a9b), TOBN(0x2e97c600, 0xe7de1391), - TOBN(0xc5709850, 0xa1c175dd), TOBN(0x969041a0, 0x32ae5035), - TOBN(0xcbfd533b, 0x76a2086b), TOBN(0xd6bba71b, 0xd7c2e8fe), - TOBN(0xb2d58ee6, 0x099dfb67), TOBN(0x3a8b342d, 0x064a85d9), - TOBN(0x3bc07649, 0x522f9be3), TOBN(0x690c075b, 0xdf1f49a8), - TOBN(0x80e1aee8, 0x3854ec42), TOBN(0x2a7dbf44, 0x17689dc7), - TOBN(0xc004fc0e, 0x3faf4078), TOBN(0xb2f02e9e, 0xdf11862c), - TOBN(0xf10a5e0f, 0xa0a1b7b3), TOBN(0x30aca623, 0x8936ec80), - TOBN(0xf83cbf05, 0x02f40d9a), TOBN(0x4681c468, 0x2c318a4d), - TOBN(0x98575618, 0x0e9c2674), TOBN(0xbe79d046, 0x1847092e), - TOBN(0xaf1e480a, 0x78bd01e0), TOBN(0x6dd359e4, 0x72a51db9), - TOBN(0x62ce3821, 0xe3afbab6), TOBN(0xc5cee5b6, 0x17733199), - TOBN(0xe08b30d4, 0x6ffd9fbb), TOBN(0x6e5bc699, 0x36c610b7), - TOBN(0xf343cff2, 0x9ce262cf), TOBN(0xca2e4e35, 0x68b914c1), - TOBN(0x011d64c0, 0x16de36c5), TOBN(0xe0b10fdd, 0x42e2b829), - TOBN(0x78942981, 0x6685aaf8), TOBN(0xe7511708, 0x230ede97), - TOBN(0x671ed8fc, 0x3b922bf8), TOBN(0xe4d8c0a0, 0x4c29b133), - TOBN(0x87eb1239, 0x3b6e99c4), TOBN(0xaff3974c, 0x8793beba), - TOBN(0x03749405, 0x2c18df9b), TOBN(0xc5c3a293, 0x91007139), - TOBN(0x6a77234f, 0xe37a0b95), TOBN(0x02c29a21, 0xb661c96b), - TOBN(0xc3aaf1d6, 0x141ecf61), TOBN(0x9195509e, 0x3bb22f53), - TOBN(0x29597404, 0x22d51357), TOBN(0x1b083822, 0x537bed60), - TOBN(0xcd7d6e35, 0xe07289f0), TOBN(0x1f94c48c, 0x6dd86eff), - TOBN(0xc8bb1f82, 0xeb0f9cfa), TOBN(0x9ee0b7e6, 0x1b2eb97d), - TOBN(0x5a52fe2e, 0x34d74e31), TOBN(0xa352c310, 0x3bf79ab6), - TOBN(0x97ff6c5a, 0xabfeeb8f), TOBN(0xbfbe8fef, 0xf5c97305), - TOBN(0xd6081ce6, 0xa7904608), TOBN(0x1f812f3a, 0xc4fca249), - TOBN(0x9b24bc9a, 0xb9e5e200), TOBN(0x91022c67, 0x38012ee8), - TOBN(0xe83d9c5d, 0x30a713a1), TOBN(0x4876e3f0, 0x84ef0f93), - TOBN(0xc9777029, 0xc1fbf928), TOBN(0xef7a6bb3, 0xbce7d2a4), - TOBN(0xb8067228, 0xdfa2a659), TOBN(0xd5cd3398, 0xd877a48f), - TOBN(0xbea4fd8f, 0x025d0f3f), TOBN(0xd67d2e35, 0x2eae7c2b), - TOBN(0x184de7d7, 0xcc5f4394), TOBN(0xb5551b5c, 0x4536e142), - TOBN(0x2e89b212, 0xd34aa60a), TOBN(0x14a96fea, 0xf50051d5), - TOBN(0x4e21ef74, 0x0d12bb0b), TOBN(0xc522f020, 0x60b9677e), - TOBN(0x8b12e467, 0x2df7731d), TOBN(0x39f80382, 0x7b326d31), - TOBN(0xdfb8630c, 0x39024a94), TOBN(0xaacb96a8, 0x97319452), - TOBN(0xd68a3961, 0xeda3867c), TOBN(0x0c58e2b0, 0x77c4ffca), - TOBN(0x3d545d63, 0x4da919fa), TOBN(0xef79b69a, 0xf15e2289), - TOBN(0x54bc3d3d, 0x808bab10), TOBN(0xc8ab3007, 0x45f82c37), - TOBN(0xc12738b6, 0x7c4a658a), TOBN(0xb3c47639, 0x40e72182), - TOBN(0x3b77be46, 0x8798e44f), TOBN(0xdc047df2, 0x17a7f85f), - TOBN(0x2439d4c5, 0x5e59d92d), TOBN(0xcedca475, 0xe8e64d8d), - TOBN(0xa724cd0d, 0x87ca9b16), TOBN(0x35e4fd59, 0xa5540dfe), - TOBN(0xf8c1ff18, 0xe4bcf6b1), TOBN(0x856d6285, 0x295018fa), - TOBN(0x433f665c, 0x3263c949), TOBN(0xa6a76dd6, 0xa1f21409), - TOBN(0x17d32334, 0xcc7b4f79), TOBN(0xa1d03122, 0x06720e4a), - TOBN(0xadb6661d, 0x81d9bed5), TOBN(0xf0d6fb02, 0x11db15d1), - TOBN(0x7fd11ad5, 0x1fb747d2), TOBN(0xab50f959, 0x3033762b), - TOBN(0x2a7e711b, 0xfbefaf5a), TOBN(0xc7393278, 0x3fef2bbf), - TOBN(0xe29fa244, 0x0df6f9be), TOBN(0x9092757b, 0x71efd215), - TOBN(0xee60e311, 0x4f3d6fd9), TOBN(0x338542d4, 0x0acfb78b), - TOBN(0x44a23f08, 0x38961a0f), TOBN(0x1426eade, 0x986987ca), - TOBN(0x36e6ee2e, 0x4a863cc6), TOBN(0x48059420, 0x628b8b79), - TOBN(0x30303ad8, 0x7396e1de), TOBN(0x5c8bdc48, 0x38c5aad1), - TOBN(0x3e40e11f, 0x5c8f5066), TOBN(0xabd6e768, 0x8d246bbd), - TOBN(0x68aa40bb, 0x23330a01), TOBN(0xd23f5ee4, 0xc34eafa0), - TOBN(0x3bbee315, 0x5de02c21), TOBN(0x18dd4397, 0xd1d8dd06), - TOBN(0x3ba1939a, 0x122d7b44), TOBN(0xe6d3b40a, 0xa33870d6), - TOBN(0x8e620f70, 0x1c4fe3f8), TOBN(0xf6bba1a5, 0xd3a50cbf), - TOBN(0x4a78bde5, 0xcfc0aee0), TOBN(0x847edc46, 0xc08c50bd), - TOBN(0xbaa2439c, 0xad63c9b2), TOBN(0xceb4a728, 0x10fc2acb), - TOBN(0xa419e40e, 0x26da033d), TOBN(0x6cc3889d, 0x03e02683), - TOBN(0x1cd28559, 0xfdccf725), TOBN(0x0fd7e0f1, 0x8d13d208), - TOBN(0x01b9733b, 0x1f0df9d4), TOBN(0x8cc2c5f3, 0xa2b5e4f3), - TOBN(0x43053bfa, 0x3a304fd4), TOBN(0x8e87665c, 0x0a9f1aa7), - TOBN(0x087f29ec, 0xd73dc965), TOBN(0x15ace455, 0x3e9023db), - TOBN(0x2370e309, 0x2bce28b4), TOBN(0xf9723442, 0xb6b1e84a), - TOBN(0xbeee662e, 0xb72d9f26), TOBN(0xb19396de, 0xf0e47109), - TOBN(0x85b1fa73, 0xe13289d0), TOBN(0x436cf77e, 0x54e58e32), - TOBN(0x0ec833b3, 0xe990ef77), TOBN(0x7373e3ed, 0x1b11fc25), - TOBN(0xbe0eda87, 0x0fc332ce), TOBN(0xced04970, 0x8d7ea856), - TOBN(0xf85ff785, 0x7e977ca0), TOBN(0xb66ee8da, 0xdfdd5d2b), - TOBN(0xf5e37950, 0x905af461), TOBN(0x587b9090, 0x966d487c), - TOBN(0x6a198a1b, 0x32ba0127), TOBN(0xa7720e07, 0x141615ac), - TOBN(0xa23f3499, 0x996ef2f2), TOBN(0xef5f64b4, 0x470bcb3d), - TOBN(0xa526a962, 0x92b8c559), TOBN(0x0c14aac0, 0x69740a0f), - TOBN(0x0d41a9e3, 0xa6bdc0a5), TOBN(0x97d52106, 0x9c48aef4), - TOBN(0xcf16bd30, 0x3e7c253b), TOBN(0xcc834b1a, 0x47fdedc1), - TOBN(0x7362c6e5, 0x373aab2e), TOBN(0x264ed85e, 0xc5f590ff), - TOBN(0x7a46d9c0, 0x66d41870), TOBN(0xa50c20b1, 0x4787ba09), - TOBN(0x185e7e51, 0xe3d44635), TOBN(0xb3b3e080, 0x31e2d8dc), - TOBN(0xbed1e558, 0xa179e9d9), TOBN(0x2daa3f79, 0x74a76781), - TOBN(0x4372baf2, 0x3a40864f), TOBN(0x46900c54, 0x4fe75cb5), - TOBN(0xb95f171e, 0xf76765d0), TOBN(0x4ad726d2, 0x95c87502), - TOBN(0x2ec769da, 0x4d7c99bd), TOBN(0x5e2ddd19, 0xc36cdfa8), - TOBN(0xc22117fc, 0xa93e6dea), TOBN(0xe8a2583b, 0x93771123), - TOBN(0xbe2f6089, 0xfa08a3a2), TOBN(0x4809d5ed, 0x8f0e1112), - TOBN(0x3b414aa3, 0xda7a095e), TOBN(0x9049acf1, 0x26f5aadd), - TOBN(0x78d46a4d, 0x6be8b84a), TOBN(0xd66b1963, 0xb732b9b3), - TOBN(0x5c2ac2a0, 0xde6e9555), TOBN(0xcf52d098, 0xb5bd8770), - TOBN(0x15a15fa6, 0x0fd28921), TOBN(0x56ccb81e, 0x8b27536d), - TOBN(0x0f0d8ab8, 0x9f4ccbb8), TOBN(0xed5f44d2, 0xdb221729), - TOBN(0x43141988, 0x00bed10c), TOBN(0xc94348a4, 0x1d735b8b), - TOBN(0x79f3e9c4, 0x29ef8479), TOBN(0x4c13a4e3, 0x614c693f), - TOBN(0x32c9af56, 0x8e143a14), TOBN(0xbc517799, 0xe29ac5c4), - TOBN(0x05e17992, 0x2774856f), TOBN(0x6e52fb05, 0x6c1bf55f), - TOBN(0xaeda4225, 0xe4f19e16), TOBN(0x70f4728a, 0xaf5ccb26), - TOBN(0x5d2118d1, 0xb2947f22), TOBN(0xc827ea16, 0x281d6fb9), - TOBN(0x8412328d, 0x8cf0eabd), TOBN(0x45ee9fb2, 0x03ef9dcf), - TOBN(0x8e700421, 0xbb937d63), TOBN(0xdf8ff2d5, 0xcc4b37a6), - TOBN(0xa4c0d5b2, 0x5ced7b68), TOBN(0x6537c1ef, 0xc7308f59), - TOBN(0x25ce6a26, 0x3b37f8e8), TOBN(0x170e9a9b, 0xdeebc6ce), - TOBN(0xdd037952, 0x8728d72c), TOBN(0x445b0e55, 0x850154bc), - TOBN(0x4b7d0e06, 0x83a7337b), TOBN(0x1e3416d4, 0xffecf249), - TOBN(0x24840eff, 0x66a2b71f), TOBN(0xd0d9a50a, 0xb37cc26d), - TOBN(0xe2198150, 0x6fe28ef7), TOBN(0x3cc5ef16, 0x23324c7f), - TOBN(0x220f3455, 0x769b5263), TOBN(0xe2ade2f1, 0xa10bf475), - TOBN(0x28cd20fa, 0x458d3671), TOBN(0x1549722c, 0x2dc4847b), - TOBN(0x6dd01e55, 0x591941e3), TOBN(0x0e6fbcea, 0x27128ccb), - TOBN(0xae1a1e6b, 0x3bef0262), TOBN(0xfa8c472c, 0x8f54e103), - TOBN(0x7539c0a8, 0x72c052ec), TOBN(0xd7b27369, 0x5a3490e9), - TOBN(0x143fe1f1, 0x71684349), TOBN(0x36b4722e, 0x32e19b97), - TOBN(0xdc059227, 0x90980aff), TOBN(0x175c9c88, 0x9e13d674), - TOBN(0xa7de5b22, 0x6e6bfdb1), TOBN(0x5ea5b7b2, 0xbedb4b46), - TOBN(0xd5570191, 0xd34a6e44), TOBN(0xfcf60d2e, 0xa24ff7e6), - TOBN(0x614a392d, 0x677819e1), TOBN(0x7be74c7e, 0xaa5a29e8), - TOBN(0xab50fece, 0x63c85f3f), TOBN(0xaca2e2a9, 0x46cab337), - TOBN(0x7f700388, 0x122a6fe3), TOBN(0xdb69f703, 0x882a04a8), - TOBN(0x9a77935d, 0xcf7aed57), TOBN(0xdf16207c, 0x8d91c86f), - TOBN(0x2fca49ab, 0x63ed9998), TOBN(0xa3125c44, 0xa77ddf96), - TOBN(0x05dd8a86, 0x24344072), TOBN(0xa023dda2, 0xfec3fb56), - TOBN(0x421b41fc, 0x0c743032), TOBN(0x4f2120c1, 0x5e438639), - TOBN(0xfb7cae51, 0xc83c1b07), TOBN(0xb2370caa, 0xcac2171a), - TOBN(0x2eb2d962, 0x6cc820fb), TOBN(0x59feee5c, 0xb85a44bf), - TOBN(0x94620fca, 0x5b6598f0), TOBN(0x6b922cae, 0x7e314051), - TOBN(0xff8745ad, 0x106bed4e), TOBN(0x546e71f5, 0xdfa1e9ab), - TOBN(0x935c1e48, 0x1ec29487), TOBN(0x9509216c, 0x4d936530), - TOBN(0xc7ca3067, 0x85c9a2db), TOBN(0xd6ae5152, 0x6be8606f), - TOBN(0x09dbcae6, 0xe14c651d), TOBN(0xc9536e23, 0x9bc32f96), - TOBN(0xa90535a9, 0x34521b03), TOBN(0xf39c526c, 0x878756ff), - TOBN(0x383172ec, 0x8aedf03c), TOBN(0x20a8075e, 0xefe0c034), - TOBN(0xf22f9c62, 0x64026422), TOBN(0x8dd10780, 0x24b9d076), - TOBN(0x944c742a, 0x3bef2950), TOBN(0x55b9502e, 0x88a2b00b), - TOBN(0xa59e14b4, 0x86a09817), TOBN(0xa39dd3ac, 0x47bb4071), - TOBN(0x55137f66, 0x3be0592f), TOBN(0x07fcafd4, 0xc9e63f5b), - TOBN(0x963652ee, 0x346eb226), TOBN(0x7dfab085, 0xec2facb7), - TOBN(0x273bf2b8, 0x691add26), TOBN(0x30d74540, 0xf2b46c44), - TOBN(0x05e8e73e, 0xf2c2d065), TOBN(0xff9b8a00, 0xd42eeac9), - TOBN(0x2fcbd205, 0x97209d22), TOBN(0xeb740ffa, 0xde14ea2c), - TOBN(0xc71ff913, 0xa8aef518), TOBN(0x7bfc74bb, 0xfff4cfa2), - TOBN(0x1716680c, 0xb6b36048), TOBN(0x121b2cce, 0x9ef79af1), - TOBN(0xbff3c836, 0xa01eb3d3), TOBN(0x50eb1c6a, 0x5f79077b), - TOBN(0xa48c32d6, 0xa004bbcf), TOBN(0x47a59316, 0x7d64f61d), - TOBN(0x6068147f, 0x93102016), TOBN(0x12c5f654, 0x94d12576), - TOBN(0xefb071a7, 0xc9bc6b91), TOBN(0x7c2da0c5, 0x6e23ea95), - TOBN(0xf4fd45b6, 0xd4a1dd5d), TOBN(0x3e7ad9b6, 0x9122b13c), - TOBN(0x342ca118, 0xe6f57a48), TOBN(0x1c2e94a7, 0x06f8288f), - TOBN(0x99e68f07, 0x5a97d231), TOBN(0x7c80de97, 0x4d838758), - TOBN(0xbce0f5d0, 0x05872727), TOBN(0xbe5d95c2, 0x19c4d016), - TOBN(0x921d5cb1, 0x9c2492ee), TOBN(0x42192dc1, 0x404d6fb3), - TOBN(0x4c84dcd1, 0x32f988d3), TOBN(0xde26d61f, 0xa17b8e85), - TOBN(0xc466dcb6, 0x137c7408), TOBN(0x9a38d7b6, 0x36a266da), - TOBN(0x7ef5cb06, 0x83bebf1b), TOBN(0xe5cdcbbf, 0x0fd014e3), - TOBN(0x30aa376d, 0xf65965a0), TOBN(0x60fe88c2, 0xebb3e95e), - TOBN(0x33fd0b61, 0x66ee6f20), TOBN(0x8827dcdb, 0x3f41f0a0), - TOBN(0xbf8a9d24, 0x0c56c690), TOBN(0x40265dad, 0xddb7641d), - TOBN(0x522b05bf, 0x3a6b662b), TOBN(0x466d1dfe, 0xb1478c9b), - TOBN(0xaa616962, 0x1484469b), TOBN(0x0db60549, 0x02df8f9f), - TOBN(0xc37bca02, 0x3cb8bf51), TOBN(0x5effe346, 0x21371ce8), - TOBN(0xe8f65264, 0xff112c32), TOBN(0x8a9c736d, 0x7b971fb2), - TOBN(0xa4f19470, 0x7b75080d), TOBN(0xfc3f2c5a, 0x8839c59b), - TOBN(0x1d6c777e, 0x5aeb49c2), TOBN(0xf3db034d, 0xda1addfe), - TOBN(0xd76fee5a, 0x5535affc), TOBN(0x0853ac70, 0xb92251fd), - TOBN(0x37e3d594, 0x8b2a29d5), TOBN(0x28f1f457, 0x4de00ddb), - TOBN(0x8083c1b5, 0xf42c328b), TOBN(0xd8ef1d8f, 0xe493c73b), - TOBN(0x96fb6260, 0x41dc61bd), TOBN(0xf74e8a9d, 0x27ee2f8a), - TOBN(0x7c605a80, 0x2c946a5d), TOBN(0xeed48d65, 0x3839ccfd), - TOBN(0x9894344f, 0x3a29467a), TOBN(0xde81e949, 0xc51eba6d), - TOBN(0xdaea066b, 0xa5e5c2f2), TOBN(0x3fc8a614, 0x08c8c7b3), - TOBN(0x7adff88f, 0x06d0de9f), TOBN(0xbbc11cf5, 0x3b75ce0a), - TOBN(0x9fbb7acc, 0xfbbc87d5), TOBN(0xa1458e26, 0x7badfde2)}, - {TOBN(0x1cb43668, 0xe039c256), TOBN(0x5f26fb8b, 0x7c17fd5d), - TOBN(0xeee426af, 0x79aa062b), TOBN(0x072002d0, 0xd78fbf04), - TOBN(0x4c9ca237, 0xe84fb7e3), TOBN(0xb401d8a1, 0x0c82133d), - TOBN(0xaaa52592, 0x6d7e4181), TOBN(0xe9430833, 0x73dbb152), - TOBN(0xf92dda31, 0xbe24319a), TOBN(0x03f7d28b, 0xe095a8e7), - TOBN(0xa52fe840, 0x98782185), TOBN(0x276ddafe, 0x29c24dbc), - TOBN(0x80cd5496, 0x1d7a64eb), TOBN(0xe4360889, 0x7f1dbe42), - TOBN(0x2f81a877, 0x8438d2d5), TOBN(0x7e4d52a8, 0x85169036), - TOBN(0x19e3d5b1, 0x1d59715d), TOBN(0xc7eaa762, 0xd788983e), - TOBN(0xe5a730b0, 0xabf1f248), TOBN(0xfbab8084, 0xfae3fd83), - TOBN(0x65e50d21, 0x53765b2f), TOBN(0xbdd4e083, 0xfa127f3d), - TOBN(0x9cf3c074, 0x397b1b10), TOBN(0x59f8090c, 0xb1b59fd3), - TOBN(0x7b15fd9d, 0x615faa8f), TOBN(0x8fa1eb40, 0x968554ed), - TOBN(0x7bb4447e, 0x7aa44882), TOBN(0x2bb2d0d1, 0x029fff32), - TOBN(0x075e2a64, 0x6caa6d2f), TOBN(0x8eb879de, 0x22e7351b), - TOBN(0xbcd5624e, 0x9a506c62), TOBN(0x218eaef0, 0xa87e24dc), - TOBN(0x37e56847, 0x44ddfa35), TOBN(0x9ccfc5c5, 0xdab3f747), - TOBN(0x9ac1df3f, 0x1ee96cf4), TOBN(0x0c0571a1, 0x3b480b8f), - TOBN(0x2fbeb3d5, 0x4b3a7b3c), TOBN(0x35c03669, 0x5dcdbb99), - TOBN(0x52a0f5dc, 0xb2415b3a), TOBN(0xd57759b4, 0x4413ed9a), - TOBN(0x1fe647d8, 0x3d30a2c5), TOBN(0x0857f77e, 0xf78a81dc), - TOBN(0x11d5a334, 0x131a4a9b), TOBN(0xc0a94af9, 0x29d393f5), - TOBN(0xbc3a5c0b, 0xdaa6ec1a), TOBN(0xba9fe493, 0x88d2d7ed), - TOBN(0xbb4335b4, 0xbb614797), TOBN(0x991c4d68, 0x72f83533), - TOBN(0x53258c28, 0xd2f01cb3), TOBN(0x93d6eaa3, 0xd75db0b1), - TOBN(0x419a2b0d, 0xe87d0db4), TOBN(0xa1e48f03, 0xd8fe8493), - TOBN(0xf747faf6, 0xc508b23a), TOBN(0xf137571a, 0x35d53549), - TOBN(0x9f5e58e2, 0xfcf9b838), TOBN(0xc7186cee, 0xa7fd3cf5), - TOBN(0x77b868ce, 0xe978a1d3), TOBN(0xe3a68b33, 0x7ab92d04), - TOBN(0x51029794, 0x87a5b862), TOBN(0x5f0606c3, 0x3a61d41d), - TOBN(0x2814be27, 0x6f9326f1), TOBN(0x2f521c14, 0xc6fe3c2e), - TOBN(0x17464d7d, 0xacdf7351), TOBN(0x10f5f9d3, 0x777f7e44), - TOBN(0xce8e616b, 0x269fb37d), TOBN(0xaaf73804, 0x7de62de5), - TOBN(0xaba11175, 0x4fdd4153), TOBN(0x515759ba, 0x3770b49b), - TOBN(0x8b09ebf8, 0xaa423a61), TOBN(0x592245a1, 0xcd41fb92), - TOBN(0x1cba8ec1, 0x9b4c8936), TOBN(0xa87e91e3, 0xaf36710e), - TOBN(0x1fd84ce4, 0x3d34a2e3), TOBN(0xee3759ce, 0xb43b5d61), - TOBN(0x895bc78c, 0x619186c7), TOBN(0xf19c3809, 0xcbb9725a), - TOBN(0xc0be21aa, 0xde744b1f), TOBN(0xa7d222b0, 0x60f8056b), - TOBN(0x74be6157, 0xb23efe11), TOBN(0x6fab2b4f, 0x0cd68253), - TOBN(0xad33ea5f, 0x4bf1d725), TOBN(0x9c1d8ee2, 0x4f6c950f), - TOBN(0x544ee78a, 0xa377af06), TOBN(0x54f489bb, 0x94a113e1), - TOBN(0x8f11d634, 0x992fb7e8), TOBN(0x0169a7aa, 0xa2a44347), - TOBN(0x1d49d4af, 0x95020e00), TOBN(0x95945722, 0xe08e120b), - TOBN(0xb6e33878, 0xa4d32282), TOBN(0xe36e029d, 0x48020ae7), - TOBN(0xe05847fb, 0x37a9b750), TOBN(0xf876812c, 0xb29e3819), - TOBN(0x84ad138e, 0xd23a17f0), TOBN(0x6d7b4480, 0xf0b3950e), - TOBN(0xdfa8aef4, 0x2fd67ae0), TOBN(0x8d3eea24, 0x52333af6), - TOBN(0x0d052075, 0xb15d5acc), TOBN(0xc6d9c79f, 0xbd815bc4), - TOBN(0x8dcafd88, 0xdfa36cf2), TOBN(0x908ccbe2, 0x38aa9070), - TOBN(0x638722c4, 0xba35afce), TOBN(0x5a3da8b0, 0xfd6abf0b), - TOBN(0x2dce252c, 0xc9c335c1), TOBN(0x84e7f0de, 0x65aa799b), - TOBN(0x2101a522, 0xb99a72cb), TOBN(0x06de6e67, 0x87618016), - TOBN(0x5ff8c7cd, 0xe6f3653e), TOBN(0x0a821ab5, 0xc7a6754a), - TOBN(0x7e3fa52b, 0x7cb0b5a2), TOBN(0xa7fb121c, 0xc9048790), - TOBN(0x1a725020, 0x06ce053a), TOBN(0xb490a31f, 0x04e929b0), - TOBN(0xe17be47d, 0x62dd61ad), TOBN(0x781a961c, 0x6be01371), - TOBN(0x1063bfd3, 0xdae3cbba), TOBN(0x35647406, 0x7f73c9ba), - TOBN(0xf50e957b, 0x2736a129), TOBN(0xa6313702, 0xed13f256), - TOBN(0x9436ee65, 0x3a19fcc5), TOBN(0xcf2bdb29, 0xe7a4c8b6), - TOBN(0xb06b1244, 0xc5f95cd8), TOBN(0xda8c8af0, 0xf4ab95f4), - TOBN(0x1bae59c2, 0xb9e5836d), TOBN(0x07d51e7e, 0x3acffffc), - TOBN(0x01e15e6a, 0xc2ccbcda), TOBN(0x3bc1923f, 0x8528c3e0), - TOBN(0x43324577, 0xa49fead4), TOBN(0x61a1b884, 0x2aa7a711), - TOBN(0xf9a86e08, 0x700230ef), TOBN(0x0af585a1, 0xbd19adf8), - TOBN(0x7645f361, 0xf55ad8f2), TOBN(0x6e676223, 0x46c3614c), - TOBN(0x23cb257c, 0x4e774d3f), TOBN(0x82a38513, 0xac102d1b), - TOBN(0x9bcddd88, 0x7b126aa5), TOBN(0xe716998b, 0xeefd3ee4), - TOBN(0x4239d571, 0xfb167583), TOBN(0xdd011c78, 0xd16c8f8a), - TOBN(0x271c2895, 0x69a27519), TOBN(0x9ce0a3b7, 0xd2d64b6a), - TOBN(0x8c977289, 0xd5ec6738), TOBN(0xa3b49f9a, 0x8840ef6b), - TOBN(0x808c14c9, 0x9a453419), TOBN(0x5c00295b, 0x0cf0a2d5), - TOBN(0x524414fb, 0x1d4bcc76), TOBN(0xb07691d2, 0x459a88f1), - TOBN(0x77f43263, 0xf70d110f), TOBN(0x64ada5e0, 0xb7abf9f3), - TOBN(0xafd0f94e, 0x5b544cf5), TOBN(0xb4a13a15, 0xfd2713fe), - TOBN(0xb99b7d6e, 0x250c74f4), TOBN(0x097f2f73, 0x20324e45), - TOBN(0x994b37d8, 0xaffa8208), TOBN(0xc3c31b0b, 0xdc29aafc), - TOBN(0x3da74651, 0x7a3a607f), TOBN(0xd8e1b8c1, 0xfe6955d6), - TOBN(0x716e1815, 0xc8418682), TOBN(0x541d487f, 0x7dc91d97), - TOBN(0x48a04669, 0xc6996982), TOBN(0xf39cab15, 0x83a6502e), - TOBN(0x025801a0, 0xe68db055), TOBN(0xf3569758, 0xba3338d5), - TOBN(0xb0c8c0aa, 0xee2afa84), TOBN(0x4f6985d3, 0xfb6562d1), - TOBN(0x351f1f15, 0x132ed17a), TOBN(0x510ed0b4, 0xc04365fe), - TOBN(0xa3f98138, 0xe5b1f066), TOBN(0xbc9d95d6, 0x32df03dc), - TOBN(0xa83ccf6e, 0x19abd09e), TOBN(0x0b4097c1, 0x4ff17edb), - TOBN(0x58a5c478, 0xd64a06ce), TOBN(0x2ddcc3fd, 0x544a58fd), - TOBN(0xd449503d, 0x9e8153b8), TOBN(0x3324fd02, 0x7774179b), - TOBN(0xaf5d47c8, 0xdbd9120c), TOBN(0xeb860162, 0x34fa94db), - TOBN(0x5817bdd1, 0x972f07f4), TOBN(0xe5579e2e, 0xd27bbceb), - TOBN(0x86847a1f, 0x5f11e5a6), TOBN(0xb39ed255, 0x7c3cf048), - TOBN(0xe1076417, 0xa2f62e55), TOBN(0x6b9ab38f, 0x1bcf82a2), - TOBN(0x4bb7c319, 0x7aeb29f9), TOBN(0xf6d17da3, 0x17227a46), - TOBN(0xab53ddbd, 0x0f968c00), TOBN(0xa03da7ec, 0x000c880b), - TOBN(0x7b239624, 0x6a9ad24d), TOBN(0x612c0401, 0x01ec60d0), - TOBN(0x70d10493, 0x109f5df1), TOBN(0xfbda4030, 0x80af7550), - TOBN(0x30b93f95, 0xc6b9a9b3), TOBN(0x0c74ec71, 0x007d9418), - TOBN(0x94175564, 0x6edb951f), TOBN(0x5f4a9d78, 0x7f22c282), - TOBN(0xb7870895, 0xb38d1196), TOBN(0xbc593df3, 0xa228ce7c), - TOBN(0xc78c5bd4, 0x6af3641a), TOBN(0x7802200b, 0x3d9b3dcc), - TOBN(0x0dc73f32, 0x8be33304), TOBN(0x847ed87d, 0x61ffb79a), - TOBN(0xf85c974e, 0x6d671192), TOBN(0x1e14100a, 0xde16f60f), - TOBN(0x45cb0d5a, 0x95c38797), TOBN(0x18923bba, 0x9b022da4), - TOBN(0xef2be899, 0xbbe7e86e), TOBN(0x4a1510ee, 0x216067bf), - TOBN(0xd98c8154, 0x84d5ce3e), TOBN(0x1af777f0, 0xf92a2b90), - TOBN(0x9fbcb400, 0x4ef65724), TOBN(0x3e04a4c9, 0x3c0ca6fe), - TOBN(0xfb3e2cb5, 0x55002994), TOBN(0x1f3a93c5, 0x5363ecab), - TOBN(0x1fe00efe, 0x3923555b), TOBN(0x744bedd9, 0x1e1751ea), - TOBN(0x3fb2db59, 0x6ab69357), TOBN(0x8dbd7365, 0xf5e6618b), - TOBN(0x99d53099, 0xdf1ea40e), TOBN(0xb3f24a0b, 0x57d61e64), - TOBN(0xd088a198, 0x596eb812), TOBN(0x22c8361b, 0x5762940b), - TOBN(0x66f01f97, 0xf9c0d95c), TOBN(0x88461172, 0x8e43cdae), - TOBN(0x11599a7f, 0xb72b15c3), TOBN(0x135a7536, 0x420d95cc), - TOBN(0x2dcdf0f7, 0x5f7ae2f6), TOBN(0x15fc6e1d, 0xd7fa6da2), - TOBN(0x81ca829a, 0xd1d441b6), TOBN(0x84c10cf8, 0x04a106b6), - TOBN(0xa9b26c95, 0xa73fbbd0), TOBN(0x7f24e0cb, 0x4d8f6ee8), - TOBN(0x48b45937, 0x1e25a043), TOBN(0xf8a74fca, 0x036f3dfe), - TOBN(0x1ed46585, 0xc9f84296), TOBN(0x7fbaa8fb, 0x3bc278b0), - TOBN(0xa8e96cd4, 0x6c4fcbd0), TOBN(0x940a1202, 0x73b60a5f), - TOBN(0x34aae120, 0x55a4aec8), TOBN(0x550e9a74, 0xdbd742f0), - TOBN(0x794456d7, 0x228c68ab), TOBN(0x492f8868, 0xa4e25ec6), - TOBN(0x682915ad, 0xb2d8f398), TOBN(0xf13b51cc, 0x5b84c953), - TOBN(0xcda90ab8, 0x5bb917d6), TOBN(0x4b615560, 0x4ea3dee1), - TOBN(0x578b4e85, 0x0a52c1c8), TOBN(0xeab1a695, 0x20b75fc4), - TOBN(0x60c14f3c, 0xaa0bb3c6), TOBN(0x220f448a, 0xb8216094), - TOBN(0x4fe7ee31, 0xb0e63d34), TOBN(0xf4600572, 0xa9e54fab), - TOBN(0xc0493334, 0xd5e7b5a4), TOBN(0x8589fb92, 0x06d54831), - TOBN(0xaa70f5cc, 0x6583553a), TOBN(0x0879094a, 0xe25649e5), - TOBN(0xcc904507, 0x10044652), TOBN(0xebb0696d, 0x02541c4f), - TOBN(0x5a171fde, 0xb9718710), TOBN(0x38f1bed8, 0xf374a9f5), - TOBN(0xc8c582e1, 0xba39bdc1), TOBN(0xfc457b0a, 0x908cc0ce), - TOBN(0x9a187fd4, 0x883841e2), TOBN(0x8ec25b39, 0x38725381), - TOBN(0x2553ed05, 0x96f84395), TOBN(0x095c7661, 0x6f6c6897), - TOBN(0x917ac85c, 0x4bdc5610), TOBN(0xb2885fe4, 0x179eb301), - TOBN(0x5fc65547, 0x8b78bdcc), TOBN(0x4a9fc893, 0xe59e4699), - TOBN(0xbb7ff0cd, 0x3ce299af), TOBN(0x195be9b3, 0xadf38b20), - TOBN(0x6a929c87, 0xd38ddb8f), TOBN(0x55fcc99c, 0xb21a51b9), - TOBN(0x2b695b4c, 0x721a4593), TOBN(0xed1e9a15, 0x768eaac2), - TOBN(0xfb63d71c, 0x7489f914), TOBN(0xf98ba31c, 0x78118910), - TOBN(0x80291373, 0x9b128eb4), TOBN(0x7801214e, 0xd448af4a), - TOBN(0xdbd2e22b, 0x55418dd3), TOBN(0xeffb3c0d, 0xd3998242), - TOBN(0xdfa6077c, 0xc7bf3827), TOBN(0xf2165bcb, 0x47f8238f), - TOBN(0xfe37cf68, 0x8564d554), TOBN(0xe5f825c4, 0x0a81fb98), - TOBN(0x43cc4f67, 0xffed4d6f), TOBN(0xbc609578, 0xb50a34b0), - TOBN(0x8aa8fcf9, 0x5041faf1), TOBN(0x5659f053, 0x651773b6), - TOBN(0xe87582c3, 0x6044d63b), TOBN(0xa6089409, 0x0cdb0ca0), - TOBN(0x8c993e0f, 0xbfb2bcf6), TOBN(0xfc64a719, 0x45985cfc), - TOBN(0x15c4da80, 0x83dbedba), TOBN(0x804ae112, 0x2be67df7), - TOBN(0xda4c9658, 0xa23defde), TOBN(0x12002ddd, 0x5156e0d3), - TOBN(0xe68eae89, 0x5dd21b96), TOBN(0x8b99f28b, 0xcf44624d), - TOBN(0x0ae00808, 0x1ec8897a), TOBN(0xdd0a9303, 0x6712f76e), - TOBN(0x96237522, 0x4e233de4), TOBN(0x192445b1, 0x2b36a8a5), - TOBN(0xabf9ff74, 0x023993d9), TOBN(0x21f37bf4, 0x2aad4a8f), - TOBN(0x340a4349, 0xf8bd2bbd), TOBN(0x1d902cd9, 0x4868195d), - TOBN(0x3d27bbf1, 0xe5fdb6f1), TOBN(0x7a5ab088, 0x124f9f1c), - TOBN(0xc466ab06, 0xf7a09e03), TOBN(0x2f8a1977, 0x31f2c123), - TOBN(0xda355dc7, 0x041b6657), TOBN(0xcb840d12, 0x8ece2a7c), - TOBN(0xb600ad9f, 0x7db32675), TOBN(0x78fea133, 0x07a06f1b), - TOBN(0x5d032269, 0xb31f6094), TOBN(0x07753ef5, 0x83ec37aa), - TOBN(0x03485aed, 0x9c0bea78), TOBN(0x41bb3989, 0xbc3f4524), - TOBN(0x09403761, 0x697f726d), TOBN(0x6109beb3, 0xdf394820), - TOBN(0x804111ea, 0x3b6d1145), TOBN(0xb6271ea9, 0xa8582654), - TOBN(0x619615e6, 0x24e66562), TOBN(0xa2554945, 0xd7b6ad9c), - TOBN(0xd9c4985e, 0x99bfe35f), TOBN(0x9770ccc0, 0x7b51cdf6), - TOBN(0x7c327013, 0x92881832), TOBN(0x8777d45f, 0x286b26d1), - TOBN(0x9bbeda22, 0xd847999d), TOBN(0x03aa33b6, 0xc3525d32), - TOBN(0x4b7b96d4, 0x28a959a1), TOBN(0xbb3786e5, 0x31e5d234), - TOBN(0xaeb5d3ce, 0x6961f247), TOBN(0x20aa85af, 0x02f93d3f), - TOBN(0x9cd1ad3d, 0xd7a7ae4f), TOBN(0xbf6688f0, 0x781adaa8), - TOBN(0xb1b40e86, 0x7469cead), TOBN(0x1904c524, 0x309fca48), - TOBN(0x9b7312af, 0x4b54bbc7), TOBN(0xbe24bf8f, 0x593affa2), - TOBN(0xbe5e0790, 0xbd98764b), TOBN(0xa0f45f17, 0xa26e299e), - TOBN(0x4af0d2c2, 0x6b8fe4c7), TOBN(0xef170db1, 0x8ae8a3e6), - TOBN(0x0e8d61a0, 0x29e0ccc1), TOBN(0xcd53e87e, 0x60ad36ca), - TOBN(0x328c6623, 0xc8173822), TOBN(0x7ee1767d, 0xa496be55), - TOBN(0x89f13259, 0x648945af), TOBN(0x9e45a5fd, 0x25c8009c), - TOBN(0xaf2febd9, 0x1f61ab8c), TOBN(0x43f6bc86, 0x8a275385), - TOBN(0x87792348, 0xf2142e79), TOBN(0x17d89259, 0xc6e6238a), - TOBN(0x7536d2f6, 0x4a839d9b), TOBN(0x1f428fce, 0x76a1fbdc), - TOBN(0x1c109601, 0x0db06dfe), TOBN(0xbfc16bc1, 0x50a3a3cc), - TOBN(0xf9cbd9ec, 0x9b30f41b), TOBN(0x5b5da0d6, 0x00138cce), - TOBN(0xec1d0a48, 0x56ef96a7), TOBN(0xb47eb848, 0x982bf842), - TOBN(0x66deae32, 0xec3f700d), TOBN(0x4e43c42c, 0xaa1181e0), - TOBN(0xa1d72a31, 0xd1a4aa2a), TOBN(0x440d4668, 0xc004f3ce), - TOBN(0x0d6a2d3b, 0x45fe8a7a), TOBN(0x820e52e2, 0xfb128365), - TOBN(0x29ac5fcf, 0x25e51b09), TOBN(0x180cd2bf, 0x2023d159), - TOBN(0xa9892171, 0xa1ebf90e), TOBN(0xf97c4c87, 0x7c132181), - TOBN(0x9f1dc724, 0xc03dbb7e), TOBN(0xae043765, 0x018cbbe4), - TOBN(0xfb0b2a36, 0x0767d153), TOBN(0xa8e2f4d6, 0x249cbaeb), - TOBN(0x172a5247, 0xd95ea168), TOBN(0x1758fada, 0x2970764a), - TOBN(0xac803a51, 0x1d978169), TOBN(0x299cfe2e, 0xde77e01b), - TOBN(0x652a1e17, 0xb0a98927), TOBN(0x2e26e1d1, 0x20014495), - TOBN(0x7ae0af9f, 0x7175b56a), TOBN(0xc2e22a80, 0xd64b9f95), - TOBN(0x4d0ff9fb, 0xd90a060a), TOBN(0x496a27db, 0xbaf38085), - TOBN(0x32305401, 0xda776bcf), TOBN(0xb8cdcef6, 0x725f209e), - TOBN(0x61ba0f37, 0x436a0bba), TOBN(0x263fa108, 0x76860049), - TOBN(0x92beb98e, 0xda3542cf), TOBN(0xa2d4d14a, 0xd5849538), - TOBN(0x989b9d68, 0x12e9a1bc), TOBN(0x61d9075c, 0x5f6e3268), - TOBN(0x352c6aa9, 0x99ace638), TOBN(0xde4e4a55, 0x920f43ff), - TOBN(0xe5e4144a, 0xd673c017), TOBN(0x667417ae, 0x6f6e05ea), - TOBN(0x613416ae, 0xdcd1bd56), TOBN(0x5eb36201, 0x86693711), - TOBN(0x2d7bc504, 0x3a1aa914), TOBN(0x175a1299, 0x76dc5975), - TOBN(0xe900e0f2, 0x3fc8125c), TOBN(0x569ef68c, 0x11198875), - TOBN(0x9012db63, 0x63a113b4), TOBN(0xe3bd3f56, 0x98835766), - TOBN(0xa5c94a52, 0x76412dea), TOBN(0xad9e2a09, 0xaa735e5c), - TOBN(0x405a984c, 0x508b65e9), TOBN(0xbde4a1d1, 0x6df1a0d1), - TOBN(0x1a9433a1, 0xdfba80da), TOBN(0xe9192ff9, 0x9440ad2e), - TOBN(0x9f649696, 0x5099fe92), TOBN(0x25ddb65c, 0x0b27a54a), - TOBN(0x178279dd, 0xc590da61), TOBN(0x5479a999, 0xfbde681a), - TOBN(0xd0e84e05, 0x013fe162), TOBN(0xbe11dc92, 0x632d471b), - TOBN(0xdf0b0c45, 0xfc0e089f), TOBN(0x04fb15b0, 0x4c144025), - TOBN(0xa61d5fc2, 0x13c99927), TOBN(0xa033e9e0, 0x3de2eb35), - TOBN(0xf8185d5c, 0xb8dacbb4), TOBN(0x9a88e265, 0x8644549d), - TOBN(0xf717af62, 0x54671ff6), TOBN(0x4bd4241b, 0x5fa58603), - TOBN(0x06fba40b, 0xe67773c0), TOBN(0xc1d933d2, 0x6a2847e9), - TOBN(0xf4f5acf3, 0x689e2c70), TOBN(0x92aab0e7, 0x46bafd31), - TOBN(0x798d76aa, 0x3473f6e5), TOBN(0xcc6641db, 0x93141934), - TOBN(0xcae27757, 0xd31e535e), TOBN(0x04cc43b6, 0x87c2ee11), - TOBN(0x8d1f9675, 0x2e029ffa), TOBN(0xc2150672, 0xe4cc7a2c), - TOBN(0x3b03c1e0, 0x8d68b013), TOBN(0xa9d6816f, 0xedf298f3), - TOBN(0x1bfbb529, 0xa2804464), TOBN(0x95a52fae, 0x5db22125), - TOBN(0x55b32160, 0x0e1cb64e), TOBN(0x004828f6, 0x7e7fc9fe), - TOBN(0x13394b82, 0x1bb0fb93), TOBN(0xb6293a2d, 0x35f1a920), - TOBN(0xde35ef21, 0xd145d2d9), TOBN(0xbe6225b3, 0xbb8fa603), - TOBN(0x00fc8f6b, 0x32cf252d), TOBN(0xa28e52e6, 0x117cf8c2), - TOBN(0x9d1dc89b, 0x4c371e6d), TOBN(0xcebe0675, 0x36ef0f28), - TOBN(0x5de05d09, 0xa4292f81), TOBN(0xa8303593, 0x353e3083), - TOBN(0xa1715b0a, 0x7e37a9bb), TOBN(0x8c56f61e, 0x2b8faec3), - TOBN(0x52507431, 0x33c9b102), TOBN(0x0130cefc, 0xa44431f0), - TOBN(0x56039fa0, 0xbd865cfb), TOBN(0x4b03e578, 0xbc5f1dd7), - TOBN(0x40edf2e4, 0xbabe7224), TOBN(0xc752496d, 0x3a1988f6), - TOBN(0xd1572d3b, 0x564beb6b), TOBN(0x0db1d110, 0x39a1c608), - TOBN(0x568d1934, 0x16f60126), TOBN(0x05ae9668, 0xf354af33), - TOBN(0x19de6d37, 0xc92544f2), TOBN(0xcc084353, 0xa35837d5), - TOBN(0xcbb6869c, 0x1a514ece), TOBN(0xb633e728, 0x2e1d1066), - TOBN(0xf15dd69f, 0x936c581c), TOBN(0x96e7b8ce, 0x7439c4f9), - TOBN(0x5e676f48, 0x2e448a5b), TOBN(0xb2ca7d5b, 0xfd916bbb), - TOBN(0xd55a2541, 0xf5024025), TOBN(0x47bc5769, 0xe4c2d937), - TOBN(0x7d31b92a, 0x0362189f), TOBN(0x83f3086e, 0xef7816f9), - TOBN(0xf9f46d94, 0xb587579a), TOBN(0xec2d22d8, 0x30e76c5f), - TOBN(0x27d57461, 0xb000ffcf), TOBN(0xbb7e65f9, 0x364ffc2c), - TOBN(0x7c7c9477, 0x6652a220), TOBN(0x61618f89, 0xd696c981), - TOBN(0x5021701d, 0x89effff3), TOBN(0xf2c8ff8e, 0x7c314163), - TOBN(0x2da413ad, 0x8efb4d3e), TOBN(0x937b5adf, 0xce176d95), - TOBN(0x22867d34, 0x2a67d51c), TOBN(0x262b9b10, 0x18eb3ac9), - TOBN(0x4e314fe4, 0xc43ff28b), TOBN(0x76476627, 0x6a664e7a), - TOBN(0x3e90e40b, 0xb7a565c2), TOBN(0x8588993a, 0xc1acf831), - TOBN(0xd7b501d6, 0x8f938829), TOBN(0x996627ee, 0x3edd7d4c), - TOBN(0x37d44a62, 0x90cd34c7), TOBN(0xa8327499, 0xf3833e8d), - TOBN(0x2e18917d, 0x4bf50353), TOBN(0x85dd726b, 0x556765fb), - TOBN(0x54fe65d6, 0x93d5ab66), TOBN(0x3ddbaced, 0x915c25fe), - TOBN(0xa799d9a4, 0x12f22e85), TOBN(0xe2a24867, 0x6d06f6bc), - TOBN(0xf4f1ee56, 0x43ca1637), TOBN(0xfda2828b, 0x61ece30a), - TOBN(0x758c1a3e, 0xa2dee7a6), TOBN(0xdcde2f3c, 0x734b2284), - TOBN(0xaba445d2, 0x4eaba6ad), TOBN(0x35aaf668, 0x76cee0a7), - TOBN(0x7e0b04a9, 0xe5aa049a), TOBN(0xe74083ad, 0x91103e84), - TOBN(0xbeb183ce, 0x40afecc3), TOBN(0x6b89de9f, 0xea043f7a)}, - {TOBN(0x0e299d23, 0xfe67ba66), TOBN(0x91450760, 0x93cf2f34), - TOBN(0xf45b5ea9, 0x97fcf913), TOBN(0x5be00843, 0x8bd7ddda), - TOBN(0x358c3e05, 0xd53ff04d), TOBN(0xbf7ccdc3, 0x5de91ef7), - TOBN(0xad684dbf, 0xb69ec1a0), TOBN(0x367e7cf2, 0x801fd997), - TOBN(0x0ca1f3b7, 0xb0dc8595), TOBN(0x27de4608, 0x9f1d9f2e), - TOBN(0x1af3bf39, 0xbadd82a7), TOBN(0x79356a79, 0x65862448), - TOBN(0xc0602345, 0xf5f9a052), TOBN(0x1a8b0f89, 0x139a42f9), - TOBN(0xb53eee42, 0x844d40fc), TOBN(0x93b0bfe5, 0x4e5b6368), - TOBN(0x5434dd02, 0xc024789c), TOBN(0x90dca9ea, 0x41b57bfc), - TOBN(0x8aa898e2, 0x243398df), TOBN(0xf607c834, 0x894a94bb), - TOBN(0xbb07be97, 0xc2c99b76), TOBN(0x6576ba67, 0x18c29302), - TOBN(0x3d79efcc, 0xe703a88c), TOBN(0xf259ced7, 0xb6a0d106), - TOBN(0x0f893a5d, 0xc8de610b), TOBN(0xe8c515fb, 0x67e223ce), - TOBN(0x7774bfa6, 0x4ead6dc5), TOBN(0x89d20f95, 0x925c728f), - TOBN(0x7a1e0966, 0x098583ce), TOBN(0xa2eedb94, 0x93f2a7d7), - TOBN(0x1b282097, 0x4c304d4a), TOBN(0x0842e3da, 0xc077282d), - TOBN(0xe4d972a3, 0x3b9e2d7b), TOBN(0x7cc60b27, 0xc48218ff), - TOBN(0x8fc70838, 0x84149d91), TOBN(0x5c04346f, 0x2f461ecc), - TOBN(0xebe9fdf2, 0x614650a9), TOBN(0x5e35b537, 0xc1f666ac), - TOBN(0x645613d1, 0x88babc83), TOBN(0x88cace3a, 0xc5e1c93e), - TOBN(0x209ca375, 0x3de92e23), TOBN(0xccb03cc8, 0x5fbbb6e3), - TOBN(0xccb90f03, 0xd7b1487e), TOBN(0xfa9c2a38, 0xc710941f), - TOBN(0x756c3823, 0x6724ceed), TOBN(0x3a902258, 0x192d0323), - TOBN(0xb150e519, 0xea5e038e), TOBN(0xdcba2865, 0xc7427591), - TOBN(0xe549237f, 0x78890732), TOBN(0xc443bef9, 0x53fcb4d9), - TOBN(0x9884d8a6, 0xeb3480d6), TOBN(0x8a35b6a1, 0x3048b186), - TOBN(0xb4e44716, 0x65e9a90a), TOBN(0x45bf380d, 0x653006c0), - TOBN(0x8f3f820d, 0x4fe9ae3b), TOBN(0x244a35a0, 0x979a3b71), - TOBN(0xa1010e9d, 0x74cd06ff), TOBN(0x9c17c7df, 0xaca3eeac), - TOBN(0x74c86cd3, 0x8063aa2b), TOBN(0x8595c4b3, 0x734614ff), - TOBN(0xa3de00ca, 0x990f62cc), TOBN(0xd9bed213, 0xca0c3be5), - TOBN(0x7886078a, 0xdf8ce9f5), TOBN(0xddb27ce3, 0x5cd44444), - TOBN(0xed374a66, 0x58926ddd), TOBN(0x138b2d49, 0x908015b8), - TOBN(0x886c6579, 0xde1f7ab8), TOBN(0x888b9aa0, 0xc3020b7a), - TOBN(0xd3ec034e, 0x3a96e355), TOBN(0xba65b0b8, 0xf30fbe9a), - TOBN(0x064c8e50, 0xff21367a), TOBN(0x1f508ea4, 0x0b04b46e), - TOBN(0x98561a49, 0x747c866c), TOBN(0xbbb1e5fe, 0x0518a062), - TOBN(0x20ff4e8b, 0xecdc3608), TOBN(0x7f55cded, 0x20184027), - TOBN(0x8d73ec95, 0xf38c85f0), TOBN(0x5b589fdf, 0x8bc3b8c3), - TOBN(0xbe95dd98, 0x0f12b66f), TOBN(0xf5bd1a09, 0x0e338e01), - TOBN(0x65163ae5, 0x5e915918), TOBN(0x6158d6d9, 0x86f8a46b), - TOBN(0x8466b538, 0xeeebf99c), TOBN(0xca8761f6, 0xbca477ef), - TOBN(0xaf3449c2, 0x9ebbc601), TOBN(0xef3b0f41, 0xe0c3ae2f), - TOBN(0xaa6c577d, 0x5de63752), TOBN(0xe9166601, 0x64682a51), - TOBN(0x5a3097be, 0xfc15aa1e), TOBN(0x40d12548, 0xb54b0745), - TOBN(0x5bad4706, 0x519a5f12), TOBN(0xed03f717, 0xa439dee6), - TOBN(0x0794bb6c, 0x4a02c499), TOBN(0xf725083d, 0xcffe71d2), - TOBN(0x2cad7519, 0x0f3adcaf), TOBN(0x7f68ea1c, 0x43729310), - TOBN(0xe747c8c7, 0xb7ffd977), TOBN(0xec104c35, 0x80761a22), - TOBN(0x8395ebaf, 0x5a3ffb83), TOBN(0xfb3261f4, 0xe4b63db7), - TOBN(0x53544960, 0xd883e544), TOBN(0x13520d70, 0x8cc2eeb8), - TOBN(0x08f6337b, 0xd3d65f99), TOBN(0x83997db2, 0x781cf95b), - TOBN(0xce6ff106, 0x0dbd2c01), TOBN(0x4f8eea6b, 0x1f9ce934), - TOBN(0x546f7c4b, 0x0e993921), TOBN(0x6236a324, 0x5e753fc7), - TOBN(0x65a41f84, 0xa16022e9), TOBN(0x0c18d878, 0x43d1dbb2), - TOBN(0x73c55640, 0x2d4cef9c), TOBN(0xa0428108, 0x70444c74), - TOBN(0x68e4f15e, 0x9afdfb3c), TOBN(0x49a56143, 0x5bdfb6df), - TOBN(0xa9bc1bd4, 0x5f823d97), TOBN(0xbceb5970, 0xea111c2a), - TOBN(0x366b455f, 0xb269bbc4), TOBN(0x7cd85e1e, 0xe9bc5d62), - TOBN(0xc743c41c, 0x4f18b086), TOBN(0xa4b40990, 0x95294fb9), - TOBN(0x9c7c581d, 0x26ee8382), TOBN(0xcf17dcc5, 0x359d638e), - TOBN(0xee8273ab, 0xb728ae3d), TOBN(0x1d112926, 0xf821f047), - TOBN(0x11498477, 0x50491a74), TOBN(0x687fa761, 0xfde0dfb9), - TOBN(0x2c258022, 0x7ea435ab), TOBN(0x6b8bdb94, 0x91ce7e3f), - TOBN(0x4c5b5dc9, 0x3bf834aa), TOBN(0x04371819, 0x4f6c7e4b), - TOBN(0xc284e00a, 0x3736bcad), TOBN(0x0d881118, 0x21ae8f8d), - TOBN(0xf9cf0f82, 0xf48c8e33), TOBN(0xa11fd075, 0xa1bf40db), - TOBN(0xdceab0de, 0xdc2733e5), TOBN(0xc560a8b5, 0x8e986bd7), - TOBN(0x48dd1fe2, 0x3929d097), TOBN(0x3885b290, 0x92f188f1), - TOBN(0x0f2ae613, 0xda6fcdac), TOBN(0x9054303e, 0xb662a46c), - TOBN(0xb6871e44, 0x0738042a), TOBN(0x98e6a977, 0xbdaf6449), - TOBN(0xd8bc0650, 0xd1c9df1b), TOBN(0xef3d6451, 0x36e098f9), - TOBN(0x03fbae82, 0xb6d72d28), TOBN(0x77ca9db1, 0xf5d84080), - TOBN(0x8a112cff, 0xa58efc1c), TOBN(0x518d761c, 0xc564cb4a), - TOBN(0x69b5740e, 0xf0d1b5ce), TOBN(0x717039cc, 0xe9eb1785), - TOBN(0x3fe29f90, 0x22f53382), TOBN(0x8e54ba56, 0x6bc7c95c), - TOBN(0x9c806d8a, 0xf7f91d0f), TOBN(0x3b61b0f1, 0xa82a5728), - TOBN(0x4640032d, 0x94d76754), TOBN(0x273eb5de, 0x47d834c6), - TOBN(0x2988abf7, 0x7b4e4d53), TOBN(0xb7ce66bf, 0xde401777), - TOBN(0x9fba6b32, 0x715071b3), TOBN(0x82413c24, 0xad3a1a98), - TOBN(0x5b7fc8c4, 0xe0e8ad93), TOBN(0xb5679aee, 0x5fab868d), - TOBN(0xb1f9d2fa, 0x2b3946f3), TOBN(0x458897dc, 0x5685b50a), - TOBN(0x1e98c930, 0x89d0caf3), TOBN(0x39564c5f, 0x78642e92), - TOBN(0x1b77729a, 0x0dbdaf18), TOBN(0xf9170722, 0x579e82e6), - TOBN(0x680c0317, 0xe4515fa5), TOBN(0xf85cff84, 0xfb0c790f), - TOBN(0xc7a82aab, 0x6d2e0765), TOBN(0x7446bca9, 0x35c82b32), - TOBN(0x5de607aa, 0x6d63184f), TOBN(0x7c1a46a8, 0x262803a6), - TOBN(0xd218313d, 0xaebe8035), TOBN(0x92113ffd, 0xc73c51f8), - TOBN(0x4b38e083, 0x12e7e46c), TOBN(0x69d0a37a, 0x56126bd5), - TOBN(0xfb3f324b, 0x73c07e04), TOBN(0xa0c22f67, 0x8fda7267), - TOBN(0x8f2c0051, 0x4d2c7d8f), TOBN(0xbc45ced3, 0xcbe2cae5), - TOBN(0xe1c6cf07, 0xa8f0f277), TOBN(0xbc392312, 0x1eb99a98), - TOBN(0x75537b7e, 0x3cc8ac85), TOBN(0x8d725f57, 0xdd02753b), - TOBN(0xfd05ff64, 0xb737df2f), TOBN(0x55fe8712, 0xf6d2531d), - TOBN(0x57ce04a9, 0x6ab6b01c), TOBN(0x69a02a89, 0x7cd93724), - TOBN(0x4f82ac35, 0xcf86699b), TOBN(0x8242d3ad, 0x9cb4b232), - TOBN(0x713d0f65, 0xd62105e5), TOBN(0xbb222bfa, 0x2d29be61), - TOBN(0xf2f9a79e, 0x6cfbef09), TOBN(0xfc24d8d3, 0xd5d6782f), - TOBN(0x5db77085, 0xd4129967), TOBN(0xdb81c3cc, 0xdc3c2a43), - TOBN(0x9d655fc0, 0x05d8d9a3), TOBN(0x3f5d057a, 0x54298026), - TOBN(0x1157f56d, 0x88c54694), TOBN(0xb26baba5, 0x9b09573e), - TOBN(0x2cab03b0, 0x22adffd1), TOBN(0x60a412c8, 0xdd69f383), - TOBN(0xed76e98b, 0x54b25039), TOBN(0xd4ee67d3, 0x687e714d), - TOBN(0x87739648, 0x7b00b594), TOBN(0xce419775, 0xc9ef709b), - TOBN(0x40f76f85, 0x1c203a40), TOBN(0x30d352d6, 0xeafd8f91), - TOBN(0xaf196d3d, 0x95578dd2), TOBN(0xea4bb3d7, 0x77cc3f3d), - TOBN(0x42a5bd03, 0xb98e782b), TOBN(0xac958c40, 0x0624920d), - TOBN(0xb838134c, 0xfc56fcc8), TOBN(0x86ec4ccf, 0x89572e5e), - TOBN(0x69c43526, 0x9be47be0), TOBN(0x323b7dd8, 0xcb28fea1), - TOBN(0xfa5538ba, 0x3a6c67e5), TOBN(0xef921d70, 0x1d378e46), - TOBN(0xf92961fc, 0x3c4b880e), TOBN(0x3f6f914e, 0x98940a67), - TOBN(0xa990eb0a, 0xfef0ff39), TOBN(0xa6c2920f, 0xf0eeff9c), - TOBN(0xca804166, 0x51b8d9a3), TOBN(0x42531bc9, 0x0ffb0db1), - TOBN(0x72ce4718, 0xaa82e7ce), TOBN(0x6e199913, 0xdf574741), - TOBN(0xd5f1b13d, 0xd5d36946), TOBN(0x8255dc65, 0xf68f0194), - TOBN(0xdc9df4cd, 0x8710d230), TOBN(0x3453c20f, 0x138c1988), - TOBN(0x9af98dc0, 0x89a6ef01), TOBN(0x4dbcc3f0, 0x9857df85), - TOBN(0x34805601, 0x5c1ad924), TOBN(0x40448da5, 0xd0493046), - TOBN(0xf629926d, 0x4ee343e2), TOBN(0x6343f1bd, 0x90e8a301), - TOBN(0xefc93491, 0x40815b3f), TOBN(0xf882a423, 0xde8f66fb), - TOBN(0x3a12d5f4, 0xe7db9f57), TOBN(0x7dfba38a, 0x3c384c27), - TOBN(0x7a904bfd, 0x6fc660b1), TOBN(0xeb6c5db3, 0x2773b21c), - TOBN(0xc350ee66, 0x1cdfe049), TOBN(0x9baac0ce, 0x44540f29), - TOBN(0xbc57b6ab, 0xa5ec6aad), TOBN(0x167ce8c3, 0x0a7c1baa), - TOBN(0xb23a03a5, 0x53fb2b56), TOBN(0x6ce141e7, 0x4e057f78), - TOBN(0x796525c3, 0x89e490d9), TOBN(0x0bc95725, 0xa31a7e75), - TOBN(0x1ec56791, 0x1220fd06), TOBN(0x716e3a3c, 0x408b0bd6), - TOBN(0x31cd6bf7, 0xe8ebeba9), TOBN(0xa7326ca6, 0xbee6b670), - TOBN(0x3d9f851c, 0xcd090c43), TOBN(0x561e8f13, 0xf12c3988), - TOBN(0x50490b6a, 0x904b7be4), TOBN(0x61690ce1, 0x0410737b), - TOBN(0x299e9a37, 0x0f009052), TOBN(0x258758f0, 0xf026092e), - TOBN(0x9fa255f3, 0xfdfcdc0f), TOBN(0xdbc9fb1f, 0xc0e1bcd2), - TOBN(0x35f9dd6e, 0x24651840), TOBN(0xdca45a84, 0xa5c59abc), - TOBN(0x103d396f, 0xecca4938), TOBN(0x4532da0a, 0xb97b3f29), - TOBN(0xc4135ea5, 0x1999a6bf), TOBN(0x3aa9505a, 0x5e6bf2ee), - TOBN(0xf77cef06, 0x3f5be093), TOBN(0x97d1a0f8, 0xa943152e), - TOBN(0x2cb0ebba, 0x2e1c21dd), TOBN(0xf41b29fc, 0x2c6797c4), - TOBN(0xc6e17321, 0xb300101f), TOBN(0x4422b0e9, 0xd0d79a89), - TOBN(0x49e4901c, 0x92f1bfc4), TOBN(0x06ab1f8f, 0xe1e10ed9), - TOBN(0x84d35577, 0xdb2926b8), TOBN(0xca349d39, 0x356e8ec2), - TOBN(0x70b63d32, 0x343bf1a9), TOBN(0x8fd3bd28, 0x37d1a6b1), - TOBN(0x0454879c, 0x316865b4), TOBN(0xee959ff6, 0xc458efa2), - TOBN(0x0461dcf8, 0x9706dc3f), TOBN(0x737db0e2, 0x164e4b2e), - TOBN(0x09262680, 0x2f8843c8), TOBN(0x54498bbc, 0x7745e6f6), - TOBN(0x359473fa, 0xa29e24af), TOBN(0xfcc3c454, 0x70aa87a1), - TOBN(0xfd2c4bf5, 0x00573ace), TOBN(0xb65b514e, 0x28dd1965), - TOBN(0xe46ae7cf, 0x2193e393), TOBN(0x60e9a4e1, 0xf5444d97), - TOBN(0xe7594e96, 0x00ff38ed), TOBN(0x43d84d2f, 0x0a0e0f02), - TOBN(0x8b6db141, 0xee398a21), TOBN(0xb88a56ae, 0xe3bcc5be), - TOBN(0x0a1aa52f, 0x373460ea), TOBN(0x20da1a56, 0x160bb19b), - TOBN(0xfb54999d, 0x65bf0384), TOBN(0x71a14d24, 0x5d5a180e), - TOBN(0xbc44db7b, 0x21737b04), TOBN(0xd84fcb18, 0x01dd8e92), - TOBN(0x80de937b, 0xfa44b479), TOBN(0x53505499, 0x5c98fd4f), - TOBN(0x1edb12ab, 0x28f08727), TOBN(0x4c58b582, 0xa5f3ef53), - TOBN(0xbfb236d8, 0x8327f246), TOBN(0xc3a3bfaa, 0x4d7df320), - TOBN(0xecd96c59, 0xb96024f2), TOBN(0xfc293a53, 0x7f4e0433), - TOBN(0x5341352b, 0x5acf6e10), TOBN(0xc50343fd, 0xafe652c3), - TOBN(0x4af3792d, 0x18577a7f), TOBN(0xe1a4c617, 0xaf16823d), - TOBN(0x9b26d0cd, 0x33425d0a), TOBN(0x306399ed, 0x9b7bc47f), - TOBN(0x2a792f33, 0x706bb20b), TOBN(0x31219614, 0x98111055), - TOBN(0x864ec064, 0x87f5d28b), TOBN(0x11392d91, 0x962277fd), - TOBN(0xb5aa7942, 0xbb6aed5f), TOBN(0x080094dc, 0x47e799d9), - TOBN(0x4afa588c, 0x208ba19b), TOBN(0xd3e7570f, 0x8512f284), - TOBN(0xcbae64e6, 0x02f5799a), TOBN(0xdeebe7ef, 0x514b9492), - TOBN(0x30300f98, 0xe5c298ff), TOBN(0x17f561be, 0x3678361f), - TOBN(0xf52ff312, 0x98cb9a16), TOBN(0x6233c3bc, 0x5562d490), - TOBN(0x7bfa15a1, 0x92e3a2cb), TOBN(0x961bcfd1, 0xe6365119), - TOBN(0x3bdd29bf, 0x2c8c53b1), TOBN(0x739704df, 0x822844ba), - TOBN(0x7dacfb58, 0x7e7b754b), TOBN(0x23360791, 0xa806c9b9), - TOBN(0xe7eb88c9, 0x23504452), TOBN(0x2983e996, 0x852c1783), - TOBN(0xdd4ae529, 0x958d881d), TOBN(0x026bae03, 0x262c7b3c), - TOBN(0x3a6f9193, 0x960b52d1), TOBN(0xd0980f90, 0x92696cfb), - TOBN(0x4c1f428c, 0xd5f30851), TOBN(0x94dfed27, 0x2a4f6630), - TOBN(0x4df53772, 0xfc5d48a4), TOBN(0xdd2d5a2f, 0x933260ce), - TOBN(0x574115bd, 0xd44cc7a5), TOBN(0x4ba6b20d, 0xbd12533a), - TOBN(0x30e93cb8, 0x243057c9), TOBN(0x794c486a, 0x14de320e), - TOBN(0xe925d4ce, 0xf21496e4), TOBN(0xf951d198, 0xec696331), - TOBN(0x9810e2de, 0x3e8d812f), TOBN(0xd0a47259, 0x389294ab), - TOBN(0x513ba2b5, 0x0e3bab66), TOBN(0x462caff5, 0xabad306f), - TOBN(0xe2dc6d59, 0xaf04c49e), TOBN(0x1aeb8750, 0xe0b84b0b), - TOBN(0xc034f12f, 0x2f7d0ca2), TOBN(0x6d2e8128, 0xe06acf2f), - TOBN(0x801f4f83, 0x21facc2f), TOBN(0xa1170c03, 0xf40ef607), - TOBN(0xfe0a1d4f, 0x7805a99c), TOBN(0xbde56a36, 0xcc26aba5), - TOBN(0x5b1629d0, 0x35531f40), TOBN(0xac212c2b, 0x9afa6108), - TOBN(0x30a06bf3, 0x15697be5), TOBN(0x6f0545dc, 0x2c63c7c1), - TOBN(0x5d8cb842, 0x7ccdadaf), TOBN(0xd52e379b, 0xac7015bb), - TOBN(0xc4f56147, 0xf462c23e), TOBN(0xd44a4298, 0x46bc24b0), - TOBN(0xbc73d23a, 0xe2856d4f), TOBN(0x61cedd8c, 0x0832bcdf), - TOBN(0x60953556, 0x99f241d7), TOBN(0xee4adbd7, 0x001a349d), - TOBN(0x0b35bf6a, 0xaa89e491), TOBN(0x7f0076f4, 0x136f7546), - TOBN(0xd19a18ba, 0x9264da3d), TOBN(0x6eb2d2cd, 0x62a7a28b), - TOBN(0xcdba941f, 0x8761c971), TOBN(0x1550518b, 0xa3be4a5d), - TOBN(0xd0e8e2f0, 0x57d0b70c), TOBN(0xeea8612e, 0xcd133ba3), - TOBN(0x814670f0, 0x44416aec), TOBN(0x424db6c3, 0x30775061), - TOBN(0xd96039d1, 0x16213fd1), TOBN(0xc61e7fa5, 0x18a3478f), - TOBN(0xa805bdcc, 0xcb0c5021), TOBN(0xbdd6f3a8, 0x0cc616dd), - TOBN(0x06009667, 0x5d97f7e2), TOBN(0x31db0fc1, 0xaf0bf4b6), - TOBN(0x23680ed4, 0x5491627a), TOBN(0xb99a3c66, 0x7d741fb1), - TOBN(0xe9bb5f55, 0x36b1ff92), TOBN(0x29738577, 0x512b388d), - TOBN(0xdb8a2ce7, 0x50fcf263), TOBN(0x385346d4, 0x6c4f7b47), - TOBN(0xbe86c5ef, 0x31631f9e), TOBN(0xbf91da21, 0x03a57a29), - TOBN(0xc3b1f796, 0x7b23f821), TOBN(0x0f7d00d2, 0x770db354), - TOBN(0x8ffc6c3b, 0xd8fe79da), TOBN(0xcc5e8c40, 0xd525c996), - TOBN(0x4640991d, 0xcfff632a), TOBN(0x64d97e8c, 0x67112528), - TOBN(0xc232d973, 0x02f1cd1e), TOBN(0xce87eacb, 0x1dd212a4), - TOBN(0x6e4c8c73, 0xe69802f7), TOBN(0x12ef0290, 0x1fffddbd), - TOBN(0x941ec74e, 0x1bcea6e2), TOBN(0xd0b54024, 0x3cb92cbb), - TOBN(0x809fb9d4, 0x7e8f9d05), TOBN(0x3bf16159, 0xf2992aae), - TOBN(0xad40f279, 0xf8a7a838), TOBN(0x11aea631, 0x05615660), - TOBN(0xbf52e6f1, 0xa01f6fa1), TOBN(0xef046995, 0x3dc2aec9), - TOBN(0x785dbec9, 0xd8080711), TOBN(0xe1aec60a, 0x9fdedf76), - TOBN(0xece797b5, 0xfa21c126), TOBN(0xc66e898f, 0x05e52732), - TOBN(0x39bb69c4, 0x08811fdb), TOBN(0x8bfe1ef8, 0x2fc7f082), - TOBN(0xc8e7a393, 0x174f4138), TOBN(0xfba8ad1d, 0xd58d1f98), - TOBN(0xbc21d0ce, 0xbfd2fd5b), TOBN(0x0b839a82, 0x6ee60d61), - TOBN(0xaacf7658, 0xafd22253), TOBN(0xb526bed8, 0xaae396b3), - TOBN(0xccc1bbc2, 0x38564464), TOBN(0x9e3ff947, 0x8c45bc73), - TOBN(0xcde9bca3, 0x58188a78), TOBN(0x138b8ee0, 0xd73bf8f7), - TOBN(0x5c7e234c, 0x4123c489), TOBN(0x66e69368, 0xfa643297), - TOBN(0x0629eeee, 0x39a15fa3), TOBN(0x95fab881, 0xa9e2a927), - TOBN(0xb2497007, 0xeafbb1e1), TOBN(0xd75c9ce6, 0xe75b7a93), - TOBN(0x3558352d, 0xefb68d78), TOBN(0xa2f26699, 0x223f6396), - TOBN(0xeb911ecf, 0xe469b17a), TOBN(0x62545779, 0xe72d3ec2), - TOBN(0x8ea47de7, 0x82cb113f), TOBN(0xebe4b086, 0x4e1fa98d), - TOBN(0xec2d5ed7, 0x8cdfedb1), TOBN(0xa535c077, 0xfe211a74), - TOBN(0x9678109b, 0x11d244c5), TOBN(0xf17c8bfb, 0xbe299a76), - TOBN(0xb651412e, 0xfb11fbc4), TOBN(0xea0b5482, 0x94ab3f65), - TOBN(0xd8dffd95, 0x0cf78243), TOBN(0x2e719e57, 0xce0361d4), - TOBN(0x9007f085, 0x304ddc5b), TOBN(0x095e8c6d, 0x4daba2ea), - TOBN(0x5a33cdb4, 0x3f9d28a9), TOBN(0x85b95cd8, 0xe2283003), - TOBN(0xbcd6c819, 0xb9744733), TOBN(0x29c5f538, 0xfc7f5783), - TOBN(0x6c49b2fa, 0xd59038e4), TOBN(0x68349cc1, 0x3bbe1018), - TOBN(0xcc490c1d, 0x21830ee5), TOBN(0x36f9c4ee, 0xe9bfa297), - TOBN(0x58fd7294, 0x48de1a94), TOBN(0xaadb13a8, 0x4e8f2cdc), - TOBN(0x515eaaa0, 0x81313dba), TOBN(0xc76bb468, 0xc2152dd8), - TOBN(0x357f8d75, 0xa653dbf8), TOBN(0xe4d8c4d1, 0xb14ac143), - TOBN(0xbdb8e675, 0xb055cb40), TOBN(0x898f8e7b, 0x977b5167), - TOBN(0xecc65651, 0xb82fb863), TOBN(0x56544814, 0x6d88f01f), - TOBN(0xb0928e95, 0x263a75a9), TOBN(0xcfb6836f, 0x1a22fcda), - TOBN(0x651d14db, 0x3f3bd37c), TOBN(0x1d3837fb, 0xb6ad4664), - TOBN(0x7c5fb538, 0xff4f94ab), TOBN(0x7243c712, 0x6d7fb8f2), - TOBN(0xef13d60c, 0xa85c5287), TOBN(0x18cfb7c7, 0x4bb8dd1b), - TOBN(0x82f9bfe6, 0x72908219), TOBN(0x35c4592b, 0x9d5144ab), - TOBN(0x52734f37, 0x9cf4b42f), TOBN(0x6bac55e7, 0x8c60ddc4), - TOBN(0xb5cd811e, 0x94dea0f6), TOBN(0x259ecae4, 0xe18cc1a3), - TOBN(0x6a0e836e, 0x15e660f8), TOBN(0x6c639ea6, 0x0e02bff2), - TOBN(0x8721b8cb, 0x7e1026fd), TOBN(0x9e73b50b, 0x63261942), - TOBN(0xb8c70974, 0x77f01da3), TOBN(0x1839e6a6, 0x8268f57f), - TOBN(0x571b9415, 0x5150b805), TOBN(0x1892389e, 0xf92c7097), - TOBN(0x8d69c18e, 0x4a084b95), TOBN(0x7014c512, 0xbe5b495c), - TOBN(0x4780db36, 0x1b07523c), TOBN(0x2f6219ce, 0x2c1c64fa), - TOBN(0xc38b81b0, 0x602c105a), TOBN(0xab4f4f20, 0x5dc8e360), - TOBN(0x20d3c982, 0xcf7d62d2), TOBN(0x1f36e29d, 0x23ba8150), - TOBN(0x48ae0bf0, 0x92763f9e), TOBN(0x7a527e6b, 0x1d3a7007), - TOBN(0xb4a89097, 0x581a85e3), TOBN(0x1f1a520f, 0xdc158be5), - TOBN(0xf98db37d, 0x167d726e), TOBN(0x8802786e, 0x1113e862)}, - {TOBN(0xefb2149e, 0x36f09ab0), TOBN(0x03f163ca, 0x4a10bb5b), - TOBN(0xd0297045, 0x06e20998), TOBN(0x56f0af00, 0x1b5a3bab), - TOBN(0x7af4cfec, 0x70880e0d), TOBN(0x7332a66f, 0xbe3d913f), - TOBN(0x32e6c84a, 0x7eceb4bd), TOBN(0xedc4a79a, 0x9c228f55), - TOBN(0xc37c7dd0, 0xc55c4496), TOBN(0xa6a96357, 0x25bbabd2), - TOBN(0x5b7e63f2, 0xadd7f363), TOBN(0x9dce3782, 0x2e73f1df), - TOBN(0xe1e5a16a, 0xb2b91f71), TOBN(0xe4489823, 0x5ba0163c), - TOBN(0xf2759c32, 0xf6e515ad), TOBN(0xa5e2f1f8, 0x8615eecf), - TOBN(0x74519be7, 0xabded551), TOBN(0x03d358b8, 0xc8b74410), - TOBN(0x4d00b10b, 0x0e10d9a9), TOBN(0x6392b0b1, 0x28da52b7), - TOBN(0x6744a298, 0x0b75c904), TOBN(0xc305b0ae, 0xa8f7f96c), - TOBN(0x042e421d, 0x182cf932), TOBN(0xf6fc5d50, 0x9e4636ca), - TOBN(0x795847c9, 0xd64cc78c), TOBN(0x6c50621b, 0x9b6cb27b), - TOBN(0x07099bf8, 0xdf8022ab), TOBN(0x48f862eb, 0xc04eda1d), - TOBN(0xd12732ed, 0xe1603c16), TOBN(0x19a80e0f, 0x5c9a9450), - TOBN(0xe2257f54, 0xb429b4fc), TOBN(0x66d3b2c6, 0x45460515), - TOBN(0x6ca4f87e, 0x822e37be), TOBN(0x73f237b4, 0x253bda4e), - TOBN(0xf747f3a2, 0x41190aeb), TOBN(0xf06fa36f, 0x804cf284), - TOBN(0x0a6bbb6e, 0xfc621c12), TOBN(0x5d624b64, 0x40b80ec6), - TOBN(0x4b072425, 0x7ba556f3), TOBN(0x7fa0c354, 0x3e2d20a8), - TOBN(0xe921fa31, 0xe3229d41), TOBN(0xa929c652, 0x94531bd4), - TOBN(0x84156027, 0xa6d38209), TOBN(0xf3d69f73, 0x6bdb97bd), - TOBN(0x8906d19a, 0x16833631), TOBN(0x68a34c2e, 0x03d51be3), - TOBN(0xcb59583b, 0x0e511cd8), TOBN(0x99ce6bfd, 0xfdc132a8), - TOBN(0x3facdaaa, 0xffcdb463), TOBN(0x658bbc1a, 0x34a38b08), - TOBN(0x12a801f8, 0xf1a9078d), TOBN(0x1567bcf9, 0x6ab855de), - TOBN(0xe08498e0, 0x3572359b), TOBN(0xcf0353e5, 0x8659e68b), - TOBN(0xbb86e9c8, 0x7d23807c), TOBN(0xbc08728d, 0x2198e8a2), - TOBN(0x8de2b7bc, 0x453cadd6), TOBN(0x203900a7, 0xbc0bc1f8), - TOBN(0xbcd86e47, 0xa6abd3af), TOBN(0x911cac12, 0x8502effb), - TOBN(0x2d550242, 0xec965469), TOBN(0x0e9f7692, 0x29e0017e), - TOBN(0x633f078f, 0x65979885), TOBN(0xfb87d449, 0x4cf751ef), - TOBN(0xe1790e4b, 0xfc25419a), TOBN(0x36467203, 0x4bff3cfd), - TOBN(0xc8db6386, 0x25b6e83f), TOBN(0x6cc69f23, 0x6cad6fd2), - TOBN(0x0219e45a, 0x6bc68bb9), TOBN(0xe43d79b6, 0x297f7334), - TOBN(0x7d445368, 0x465dc97c), TOBN(0x4b9eea32, 0x2a0b949a), - TOBN(0x1b96c6ba, 0x6102d021), TOBN(0xeaafac78, 0x2f4461ea), - TOBN(0xd4b85c41, 0xc49f19a8), TOBN(0x275c28e4, 0xcf538875), - TOBN(0x35451a9d, 0xdd2e54e0), TOBN(0x6991adb5, 0x0605618b), - TOBN(0x5b8b4bcd, 0x7b36cd24), TOBN(0x372a4f8c, 0x56f37216), - TOBN(0xc890bd73, 0xa6a5da60), TOBN(0x6f083da0, 0xdc4c9ff0), - TOBN(0xf4e14d94, 0xf0536e57), TOBN(0xf9ee1eda, 0xaaec8243), - TOBN(0x571241ec, 0x8bdcf8e7), TOBN(0xa5db8271, 0x0b041e26), - TOBN(0x9a0b9a99, 0xe3fff040), TOBN(0xcaaf21dd, 0x7c271202), - TOBN(0xb4e2b2e1, 0x4f0dd2e8), TOBN(0xe77e7c4f, 0x0a377ac7), - TOBN(0x69202c3f, 0x0d7a2198), TOBN(0xf759b7ff, 0x28200eb8), - TOBN(0xc87526ed, 0xdcfe314e), TOBN(0xeb84c524, 0x53d5cf99), - TOBN(0xb1b52ace, 0x515138b6), TOBN(0x5aa7ff8c, 0x23fca3f4), - TOBN(0xff0b13c3, 0xb9791a26), TOBN(0x960022da, 0xcdd58b16), - TOBN(0xdbd55c92, 0x57aad2de), TOBN(0x3baaaaa3, 0xf30fe619), - TOBN(0x9a4b2346, 0x0d881efd), TOBN(0x506416c0, 0x46325e2a), - TOBN(0x91381e76, 0x035c18d4), TOBN(0xb3bb68be, 0xf27817b0), - TOBN(0x15bfb8bf, 0x5116f937), TOBN(0x7c64a586, 0xc1268943), - TOBN(0x71e25cc3, 0x8419a2c8), TOBN(0x9fd6b0c4, 0x8335f463), - TOBN(0x4bf0ba3c, 0xe8ee0e0e), TOBN(0x6f6fba60, 0x298c21fa), - TOBN(0x57d57b39, 0xae66bee0), TOBN(0x292d5130, 0x22672544), - TOBN(0xf451105d, 0xbab093b3), TOBN(0x012f59b9, 0x02839986), - TOBN(0x8a915802, 0x3474a89c), TOBN(0x048c919c, 0x2de03e97), - TOBN(0xc476a2b5, 0x91071cd5), TOBN(0x791ed89a, 0x034970a5), - TOBN(0x89bd9042, 0xe1b7994b), TOBN(0x8eaf5179, 0xa1057ffd), - TOBN(0x6066e2a2, 0xd551ee10), TOBN(0x87a8f1d8, 0x727e09a6), - TOBN(0x00d08bab, 0x2c01148d), TOBN(0x6da8e4f1, 0x424f33fe), - TOBN(0x466d17f0, 0xcf9a4e71), TOBN(0xff502010, 0x3bf5cb19), - TOBN(0xdccf97d8, 0xd062ecc0), TOBN(0x80c0d9af, 0x81d80ac4), - TOBN(0xe87771d8, 0x033f2876), TOBN(0xb0186ec6, 0x7d5cc3db), - TOBN(0x58e8bb80, 0x3bc9bc1d), TOBN(0x4d1395cc, 0x6f6ef60e), - TOBN(0xa73c62d6, 0x186244a0), TOBN(0x918e5f23, 0x110a5b53), - TOBN(0xed4878ca, 0x741b7eab), TOBN(0x3038d71a, 0xdbe03e51), - TOBN(0x840204b7, 0xa93c3246), TOBN(0x21ab6069, 0xa0b9b4cd), - TOBN(0xf5fa6e2b, 0xb1d64218), TOBN(0x1de6ad0e, 0xf3d56191), - TOBN(0x570aaa88, 0xff1929c7), TOBN(0xc6df4c6b, 0x640e87b5), - TOBN(0xde8a74f2, 0xc65f0ccc), TOBN(0x8b972fd5, 0xe6f6cc01), - TOBN(0x3fff36b6, 0x0b846531), TOBN(0xba7e45e6, 0x10a5e475), - TOBN(0x84a1d10e, 0x4145b6c5), TOBN(0xf1f7f91a, 0x5e046d9d), - TOBN(0x0317a692, 0x44de90d7), TOBN(0x951a1d4a, 0xf199c15e), - TOBN(0x91f78046, 0xc9d73deb), TOBN(0x74c82828, 0xfab8224f), - TOBN(0xaa6778fc, 0xe7560b90), TOBN(0xb4073e61, 0xa7e824ce), - TOBN(0xff0d693c, 0xd642eba8), TOBN(0x7ce2e57a, 0x5dccef38), - TOBN(0x89c2c789, 0x1df1ad46), TOBN(0x83a06922, 0x098346fd), - TOBN(0x2d715d72, 0xda2fc177), TOBN(0x7b6dd71d, 0x85b6cf1d), - TOBN(0xc60a6d0a, 0x73fa9cb0), TOBN(0xedd3992e, 0x328bf5a9), - TOBN(0xc380ddd0, 0x832c8c82), TOBN(0xd182d410, 0xa2a0bf50), - TOBN(0x7d9d7438, 0xd9a528db), TOBN(0xe8b1a0e9, 0xcaf53994), - TOBN(0xddd6e5fe, 0x0e19987c), TOBN(0xacb8df03, 0x190b059d), - TOBN(0x53703a32, 0x8300129f), TOBN(0x1f637662, 0x68c43bfd), - TOBN(0xbcbd1913, 0x00e54051), TOBN(0x812fcc62, 0x7bf5a8c5), - TOBN(0x3f969d5f, 0x29fb85da), TOBN(0x72f4e00a, 0x694759e8), - TOBN(0x426b6e52, 0x790726b7), TOBN(0x617bbc87, 0x3bdbb209), - TOBN(0x511f8bb9, 0x97aee317), TOBN(0x812a4096, 0xe81536a8), - TOBN(0x137dfe59, 0x3ac09b9b), TOBN(0x0682238f, 0xba8c9a7a), - TOBN(0x7072ead6, 0xaeccb4bd), TOBN(0x6a34e9aa, 0x692ba633), - TOBN(0xc82eaec2, 0x6fff9d33), TOBN(0xfb753512, 0x1d4d2b62), - TOBN(0x1a0445ff, 0x1d7aadab), TOBN(0x65d38260, 0xd5f6a67c), - TOBN(0x6e62fb08, 0x91cfb26f), TOBN(0xef1e0fa5, 0x5c7d91d6), - TOBN(0x47e7c7ba, 0x33db72cd), TOBN(0x017cbc09, 0xfa7c74b2), - TOBN(0x3c931590, 0xf50a503c), TOBN(0xcac54f60, 0x616baa42), - TOBN(0x9b6cd380, 0xb2369f0f), TOBN(0x97d3a70d, 0x23c76151), - TOBN(0x5f9dd6fc, 0x9862a9c6), TOBN(0x044c4ab2, 0x12312f51), - TOBN(0x035ea0fd, 0x834a2ddc), TOBN(0x49e6b862, 0xcc7b826d), - TOBN(0xb03d6883, 0x62fce490), TOBN(0x62f2497a, 0xb37e36e9), - TOBN(0x04b005b6, 0xc6458293), TOBN(0x36bb5276, 0xe8d10af7), - TOBN(0xacf2dc13, 0x8ee617b8), TOBN(0x470d2d35, 0xb004b3d4), - TOBN(0x06790832, 0xfeeb1b77), TOBN(0x2bb75c39, 0x85657f9c), - TOBN(0xd70bd4ed, 0xc0f60004), TOBN(0xfe797ecc, 0x219b018b), - TOBN(0x9b5bec2a, 0x753aebcc), TOBN(0xdaf9f3dc, 0xc939eca5), - TOBN(0xd6bc6833, 0xd095ad09), TOBN(0x98abdd51, 0xdaa4d2fc), - TOBN(0xd9840a31, 0x8d168be5), TOBN(0xcf7c10e0, 0x2325a23c), - TOBN(0xa5c02aa0, 0x7e6ecfaf), TOBN(0x2462e7e6, 0xb5bfdf18), - TOBN(0xab2d8a8b, 0xa0cc3f12), TOBN(0x68dd485d, 0xbc672a29), - TOBN(0x72039752, 0x596f2cd3), TOBN(0x5d3eea67, 0xa0cf3d8d), - TOBN(0x810a1a81, 0xe6602671), TOBN(0x8f144a40, 0x14026c0c), - TOBN(0xbc753a6d, 0x76b50f85), TOBN(0xc4dc21e8, 0x645cd4a4), - TOBN(0xc5262dea, 0x521d0378), TOBN(0x802b8e0e, 0x05011c6f), - TOBN(0x1ba19cbb, 0x0b4c19ea), TOBN(0x21db64b5, 0xebf0aaec), - TOBN(0x1f394ee9, 0x70342f9d), TOBN(0x93a10aee, 0x1bc44a14), - TOBN(0xa7eed31b, 0x3efd0baa), TOBN(0x6e7c824e, 0x1d154e65), - TOBN(0xee23fa81, 0x9966e7ee), TOBN(0x64ec4aa8, 0x05b7920d), - TOBN(0x2d44462d, 0x2d90aad4), TOBN(0xf44dd195, 0xdf277ad5), - TOBN(0x8d6471f1, 0xbb46b6a1), TOBN(0x1e65d313, 0xfd885090), - TOBN(0x33a800f5, 0x13a977b4), TOBN(0xaca9d721, 0x0797e1ef), - TOBN(0x9a5a85a0, 0xfcff6a17), TOBN(0x9970a3f3, 0x1eca7cee), - TOBN(0xbb9f0d6b, 0xc9504be3), TOBN(0xe0c504be, 0xadd24ee2), - TOBN(0x7e09d956, 0x77fcc2f4), TOBN(0xef1a5227, 0x65bb5fc4), - TOBN(0x145d4fb1, 0x8b9286aa), TOBN(0x66fd0c5d, 0x6649028b), - TOBN(0x98857ceb, 0x1bf4581c), TOBN(0xe635e186, 0xaca7b166), - TOBN(0x278ddd22, 0x659722ac), TOBN(0xa0903c4c, 0x1db68007), - TOBN(0x366e4589, 0x48f21402), TOBN(0x31b49c14, 0xb96abda2), - TOBN(0x329c4b09, 0xe0403190), TOBN(0x97197ca3, 0xd29f43fe), - TOBN(0x8073dd1e, 0x274983d8), TOBN(0xda1a3bde, 0x55717c8f), - TOBN(0xfd3d4da2, 0x0361f9d1), TOBN(0x1332d081, 0x4c7de1ce), - TOBN(0x9b7ef7a3, 0xaa6d0e10), TOBN(0x17db2e73, 0xf54f1c4a), - TOBN(0xaf3dffae, 0x4cd35567), TOBN(0xaaa2f406, 0xe56f4e71), - TOBN(0x8966759e, 0x7ace3fc7), TOBN(0x9594eacf, 0x45a8d8c6), - TOBN(0x8de3bd8b, 0x91834e0e), TOBN(0xafe4ca53, 0x548c0421), - TOBN(0xfdd7e856, 0xe6ee81c6), TOBN(0x8f671beb, 0x6b891a3a), - TOBN(0xf7a58f2b, 0xfae63829), TOBN(0x9ab186fb, 0x9c11ac9f), - TOBN(0x8d6eb369, 0x10b5be76), TOBN(0x046b7739, 0xfb040bcd), - TOBN(0xccb4529f, 0xcb73de88), TOBN(0x1df0fefc, 0xcf26be03), - TOBN(0xad7757a6, 0xbcfcd027), TOBN(0xa8786c75, 0xbb3165ca), - TOBN(0xe9db1e34, 0x7e99a4d9), TOBN(0x99ee86df, 0xb06c504b), - TOBN(0x5b7c2ddd, 0xc15c9f0a), TOBN(0xdf87a734, 0x4295989e), - TOBN(0x59ece47c, 0x03d08fda), TOBN(0xb074d3dd, 0xad5fc702), - TOBN(0x20407903, 0x51a03776), TOBN(0x2bb1f77b, 0x2a608007), - TOBN(0x25c58f4f, 0xe1153185), TOBN(0xe6df62f6, 0x766e6447), - TOBN(0xefb3d1be, 0xed51275a), TOBN(0x5de47dc7, 0x2f0f483f), - TOBN(0x7932d98e, 0x97c2bedf), TOBN(0xd5c11927, 0x0219f8a1), - TOBN(0x9d751200, 0xa73a294e), TOBN(0x5f88434a, 0x9dc20172), - TOBN(0xd28d9fd3, 0xa26f506a), TOBN(0xa890cd31, 0x9d1dcd48), - TOBN(0x0aebaec1, 0x70f4d3b4), TOBN(0xfd1a1369, 0x0ffc8d00), - TOBN(0xb9d9c240, 0x57d57838), TOBN(0x45929d26, 0x68bac361), - TOBN(0x5a2cd060, 0x25b15ca6), TOBN(0x4b3c83e1, 0x6e474446), - TOBN(0x1aac7578, 0xee1e5134), TOBN(0xa418f5d6, 0xc91e2f41), - TOBN(0x6936fc8a, 0x213ed68b), TOBN(0x860ae7ed, 0x510a5224), - TOBN(0x63660335, 0xdef09b53), TOBN(0x641b2897, 0xcd79c98d), - TOBN(0x29bd38e1, 0x01110f35), TOBN(0x79c26f42, 0x648b1937), - TOBN(0x64dae519, 0x9d9164f4), TOBN(0xd85a2310, 0x0265c273), - TOBN(0x7173dd5d, 0x4b07e2b1), TOBN(0xd144c4cb, 0x8d9ea221), - TOBN(0xe8b04ea4, 0x1105ab14), TOBN(0x92dda542, 0xfe80d8f1), - TOBN(0xe9982fa8, 0xcf03dce6), TOBN(0x8b5ea965, 0x1a22cffc), - TOBN(0xf7f4ea7f, 0x3fad88c4), TOBN(0x62db773e, 0x6a5ba95c), - TOBN(0xd20f02fb, 0x93f24567), TOBN(0xfd46c69a, 0x315257ca), - TOBN(0x0ac74cc7, 0x8bcab987), TOBN(0x46f31c01, 0x5ceca2f5), - TOBN(0x40aedb59, 0x888b219e), TOBN(0xe50ecc37, 0xe1fccd02), - TOBN(0x1bcd9dad, 0x911f816c), TOBN(0x583cc1ec, 0x8db9b00c), - TOBN(0xf3cd2e66, 0xa483bf11), TOBN(0xfa08a6f5, 0xb1b2c169), - TOBN(0xf375e245, 0x4be9fa28), TOBN(0x99a7ffec, 0x5b6d011f), - TOBN(0x6a3ebddb, 0xc4ae62da), TOBN(0x6cea00ae, 0x374aef5d), - TOBN(0xab5fb98d, 0x9d4d05bc), TOBN(0x7cba1423, 0xd560f252), - TOBN(0x49b2cc21, 0x208490de), TOBN(0x1ca66ec3, 0xbcfb2879), - TOBN(0x7f1166b7, 0x1b6fb16f), TOBN(0xfff63e08, 0x65fe5db3), - TOBN(0xb8345abe, 0x8b2610be), TOBN(0xb732ed80, 0x39de3df4), - TOBN(0x0e24ed50, 0x211c32b4), TOBN(0xd10d8a69, 0x848ff27d), - TOBN(0xc1074398, 0xed4de248), TOBN(0xd7cedace, 0x10488927), - TOBN(0xa4aa6bf8, 0x85673e13), TOBN(0xb46bae91, 0x6daf30af), - TOBN(0x07088472, 0xfcef7ad8), TOBN(0x61151608, 0xd4b35e97), - TOBN(0xbcfe8f26, 0xdde29986), TOBN(0xeb84c4c7, 0xd5a34c79), - TOBN(0xc1eec55c, 0x164e1214), TOBN(0x891be86d, 0xa147bb03), - TOBN(0x9fab4d10, 0x0ba96835), TOBN(0xbf01e9b8, 0xa5c1ae9f), - TOBN(0x6b4de139, 0xb186ebc0), TOBN(0xd5c74c26, 0x85b91bca), - TOBN(0x5086a99c, 0xc2d93854), TOBN(0xeed62a7b, 0xa7a9dfbc), - TOBN(0x8778ed6f, 0x76b7618a), TOBN(0xbff750a5, 0x03b66062), - TOBN(0x4cb7be22, 0xb65186db), TOBN(0x369dfbf0, 0xcc3a6d13), - TOBN(0xc7dab26c, 0x7191a321), TOBN(0x9edac3f9, 0x40ed718e), - TOBN(0xbc142b36, 0xd0cfd183), TOBN(0xc8af82f6, 0x7c991693), - TOBN(0xb3d1e4d8, 0x97ce0b2a), TOBN(0xe6d7c87f, 0xc3a55cdf), - TOBN(0x35846b95, 0x68b81afe), TOBN(0x018d12af, 0xd3c239d8), - TOBN(0x2b2c6208, 0x01206e15), TOBN(0xe0e42453, 0xa3b882c6), - TOBN(0x854470a3, 0xa50162d5), TOBN(0x08157478, 0x7017a62a), - TOBN(0x18bd3fb4, 0x820357c7), TOBN(0x992039ae, 0x6f1458ad), - TOBN(0x9a1df3c5, 0x25b44aa1), TOBN(0x2d780357, 0xed3d5281), - TOBN(0x58cf7e4d, 0xc77ad4d4), TOBN(0xd49a7998, 0xf9df4fc4), - TOBN(0x4465a8b5, 0x1d71205e), TOBN(0xa0ee0ea6, 0x649254aa), - TOBN(0x4b5eeecf, 0xab7bd771), TOBN(0x6c873073, 0x35c262b9), - TOBN(0xdc5bd648, 0x3c9d61e7), TOBN(0x233d6d54, 0x321460d2), - TOBN(0xd20c5626, 0xfc195bcc), TOBN(0x25445958, 0x04d78b63), - TOBN(0xe03fcb3d, 0x17ec8ef3), TOBN(0x54b690d1, 0x46b8f781), - TOBN(0x82fa2c8a, 0x21230646), TOBN(0xf51aabb9, 0x084f418c), - TOBN(0xff4fbec1, 0x1a30ba43), TOBN(0x6a5acf73, 0x743c9df7), - TOBN(0x1da2b357, 0xd635b4d5), TOBN(0xc3de68dd, 0xecd5c1da), - TOBN(0xa689080b, 0xd61af0dd), TOBN(0xdea5938a, 0xd665bf99), - TOBN(0x0231d71a, 0xfe637294), TOBN(0x01968aa6, 0xa5a81cd8), - TOBN(0x11252d50, 0x048e63b5), TOBN(0xc446bc52, 0x6ca007e9), - TOBN(0xef8c50a6, 0x96d6134b), TOBN(0x9361fbf5, 0x9e09a05c), - TOBN(0xf17f85a6, 0xdca3291a), TOBN(0xb178d548, 0xff251a21), - TOBN(0x87f6374b, 0xa4df3915), TOBN(0x566ce1bf, 0x2fd5d608), - TOBN(0x425cba4d, 0x7de35102), TOBN(0x6b745f8f, 0x58c5d5e2), - TOBN(0x88402af6, 0x63122edf), TOBN(0x3190f9ed, 0x3b989a89), - TOBN(0x4ad3d387, 0xebba3156), TOBN(0xef385ad9, 0xc7c469a5), - TOBN(0xb08281de, 0x3f642c29), TOBN(0x20be0888, 0x910ffb88), - TOBN(0xf353dd4a, 0xd5292546), TOBN(0x3f1627de, 0x8377a262), - TOBN(0xa5faa013, 0xeefcd638), TOBN(0x8f3bf626, 0x74cc77c3), - TOBN(0x32618f65, 0xa348f55e), TOBN(0x5787c0dc, 0x9fefeb9e), - TOBN(0xf1673aa2, 0xd9a23e44), TOBN(0x88dfa993, 0x4e10690d), - TOBN(0x1ced1b36, 0x2bf91108), TOBN(0x9193ceca, 0x3af48649), - TOBN(0xfb34327d, 0x2d738fc5), TOBN(0x6697b037, 0x975fee6c), - TOBN(0x2f485da0, 0xc04079a5), TOBN(0x2cdf5735, 0x2feaa1ac), - TOBN(0x76944420, 0xbd55659e), TOBN(0x7973e32b, 0x4376090c), - TOBN(0x86bb4fe1, 0x163b591a), TOBN(0x10441aed, 0xc196f0ca), - TOBN(0x3b431f4a, 0x045ad915), TOBN(0x6c11b437, 0xa4afacb1), - TOBN(0x30b0c7db, 0x71fdbbd8), TOBN(0xb642931f, 0xeda65acd), - TOBN(0x4baae6e8, 0x9c92b235), TOBN(0xa73bbd0e, 0x6b3993a1), - TOBN(0xd06d60ec, 0x693dd031), TOBN(0x03cab91b, 0x7156881c), - TOBN(0xd615862f, 0x1db3574b), TOBN(0x485b0185, 0x64bb061a), - TOBN(0x27434988, 0xa0181e06), TOBN(0x2cd61ad4, 0xc1c0c757), - TOBN(0x3effed5a, 0x2ff9f403), TOBN(0x8dc98d8b, 0x62239029), - TOBN(0x2206021e, 0x1f17b70d), TOBN(0xafbec0ca, 0xbf510015), - TOBN(0x9fed7164, 0x80130dfa), TOBN(0x306dc2b5, 0x8a02dcf5), - TOBN(0x48f06620, 0xfeb10fc0), TOBN(0x78d1e1d5, 0x5a57cf51), - TOBN(0xadef8c5a, 0x192ef710), TOBN(0x88afbd4b, 0x3b7431f9), - TOBN(0x7e1f7407, 0x64250c9e), TOBN(0x6e31318d, 0xb58bec07), - TOBN(0xfd4fc4b8, 0x24f89b4e), TOBN(0x65a5dd88, 0x48c36a2a), - TOBN(0x4f1eccff, 0xf024baa7), TOBN(0x22a21cf2, 0xcba94650), - TOBN(0x95d29dee, 0x42a554f7), TOBN(0x828983a5, 0x002ec4ba), - TOBN(0x8112a1f7, 0x8badb73d), TOBN(0x79ea8897, 0xa27c1839), - TOBN(0x8969a5a7, 0xd065fd83), TOBN(0xf49af791, 0xb262a0bc), - TOBN(0xfcdea8b6, 0xaf2b5127), TOBN(0x10e913e1, 0x564c2dbc), - TOBN(0x51239d14, 0xbc21ef51), TOBN(0xe51c3ceb, 0x4ce57292), - TOBN(0x795ff068, 0x47bbcc3b), TOBN(0x86b46e1e, 0xbd7e11e6), - TOBN(0x0ea6ba23, 0x80041ef4), TOBN(0xd72fe505, 0x6262342e), - TOBN(0x8abc6dfd, 0x31d294d4), TOBN(0xbbe017a2, 0x1278c2c9), - TOBN(0xb1fcfa09, 0xb389328a), TOBN(0x322fbc62, 0xd01771b5), - TOBN(0x04c0d063, 0x60b045bf), TOBN(0xdb652edc, 0x10e52d01), - TOBN(0x50ef932c, 0x03ec6627), TOBN(0xde1b3b2d, 0xc1ee50e3), - TOBN(0x5ab7bdc5, 0xdc37a90d), TOBN(0xfea67213, 0x31e33a96), - TOBN(0x6482b5cb, 0x4f2999aa), TOBN(0x38476cc6, 0xb8cbf0dd), - TOBN(0x93ebfacb, 0x173405bb), TOBN(0x15cdafe7, 0xe52369ec), - TOBN(0xd42d5ba4, 0xd935b7db), TOBN(0x648b6004, 0x1c99a4cd), - TOBN(0x785101bd, 0xa3b5545b), TOBN(0x4bf2c38a, 0x9dd67faf), - TOBN(0xb1aadc63, 0x4442449c), TOBN(0xe0e9921a, 0x33ad4fb8), - TOBN(0x5c552313, 0xaa686d82), TOBN(0xdee635fa, 0x465d866c), - TOBN(0xbc3c224a, 0x18ee6e8a), TOBN(0xeed748a6, 0xed42e02f), - TOBN(0xe70f930a, 0xd474cd08), TOBN(0x774ea6ec, 0xfff24adf), - TOBN(0x03e2de1c, 0xf3480d4a), TOBN(0xf0d8edc7, 0xbc8acf1a), - TOBN(0xf23e3303, 0x68295a9c), TOBN(0xfadd5f68, 0xc546a97d), - TOBN(0x895597ad, 0x96f8acb1), TOBN(0xbddd49d5, 0x671bdae2), - TOBN(0x16fcd528, 0x21dd43f4), TOBN(0xa5a45412, 0x6619141a)}, - {TOBN(0x8ce9b6bf, 0xc360e25a), TOBN(0xe6425195, 0x075a1a78), - TOBN(0x9dc756a8, 0x481732f4), TOBN(0x83c0440f, 0x5432b57a), - TOBN(0xc670b3f1, 0xd720281f), TOBN(0x2205910e, 0xd135e051), - TOBN(0xded14b0e, 0xdb052be7), TOBN(0x697b3d27, 0xc568ea39), - TOBN(0x2e599b9a, 0xfb3ff9ed), TOBN(0x28c2e0ab, 0x17f6515c), - TOBN(0x1cbee4fd, 0x474da449), TOBN(0x071279a4, 0x4f364452), - TOBN(0x97abff66, 0x01fbe855), TOBN(0x3ee394e8, 0x5fda51c4), - TOBN(0x190385f6, 0x67597c0b), TOBN(0x6e9fccc6, 0xa27ee34b), - TOBN(0x0b89de93, 0x14092ebb), TOBN(0xf17256bd, 0x428e240c), - TOBN(0xcf89a7f3, 0x93d2f064), TOBN(0x4f57841e, 0xe1ed3b14), - TOBN(0x4ee14405, 0xe708d855), TOBN(0x856aae72, 0x03f1c3d0), - TOBN(0xc8e5424f, 0xbdd7eed5), TOBN(0x3333e4ef, 0x73ab4270), - TOBN(0x3bc77ade, 0xdda492f8), TOBN(0xc11a3aea, 0x78297205), - TOBN(0x5e89a3e7, 0x34931b4c), TOBN(0x17512e2e, 0x9f5694bb), - TOBN(0x5dc349f3, 0x177bf8b6), TOBN(0x232ea4ba, 0x08c7ff3e), - TOBN(0x9c4f9d16, 0xf511145d), TOBN(0xccf109a3, 0x33b379c3), - TOBN(0xe75e7a88, 0xa1f25897), TOBN(0x7ac6961f, 0xa1b5d4d8), - TOBN(0xe3e10773, 0x08f3ed5c), TOBN(0x208a54ec, 0x0a892dfb), - TOBN(0xbe826e19, 0x78660710), TOBN(0x0cf70a97, 0x237df2c8), - TOBN(0x418a7340, 0xed704da5), TOBN(0xa3eeb9a9, 0x08ca33fd), - TOBN(0x49d96233, 0x169bca96), TOBN(0x04d286d4, 0x2da6aafb), - TOBN(0xc09606ec, 0xa0c2fa94), TOBN(0x8869d0d5, 0x23ff0fb3), - TOBN(0xa99937e5, 0xd0150d65), TOBN(0xa92e2503, 0x240c14c9), - TOBN(0x656bf945, 0x108e2d49), TOBN(0x152a733a, 0xa2f59e2b), - TOBN(0xb4323d58, 0x8434a920), TOBN(0xc0af8e93, 0x622103c5), - TOBN(0x667518ef, 0x938dbf9a), TOBN(0xa1843073, 0x83a9cdf2), - TOBN(0x350a94aa, 0x5447ab80), TOBN(0xe5e5a325, 0xc75a3d61), - TOBN(0x74ba507f, 0x68411a9e), TOBN(0x10581fc1, 0x594f70c5), - TOBN(0x60e28570, 0x80eb24a9), TOBN(0x7bedfb4d, 0x488e0cfd), - TOBN(0x721ebbd7, 0xc259cdb8), TOBN(0x0b0da855, 0xbc6390a9), - TOBN(0x2b4d04db, 0xde314c70), TOBN(0xcdbf1fbc, 0x6c32e846), - TOBN(0x33833eab, 0xb162fc9e), TOBN(0x9939b48b, 0xb0dd3ab7), - TOBN(0x5aaa98a7, 0xcb0c9c8c), TOBN(0x75105f30, 0x81c4375c), - TOBN(0xceee5057, 0x5ef1c90f), TOBN(0xb31e065f, 0xc23a17bf), - TOBN(0x5364d275, 0xd4b6d45a), TOBN(0xd363f3ad, 0x62ec8996), - TOBN(0xb5d21239, 0x4391c65b), TOBN(0x84564765, 0xebb41b47), - TOBN(0x20d18ecc, 0x37107c78), TOBN(0xacff3b6b, 0x570c2a66), - TOBN(0x22f975d9, 0x9bd0d845), TOBN(0xef0a0c46, 0xba178fa0), - TOBN(0x1a419651, 0x76b6028e), TOBN(0xc49ec674, 0x248612d4), - TOBN(0x5b6ac4f2, 0x7338af55), TOBN(0x06145e62, 0x7bee5a36), - TOBN(0x33e95d07, 0xe75746b5), TOBN(0x1c1e1f6d, 0xc40c78be), - TOBN(0x967833ef, 0x222ff8e2), TOBN(0x4bedcf6a, 0xb49180ad), - TOBN(0x6b37e9c1, 0x3d7a4c8a), TOBN(0x2748887c, 0x6ddfe760), - TOBN(0xf7055123, 0xaa3a5bbc), TOBN(0x954ff225, 0x7bbb8e74), - TOBN(0xc42b8ab1, 0x97c3dfb9), TOBN(0x55a549b0, 0xcf168154), - TOBN(0xad6748e7, 0xc1b50692), TOBN(0x2775780f, 0x6fc5cbcb), - TOBN(0x4eab80b8, 0xe1c9d7c8), TOBN(0x8c69dae1, 0x3fdbcd56), - TOBN(0x47e6b4fb, 0x9969eace), TOBN(0x002f1085, 0xa705cb5a), - TOBN(0x4e23ca44, 0x6d3fea55), TOBN(0xb4ae9c86, 0xf4810568), - TOBN(0x47bfb91b, 0x2a62f27d), TOBN(0x60deb4c9, 0xd9bac28c), - TOBN(0xa892d894, 0x7de6c34c), TOBN(0x4ee68259, 0x4494587d), - TOBN(0x914ee14e, 0x1a3f8a5b), TOBN(0xbb113eaa, 0x28700385), - TOBN(0x81ca03b9, 0x2115b4c9), TOBN(0x7c163d38, 0x8908cad1), - TOBN(0xc912a118, 0xaa18179a), TOBN(0xe09ed750, 0x886e3081), - TOBN(0xa676e3fa, 0x26f516ca), TOBN(0x753cacf7, 0x8e732f91), - TOBN(0x51592aea, 0x833da8b4), TOBN(0xc626f42f, 0x4cbea8aa), - TOBN(0xef9dc899, 0xa7b56eaf), TOBN(0x00c0e52c, 0x34ef7316), - TOBN(0x5b1e4e24, 0xfe818a86), TOBN(0x9d31e20d, 0xc538be47), - TOBN(0x22eb932d, 0x3ed68974), TOBN(0xe44bbc08, 0x7c4e87c4), - TOBN(0x4121086e, 0x0dde9aef), TOBN(0x8e6b9cff, 0x134f4345), - TOBN(0x96892c1f, 0x711b0eb9), TOBN(0xb905f2c8, 0x780ab954), - TOBN(0xace26309, 0xa20792db), TOBN(0xec8ac9b3, 0x0684e126), - TOBN(0x486ad8b6, 0xb40a2447), TOBN(0x60121fc1, 0x9fe3fb24), - TOBN(0x5626fccf, 0x1a8e3b3f), TOBN(0x4e568622, 0x6ad1f394), - TOBN(0xda7aae0d, 0x196aa5a1), TOBN(0xe0df8c77, 0x1041b5fb), - TOBN(0x451465d9, 0x26b318b7), TOBN(0xc29b6e55, 0x7ab136e9), - TOBN(0x2c2ab48b, 0x71148463), TOBN(0xb5738de3, 0x64454a76), - TOBN(0x54ccf9a0, 0x5a03abe4), TOBN(0x377c0296, 0x0427d58e), - TOBN(0x73f5f0b9, 0x2bb39c1f), TOBN(0x14373f2c, 0xe608d8c5), - TOBN(0xdcbfd314, 0x00fbb805), TOBN(0xdf18fb20, 0x83afdcfb), - TOBN(0x81a57f42, 0x42b3523f), TOBN(0xe958532d, 0x87f650fb), - TOBN(0xaa8dc8b6, 0x8b0a7d7c), TOBN(0x1b75dfb7, 0x150166be), - TOBN(0x90e4f7c9, 0x2d7d1413), TOBN(0x67e2d6b5, 0x9834f597), - TOBN(0x4fd4f4f9, 0xa808c3e8), TOBN(0xaf8237e0, 0xd5281ec1), - TOBN(0x25ab5fdc, 0x84687cee), TOBN(0xc5ded6b1, 0xa5b26c09), - TOBN(0x8e4a5aec, 0xc8ea7650), TOBN(0x23b73e5c, 0x14cc417f), - TOBN(0x2bfb4318, 0x3037bf52), TOBN(0xb61e6db5, 0x78c725d7), - TOBN(0x8efd4060, 0xbbb3e5d7), TOBN(0x2e014701, 0xdbac488e), - TOBN(0xac75cf9a, 0x360aa449), TOBN(0xb70cfd05, 0x79634d08), - TOBN(0xa591536d, 0xfffb15ef), TOBN(0xb2c37582, 0xd07c106c), - TOBN(0xb4293fdc, 0xf50225f9), TOBN(0xc52e175c, 0xb0e12b03), - TOBN(0xf649c3ba, 0xd0a8bf64), TOBN(0x745a8fef, 0xeb8ae3c6), - TOBN(0x30d7e5a3, 0x58321bc3), TOBN(0xb1732be7, 0x0bc4df48), - TOBN(0x1f217993, 0xe9ea5058), TOBN(0xf7a71cde, 0x3e4fd745), - TOBN(0x86cc533e, 0x894c5bbb), TOBN(0x6915c7d9, 0x69d83082), - TOBN(0xa6aa2d05, 0x5815c244), TOBN(0xaeeee592, 0x49b22ce5), - TOBN(0x89e39d13, 0x78135486), TOBN(0x3a275c1f, 0x16b76f2f), - TOBN(0xdb6bcc1b, 0xe036e8f5), TOBN(0x4df69b21, 0x5e4709f5), - TOBN(0xa188b250, 0x2d0f39aa), TOBN(0x622118bb, 0x15a85947), - TOBN(0x2ebf520f, 0xfde0f4fa), TOBN(0xa40e9f29, 0x4860e539), - TOBN(0x7b6a51eb, 0x22b57f0f), TOBN(0x849a33b9, 0x7e80644a), - TOBN(0x50e5d16f, 0x1cf095fe), TOBN(0xd754b54e, 0xec55f002), - TOBN(0x5cfbbb22, 0x236f4a98), TOBN(0x0b0c59e9, 0x066800bb), - TOBN(0x4ac69a8f, 0x5a9a7774), TOBN(0x2b33f804, 0xd6bec948), - TOBN(0xb3729295, 0x32e6c466), TOBN(0x68956d0f, 0x4e599c73), - TOBN(0xa47a249f, 0x155c31cc), TOBN(0x24d80f0d, 0xe1ce284e), - TOBN(0xcd821dfb, 0x988baf01), TOBN(0xe6331a7d, 0xdbb16647), - TOBN(0x1eb8ad33, 0x094cb960), TOBN(0x593cca38, 0xc91bbca5), - TOBN(0x384aac8d, 0x26567456), TOBN(0x40fa0309, 0xc04b6490), - TOBN(0x97834cd6, 0xdab6c8f6), TOBN(0x68a7318d, 0x3f91e55f), - TOBN(0xa00fd04e, 0xfc4d3157), TOBN(0xb56f8ab2, 0x2bf3bdea), - TOBN(0x014f5648, 0x4fa57172), TOBN(0x948c5860, 0x450abdb3), - TOBN(0x342b5df0, 0x0ebd4f08), TOBN(0x3e5168cd, 0x0e82938e), - TOBN(0x7aedc1ce, 0xb0df5dd0), TOBN(0x6bbbc6d9, 0xe5732516), - TOBN(0xc7bfd486, 0x605daaa6), TOBN(0x46fd72b7, 0xbb9a6c9e), - TOBN(0xe4847fb1, 0xa124fb89), TOBN(0x75959cbd, 0xa2d8ffbc), - TOBN(0x42579f65, 0xc8a588ee), TOBN(0x368c92e6, 0xb80b499d), - TOBN(0xea4ef6cd, 0x999a5df1), TOBN(0xaa73bb7f, 0x936fe604), - TOBN(0xf347a70d, 0x6457d188), TOBN(0x86eda86b, 0x8b7a388b), - TOBN(0xb7cdff06, 0x0ccd6013), TOBN(0xbeb1b6c7, 0xd0053fb2), - TOBN(0x0b022387, 0x99240a9f), TOBN(0x1bbb384f, 0x776189b2), - TOBN(0x8695e71e, 0x9066193a), TOBN(0x2eb50097, 0x06ffac7e), - TOBN(0x0654a9c0, 0x4a7d2caa), TOBN(0x6f3fb3d1, 0xa5aaa290), - TOBN(0x835db041, 0xff476e8f), TOBN(0x540b8b0b, 0xc42295e4), - TOBN(0xa5c73ac9, 0x05e214f5), TOBN(0x9a74075a, 0x56a0b638), - TOBN(0x2e4b1090, 0xce9e680b), TOBN(0x57a5b479, 0x6b8d9afa), - TOBN(0x0dca48e7, 0x26bfe65c), TOBN(0x097e391c, 0x7290c307), - TOBN(0x683c462e, 0x6669e72e), TOBN(0xf505be1e, 0x062559ac), - TOBN(0x5fbe3ea1, 0xe3a3035a), TOBN(0x6431ebf6, 0x9cd50da8), - TOBN(0xfd169d5c, 0x1f6407f2), TOBN(0x8d838a95, 0x60fce6b8), - TOBN(0x2a2bfa7f, 0x650006f0), TOBN(0xdfd7dad3, 0x50c0fbb2), - TOBN(0x92452495, 0xccf9ad96), TOBN(0x183bf494, 0xd95635f9), - TOBN(0x02d5df43, 0x4a7bd989), TOBN(0x505385cc, 0xa5431095), - TOBN(0xdd98e67d, 0xfd43f53e), TOBN(0xd61e1a6c, 0x500c34a9), - TOBN(0x5a4b46c6, 0x4a8a3d62), TOBN(0x8469c4d0, 0x247743d2), - TOBN(0x2bb3a13d, 0x88f7e433), TOBN(0x62b23a10, 0x01be5849), - TOBN(0xe83596b4, 0xa63d1a4c), TOBN(0x454e7fea, 0x7d183f3e), - TOBN(0x643fce61, 0x17afb01c), TOBN(0x4e65e5e6, 0x1c4c3638), - TOBN(0x41d85ea1, 0xef74c45b), TOBN(0x2cfbfa66, 0xae328506), - TOBN(0x98b078f5, 0x3ada7da9), TOBN(0xd985fe37, 0xec752fbb), - TOBN(0xeece68fe, 0x5a0148b4), TOBN(0x6f9a55c7, 0x2d78136d), - TOBN(0x232dccc4, 0xd2b729ce), TOBN(0xa27e0dfd, 0x90aafbc4), - TOBN(0x96474452, 0x12b4603e), TOBN(0xa876c551, 0x6b706d14), - TOBN(0xdf145fcf, 0x69a9d412), TOBN(0xe2ab75b7, 0x2d479c34), - TOBN(0x12df9a76, 0x1a23ff97), TOBN(0xc6138992, 0x5d359d10), - TOBN(0x6e51c7ae, 0xfa835f22), TOBN(0x69a79cb1, 0xc0fcc4d9), - TOBN(0xf57f350d, 0x594cc7e1), TOBN(0x3079ca63, 0x3350ab79), - TOBN(0x226fb614, 0x9aff594a), TOBN(0x35afec02, 0x6d59a62b), - TOBN(0x9bee46f4, 0x06ed2c6e), TOBN(0x58da1735, 0x7d939a57), - TOBN(0x44c50402, 0x8fd1797e), TOBN(0xd8853e7c, 0x5ccea6ca), - TOBN(0x4065508d, 0xa35fcd5f), TOBN(0x8965df8c, 0x495ccaeb), - TOBN(0x0f2da850, 0x12e1a962), TOBN(0xee471b94, 0xc1cf1cc4), - TOBN(0xcef19bc8, 0x0a08fb75), TOBN(0x704958f5, 0x81de3591), - TOBN(0x2867f8b2, 0x3aef4f88), TOBN(0x8d749384, 0xea9f9a5f), - TOBN(0x1b385537, 0x8c9049f4), TOBN(0x5be948f3, 0x7b92d8b6), - TOBN(0xd96f725d, 0xb6e2bd6b), TOBN(0x37a222bc, 0x958c454d), - TOBN(0xe7c61abb, 0x8809bf61), TOBN(0x46f07fbc, 0x1346f18d), - TOBN(0xfb567a7a, 0xe87c0d1c), TOBN(0x84a461c8, 0x7ef3d07a), - TOBN(0x0a5adce6, 0xd9278d98), TOBN(0x24d94813, 0x9dfc73e1), - TOBN(0x4f3528b6, 0x054321c3), TOBN(0x2e03fdde, 0x692ea706), - TOBN(0x10e60619, 0x47b533c0), TOBN(0x1a8bc73f, 0x2ca3c055), - TOBN(0xae58d4b2, 0x1bb62b8f), TOBN(0xb2045a73, 0x584a24e3), - TOBN(0x3ab3d5af, 0xbd76e195), TOBN(0x478dd1ad, 0x6938a810), - TOBN(0x6ffab393, 0x6ee3d5cb), TOBN(0xdfb693db, 0x22b361e4), - TOBN(0xf9694496, 0x51dbf1a7), TOBN(0xcab4b4ef, 0x08a2e762), - TOBN(0xe8c92f25, 0xd39bba9a), TOBN(0x850e61bc, 0xf1464d96), - TOBN(0xb7e830e3, 0xdc09508b), TOBN(0xfaf6d2cf, 0x74317655), - TOBN(0x72606ceb, 0xdf690355), TOBN(0x48bb92b3, 0xd0c3ded6), - TOBN(0x65b75484, 0x5c7cf892), TOBN(0xf6cd7ac9, 0xd5d5f01f), - TOBN(0xc2c30a59, 0x96401d69), TOBN(0x91268650, 0xed921878), - TOBN(0x380bf913, 0xb78c558f), TOBN(0x43c0baeb, 0xc8afdaa9), - TOBN(0x377f61d5, 0x54f169d3), TOBN(0xf8da07e3, 0xae5ff20b), - TOBN(0xb676c49d, 0xa8a90ea8), TOBN(0x81c1ff2b, 0x83a29b21), - TOBN(0x383297ac, 0x2ad8d276), TOBN(0x3001122f, 0xba89f982), - TOBN(0xe1d794be, 0x6718e448), TOBN(0x246c1482, 0x7c3e6e13), - TOBN(0x56646ef8, 0x5d26b5ef), TOBN(0x80f5091e, 0x88069cdd), - TOBN(0xc5992e2f, 0x724bdd38), TOBN(0x02e915b4, 0x8471e8c7), - TOBN(0x96ff320a, 0x0d0ff2a9), TOBN(0xbf886487, 0x4384d1a0), - TOBN(0xbbe1e6a6, 0xc93f72d6), TOBN(0xd5f75d12, 0xcad800ea), - TOBN(0xfa40a09f, 0xe7acf117), TOBN(0x32c8cdd5, 0x7581a355), - TOBN(0x74221992, 0x7023c499), TOBN(0xa8afe5d7, 0x38ec3901), - TOBN(0x5691afcb, 0xa90e83f0), TOBN(0x41bcaa03, 0x0b8f8eac), - TOBN(0xe38b5ff9, 0x8d2668d5), TOBN(0x0715281a, 0x7ad81965), - TOBN(0x1bc8fc7c, 0x03c6ce11), TOBN(0xcbbee6e2, 0x8b650436), - TOBN(0x06b00fe8, 0x0cdb9808), TOBN(0x17d6e066, 0xfe3ed315), - TOBN(0x2e9d38c6, 0x4d0b5018), TOBN(0xab8bfd56, 0x844dcaef), - TOBN(0x42894a59, 0x513aed8b), TOBN(0xf77f3b6d, 0x314bd07a), - TOBN(0xbbdecb8f, 0x8e42b582), TOBN(0xf10e2fa8, 0xd2390fe6), - TOBN(0xefb95022, 0x62a2f201), TOBN(0x4d59ea50, 0x50ee32b0), - TOBN(0xd87f7728, 0x6da789a8), TOBN(0xcf98a2cf, 0xf79492c4), - TOBN(0xf9577239, 0x720943c2), TOBN(0xba044cf5, 0x3990b9d0), - TOBN(0x5aa8e823, 0x95f2884a), TOBN(0x834de6ed, 0x0278a0af), - TOBN(0xc8e1ee9a, 0x5f25bd12), TOBN(0x9259ceaa, 0x6f7ab271), - TOBN(0x7e6d97a2, 0x77d00b76), TOBN(0x5c0c6eea, 0xa437832a), - TOBN(0x5232c20f, 0x5606b81d), TOBN(0xabd7b375, 0x0d991ee5), - TOBN(0x4d2bfe35, 0x8632d951), TOBN(0x78f85146, 0x98ed9364), - TOBN(0x951873f0, 0xf30c3282), TOBN(0x0da8ac80, 0xa789230b), - TOBN(0x3ac7789c, 0x5398967f), TOBN(0xa69b8f7f, 0xbdda0fb5), - TOBN(0xe5db7717, 0x6add8545), TOBN(0x1b71cb66, 0x72c49b66), - TOBN(0xd8560739, 0x68421d77), TOBN(0x03840fe8, 0x83e3afea), - TOBN(0xb391dad5, 0x1ec69977), TOBN(0xae243fb9, 0x307f6726), - TOBN(0xc88ac87b, 0xe8ca160c), TOBN(0x5174cced, 0x4ce355f4), - TOBN(0x98a35966, 0xe58ba37d), TOBN(0xfdcc8da2, 0x7817335d), - TOBN(0x5b752830, 0x83fbc7bf), TOBN(0x68e419d4, 0xd9c96984), - TOBN(0x409a39f4, 0x02a40380), TOBN(0x88940faf, 0x1fe977bc), - TOBN(0xc640a94b, 0x8f8edea6), TOBN(0x1e22cd17, 0xed11547d), - TOBN(0xe28568ce, 0x59ffc3e2), TOBN(0x60aa1b55, 0xc1dee4e7), - TOBN(0xc67497c8, 0x837cb363), TOBN(0x06fb438a, 0x105a2bf2), - TOBN(0x30357ec4, 0x500d8e20), TOBN(0x1ad9095d, 0x0670db10), - TOBN(0x7f589a05, 0xc73b7cfd), TOBN(0xf544607d, 0x880d6d28), - TOBN(0x17ba93b1, 0xa20ef103), TOBN(0xad859130, 0x6ba6577b), - TOBN(0x65c91cf6, 0x6fa214a0), TOBN(0xd7d49c6c, 0x27990da5), - TOBN(0xecd9ec8d, 0x20bb569d), TOBN(0xbd4b2502, 0xeeffbc33), - TOBN(0x2056ca5a, 0x6bed0467), TOBN(0x7916a1f7, 0x5b63728c), - TOBN(0xd4f9497d, 0x53a4f566), TOBN(0x89734664, 0x97b56810), - TOBN(0xf8e1da74, 0x0494a621), TOBN(0x82546a93, 0x8d011c68), - TOBN(0x1f3acb19, 0xc61ac162), TOBN(0x52f8fa9c, 0xabad0d3e), - TOBN(0x15356523, 0xb4b7ea43), TOBN(0x5a16ad61, 0xae608125), - TOBN(0xb0bcb87f, 0x4faed184), TOBN(0x5f236b1d, 0x5029f45f), - TOBN(0xd42c7607, 0x0bc6b1fc), TOBN(0xc644324e, 0x68aefce3), - TOBN(0x8e191d59, 0x5c5d8446), TOBN(0xc0208077, 0x13ae1979), - TOBN(0xadcaee55, 0x3ba59cc7), TOBN(0x20ed6d6b, 0xa2cb81ba), - TOBN(0x0952ba19, 0xb6efcffc), TOBN(0x60f12d68, 0x97c0b87c), - TOBN(0x4ee2c7c4, 0x9caa30bc), TOBN(0x767238b7, 0x97fbff4e), - TOBN(0xebc73921, 0x501b5d92), TOBN(0x3279e3df, 0xc2a37737), - TOBN(0x9fc12bc8, 0x6d197543), TOBN(0xfa94dc6f, 0x0a40db4e), - TOBN(0x7392b41a, 0x530ccbbd), TOBN(0x87c82146, 0xea823525), - TOBN(0xa52f984c, 0x05d98d0c), TOBN(0x2ae57d73, 0x5ef6974c), - TOBN(0x9377f7bf, 0x3042a6dd), TOBN(0xb1a007c0, 0x19647a64), - TOBN(0xfaa9079a, 0x0cca9767), TOBN(0x3d81a25b, 0xf68f72d5), - TOBN(0x752067f8, 0xff81578e), TOBN(0x78622150, 0x9045447d), - TOBN(0xc0c22fcf, 0x0505aa6f), TOBN(0x1030f0a6, 0x6bed1c77), - TOBN(0x31f29f15, 0x1f0bd739), TOBN(0x2d7989c7, 0xe6debe85), - TOBN(0x5c070e72, 0x8e677e98), TOBN(0x0a817bd3, 0x06e81fd5), - TOBN(0xc110d830, 0xb0f2ac95), TOBN(0x48d0995a, 0xab20e64e), - TOBN(0x0f3e00e1, 0x7729cd9a), TOBN(0x2a570c20, 0xdd556946), - TOBN(0x912dbcfd, 0x4e86214d), TOBN(0x2d014ee2, 0xcf615498), - TOBN(0x55e2b1e6, 0x3530d76e), TOBN(0xc5135ae4, 0xfd0fd6d1), - TOBN(0x0066273a, 0xd4f3049f), TOBN(0xbb8e9893, 0xe7087477), - TOBN(0x2dba1ddb, 0x14c6e5fd), TOBN(0xdba37886, 0x51f57e6c), - TOBN(0x5aaee0a6, 0x5a72f2cf), TOBN(0x1208bfbf, 0x7bea5642), - TOBN(0xf5c6aa3b, 0x67872c37), TOBN(0xd726e083, 0x43f93224), - TOBN(0x1854daa5, 0x061f1658), TOBN(0xc0016df1, 0xdf0cd2b3), - TOBN(0xc2a3f23e, 0x833d50de), TOBN(0x73b681d2, 0xbbbd3017), - TOBN(0x2f046dc4, 0x3ac343c0), TOBN(0x9c847e7d, 0x85716421), - TOBN(0xe1e13c91, 0x0917eed4), TOBN(0x3fc9eebd, 0x63a1b9c6), - TOBN(0x0f816a72, 0x7fe02299), TOBN(0x6335ccc2, 0x294f3319), - TOBN(0x3820179f, 0x4745c5be), TOBN(0xe647b782, 0x922f066e), - TOBN(0xc22e49de, 0x02cafb8a), TOBN(0x299bc2ff, 0xfcc2eccc), - TOBN(0x9a8feea2, 0x6e0e8282), TOBN(0xa627278b, 0xfe893205), - TOBN(0xa7e19733, 0x7933e47b), TOBN(0xf4ff6b13, 0x2e766402), - TOBN(0xa4d8be0a, 0x98440d9f), TOBN(0x658f5c2f, 0x38938808), - TOBN(0x90b75677, 0xc95b3b3e), TOBN(0xfa044269, 0x3137b6ff), - TOBN(0x077b039b, 0x43c47c29), TOBN(0xcca95dd3, 0x8a6445b2), - TOBN(0x0b498ba4, 0x2333fc4c), TOBN(0x274f8e68, 0xf736a1b1), - TOBN(0x6ca348fd, 0x5f1d4b2e), TOBN(0x24d3be78, 0xa8f10199), - TOBN(0x8535f858, 0xca14f530), TOBN(0xa6e7f163, 0x5b982e51), - TOBN(0x847c8512, 0x36e1bf62), TOBN(0xf6a7c58e, 0x03448418), - TOBN(0x583f3703, 0xf9374ab6), TOBN(0x864f9195, 0x6e564145), - TOBN(0x33bc3f48, 0x22526d50), TOBN(0x9f323c80, 0x1262a496), - TOBN(0xaa97a7ae, 0x3f046a9a), TOBN(0x70da183e, 0xdf8a039a), - TOBN(0x5b68f71c, 0x52aa0ba6), TOBN(0x9be0fe51, 0x21459c2d), - TOBN(0xc1e17eb6, 0xcbc613e5), TOBN(0x33131d55, 0x497ea61c), - TOBN(0x2f69d39e, 0xaf7eded5), TOBN(0x73c2f434, 0xde6af11b), - TOBN(0x4ca52493, 0xa4a375fa), TOBN(0x5f06787c, 0xb833c5c2), - TOBN(0x814e091f, 0x3e6e71cf), TOBN(0x76451f57, 0x8b746666)}, - {TOBN(0x80f9bdef, 0x694db7e0), TOBN(0xedca8787, 0xb9fcddc6), - TOBN(0x51981c34, 0x03b8dce1), TOBN(0x4274dcf1, 0x70e10ba1), - TOBN(0xf72743b8, 0x6def6d1a), TOBN(0xd25b1670, 0xebdb1866), - TOBN(0xc4491e8c, 0x050c6f58), TOBN(0x2be2b2ab, 0x87fbd7f5), - TOBN(0x3e0e5c9d, 0xd111f8ec), TOBN(0xbcc33f8d, 0xb7c4e760), - TOBN(0x702f9a91, 0xbd392a51), TOBN(0x7da4a795, 0xc132e92d), - TOBN(0x1a0b0ae3, 0x0bb1151b), TOBN(0x54febac8, 0x02e32251), - TOBN(0xea3a5082, 0x694e9e78), TOBN(0xe58ffec1, 0xe4fe40b8), - TOBN(0xf85592fc, 0xd1e0cf9e), TOBN(0xdea75f0d, 0xc0e7b2e8), - TOBN(0xc04215cf, 0xc135584e), TOBN(0x174fc727, 0x2f57092a), - TOBN(0xe7277877, 0xeb930bea), TOBN(0x504caccb, 0x5eb02a5a), - TOBN(0xf9fe08f7, 0xf5241b9b), TOBN(0xe7fb62f4, 0x8d5ca954), - TOBN(0xfbb8349d, 0x29c4120b), TOBN(0x9f94391f, 0xc0d0d915), - TOBN(0xc4074fa7, 0x5410ba51), TOBN(0xa66adbf6, 0x150a5911), - TOBN(0xc164543c, 0x34bfca38), TOBN(0xe0f27560, 0xb9e1ccfc), - TOBN(0x99da0f53, 0xe820219c), TOBN(0xe8234498, 0xc6b4997a), - TOBN(0xcfb88b76, 0x9d4c5423), TOBN(0x9e56eb10, 0xb0521c49), - TOBN(0x418e0b5e, 0xbe8700a1), TOBN(0x00cbaad6, 0xf93cb58a), - TOBN(0xe923fbde, 0xd92a5e67), TOBN(0xca4979ac, 0x1f347f11), - TOBN(0x89162d85, 0x6bc0585b), TOBN(0xdd6254af, 0xac3c70e3), - TOBN(0x7b23c513, 0x516e19e4), TOBN(0x56e2e847, 0xc5c4d593), - TOBN(0x9f727d73, 0x5ce71ef6), TOBN(0x5b6304a6, 0xf79a44c5), - TOBN(0x6638a736, 0x3ab7e433), TOBN(0x1adea470, 0xfe742f83), - TOBN(0xe054b854, 0x5b7fc19f), TOBN(0xf935381a, 0xba1d0698), - TOBN(0x546eab2d, 0x799e9a74), TOBN(0x96239e0e, 0xa949f729), - TOBN(0xca274c6b, 0x7090055a), TOBN(0x835142c3, 0x9020c9b0), - TOBN(0xa405667a, 0xa2e8807f), TOBN(0x29f2c085, 0x1aa3d39e), - TOBN(0xcc555d64, 0x42fc72f5), TOBN(0xe856e0e7, 0xfbeacb3c), - TOBN(0xb5504f9d, 0x918e4936), TOBN(0x65035ef6, 0xb2513982), - TOBN(0x0553a0c2, 0x6f4d9cb9), TOBN(0x6cb10d56, 0xbea85509), - TOBN(0x48d957b7, 0xa242da11), TOBN(0x16a4d3dd, 0x672b7268), - TOBN(0x3d7e637c, 0x8502a96b), TOBN(0x27c7032b, 0x730d463b), - TOBN(0xbdc02b18, 0xe4136a14), TOBN(0xbacf969d, 0x678e32bf), - TOBN(0xc98d89a3, 0xdd9c3c03), TOBN(0x7b92420a, 0x23becc4f), - TOBN(0xd4b41f78, 0xc64d565c), TOBN(0x9f969d00, 0x10f28295), - TOBN(0xec7f7f76, 0xb13d051a), TOBN(0x08945e1e, 0xa92da585), - TOBN(0x55366b7d, 0x5846426f), TOBN(0xe7d09e89, 0x247d441d), - TOBN(0x510b404d, 0x736fbf48), TOBN(0x7fa003d0, 0xe784bd7d), - TOBN(0x25f7614f, 0x17fd9596), TOBN(0x49e0e0a1, 0x35cb98db), - TOBN(0x2c65957b, 0x2e83a76a), TOBN(0x5d40da8d, 0xcddbe0f8), - TOBN(0xf2b8c405, 0x050bad24), TOBN(0x8918426d, 0xc2aa4823), - TOBN(0x2aeab3dd, 0xa38365a7), TOBN(0x72031717, 0x7c91b690), - TOBN(0x8b00d699, 0x60a94120), TOBN(0x478a255d, 0xe99eaeec), - TOBN(0xbf656a5f, 0x6f60aafd), TOBN(0xdfd7cb75, 0x5dee77b3), - TOBN(0x37f68bb4, 0xa595939d), TOBN(0x03556479, 0x28740217), - TOBN(0x8e740e7c, 0x84ad7612), TOBN(0xd89bc843, 0x9044695f), - TOBN(0xf7f3da5d, 0x85a9184d), TOBN(0x562563bb, 0x9fc0b074), - TOBN(0x06d2e6aa, 0xf88a888e), TOBN(0x612d8643, 0x161fbe7c), - TOBN(0x465edba7, 0xf64085e7), TOBN(0xb230f304, 0x29aa8511), - TOBN(0x53388426, 0xcda2d188), TOBN(0x90885735, 0x4b666649), - TOBN(0x6f02ff9a, 0x652f54f6), TOBN(0x65c82294, 0x5fae2bf0), - TOBN(0x7816ade0, 0x62f5eee3), TOBN(0xdcdbdf43, 0xfcc56d70), - TOBN(0x9fb3bba3, 0x54530bb2), TOBN(0xbde3ef77, 0xcb0869ea), - TOBN(0x89bc9046, 0x0b431163), TOBN(0x4d03d7d2, 0xe4819a35), - TOBN(0x33ae4f9e, 0x43b6a782), TOBN(0x216db307, 0x9c88a686), - TOBN(0x91dd88e0, 0x00ffedd9), TOBN(0xb280da9f, 0x12bd4840), - TOBN(0x32a7cb8a, 0x1635e741), TOBN(0xfe14008a, 0x78be02a7), - TOBN(0x3fafb334, 0x1b7ae030), TOBN(0x7fd508e7, 0x5add0ce9), - TOBN(0x72c83219, 0xd607ad51), TOBN(0x0f229c0a, 0x8d40964a), - TOBN(0x1be2c336, 0x1c878da2), TOBN(0xe0c96742, 0xeab2ab86), - TOBN(0x458f8691, 0x3e538cd7), TOBN(0xa7001f6c, 0x8e08ad53), - TOBN(0x52b8c6e6, 0xbf5d15ff), TOBN(0x548234a4, 0x011215dd), - TOBN(0xff5a9d2d, 0x3d5b4045), TOBN(0xb0ffeeb6, 0x4a904190), - TOBN(0x55a3aca4, 0x48607f8b), TOBN(0x8cbd665c, 0x30a0672a), - TOBN(0x87f834e0, 0x42583068), TOBN(0x02da2aeb, 0xf3f6e683), - TOBN(0x6b763e5d, 0x05c12248), TOBN(0x7230378f, 0x65a8aefc), - TOBN(0x93bd80b5, 0x71e8e5ca), TOBN(0x53ab041c, 0xb3b62524), - TOBN(0x1b860513, 0x6c9c552e), TOBN(0xe84d402c, 0xd5524e66), - TOBN(0xa37f3573, 0xf37f5937), TOBN(0xeb0f6c7d, 0xd1e4fca5), - TOBN(0x2965a554, 0xac8ab0fc), TOBN(0x17fbf56c, 0x274676ac), - TOBN(0x2e2f6bd9, 0xacf7d720), TOBN(0x41fc8f88, 0x10224766), - TOBN(0x517a14b3, 0x85d53bef), TOBN(0xdae327a5, 0x7d76a7d1), - TOBN(0x6ad0a065, 0xc4818267), TOBN(0x33aa189b, 0x37c1bbc1), - TOBN(0x64970b52, 0x27392a92), TOBN(0x21699a1c, 0x2d1535ea), - TOBN(0xcd20779c, 0xc2d7a7fd), TOBN(0xe3186059, 0x99c83cf2), - TOBN(0x9b69440b, 0x72c0b8c7), TOBN(0xa81497d7, 0x7b9e0e4d), - TOBN(0x515d5c89, 0x1f5f82dc), TOBN(0x9a7f67d7, 0x6361079e), - TOBN(0xa8da81e3, 0x11a35330), TOBN(0xe44990c4, 0x4b18be1b), - TOBN(0xc7d5ed95, 0xaf103e59), TOBN(0xece8aba7, 0x8dac9261), - TOBN(0xbe82b099, 0x9394b8d3), TOBN(0x6830f09a, 0x16adfe83), - TOBN(0x250a29b4, 0x88172d01), TOBN(0x8b20bd65, 0xcaff9e02), - TOBN(0xb8a7661e, 0xe8a6329a), TOBN(0x4520304d, 0xd3fce920), - TOBN(0xae45da1f, 0x2b47f7ef), TOBN(0xe07f5288, 0x5bffc540), - TOBN(0xf7997009, 0x3464f874), TOBN(0x2244c2cd, 0xa6fa1f38), - TOBN(0x43c41ac1, 0x94d7d9b1), TOBN(0x5bafdd82, 0xc82e7f17), - TOBN(0xdf0614c1, 0x5fda0fca), TOBN(0x74b043a7, 0xa8ae37ad), - TOBN(0x3ba6afa1, 0x9e71734c), TOBN(0x15d5437e, 0x9c450f2e), - TOBN(0x4a5883fe, 0x67e242b1), TOBN(0x5143bdc2, 0x2c1953c2), - TOBN(0x542b8b53, 0xfc5e8920), TOBN(0x363bf9a8, 0x9a9cee08), - TOBN(0x02375f10, 0xc3486e08), TOBN(0x2037543b, 0x8c5e70d2), - TOBN(0x7109bccc, 0x625640b4), TOBN(0xcbc1051e, 0x8bc62c3b), - TOBN(0xf8455fed, 0x803f26ea), TOBN(0x6badceab, 0xeb372424), - TOBN(0xa2a9ce7c, 0x6b53f5f9), TOBN(0x64246595, 0x1b176d99), - TOBN(0xb1298d36, 0xb95c081b), TOBN(0x53505bb8, 0x1d9a9ee6), - TOBN(0x3f6f9e61, 0xf2ba70b0), TOBN(0xd07e16c9, 0x8afad453), - TOBN(0x9f1694bb, 0xe7eb4a6a), TOBN(0xdfebced9, 0x3cb0bc8e), - TOBN(0x92d3dcdc, 0x53868c8b), TOBN(0x174311a2, 0x386107a6), - TOBN(0x4109e07c, 0x689b4e64), TOBN(0x30e4587f, 0x2df3dcb6), - TOBN(0x841aea31, 0x0811b3b2), TOBN(0x6144d41d, 0x0cce43ea), - TOBN(0x464c4581, 0x2a9a7803), TOBN(0xd03d371f, 0x3e158930), - TOBN(0xc676d7f2, 0xb1f3390b), TOBN(0x9f7a1b8c, 0xa5b61272), - TOBN(0x4ebebfc9, 0xc2e127a9), TOBN(0x4602500c, 0x5dd997bf), - TOBN(0x7f09771c, 0x4711230f), TOBN(0x058eb37c, 0x020f09c1), - TOBN(0xab693d4b, 0xfee5e38b), TOBN(0x9289eb1f, 0x4653cbc0), - TOBN(0xbecf46ab, 0xd51b9cf5), TOBN(0xd2aa9c02, 0x9f0121af), - TOBN(0x36aaf7d2, 0xe90dc274), TOBN(0x909e4ea0, 0x48b95a3c), - TOBN(0xe6b70496, 0x6f32dbdb), TOBN(0x672188a0, 0x8b030b3e), - TOBN(0xeeffe5b3, 0xcfb617e2), TOBN(0x87e947de, 0x7c82709e), - TOBN(0xa44d2b39, 0x1770f5a7), TOBN(0xe4d4d791, 0x0e44eb82), - TOBN(0x42e69d1e, 0x3f69712a), TOBN(0xbf11c4d6, 0xac6a820e), - TOBN(0xb5e7f3e5, 0x42c4224c), TOBN(0xd6b4e81c, 0x449d941c), - TOBN(0x5d72bd16, 0x5450e878), TOBN(0x6a61e28a, 0xee25ac54), - TOBN(0x33272094, 0xe6f1cd95), TOBN(0x7512f30d, 0x0d18673f), - TOBN(0x32f7a4ca, 0x5afc1464), TOBN(0x2f095656, 0x6bbb977b), - TOBN(0x586f47ca, 0xa8226200), TOBN(0x02c868ad, 0x1ac07369), - TOBN(0x4ef2b845, 0xc613acbe), TOBN(0x43d7563e, 0x0386054c), - TOBN(0x54da9dc7, 0xab952578), TOBN(0xb5423df2, 0x26e84d0b), - TOBN(0xa8b64eeb, 0x9b872042), TOBN(0xac205782, 0x5990f6df), - TOBN(0x4ff696eb, 0x21f4c77a), TOBN(0x1a79c3e4, 0xaab273af), - TOBN(0x29bc922e, 0x9436b3f1), TOBN(0xff807ef8, 0xd6d9a27a), - TOBN(0x82acea3d, 0x778f22a0), TOBN(0xfb10b2e8, 0x5b5e7469), - TOBN(0xc0b16980, 0x2818ee7d), TOBN(0x011afff4, 0xc91c1a2f), - TOBN(0x95a6d126, 0xad124418), TOBN(0x31c081a5, 0xe72e295f), - TOBN(0x36bb283a, 0xf2f4db75), TOBN(0xd115540f, 0x7acef462), - TOBN(0xc7f3a8f8, 0x33f6746c), TOBN(0x21e46f65, 0xfea990ca), - TOBN(0x915fd5c5, 0xcaddb0a9), TOBN(0xbd41f016, 0x78614555), - TOBN(0x346f4434, 0x426ffb58), TOBN(0x80559436, 0x14dbc204), - TOBN(0xf3dd20fe, 0x5a969b7f), TOBN(0x9d59e956, 0xe899a39a), - TOBN(0xf1b0971c, 0x8ad4cf4b), TOBN(0x03448860, 0x2ffb8fb8), - TOBN(0xf071ac3c, 0x65340ba4), TOBN(0x408d0596, 0xb27fd758), - TOBN(0xe7c78ea4, 0x98c364b0), TOBN(0xa4aac4a5, 0x051e8ab5), - TOBN(0xb9e1d560, 0x485d9002), TOBN(0x9acd518a, 0x88844455), - TOBN(0xe4ca688f, 0xd06f56c0), TOBN(0xa48af70d, 0xdf027972), - TOBN(0x691f0f04, 0x5e9a609d), TOBN(0xa9dd82cd, 0xee61270e), - TOBN(0x8903ca63, 0xa0ef18d3), TOBN(0x9fb7ee35, 0x3d6ca3bd), - TOBN(0xa7b4a09c, 0xabf47d03), TOBN(0x4cdada01, 0x1c67de8e), - TOBN(0x52003749, 0x9355a244), TOBN(0xe77fd2b6, 0x4f2151a9), - TOBN(0x695d6cf6, 0x66b4efcb), TOBN(0xc5a0cacf, 0xda2cfe25), - TOBN(0x104efe5c, 0xef811865), TOBN(0xf52813e8, 0x9ea5cc3d), - TOBN(0x855683dc, 0x40b58dbc), TOBN(0x0338ecde, 0x175fcb11), - TOBN(0xf9a05637, 0x74921592), TOBN(0xb4f1261d, 0xb9bb9d31), - TOBN(0x551429b7, 0x4e9c5459), TOBN(0xbe182e6f, 0x6ea71f53), - TOBN(0xd3a3b07c, 0xdfc50573), TOBN(0x9ba1afda, 0x62be8d44), - TOBN(0x9bcfd2cb, 0x52ab65d3), TOBN(0xdf11d547, 0xa9571802), - TOBN(0x099403ee, 0x02a2404a), TOBN(0x497406f4, 0x21088a71), - TOBN(0x99479409, 0x5004ae71), TOBN(0xbdb42078, 0xa812c362), - TOBN(0x2b72a30f, 0xd8828442), TOBN(0x283add27, 0xfcb5ed1c), - TOBN(0xf7c0e200, 0x66a40015), TOBN(0x3e3be641, 0x08b295ef), - TOBN(0xac127dc1, 0xe038a675), TOBN(0x729deff3, 0x8c5c6320), - TOBN(0xb7df8fd4, 0xa90d2c53), TOBN(0x9b74b0ec, 0x681e7cd3), - TOBN(0x5cb5a623, 0xdab407e5), TOBN(0xcdbd3615, 0x76b340c6), - TOBN(0xa184415a, 0x7d28392c), TOBN(0xc184c1d8, 0xe96f7830), - TOBN(0xc3204f19, 0x81d3a80f), TOBN(0xfde0c841, 0xc8e02432), - TOBN(0x78203b3e, 0x8149e0c1), TOBN(0x5904bdbb, 0x08053a73), - TOBN(0x30fc1dd1, 0x101b6805), TOBN(0x43c223bc, 0x49aa6d49), - TOBN(0x9ed67141, 0x7a174087), TOBN(0x311469a0, 0xd5997008), - TOBN(0xb189b684, 0x5e43fc61), TOBN(0xf3282375, 0xe0d3ab57), - TOBN(0x4fa34b67, 0xb1181da8), TOBN(0x621ed0b2, 0x99ee52b8), - TOBN(0x9b178de1, 0xad990676), TOBN(0xd51de67b, 0x56d54065), - TOBN(0x2a2c27c4, 0x7538c201), TOBN(0x33856ec8, 0x38a40f5c), - TOBN(0x2522fc15, 0xbe6cdcde), TOBN(0x1e603f33, 0x9f0c6f89), - TOBN(0x7994edc3, 0x103e30a6), TOBN(0x033a00db, 0x220c853e), - TOBN(0xd3cfa409, 0xf7bb7fd7), TOBN(0x70f8781e, 0x462d18f6), - TOBN(0xbbd82980, 0x687fe295), TOBN(0x6eef4c32, 0x595669f3), - TOBN(0x86a9303b, 0x2f7e85c3), TOBN(0x5fce4621, 0x71988f9b), - TOBN(0x5b935bf6, 0xc138acb5), TOBN(0x30ea7d67, 0x25661212), - TOBN(0xef1eb5f4, 0xe51ab9a2), TOBN(0x0587c98a, 0xae067c78), - TOBN(0xb3ce1b3c, 0x77ca9ca6), TOBN(0x2a553d4d, 0x54b5f057), - TOBN(0xc7898236, 0x4da29ec2), TOBN(0xdbdd5d13, 0xb9c57316), - TOBN(0xc57d6e6b, 0x2cd80d47), TOBN(0x80b460cf, 0xfe9e7391), - TOBN(0x98648cab, 0xf963c31e), TOBN(0x67f9f633, 0xcc4d32fd), - TOBN(0x0af42a9d, 0xfdf7c687), TOBN(0x55f292a3, 0x0b015ea7), - TOBN(0x89e468b2, 0xcd21ab3d), TOBN(0xe504f022, 0xc393d392), - TOBN(0xab21e1d4, 0xa5013af9), TOBN(0xe3283f78, 0xc2c28acb), - TOBN(0xf38b35f6, 0x226bf99f), TOBN(0xe8354274, 0x0e291e69), - TOBN(0x61673a15, 0xb20c162d), TOBN(0xc101dc75, 0xb04fbdbe), - TOBN(0x8323b4c2, 0x255bd617), TOBN(0x6c969693, 0x6c2a9154), - TOBN(0xc6e65860, 0x62679387), TOBN(0x8e01db0c, 0xb8c88e23), - TOBN(0x33c42873, 0x893a5559), TOBN(0x7630f04b, 0x47a3e149), - TOBN(0xb5d80805, 0xddcf35f8), TOBN(0x582ca080, 0x77dfe732), - TOBN(0x2c7156e1, 0x0b1894a0), TOBN(0x92034001, 0xd81c68c0), - TOBN(0xed225d00, 0xc8b115b5), TOBN(0x237f9c22, 0x83b907f2), - TOBN(0x0ea2f32f, 0x4470e2c0), TOBN(0xb725f7c1, 0x58be4e95), - TOBN(0x0f1dcafa, 0xb1ae5463), TOBN(0x59ed5187, 0x1ba2fc04), - TOBN(0xf6e0f316, 0xd0115d4d), TOBN(0x5180b12f, 0xd3691599), - TOBN(0x157e32c9, 0x527f0a41), TOBN(0x7b0b081d, 0xa8e0ecc0), - TOBN(0x6dbaaa8a, 0xbf4f0dd0), TOBN(0x99b289c7, 0x4d252696), - TOBN(0x79b7755e, 0xdbf864fe), TOBN(0x6974e2b1, 0x76cad3ab), - TOBN(0x35dbbee2, 0x06ddd657), TOBN(0xe7cbdd11, 0x2ff3a96d), - TOBN(0x88381968, 0x076be758), TOBN(0x2d737e72, 0x08c91f5d), - TOBN(0x5f83ab62, 0x86ec3776), TOBN(0x98aa649d, 0x945fa7a1), - TOBN(0xf477ec37, 0x72ef0933), TOBN(0x66f52b1e, 0x098c17b1), - TOBN(0x9eec58fb, 0xd803738b), TOBN(0x91aaade7, 0xe4e86aa4), - TOBN(0x6b1ae617, 0xa5b51492), TOBN(0x63272121, 0xbbc45974), - TOBN(0x7e0e28f0, 0x862c5129), TOBN(0x0a8f79a9, 0x3321a4a0), - TOBN(0xe26d1664, 0x5041c88f), TOBN(0x0571b805, 0x53233e3a), - TOBN(0xd1b0ccde, 0xc9520711), TOBN(0x55a9e4ed, 0x3c8b84bf), - TOBN(0x9426bd39, 0xa1fef314), TOBN(0x4f5f638e, 0x6eb93f2b), - TOBN(0xba2a1ed3, 0x2bf9341b), TOBN(0xd63c1321, 0x4d42d5a9), - TOBN(0xd2964a89, 0x316dc7c5), TOBN(0xd1759606, 0xca511851), - TOBN(0xd8a9201f, 0xf9e6ed35), TOBN(0xb7b5ee45, 0x6736925a), - TOBN(0x0a83fbbc, 0x99581af7), TOBN(0x3076bc40, 0x64eeb051), - TOBN(0x5511c98c, 0x02dec312), TOBN(0x270de898, 0x238dcb78), - TOBN(0x2cf4cf9c, 0x539c08c9), TOBN(0xa70cb65e, 0x38d3b06e), - TOBN(0xb12ec10e, 0xcfe57bbd), TOBN(0x82c7b656, 0x35a0c2b5), - TOBN(0xddc7d5cd, 0x161c67bd), TOBN(0xe32e8985, 0xae3a32cc), - TOBN(0x7aba9444, 0xd11a5529), TOBN(0xe964ed02, 0x2427fa1a), - TOBN(0x1528392d, 0x24a1770a), TOBN(0xa152ce2c, 0x12c72fcd), - TOBN(0x714553a4, 0x8ec07649), TOBN(0x18b4c290, 0x459dd453), - TOBN(0xea32b714, 0x7b64b110), TOBN(0xb871bfa5, 0x2e6f07a2), - TOBN(0xb67112e5, 0x9e2e3c9b), TOBN(0xfbf250e5, 0x44aa90f6), - TOBN(0xf77aedb8, 0xbd539006), TOBN(0x3b0cdf9a, 0xd172a66f), - TOBN(0xedf69fea, 0xf8c51187), TOBN(0x05bb67ec, 0x741e4da7), - TOBN(0x47df0f32, 0x08114345), TOBN(0x56facb07, 0xbb9792b1), - TOBN(0xf3e007e9, 0x8f6229e4), TOBN(0x62d103f4, 0x526fba0f), - TOBN(0x4f33bef7, 0xb0339d79), TOBN(0x9841357b, 0xb59bfec1), - TOBN(0xfa8dbb59, 0xc34e6705), TOBN(0xc3c7180b, 0x7fdaa84c), - TOBN(0xf95872fc, 0xa4108537), TOBN(0x8750cc3b, 0x932a3e5a), - TOBN(0xb61cc69d, 0xb7275d7d), TOBN(0xffa0168b, 0x2e59b2e9), - TOBN(0xca032abc, 0x6ecbb493), TOBN(0x1d86dbd3, 0x2c9082d8), - TOBN(0xae1e0b67, 0xe28ef5ba), TOBN(0x2c9a4699, 0xcb18e169), - TOBN(0x0ecd0e33, 0x1e6bbd20), TOBN(0x571b360e, 0xaf5e81d2), - TOBN(0xcd9fea58, 0x101c1d45), TOBN(0x6651788e, 0x18880452), - TOBN(0xa9972635, 0x1f8dd446), TOBN(0x44bed022, 0xe37281d0), - TOBN(0x094b2b2d, 0x33da525d), TOBN(0xf193678e, 0x13144fd8), - TOBN(0xb8ab5ba4, 0xf4c1061d), TOBN(0x4343b5fa, 0xdccbe0f4), - TOBN(0xa8702371, 0x63812713), TOBN(0x47bf6d2d, 0xf7611d93), - TOBN(0x46729b8c, 0xbd21e1d7), TOBN(0x7484d4e0, 0xd629e77d), - TOBN(0x830e6eea, 0x60dbac1f), TOBN(0x23d8c484, 0xda06a2f7), - TOBN(0x896714b0, 0x50ca535b), TOBN(0xdc8d3644, 0xebd97a9b), - TOBN(0x106ef9fa, 0xb12177b4), TOBN(0xf79bf464, 0x534d5d9c), - TOBN(0x2537a349, 0xa6ab360b), TOBN(0xc7c54253, 0xa00c744f), - TOBN(0xb3c7a047, 0xe5911a76), TOBN(0x61ffa5c8, 0x647f1ee7), - TOBN(0x15aed36f, 0x8f56ab42), TOBN(0x6a0d41b0, 0xa3ff9ac9), - TOBN(0x68f469f5, 0xcc30d357), TOBN(0xbe9adf81, 0x6b72be96), - TOBN(0x1cd926fe, 0x903ad461), TOBN(0x7e89e38f, 0xcaca441b), - TOBN(0xf0f82de5, 0xfacf69d4), TOBN(0x363b7e76, 0x4775344c), - TOBN(0x6894f312, 0xb2e36d04), TOBN(0x3c6cb4fe, 0x11d1c9a5), - TOBN(0x85d9c339, 0x4008e1f2), TOBN(0x5e9a85ea, 0x249f326c), - TOBN(0xdc35c60a, 0x678c5e06), TOBN(0xc08b944f, 0x9f86fba9), - TOBN(0xde40c02c, 0x89f71f0f), TOBN(0xad8f3e31, 0xff3da3c0), - TOBN(0x3ea5096b, 0x42125ded), TOBN(0x13879cbf, 0xa7379183), - TOBN(0x6f4714a5, 0x6b306a0b), TOBN(0x359c2ea6, 0x67646c5e), - TOBN(0xfacf8943, 0x07726368), TOBN(0x07a58935, 0x65ff431e), - TOBN(0x24d661d1, 0x68754ab0), TOBN(0x801fce1d, 0x6f429a76), - TOBN(0xc068a85f, 0xa58ce769), TOBN(0xedc35c54, 0x5d5eca2b), - TOBN(0xea31276f, 0xa3f660d1), TOBN(0xa0184ebe, 0xb8fc7167), - TOBN(0x0f20f21a, 0x1d8db0ae), TOBN(0xd96d095f, 0x56c35e12), - TOBN(0xedf402b5, 0xf8c2a25b), TOBN(0x1bb772b9, 0x059204b6), - TOBN(0x50cbeae2, 0x19b4e34c), TOBN(0x93109d80, 0x3fa0845a), - TOBN(0x54f7ccf7, 0x8ef59fb5), TOBN(0x3b438fe2, 0x88070963), - TOBN(0x9e28c659, 0x31f3ba9b), TOBN(0x9cc31b46, 0xead9da92), - TOBN(0x3c2f0ba9, 0xb733aa5f), TOBN(0xdece47cb, 0xf05af235), - TOBN(0xf8e3f715, 0xa2ac82a5), TOBN(0xc97ba641, 0x2203f18a), - TOBN(0xc3af5504, 0x09c11060), TOBN(0x56ea2c05, 0x46af512d), - TOBN(0xfac28daf, 0xf3f28146), TOBN(0x87fab43a, 0x959ef494)}, - {TOBN(0x09891641, 0xd4c5105f), TOBN(0x1ae80f8e, 0x6d7fbd65), - TOBN(0x9d67225f, 0xbee6bdb0), TOBN(0x3b433b59, 0x7fc4d860), - TOBN(0x44e66db6, 0x93e85638), TOBN(0xf7b59252, 0xe3e9862f), - TOBN(0xdb785157, 0x665c32ec), TOBN(0x702fefd7, 0xae362f50), - TOBN(0x3754475d, 0x0fefb0c3), TOBN(0xd48fb56b, 0x46d7c35d), - TOBN(0xa070b633, 0x363798a4), TOBN(0xae89f3d2, 0x8fdb98e6), - TOBN(0x970b89c8, 0x6363d14c), TOBN(0x89817521, 0x67abd27d), - TOBN(0x9bf7d474, 0x44d5a021), TOBN(0xb3083baf, 0xcac72aee), - TOBN(0x389741de, 0xbe949a44), TOBN(0x638e9388, 0x546a4fa5), - TOBN(0x3fe6419c, 0xa0047bdc), TOBN(0x7047f648, 0xaaea57ca), - TOBN(0x54e48a90, 0x41fbab17), TOBN(0xda8e0b28, 0x576bdba2), - TOBN(0xe807eebc, 0xc72afddc), TOBN(0x07d3336d, 0xf42577bf), - TOBN(0x62a8c244, 0xbfe20925), TOBN(0x91c19ac3, 0x8fdce867), - TOBN(0x5a96a5d5, 0xdd387063), TOBN(0x61d587d4, 0x21d324f6), - TOBN(0xe87673a2, 0xa37173ea), TOBN(0x23848008, 0x53778b65), - TOBN(0x10f8441e, 0x05bab43e), TOBN(0xfa11fe12, 0x4621efbe), - TOBN(0x047b772e, 0x81685d7b), TOBN(0x23f27d81, 0xbf34a976), - TOBN(0xc27608e2, 0x915f48ef), TOBN(0x3b0b43fa, 0xa521d5c3), - TOBN(0x7613fb26, 0x63ca7284), TOBN(0x7f5729b4, 0x1d4db837), - TOBN(0x87b14898, 0x583b526b), TOBN(0x00b732a6, 0xbbadd3d1), - TOBN(0x8e02f426, 0x2048e396), TOBN(0x436b50b6, 0x383d9de4), - TOBN(0xf78d3481, 0x471e85ad), TOBN(0x8b01ea6a, 0xd005c8d6), - TOBN(0xd3c7afee, 0x97015c07), TOBN(0x46cdf1a9, 0x4e3ba2ae), - TOBN(0x7a42e501, 0x83d3a1d2), TOBN(0xd54b5268, 0xb541dff4), - TOBN(0x3f24cf30, 0x4e23e9bc), TOBN(0x4387f816, 0x126e3624), - TOBN(0x26a46a03, 0x3b0b6d61), TOBN(0xaf1bc845, 0x8b2d777c), - TOBN(0x25c401ba, 0x527de79c), TOBN(0x0e1346d4, 0x4261bbb6), - TOBN(0x4b96c44b, 0x287b4bc7), TOBN(0x658493c7, 0x5254562f), - TOBN(0x23f949fe, 0xb8a24a20), TOBN(0x17ebfed1, 0xf52ca53f), - TOBN(0x9b691bbe, 0xbcfb4853), TOBN(0x5617ff6b, 0x6278a05d), - TOBN(0x241b34c5, 0xe3c99ebd), TOBN(0xfc64242e, 0x1784156a), - TOBN(0x4206482f, 0x695d67df), TOBN(0xb967ce0e, 0xee27c011), - TOBN(0x65db3751, 0x21c80b5d), TOBN(0x2e7a563c, 0xa31ecca0), - TOBN(0xe56ffc4e, 0x5238a07e), TOBN(0x3d6c2966, 0x32ced854), - TOBN(0xe99d7d1a, 0xaf70b885), TOBN(0xafc3bad9, 0x2d686459), - TOBN(0x9c78bf46, 0x0cc8ba5b), TOBN(0x5a439519, 0x18955aa3), - TOBN(0xf8b517a8, 0x5fe4e314), TOBN(0xe60234d0, 0xfcb8906f), - TOBN(0xffe542ac, 0xf2061b23), TOBN(0x287e191f, 0x6b4cb59c), - TOBN(0x21857ddc, 0x09d877d8), TOBN(0x1c23478c, 0x14678941), - TOBN(0xbbf0c056, 0xb6e05ea4), TOBN(0x82da4b53, 0xb01594fe), - TOBN(0xf7526791, 0xfadb8608), TOBN(0x049e832d, 0x7b74cdf6), - TOBN(0xa43581cc, 0xc2b90a34), TOBN(0x73639eb8, 0x9360b10c), - TOBN(0x4fba331f, 0xe1e4a71b), TOBN(0x6ffd6b93, 0x8072f919), - TOBN(0x6e53271c, 0x65679032), TOBN(0x67206444, 0xf14272ce), - TOBN(0xc0f734a3, 0xb2335834), TOBN(0x9526205a, 0x90ef6860), - TOBN(0xcb8be717, 0x04e2bb0d), TOBN(0x2418871e, 0x02f383fa), - TOBN(0xd7177681, 0x4082c157), TOBN(0xcc914ad0, 0x29c20073), - TOBN(0xf186c1eb, 0xe587e728), TOBN(0x6fdb3c22, 0x61bcd5fd), - TOBN(0x30d014a6, 0xf2f9f8e9), TOBN(0x963ece23, 0x4fec49d2), - TOBN(0x862025c5, 0x9605a8d9), TOBN(0x39874445, 0x19f8929a), - TOBN(0x01b6ff65, 0x12bf476a), TOBN(0x598a64d8, 0x09cf7d91), - TOBN(0xd7ec7749, 0x93be56ca), TOBN(0x10899785, 0xcbb33615), - TOBN(0xb8a092fd, 0x02eee3ad), TOBN(0xa86b3d35, 0x30145270), - TOBN(0x323d98c6, 0x8512b675), TOBN(0x4b8bc785, 0x62ebb40f), - TOBN(0x7d301f54, 0x413f9cde), TOBN(0xa5e4fb4f, 0x2bab5664), - TOBN(0x1d2b252d, 0x1cbfec23), TOBN(0xfcd576bb, 0xe177120d), - TOBN(0x04427d3e, 0x83731a34), TOBN(0x2bb9028e, 0xed836e8e), - TOBN(0xb36acff8, 0xb612ca7c), TOBN(0xb88fe5ef, 0xd3d9c73a), - TOBN(0xbe2a6bc6, 0xedea4eb3), TOBN(0x43b93133, 0x488eec77), - TOBN(0xf41ff566, 0xb17106e1), TOBN(0x469e9172, 0x654efa32), - TOBN(0xb4480f04, 0x41c23fa3), TOBN(0xb4712eb0, 0xc1989a2e), - TOBN(0x3ccbba0f, 0x93a29ca7), TOBN(0x6e205c14, 0xd619428c), - TOBN(0x90db7957, 0xb3641686), TOBN(0x0432691d, 0x45ac8b4e), - TOBN(0x07a759ac, 0xf64e0350), TOBN(0x0514d89c, 0x9c972517), - TOBN(0x1701147f, 0xa8e67fc3), TOBN(0x9e2e0b8b, 0xab2085be), - TOBN(0xd5651824, 0xac284e57), TOBN(0x890d4325, 0x74893664), - TOBN(0x8a7c5e6e, 0xc55e68a3), TOBN(0xbf12e90b, 0x4339c85a), - TOBN(0x31846b85, 0xf922b655), TOBN(0x9a54ce4d, 0x0bf4d700), - TOBN(0xd7f4e83a, 0xf1a14295), TOBN(0x916f955c, 0xb285d4f9), - TOBN(0xe57bb0e0, 0x99ffdaba), TOBN(0x28a43034, 0xeab0d152), - TOBN(0x0a36ffa2, 0xb8a9cef8), TOBN(0x5517407e, 0xb9ec051a), - TOBN(0x9c796096, 0xea68e672), TOBN(0x853db5fb, 0xfb3c77fb), - TOBN(0x21474ba9, 0xe864a51a), TOBN(0x6c267699, 0x6e8a1b8b), - TOBN(0x7c823626, 0x94120a28), TOBN(0xe61e9a48, 0x8383a5db), - TOBN(0x7dd75003, 0x9f84216d), TOBN(0xab020d07, 0xad43cd85), - TOBN(0x9437ae48, 0xda12c659), TOBN(0x6449c2eb, 0xe65452ad), - TOBN(0xcc7c4c1c, 0x2cf9d7c1), TOBN(0x1320886a, 0xee95e5ab), - TOBN(0xbb7b9056, 0xbeae170c), TOBN(0xc8a5b250, 0xdbc0d662), - TOBN(0x4ed81432, 0xc11d2303), TOBN(0x7da66912, 0x1f03769f), - TOBN(0x3ac7a5fd, 0x84539828), TOBN(0x14dada94, 0x3bccdd02), - TOBN(0x8b84c321, 0x7ef6b0d1), TOBN(0x52a9477a, 0x7c933f22), - TOBN(0x5ef6728a, 0xfd440b82), TOBN(0x5c3bd859, 0x6ce4bd5e), - TOBN(0x918b80f5, 0xf22c2d3e), TOBN(0x368d5040, 0xb7bb6cc5), - TOBN(0xb66142a1, 0x2695a11c), TOBN(0x60ac583a, 0xeb19ea70), - TOBN(0x317cbb98, 0x0eab2437), TOBN(0x8cc08c55, 0x5e2654c8), - TOBN(0xfe2d6520, 0xe6d8307f), TOBN(0xe9f147f3, 0x57428993), - TOBN(0x5f9c7d14, 0xd2fd6cf1), TOBN(0xa3ecd064, 0x2d4fcbb0), - TOBN(0xad83fef0, 0x8e7341f7), TOBN(0x643f23a0, 0x3a63115c), - TOBN(0xd38a78ab, 0xe65ab743), TOBN(0xbf7c75b1, 0x35edc89c), - TOBN(0x3dd8752e, 0x530df568), TOBN(0xf85c4a76, 0xe308c682), - TOBN(0x4c9955b2, 0xe68acf37), TOBN(0xa544df3d, 0xab32af85), - TOBN(0x4b8ec3f5, 0xa25cf493), TOBN(0x4d8f2764, 0x1a622feb), - TOBN(0x7bb4f7aa, 0xf0dcbc49), TOBN(0x7de551f9, 0x70bbb45b), - TOBN(0xcfd0f3e4, 0x9f2ca2e5), TOBN(0xece58709, 0x1f5c76ef), - TOBN(0x32920edd, 0x167d79ae), TOBN(0x039df8a2, 0xfa7d7ec1), - TOBN(0xf46206c0, 0xbb30af91), TOBN(0x1ff5e2f5, 0x22676b59), - TOBN(0x11f4a039, 0x6ea51d66), TOBN(0x506c1445, 0x807d7a26), - TOBN(0x60da5705, 0x755a9b24), TOBN(0x8fc8cc32, 0x1f1a319e), - TOBN(0x83642d4d, 0x9433d67d), TOBN(0x7fa5cb8f, 0x6a7dd296), - TOBN(0x576591db, 0x9b7bde07), TOBN(0x13173d25, 0x419716fb), - TOBN(0xea30599d, 0xd5b340ff), TOBN(0xfc6b5297, 0xb0fe76c5), - TOBN(0x1c6968c8, 0xab8f5adc), TOBN(0xf723c7f5, 0x901c928d), - TOBN(0x4203c321, 0x9773d402), TOBN(0xdf7c6aa3, 0x1b51dd47), - TOBN(0x3d49e37a, 0x552be23c), TOBN(0x57febee8, 0x0b5a6e87), - TOBN(0xc5ecbee4, 0x7bd8e739), TOBN(0x79d44994, 0xae63bf75), - TOBN(0x168bd00f, 0x38fb8923), TOBN(0x75d48ee4, 0xd0533130), - TOBN(0x554f77aa, 0xdb5cdf33), TOBN(0x3396e896, 0x3c696769), - TOBN(0x2fdddbf2, 0xd3fd674e), TOBN(0xbbb8f6ee, 0x99d0e3e5), - TOBN(0x51b90651, 0xcbae2f70), TOBN(0xefc4bc05, 0x93aaa8eb), - TOBN(0x8ecd8689, 0xdd1df499), TOBN(0x1aee99a8, 0x22f367a5), - TOBN(0x95d485b9, 0xae8274c5), TOBN(0x6c14d445, 0x7d30b39c), - TOBN(0xbafea90b, 0xbcc1ef81), TOBN(0x7c5f317a, 0xa459a2ed), - TOBN(0x01211075, 0x4ef44227), TOBN(0xa17bed6e, 0xdc20f496), - TOBN(0x0cdfe424, 0x819853cd), TOBN(0x13793298, 0xf71e2ce7), - TOBN(0x3c1f3078, 0xdbbe307b), TOBN(0x6dd1c20e, 0x76ee9936), - TOBN(0x23ee4b57, 0x423caa20), TOBN(0x4ac3793b, 0x8efb840e), - TOBN(0x934438eb, 0xed1f8ca0), TOBN(0x3e546658, 0x4ebb25a2), - TOBN(0xc415af0e, 0xc069896f), TOBN(0xc13eddb0, 0x9a5aa43d), - TOBN(0x7a04204f, 0xd49eb8f6), TOBN(0xd0d5bdfc, 0xd74f1670), - TOBN(0x3697e286, 0x56fc0558), TOBN(0x10207371, 0x01cebade), - TOBN(0x5f87e690, 0x0647a82b), TOBN(0x908e0ed4, 0x8f40054f), - TOBN(0xa9f633d4, 0x79853803), TOBN(0x8ed13c9a, 0x4a28b252), - TOBN(0x3e2ef676, 0x1f460f64), TOBN(0x53930b9b, 0x36d06336), - TOBN(0x347073ac, 0x8fc4979b), TOBN(0x84380e0e, 0x5ecd5597), - TOBN(0xe3b22c6b, 0xc4fe3c39), TOBN(0xba4a8153, 0x6c7bebdf), - TOBN(0xf23ab6b7, 0x25693459), TOBN(0x53bc3770, 0x14922b11), - TOBN(0x4645c8ab, 0x5afc60db), TOBN(0xaa022355, 0x20b9f2a3), - TOBN(0x52a2954c, 0xce0fc507), TOBN(0x8c2731bb, 0x7ce1c2e7), - TOBN(0xf39608ab, 0x18a0339d), TOBN(0xac7a658d, 0x3735436c), - TOBN(0xb22c2b07, 0xcd992b4f), TOBN(0x4e83daec, 0xf40dcfd4), - TOBN(0x8a34c7be, 0x2f39ea3e), TOBN(0xef0c005f, 0xb0a56d2e), - TOBN(0x62731f6a, 0x6edd8038), TOBN(0x5721d740, 0x4e3cb075), - TOBN(0x1ea41511, 0xfbeeee1b), TOBN(0xd1ef5e73, 0xef1d0c05), - TOBN(0x42feefd1, 0x73c07d35), TOBN(0xe530a00a, 0x8a329493), - TOBN(0x5d55b7fe, 0xf15ebfb0), TOBN(0x549de03c, 0xd322491a), - TOBN(0xf7b5f602, 0x745b3237), TOBN(0x3632a3a2, 0x1ab6e2b6), - TOBN(0x0d3bba89, 0x0ef59f78), TOBN(0x0dfc6443, 0xc9e52b9a), - TOBN(0x1dc79699, 0x72631447), TOBN(0xef033917, 0xb3be20b1), - TOBN(0x0c92735d, 0xb1383948), TOBN(0xc1fc29a2, 0xc0dd7d7d), - TOBN(0x6485b697, 0x403ed068), TOBN(0x13bfaab3, 0xaac93bdc), - TOBN(0x410dc6a9, 0x0deeaf52), TOBN(0xb003fb02, 0x4c641c15), - TOBN(0x1384978c, 0x5bc504c4), TOBN(0x37640487, 0x864a6a77), - TOBN(0x05991bc6, 0x222a77da), TOBN(0x62260a57, 0x5e47eb11), - TOBN(0xc7af6613, 0xf21b432c), TOBN(0x22f3acc9, 0xab4953e9), - TOBN(0x52934922, 0x8e41d155), TOBN(0x4d024568, 0x3ac059ef), - TOBN(0xb0201755, 0x4d884411), TOBN(0xce8055cf, 0xa59a178f), - TOBN(0xcd77d1af, 0xf6204549), TOBN(0xa0a00a3e, 0xc7066759), - TOBN(0x471071ef, 0x0272c229), TOBN(0x009bcf6b, 0xd3c4b6b0), - TOBN(0x2a2638a8, 0x22305177), TOBN(0xd51d59df, 0x41645bbf), - TOBN(0xa81142fd, 0xc0a7a3c0), TOBN(0xa17eca6d, 0x4c7063ee), - TOBN(0x0bb887ed, 0x60d9dcec), TOBN(0xd6d28e51, 0x20ad2455), - TOBN(0xebed6308, 0xa67102ba), TOBN(0x042c3114, 0x8bffa408), - TOBN(0xfd099ac5, 0x8aa68e30), TOBN(0x7a6a3d7c, 0x1483513e), - TOBN(0xffcc6b75, 0xba2d8f0c), TOBN(0x54dacf96, 0x1e78b954), - TOBN(0xf645696f, 0xa4a9af89), TOBN(0x3a411940, 0x06ac98ec), - TOBN(0x41b8b3f6, 0x22a67a20), TOBN(0x2d0b1e0f, 0x99dec626), - TOBN(0x27c89192, 0x40be34e8), TOBN(0xc7162b37, 0x91907f35), - TOBN(0x90188ec1, 0xa956702b), TOBN(0xca132f7d, 0xdf93769c), - TOBN(0x3ece44f9, 0x0e2025b4), TOBN(0x67aaec69, 0x0c62f14c), - TOBN(0xad741418, 0x22e3cc11), TOBN(0xcf9b75c3, 0x7ff9a50e), - TOBN(0x02fa2b16, 0x4d348272), TOBN(0xbd99d61a, 0x9959d56d), - TOBN(0xbc4f19db, 0x18762916), TOBN(0xcc7cce50, 0x49c1ac80), - TOBN(0x4d59ebaa, 0xd846bd83), TOBN(0x8775a9dc, 0xa9202849), - TOBN(0x07ec4ae1, 0x6e1f4ca9), TOBN(0x27eb5875, 0xba893f11), - TOBN(0x00284d51, 0x662cc565), TOBN(0x82353a6b, 0x0db4138d), - TOBN(0xd9c7aaaa, 0xaa32a594), TOBN(0xf5528b5e, 0xa5669c47), - TOBN(0xf3220231, 0x2f23c5ff), TOBN(0xe3e8147a, 0x6affa3a1), - TOBN(0xfb423d5c, 0x202ddda0), TOBN(0x3d6414ac, 0x6b871bd4), - TOBN(0x586f82e1, 0xa51a168a), TOBN(0xb712c671, 0x48ae5448), - TOBN(0x9a2e4bd1, 0x76233eb8), TOBN(0x0188223a, 0x78811ca9), - TOBN(0x553c5e21, 0xf7c18de1), TOBN(0x7682e451, 0xb27bb286), - TOBN(0x3ed036b3, 0x0e51e929), TOBN(0xf487211b, 0xec9cb34f), - TOBN(0x0d094277, 0x0c24efc8), TOBN(0x0349fd04, 0xbef737a4), - TOBN(0x6d1c9dd2, 0x514cdd28), TOBN(0x29c135ff, 0x30da9521), - TOBN(0xea6e4508, 0xf78b0b6f), TOBN(0x176f5dd2, 0x678c143c), - TOBN(0x08148418, 0x4be21e65), TOBN(0x27f7525c, 0xe7df38c4), - TOBN(0x1fb70e09, 0x748ab1a4), TOBN(0x9cba50a0, 0x5efe4433), - TOBN(0x7846c7a6, 0x15f75af2), TOBN(0x2a7c2c57, 0x5ee73ea8), - TOBN(0x42e566a4, 0x3f0a449a), TOBN(0x45474c3b, 0xad90fc3d), - TOBN(0x7447be3d, 0x8b61d057), TOBN(0x3e9d1cf1, 0x3a4ec092), - TOBN(0x1603e453, 0xf380a6e6), TOBN(0x0b86e431, 0x9b1437c2), - TOBN(0x7a4173f2, 0xef29610a), TOBN(0x8fa729a7, 0xf03d57f7), - TOBN(0x3e186f6e, 0x6c9c217e), TOBN(0xbe1d3079, 0x91919524), - TOBN(0x92a62a70, 0x153d4fb1), TOBN(0x32ed3e34, 0xd68c2f71), - TOBN(0xd785027f, 0x9eb1a8b7), TOBN(0xbc37eb77, 0xc5b22fe8), - TOBN(0x466b34f0, 0xb9d6a191), TOBN(0x008a89af, 0x9a05f816), - TOBN(0x19b028fb, 0x7d42c10a), TOBN(0x7fe8c92f, 0x49b3f6b8), - TOBN(0x58907cc0, 0xa5a0ade3), TOBN(0xb3154f51, 0x559d1a7c), - TOBN(0x5066efb6, 0xd9790ed6), TOBN(0xa77a0cbc, 0xa6aa793b), - TOBN(0x1a915f3c, 0x223e042e), TOBN(0x1c5def04, 0x69c5874b), - TOBN(0x0e830078, 0x73b6c1da), TOBN(0x55cf85d2, 0xfcd8557a), - TOBN(0x0f7c7c76, 0x0460f3b1), TOBN(0x87052acb, 0x46e58063), - TOBN(0x09212b80, 0x907eae66), TOBN(0x3cb068e0, 0x4d721c89), - TOBN(0xa87941ae, 0xdd45ac1c), TOBN(0xde8d5c0d, 0x0daa0dbb), - TOBN(0xda421fdc, 0xe3502e6e), TOBN(0xc8944201, 0x4d89a084), - TOBN(0x7307ba5e, 0xf0c24bfb), TOBN(0xda212beb, 0x20bde0ef), - TOBN(0xea2da24b, 0xf82ce682), TOBN(0x058d3816, 0x07f71fe4), - TOBN(0x35a02462, 0x5ffad8de), TOBN(0xcd7b05dc, 0xaadcefab), - TOBN(0xd442f8ed, 0x1d9f54ec), TOBN(0x8be3d618, 0xb2d3b5ca), - TOBN(0xe2220ed0, 0xe06b2ce2), TOBN(0x82699a5f, 0x1b0da4c0), - TOBN(0x3ff106f5, 0x71c0c3a7), TOBN(0x8f580f5a, 0x0d34180c), - TOBN(0x4ebb120e, 0x22d7d375), TOBN(0x5e5782cc, 0xe9513675), - TOBN(0x2275580c, 0x99c82a70), TOBN(0xe8359fbf, 0x15ea8c4c), - TOBN(0x53b48db8, 0x7b415e70), TOBN(0xaacf2240, 0x100c6014), - TOBN(0x9faaccf5, 0xe4652f1d), TOBN(0xbd6fdd2a, 0xd56157b2), - TOBN(0xa4f4fb1f, 0x6261ec50), TOBN(0x244e55ad, 0x476bcd52), - TOBN(0x881c9305, 0x047d320b), TOBN(0x1ca983d5, 0x6181263f), - TOBN(0x354e9a44, 0x278fb8ee), TOBN(0xad2dbc0f, 0x396e4964), - TOBN(0x723f3aa2, 0x9268b3de), TOBN(0x0d1ca29a, 0xe6e0609a), - TOBN(0x794866aa, 0x6cf44252), TOBN(0x0b59f3e3, 0x01af87ed), - TOBN(0xe234e5ff, 0x7f4a6c51), TOBN(0xa8768fd2, 0x61dc2f7e), - TOBN(0xdafc7332, 0x0a94d81f), TOBN(0xd7f84282, 0x06938ce1), - TOBN(0xae0b3c0e, 0x0546063e), TOBN(0x7fbadcb2, 0x5d61abc6), - TOBN(0xd5d7a2c9, 0x369ac400), TOBN(0xa5978d09, 0xae67d10c), - TOBN(0x290f211e, 0x4f85eaac), TOBN(0xe61e2ad1, 0xfacac681), - TOBN(0xae125225, 0x388384cd), TOBN(0xa7fb68e9, 0xccfde30f), - TOBN(0x7a59b936, 0x3daed4c2), TOBN(0x80a9aa40, 0x2606f789), - TOBN(0xb40c1ea5, 0xf6a6d90a), TOBN(0x948364d3, 0x514d5885), - TOBN(0x062ebc60, 0x70985182), TOBN(0xa6db5b0e, 0x33310895), - TOBN(0x64a12175, 0xe329c2f5), TOBN(0xc5f25bd2, 0x90ea237e), - TOBN(0x7915c524, 0x2d0a4c23), TOBN(0xeb5d26e4, 0x6bb3cc52), - TOBN(0x369a9116, 0xc09e2c92), TOBN(0x0c527f92, 0xcf182cf8), - TOBN(0x9e591938, 0x2aede0ac), TOBN(0xb2922208, 0x6cc34939), - TOBN(0x3c9d8962, 0x99a34361), TOBN(0x3c81836d, 0xc1905fe6), - TOBN(0x4bfeb57f, 0xa001ec5a), TOBN(0xe993f5bb, 0xa0dc5dba), - TOBN(0x47884109, 0x724a1380), TOBN(0x8a0369ab, 0x32fe9a04), - TOBN(0xea068d60, 0x8c927db8), TOBN(0xbf5f37cf, 0x94655741), - TOBN(0x47d402a2, 0x04b6c7ea), TOBN(0x4551c295, 0x6af259cb), - TOBN(0x698b71e7, 0xed77ee8b), TOBN(0xbddf7bd0, 0xf309d5c7), - TOBN(0x6201c22c, 0x34e780ca), TOBN(0xab04f7d8, 0x4c295ef4), - TOBN(0x1c947294, 0x4313a8ce), TOBN(0xe532e4ac, 0x92ca4cfe), - TOBN(0x89738f80, 0xd0a7a97a), TOBN(0xec088c88, 0xa580fd5b), - TOBN(0x612b1ecc, 0x42ce9e51), TOBN(0x8f9840fd, 0xb25fdd2a), - TOBN(0x3cda78c0, 0x01e7f839), TOBN(0x546b3d3a, 0xece05480), - TOBN(0x271719a9, 0x80d30916), TOBN(0x45497107, 0x584c20c4), - TOBN(0xaf8f9478, 0x5bc78608), TOBN(0x28c7d484, 0x277e2a4c), - TOBN(0xfce01767, 0x88a2ffe4), TOBN(0xdc506a35, 0x28e169a5), - TOBN(0x0ea10861, 0x7af9c93a), TOBN(0x1ed24361, 0x03fa0e08), - TOBN(0x96eaaa92, 0xa3d694e7), TOBN(0xc0f43b4d, 0xef50bc74), - TOBN(0xce6aa58c, 0x64114db4), TOBN(0x8218e8ea, 0x7c000fd4), - TOBN(0xac815dfb, 0x185f8844), TOBN(0xcd7e90cb, 0x1557abfb), - TOBN(0x23d16655, 0xafbfecdf), TOBN(0x80f3271f, 0x085cac4a), - TOBN(0x7fc39aa7, 0xd0e62f47), TOBN(0x88d519d1, 0x460a48e5), - TOBN(0x59559ac4, 0xd28f101e), TOBN(0x7981d9e9, 0xca9ae816), - TOBN(0x5c38652c, 0x9ac38203), TOBN(0x86eaf87f, 0x57657fe5), - TOBN(0x568fc472, 0xe21f5416), TOBN(0x2afff39c, 0xe7e597b5), - TOBN(0x3adbbb07, 0x256d4eab), TOBN(0x22598692, 0x8285ab89), - TOBN(0x35f8112a, 0x041caefe), TOBN(0x95df02e3, 0xa5064c8b), - TOBN(0x4d63356e, 0xc7004bf3), TOBN(0x230a08f4, 0xdb83c7de), - TOBN(0xca27b270, 0x8709a7b7), TOBN(0x0d1c4cc4, 0xcb9abd2d), - TOBN(0x8a0bc66e, 0x7550fee8), TOBN(0x369cd4c7, 0x9cf7247e), - TOBN(0x75562e84, 0x92b5b7e7), TOBN(0x8fed0da0, 0x5802af7b), - TOBN(0x6a7091c2, 0xe48fb889), TOBN(0x26882c13, 0x7b8a9d06), - TOBN(0xa2498663, 0x1b82a0e2), TOBN(0x844ed736, 0x3518152d), - TOBN(0x282f476f, 0xd86e27c7), TOBN(0xa04edaca, 0x04afefdc), - TOBN(0x8b256ebc, 0x6119e34d), TOBN(0x56a413e9, 0x0787d78b)}, - {TOBN(0x82ee061d, 0x5a74be50), TOBN(0xe41781c4, 0xdea16ff5), - TOBN(0xe0b0c81e, 0x99bfc8a2), TOBN(0x624f4d69, 0x0b547e2d), - TOBN(0x3a83545d, 0xbdcc9ae4), TOBN(0x2573dbb6, 0x409b1e8e), - TOBN(0x482960c4, 0xa6c93539), TOBN(0xf01059ad, 0x5ae18798), - TOBN(0x715c9f97, 0x3112795f), TOBN(0xe8244437, 0x984e6ee1), - TOBN(0x55cb4858, 0xecb66bcd), TOBN(0x7c136735, 0xabaffbee), - TOBN(0x54661595, 0x5dbec38e), TOBN(0x51c0782c, 0x388ad153), - TOBN(0x9ba4c53a, 0xc6e0952f), TOBN(0x27e6782a, 0x1b21dfa8), - TOBN(0x682f903d, 0x4ed2dbc2), TOBN(0x0eba59c8, 0x7c3b2d83), - TOBN(0x8e9dc84d, 0x9c7e9335), TOBN(0x5f9b21b0, 0x0eb226d7), - TOBN(0xe33bd394, 0xaf267bae), TOBN(0xaa86cc25, 0xbe2e15ae), - TOBN(0x4f0bf67d, 0x6a8ec500), TOBN(0x5846aa44, 0xf9630658), - TOBN(0xfeb09740, 0xe2c2bf15), TOBN(0x627a2205, 0xa9e99704), - TOBN(0xec8d73d0, 0xc2fbc565), TOBN(0x223eed8f, 0xc20c8de8), - TOBN(0x1ee32583, 0xa8363b49), TOBN(0x1a0b6cb9, 0xc9c2b0a6), - TOBN(0x49f7c3d2, 0x90dbc85c), TOBN(0xa8dfbb97, 0x1ef4c1ac), - TOBN(0xafb34d4c, 0x65c7c2ab), TOBN(0x1d4610e7, 0xe2c5ea84), - TOBN(0x893f6d1b, 0x973c4ab5), TOBN(0xa3cdd7e9, 0x945ba5c4), - TOBN(0x60514983, 0x064417ee), TOBN(0x1459b23c, 0xad6bdf2b), - TOBN(0x23b2c341, 0x5cf726c3), TOBN(0x3a829635, 0x32d6354a), - TOBN(0x294f901f, 0xab192c18), TOBN(0xec5fcbfe, 0x7030164f), - TOBN(0xe2e2fcb7, 0xe2246ba6), TOBN(0x1e7c88b3, 0x221a1a0c), - TOBN(0x72c7dd93, 0xc92d88c5), TOBN(0x41c2148e, 0x1106fb59), - TOBN(0x547dd4f5, 0xa0f60f14), TOBN(0xed9b52b2, 0x63960f31), - TOBN(0x6c8349eb, 0xb0a5b358), TOBN(0xb154c5c2, 0x9e7e2ed6), - TOBN(0xcad5eccf, 0xeda462db), TOBN(0xf2d6dbe4, 0x2de66b69), - TOBN(0x426aedf3, 0x8665e5b2), TOBN(0x488a8513, 0x7b7f5723), - TOBN(0x15cc43b3, 0x8bcbb386), TOBN(0x27ad0af3, 0xd791d879), - TOBN(0xc16c236e, 0x846e364f), TOBN(0x7f33527c, 0xdea50ca0), - TOBN(0xc4810775, 0x0926b86d), TOBN(0x6c2a3609, 0x0598e70c), - TOBN(0xa6755e52, 0xf024e924), TOBN(0xe0fa07a4, 0x9db4afca), - TOBN(0x15c3ce7d, 0x66831790), TOBN(0x5b4ef350, 0xa6cbb0d6), - TOBN(0x2c4aafc4, 0xb6205969), TOBN(0x42563f02, 0xf6c7854f), - TOBN(0x016aced5, 0x1d983b48), TOBN(0xfeb356d8, 0x99949755), - TOBN(0x8c2a2c81, 0xd1a39bd7), TOBN(0x8f44340f, 0xe6934ae9), - TOBN(0x148cf91c, 0x447904da), TOBN(0x7340185f, 0x0f51a926), - TOBN(0x2f8f00fb, 0x7409ab46), TOBN(0x057e78e6, 0x80e289b2), - TOBN(0x03e5022c, 0xa888e5d1), TOBN(0x3c87111a, 0x9dede4e2), - TOBN(0x5b9b0e1c, 0x7809460b), TOBN(0xe751c852, 0x71c9abc7), - TOBN(0x8b944e28, 0xc7cc1dc9), TOBN(0x4f201ffa, 0x1d3cfa08), - TOBN(0x02fc905c, 0x3e6721ce), TOBN(0xd52d70da, 0xd0b3674c), - TOBN(0x5dc2e5ca, 0x18810da4), TOBN(0xa984b273, 0x5c69dd99), - TOBN(0x63b92527, 0x84de5ca4), TOBN(0x2f1c9872, 0xc852dec4), - TOBN(0x18b03593, 0xc2e3de09), TOBN(0x19d70b01, 0x9813dc2f), - TOBN(0x42806b2d, 0xa6dc1d29), TOBN(0xd3030009, 0xf871e144), - TOBN(0xa1feb333, 0xaaf49276), TOBN(0xb5583b9e, 0xc70bc04b), - TOBN(0x1db0be78, 0x95695f20), TOBN(0xfc841811, 0x89d012b5), - TOBN(0x6409f272, 0x05f61643), TOBN(0x40d34174, 0xd5883128), - TOBN(0xd79196f5, 0x67419833), TOBN(0x6059e252, 0x863b7b08), - TOBN(0x84da1817, 0x1c56700c), TOBN(0x5758ee56, 0xb28d3ec4), - TOBN(0x7da2771d, 0x013b0ea6), TOBN(0xfddf524b, 0x54c5e9b9), - TOBN(0x7df4faf8, 0x24305d80), TOBN(0x58f5c1bf, 0x3a97763f), - TOBN(0xa5af37f1, 0x7c696042), TOBN(0xd4cba22c, 0x4a2538de), - TOBN(0x211cb995, 0x9ea42600), TOBN(0xcd105f41, 0x7b069889), - TOBN(0xb1e1cf19, 0xddb81e74), TOBN(0x472f2d89, 0x5157b8ca), - TOBN(0x086fb008, 0xee9db885), TOBN(0x365cd570, 0x0f26d131), - TOBN(0x284b02bb, 0xa2be7053), TOBN(0xdcbbf7c6, 0x7ab9a6d6), - TOBN(0x4425559c, 0x20f7a530), TOBN(0x961f2dfa, 0x188767c8), - TOBN(0xe2fd9435, 0x70dc80c4), TOBN(0x104d6b63, 0xf0784120), - TOBN(0x7f592bc1, 0x53567122), TOBN(0xf6bc1246, 0xf688ad77), - TOBN(0x05214c05, 0x0f15dde9), TOBN(0xa47a76a8, 0x0d5f2b82), - TOBN(0xbb254d30, 0x62e82b62), TOBN(0x11a05fe0, 0x3ec955ee), - TOBN(0x7eaff46e, 0x9d529b36), TOBN(0x55ab1301, 0x8f9e3df6), - TOBN(0xc463e371, 0x99317698), TOBN(0xfd251438, 0xccda47ad), - TOBN(0xca9c3547, 0x23d695ea), TOBN(0x48ce626e, 0x16e589b5), - TOBN(0x6b5b64c7, 0xb187d086), TOBN(0xd02e1794, 0xb2207948), - TOBN(0x8b58e98f, 0x7198111d), TOBN(0x90ca6305, 0xdcf9c3cc), - TOBN(0x5691fe72, 0xf34089b0), TOBN(0x60941af1, 0xfc7c80ff), - TOBN(0xa09bc0a2, 0x22eb51e5), TOBN(0xc0bb7244, 0xaa9cf09a), - TOBN(0x36a8077f, 0x80159f06), TOBN(0x8b5c989e, 0xdddc560e), - TOBN(0x19d2f316, 0x512e1f43), TOBN(0x02eac554, 0xad08ff62), - TOBN(0x012ab84c, 0x07d20b4e), TOBN(0x37d1e115, 0xd6d4e4e1), - TOBN(0xb6443e1a, 0xab7b19a8), TOBN(0xf08d067e, 0xdef8cd45), - TOBN(0x63adf3e9, 0x685e03da), TOBN(0xcf15a10e, 0x4792b916), - TOBN(0xf44bcce5, 0xb738a425), TOBN(0xebe131d5, 0x9636b2fd), - TOBN(0x94068841, 0x7850d605), TOBN(0x09684eaa, 0xb40d749d), - TOBN(0x8c3c669c, 0x72ba075b), TOBN(0x89f78b55, 0xba469015), - TOBN(0x5706aade, 0x3e9f8ba8), TOBN(0x6d8bd565, 0xb32d7ed7), - TOBN(0x25f4e63b, 0x805f08d6), TOBN(0x7f48200d, 0xc3bcc1b5), - TOBN(0x4e801968, 0xb025d847), TOBN(0x74afac04, 0x87cbe0a8), - TOBN(0x43ed2c2b, 0x7e63d690), TOBN(0xefb6bbf0, 0x0223cdb8), - TOBN(0x4fec3cae, 0x2884d3fe), TOBN(0x065ecce6, 0xd75e25a4), - TOBN(0x6c2294ce, 0x69f79071), TOBN(0x0d9a8e5f, 0x044b8666), - TOBN(0x5009f238, 0x17b69d8f), TOBN(0x3c29f8fe, 0xc5dfdaf7), - TOBN(0x9067528f, 0xebae68c4), TOBN(0x5b385632, 0x30c5ba21), - TOBN(0x540df119, 0x1fdd1aec), TOBN(0xcf37825b, 0xcfba4c78), - TOBN(0x77eff980, 0xbeb11454), TOBN(0x40a1a991, 0x60c1b066), - TOBN(0xe8018980, 0xf889a1c7), TOBN(0xb9c52ae9, 0x76c24be0), - TOBN(0x05fbbcce, 0x45650ef4), TOBN(0xae000f10, 0x8aa29ac7), - TOBN(0x884b7172, 0x4f04c470), TOBN(0x7cd4fde2, 0x19bb5c25), - TOBN(0x6477b22a, 0xe8840869), TOBN(0xa8868859, 0x5fbd0686), - TOBN(0xf23cc02e, 0x1116dfba), TOBN(0x76cd563f, 0xd87d7776), - TOBN(0xe2a37598, 0xa9d82abf), TOBN(0x5f188ccb, 0xe6c170f5), - TOBN(0x81682200, 0x5066b087), TOBN(0xda22c212, 0xc7155ada), - TOBN(0x151e5d3a, 0xfbddb479), TOBN(0x4b606b84, 0x6d715b99), - TOBN(0x4a73b54b, 0xf997cb2e), TOBN(0x9a1bfe43, 0x3ecd8b66), - TOBN(0x1c312809, 0x2a67d48a), TOBN(0xcd6a671e, 0x031fa9e2), - TOBN(0xbec3312a, 0x0e43a34a), TOBN(0x1d935639, 0x55ef47d3), - TOBN(0x5ea02489, 0x8fea73ea), TOBN(0x8247b364, 0xa035afb2), - TOBN(0xb58300a6, 0x5265b54c), TOBN(0x3286662f, 0x722c7148), - TOBN(0xb77fd76b, 0xb4ec4c20), TOBN(0xf0a12fa7, 0x0f3fe3fd), - TOBN(0xf845bbf5, 0x41d8c7e8), TOBN(0xe4d969ca, 0x5ec10aa8), - TOBN(0x4c0053b7, 0x43e232a3), TOBN(0xdc7a3fac, 0x37f8a45a), - TOBN(0x3c4261c5, 0x20d81c8f), TOBN(0xfd4b3453, 0xb00eab00), - TOBN(0x76d48f86, 0xd36e3062), TOBN(0x626c5277, 0xa143ff02), - TOBN(0x538174de, 0xaf76f42e), TOBN(0x2267aa86, 0x6407ceac), - TOBN(0xfad76351, 0x72e572d5), TOBN(0xab861af7, 0xba7330eb), - TOBN(0xa0a1c8c7, 0x418d8657), TOBN(0x988821cb, 0x20289a52), - TOBN(0x79732522, 0xcccc18ad), TOBN(0xaadf3f8d, 0xf1a6e027), - TOBN(0xf7382c93, 0x17c2354d), TOBN(0x5ce1680c, 0xd818b689), - TOBN(0x359ebbfc, 0xd9ecbee9), TOBN(0x4330689c, 0x1cae62ac), - TOBN(0xb55ce5b4, 0xc51ac38a), TOBN(0x7921dfea, 0xfe238ee8), - TOBN(0x3972bef8, 0x271d1ca5), TOBN(0x3e423bc7, 0xe8aabd18), - TOBN(0x57b09f3f, 0x44a3e5e3), TOBN(0x5da886ae, 0x7b444d66), - TOBN(0x68206634, 0xa9964375), TOBN(0x356a2fa3, 0x699cd0ff), - TOBN(0xaf0faa24, 0xdba515e9), TOBN(0x536e1f5c, 0xb321d79a), - TOBN(0xd3b9913a, 0x5c04e4ea), TOBN(0xd549dcfe, 0xd6f11513), - TOBN(0xee227bf5, 0x79fd1d94), TOBN(0x9f35afee, 0xb43f2c67), - TOBN(0xd2638d24, 0xf1314f53), TOBN(0x62baf948, 0xcabcd822), - TOBN(0x5542de29, 0x4ef48db0), TOBN(0xb3eb6a04, 0xfc5f6bb2), - TOBN(0x23c110ae, 0x1208e16a), TOBN(0x1a4d15b5, 0xf8363e24), - TOBN(0x30716844, 0x164be00b), TOBN(0xa8e24824, 0xf6f4690d), - TOBN(0x548773a2, 0x90b170cf), TOBN(0xa1bef331, 0x42f191f4), - TOBN(0x70f418d0, 0x9247aa97), TOBN(0xea06028e, 0x48be9147), - TOBN(0xe13122f3, 0xdbfb894e), TOBN(0xbe9b79f6, 0xce274b18), - TOBN(0x85a49de5, 0xca58aadf), TOBN(0x24957758, 0x11487351), - TOBN(0x111def61, 0xbb939099), TOBN(0x1d6a974a, 0x26d13694), - TOBN(0x4474b4ce, 0xd3fc253b), TOBN(0x3a1485e6, 0x4c5db15e), - TOBN(0xe79667b4, 0x147c15b4), TOBN(0xe34f553b, 0x7bc61301), - TOBN(0x032b80f8, 0x17094381), TOBN(0x55d8bafd, 0x723eaa21), - TOBN(0x5a987995, 0xf1c0e74e), TOBN(0x5a9b292e, 0xebba289c), - TOBN(0x413cd4b2, 0xeb4c8251), TOBN(0x98b5d243, 0xd162db0a), - TOBN(0xbb47bf66, 0x68342520), TOBN(0x08d68949, 0xbaa862d1), - TOBN(0x11f349c7, 0xe906abcd), TOBN(0x454ce985, 0xed7bf00e), - TOBN(0xacab5c9e, 0xb55b803b), TOBN(0xb03468ea, 0x31e3c16d), - TOBN(0x5c24213d, 0xd273bf12), TOBN(0x211538eb, 0x71587887), - TOBN(0x198e4a2f, 0x731dea2d), TOBN(0xd5856cf2, 0x74ed7b2a), - TOBN(0x86a632eb, 0x13a664fe), TOBN(0x932cd909, 0xbda41291), - TOBN(0x850e95d4, 0xc0c4ddc0), TOBN(0xc0f422f8, 0x347fc2c9), - TOBN(0xe68cbec4, 0x86076bcb), TOBN(0xf9e7c0c0, 0xcd6cd286), - TOBN(0x65994ddb, 0x0f5f27ca), TOBN(0xe85461fb, 0xa80d59ff), - TOBN(0xff05481a, 0x66601023), TOBN(0xc665427a, 0xfc9ebbfb), - TOBN(0xb0571a69, 0x7587fd52), TOBN(0x935289f8, 0x8d49efce), - TOBN(0x61becc60, 0xea420688), TOBN(0xb22639d9, 0x13a786af), - TOBN(0x1a8e6220, 0x361ecf90), TOBN(0x001f23e0, 0x25506463), - TOBN(0xe4ae9b5d, 0x0a5c2b79), TOBN(0xebc9cdad, 0xd8149db5), - TOBN(0xb33164a1, 0x934aa728), TOBN(0x750eb00e, 0xae9b60f3), - TOBN(0x5a91615b, 0x9b9cfbfd), TOBN(0x97015cbf, 0xef45f7f6), - TOBN(0xb462c4a5, 0xbf5151df), TOBN(0x21adcc41, 0xb07118f2), - TOBN(0xd60c545b, 0x043fa42c), TOBN(0xfc21aa54, 0xe96be1ab), - TOBN(0xe84bc32f, 0x4e51ea80), TOBN(0x3dae45f0, 0x259b5d8d), - TOBN(0xbb73c7eb, 0xc38f1b5e), TOBN(0xe405a74a, 0xe8ae617d), - TOBN(0xbb1ae9c6, 0x9f1c56bd), TOBN(0x8c176b98, 0x49f196a4), - TOBN(0xc448f311, 0x6875092b), TOBN(0xb5afe3de, 0x9f976033), - TOBN(0xa8dafd49, 0x145813e5), TOBN(0x687fc4d9, 0xe2b34226), - TOBN(0xf2dfc92d, 0x4c7ff57f), TOBN(0x004e3fc1, 0x401f1b46), - TOBN(0x5afddab6, 0x1430c9ab), TOBN(0x0bdd41d3, 0x2238e997), - TOBN(0xf0947430, 0x418042ae), TOBN(0x71f9adda, 0xcdddc4cb), - TOBN(0x7090c016, 0xc52dd907), TOBN(0xd9bdf44d, 0x29e2047f), - TOBN(0xe6f1fe80, 0x1b1011a6), TOBN(0xb63accbc, 0xd9acdc78), - TOBN(0xcfc7e235, 0x1272a95b), TOBN(0x0c667717, 0xa6276ac8), - TOBN(0x3c0d3709, 0xe2d7eef7), TOBN(0x5add2b06, 0x9a685b3e), - TOBN(0x363ad32d, 0x14ea5d65), TOBN(0xf8e01f06, 0x8d7dd506), - TOBN(0xc9ea2213, 0x75b4aac6), TOBN(0xed2a2bf9, 0x0d353466), - TOBN(0x439d79b5, 0xe9d3a7c3), TOBN(0x8e0ee5a6, 0x81b7f34b), - TOBN(0xcf3dacf5, 0x1dc4ba75), TOBN(0x1d3d1773, 0xeb3310c7), - TOBN(0xa8e67112, 0x7747ae83), TOBN(0x31f43160, 0x197d6b40), - TOBN(0x0521ccee, 0xcd961400), TOBN(0x67246f11, 0xf6535768), - TOBN(0x702fcc5a, 0xef0c3133), TOBN(0x247cc45d, 0x7e16693b), - TOBN(0xfd484e49, 0xc729b749), TOBN(0x522cef7d, 0xb218320f), - TOBN(0xe56ef405, 0x59ab93b3), TOBN(0x225fba11, 0x9f181071), - TOBN(0x33bd6595, 0x15330ed0), TOBN(0xc4be69d5, 0x1ddb32f7), - TOBN(0x264c7668, 0x0448087c), TOBN(0xac30903f, 0x71432dae), - TOBN(0x3851b266, 0x00f9bf47), TOBN(0x400ed311, 0x6cdd6d03), - TOBN(0x045e79fe, 0xf8fd2424), TOBN(0xfdfd974a, 0xfa6da98b), - TOBN(0x45c9f641, 0x0c1e673a), TOBN(0x76f2e733, 0x5b2c5168), - TOBN(0x1adaebb5, 0x2a601753), TOBN(0xb286514c, 0xc57c2d49), - TOBN(0xd8769670, 0x1e0bfd24), TOBN(0x950c547e, 0x04478922), - TOBN(0xd1d41969, 0xe5d32bfe), TOBN(0x30bc1472, 0x750d6c3e), - TOBN(0x8f3679fe, 0xe0e27f3a), TOBN(0x8f64a7dc, 0xa4a6ee0c), - TOBN(0x2fe59937, 0x633dfb1f), TOBN(0xea82c395, 0x977f2547), - TOBN(0xcbdfdf1a, 0x661ea646), TOBN(0xc7ccc591, 0xb9085451), - TOBN(0x82177962, 0x81761e13), TOBN(0xda57596f, 0x9196885c), - TOBN(0xbc17e849, 0x28ffbd70), TOBN(0x1e6e0a41, 0x2671d36f), - TOBN(0x61ae872c, 0x4152fcf5), TOBN(0x441c87b0, 0x9e77e754), - TOBN(0xd0799dd5, 0xa34dff09), TOBN(0x766b4e44, 0x88a6b171), - TOBN(0xdc06a512, 0x11f1c792), TOBN(0xea02ae93, 0x4be35c3e), - TOBN(0xe5ca4d6d, 0xe90c469e), TOBN(0x4df4368e, 0x56e4ff5c), - TOBN(0x7817acab, 0x4baef62e), TOBN(0x9f5a2202, 0xa85b91e8), - TOBN(0x9666ebe6, 0x6ce57610), TOBN(0x32ad31f3, 0xf73bfe03), - TOBN(0x628330a4, 0x25bcf4d6), TOBN(0xea950593, 0x515056e6), - TOBN(0x59811c89, 0xe1332156), TOBN(0xc89cf1fe, 0x8c11b2d7), - TOBN(0x75b63913, 0x04e60cc0), TOBN(0xce811e8d, 0x4625d375), - TOBN(0x030e43fc, 0x2d26e562), TOBN(0xfbb30b4b, 0x608d36a0), - TOBN(0x634ff82c, 0x48528118), TOBN(0x7c6fe085, 0xcd285911), - TOBN(0x7f2830c0, 0x99358f28), TOBN(0x2e60a95e, 0x665e6c09), - TOBN(0x08407d3d, 0x9b785dbf), TOBN(0x530889ab, 0xa759bce7), - TOBN(0xf228e0e6, 0x52f61239), TOBN(0x2b6d1461, 0x6879be3c), - TOBN(0xe6902c04, 0x51a7bbf7), TOBN(0x30ad99f0, 0x76f24a64), - TOBN(0x66d9317a, 0x98bc6da0), TOBN(0xf4f877f3, 0xcb596ac0), - TOBN(0xb05ff62d, 0x4c44f119), TOBN(0x4555f536, 0xe9b77416), - TOBN(0xc7c0d059, 0x8caed63b), TOBN(0x0cd2b7ce, 0xc358b2a9), - TOBN(0x3f33287b, 0x46945fa3), TOBN(0xf8785b20, 0xd67c8791), - TOBN(0xc54a7a61, 0x9637bd08), TOBN(0x54d4598c, 0x18be79d7), - TOBN(0x889e5acb, 0xc46d7ce1), TOBN(0x9a515bb7, 0x8b085877), - TOBN(0xfac1a03d, 0x0b7a5050), TOBN(0x7d3e738a, 0xf2926035), - TOBN(0x861cc2ce, 0x2a6cb0eb), TOBN(0x6f2e2955, 0x8f7adc79), - TOBN(0x61c4d451, 0x33016376), TOBN(0xd9fd2c80, 0x5ad59090), - TOBN(0xe5a83738, 0xb2b836a1), TOBN(0x855b41a0, 0x7c0d6622), - TOBN(0x186fe317, 0x7cc19af1), TOBN(0x6465c1ff, 0xfdd99acb), - TOBN(0x46e5c23f, 0x6974b99e), TOBN(0x75a7cf8b, 0xa2717cbe), - TOBN(0x4d2ebc3f, 0x062be658), TOBN(0x094b4447, 0x5f209c98), - TOBN(0x4af285ed, 0xb940cb5a), TOBN(0x6706d792, 0x7cc82f10), - TOBN(0xc8c8776c, 0x030526fa), TOBN(0xfa8e6f76, 0xa0da9140), - TOBN(0x77ea9d34, 0x591ee4f0), TOBN(0x5f46e337, 0x40274166), - TOBN(0x1bdf98bb, 0xea671457), TOBN(0xd7c08b46, 0x862a1fe2), - TOBN(0x46cc303c, 0x1c08ad63), TOBN(0x99543440, 0x4c845e7b), - TOBN(0x1b8fbdb5, 0x48f36bf7), TOBN(0x5b82c392, 0x8c8273a7), - TOBN(0x08f712c4, 0x928435d5), TOBN(0x071cf0f1, 0x79330380), - TOBN(0xc74c2d24, 0xa8da054a), TOBN(0xcb0e7201, 0x43c46b5c), - TOBN(0x0ad7337a, 0xc0b7eff3), TOBN(0x8552225e, 0xc5e48b3c), - TOBN(0xe6f78b0c, 0x73f13a5f), TOBN(0x5e70062e, 0x82349cbe), - TOBN(0x6b8d5048, 0xe7073969), TOBN(0x392d2a29, 0xc33cb3d2), - TOBN(0xee4f727c, 0x4ecaa20f), TOBN(0xa068c99e, 0x2ccde707), - TOBN(0xfcd5651f, 0xb87a2913), TOBN(0xea3e3c15, 0x3cc252f0), - TOBN(0x777d92df, 0x3b6cd3e4), TOBN(0x7a414143, 0xc5a732e7), - TOBN(0xa895951a, 0xa71ff493), TOBN(0xfe980c92, 0xbbd37cf6), - TOBN(0x45bd5e64, 0xdecfeeff), TOBN(0x910dc2a9, 0xa44c43e9), - TOBN(0xcb403f26, 0xcca9f54d), TOBN(0x928bbdfb, 0x9303f6db), - TOBN(0x3c37951e, 0xa9eee67c), TOBN(0x3bd61a52, 0xf79961c3), - TOBN(0x09a238e6, 0x395c9a79), TOBN(0x6940ca2d, 0x61eb352d), - TOBN(0x7d1e5c5e, 0xc1875631), TOBN(0x1e19742c, 0x1e1b20d1), - TOBN(0x4633d908, 0x23fc2e6e), TOBN(0xa76e29a9, 0x08959149), - TOBN(0x61069d9c, 0x84ed7da5), TOBN(0x0baa11cf, 0x5dbcad51), - TOBN(0xd01eec64, 0x961849da), TOBN(0x93b75f1f, 0xaf3d8c28), - TOBN(0x57bc4f9f, 0x1ca2ee44), TOBN(0x5a26322d, 0x00e00558), - TOBN(0x1888d658, 0x61a023ef), TOBN(0x1d72aab4, 0xb9e5246e), - TOBN(0xa9a26348, 0xe5563ec0), TOBN(0xa0971963, 0xc3439a43), - TOBN(0x567dd54b, 0xadb9b5b7), TOBN(0x73fac1a1, 0xc45a524b), - TOBN(0x8fe97ef7, 0xfe38e608), TOBN(0x608748d2, 0x3f384f48), - TOBN(0xb0571794, 0xc486094f), TOBN(0x869254a3, 0x8bf3a8d6), - TOBN(0x148a8dd1, 0x310b0e25), TOBN(0x99ab9f3f, 0x9aa3f7d8), - TOBN(0x0927c68a, 0x6706c02e), TOBN(0x22b5e76c, 0x69790e6c), - TOBN(0x6c325260, 0x6c71376c), TOBN(0x53a57690, 0x09ef6657), - TOBN(0x8d63f852, 0xedffcf3a), TOBN(0xb4d2ed04, 0x3c0a6f55), - TOBN(0xdb3aa8de, 0x12519b9e), TOBN(0x5d38e9c4, 0x1e0a569a), - TOBN(0x871528bf, 0x303747e2), TOBN(0xa208e77c, 0xf5b5c18d), - TOBN(0x9d129c88, 0xca6bf923), TOBN(0xbcbf197f, 0xbf02839f), - TOBN(0x9b9bf030, 0x27323194), TOBN(0x3b055a8b, 0x339ca59d), - TOBN(0xb46b2312, 0x0f669520), TOBN(0x19789f1f, 0x497e5f24), - TOBN(0x9c499468, 0xaaf01801), TOBN(0x72ee1190, 0x8b69d59c), - TOBN(0x8bd39595, 0xacf4c079), TOBN(0x3ee11ece, 0x8e0cd048), - TOBN(0xebde86ec, 0x1ed66f18), TOBN(0x225d906b, 0xd61fce43), - TOBN(0x5cab07d6, 0xe8bed74d), TOBN(0x16e4617f, 0x27855ab7), - TOBN(0x6568aadd, 0xb2fbc3dd), TOBN(0xedb5484f, 0x8aeddf5b), - TOBN(0x878f20e8, 0x6dcf2fad), TOBN(0x3516497c, 0x615f5699)}, - {TOBN(0xef0a3fec, 0xfa181e69), TOBN(0x9ea02f81, 0x30d69a98), - TOBN(0xb2e9cf8e, 0x66eab95d), TOBN(0x520f2beb, 0x24720021), - TOBN(0x621c540a, 0x1df84361), TOBN(0x12037721, 0x71fa6d5d), - TOBN(0x6e3c7b51, 0x0ff5f6ff), TOBN(0x817a069b, 0xabb2bef3), - TOBN(0x83572fb6, 0xb294cda6), TOBN(0x6ce9bf75, 0xb9039f34), - TOBN(0x20e012f0, 0x095cbb21), TOBN(0xa0aecc1b, 0xd063f0da), - TOBN(0x57c21c3a, 0xf02909e5), TOBN(0xc7d59ecf, 0x48ce9cdc), - TOBN(0x2732b844, 0x8ae336f8), TOBN(0x056e3723, 0x3f4f85f4), - TOBN(0x8a10b531, 0x89e800ca), TOBN(0x50fe0c17, 0x145208fd), - TOBN(0x9e43c0d3, 0xb714ba37), TOBN(0x427d200e, 0x34189acc), - TOBN(0x05dee24f, 0xe616e2c0), TOBN(0x9c25f4c8, 0xee1854c1), - TOBN(0x4d3222a5, 0x8f342a73), TOBN(0x0807804f, 0xa027c952), - TOBN(0xc222653a, 0x4f0d56f3), TOBN(0x961e4047, 0xca28b805), - TOBN(0x2c03f8b0, 0x4a73434b), TOBN(0x4c966787, 0xab712a19), - TOBN(0xcc196c42, 0x864fee42), TOBN(0xc1be93da, 0x5b0ece5c), - TOBN(0xa87d9f22, 0xc131c159), TOBN(0x2bb6d593, 0xdce45655), - TOBN(0x22c49ec9, 0xb809b7ce), TOBN(0x8a41486b, 0xe2c72c2c), - TOBN(0x813b9420, 0xfea0bf36), TOBN(0xb3d36ee9, 0xa66dac69), - TOBN(0x6fddc08a, 0x328cc987), TOBN(0x0a3bcd2c, 0x3a326461), - TOBN(0x7103c49d, 0xd810dbba), TOBN(0xf9d81a28, 0x4b78a4c4), - TOBN(0x3de865ad, 0xe4d55941), TOBN(0xdedafa5e, 0x30384087), - TOBN(0x6f414abb, 0x4ef18b9b), TOBN(0x9ee9ea42, 0xfaee5268), - TOBN(0x260faa16, 0x37a55a4a), TOBN(0xeb19a514, 0x015f93b9), - TOBN(0x51d7ebd2, 0x9e9c3598), TOBN(0x523fc56d, 0x1932178e), - TOBN(0x501d070c, 0xb98fe684), TOBN(0xd60fbe9a, 0x124a1458), - TOBN(0xa45761c8, 0x92bc6b3f), TOBN(0xf5384858, 0xfe6f27cb), - TOBN(0x4b0271f7, 0xb59e763b), TOBN(0x3d4606a9, 0x5b5a8e5e), - TOBN(0x1eda5d9b, 0x05a48292), TOBN(0xda7731d0, 0xe6fec446), - TOBN(0xa3e33693, 0x90d45871), TOBN(0xe9764040, 0x06166d8d), - TOBN(0xb5c33682, 0x89a90403), TOBN(0x4bd17983, 0x72f1d637), - TOBN(0xa616679e, 0xd5d2c53a), TOBN(0x5ec4bcd8, 0xfdcf3b87), - TOBN(0xae6d7613, 0xb66a694e), TOBN(0x7460fc76, 0xe3fc27e5), - TOBN(0x70469b82, 0x95caabee), TOBN(0xde024ca5, 0x889501e3), - TOBN(0x6bdadc06, 0x076ed265), TOBN(0x0cb1236b, 0x5a0ef8b2), - TOBN(0x4065ddbf, 0x0972ebf9), TOBN(0xf1dd3875, 0x22aca432), - TOBN(0xa88b97cf, 0x744aff76), TOBN(0xd1359afd, 0xfe8e3d24), - TOBN(0x52a3ba2b, 0x91502cf3), TOBN(0x2c3832a8, 0x084db75d), - TOBN(0x04a12ddd, 0xde30b1c9), TOBN(0x7802eabc, 0xe31fd60c), - TOBN(0x33707327, 0xa37fddab), TOBN(0x65d6f2ab, 0xfaafa973), - TOBN(0x3525c5b8, 0x11e6f91a), TOBN(0x76aeb0c9, 0x5f46530b), - TOBN(0xe8815ff6, 0x2f93a675), TOBN(0xa6ec9684, 0x05f48679), - TOBN(0x6dcbb556, 0x358ae884), TOBN(0x0af61472, 0xe19e3873), - TOBN(0x72334372, 0xa5f696be), TOBN(0xc65e57ea, 0x6f22fb70), - TOBN(0x268da30c, 0x946cea90), TOBN(0x136a8a87, 0x65681b2a), - TOBN(0xad5e81dc, 0x0f9f44d4), TOBN(0xf09a6960, 0x2c46585a), - TOBN(0xd1649164, 0xc447d1b1), TOBN(0x3b4b36c8, 0x879dc8b1), - TOBN(0x20d4177b, 0x3b6b234c), TOBN(0x096a2505, 0x1730d9d0), - TOBN(0x0611b9b8, 0xef80531d), TOBN(0xba904b3b, 0x64bb495d), - TOBN(0x1192d9d4, 0x93a3147a), TOBN(0x9f30a5dc, 0x9a565545), - TOBN(0x90b1f9cb, 0x6ef07212), TOBN(0x29958546, 0x0d87fc13), - TOBN(0xd3323eff, 0xc17db9ba), TOBN(0xcb18548c, 0xcb1644a8), - TOBN(0x18a306d4, 0x4f49ffbc), TOBN(0x28d658f1, 0x4c2e8684), - TOBN(0x44ba60cd, 0xa99f8c71), TOBN(0x67b7abdb, 0x4bf742ff), - TOBN(0x66310f9c, 0x914b3f99), TOBN(0xae430a32, 0xf412c161), - TOBN(0x1e6776d3, 0x88ace52f), TOBN(0x4bc0fa24, 0x52d7067d), - TOBN(0x03c286aa, 0x8f07cd1b), TOBN(0x4cb8f38c, 0xa985b2c1), - TOBN(0x83ccbe80, 0x8c3bff36), TOBN(0x005a0bd2, 0x5263e575), - TOBN(0x460d7dda, 0x259bdcd1), TOBN(0x4a1c5642, 0xfa5cab6b), - TOBN(0x2b7bdbb9, 0x9fe4fc88), TOBN(0x09418e28, 0xcc97bbb5), - TOBN(0xd8274fb4, 0xa12321ae), TOBN(0xb137007d, 0x5c87b64e), - TOBN(0x80531fe1, 0xc63c4962), TOBN(0x50541e89, 0x981fdb25), - TOBN(0xdc1291a1, 0xfd4c2b6b), TOBN(0xc0693a17, 0xa6df4fca), - TOBN(0xb2c4604e, 0x0117f203), TOBN(0x245f1963, 0x0a99b8d0), - TOBN(0xaedc20aa, 0xc6212c44), TOBN(0xb1ed4e56, 0x520f52a8), - TOBN(0xfe48f575, 0xf8547be3), TOBN(0x0a7033cd, 0xa9e45f98), - TOBN(0x4b45d3a9, 0x18c50100), TOBN(0xb2a6cd6a, 0xa61d41da), - TOBN(0x60bbb4f5, 0x57933c6b), TOBN(0xa7538ebd, 0x2b0d7ffc), - TOBN(0x9ea3ab8d, 0x8cd626b6), TOBN(0x8273a484, 0x3601625a), - TOBN(0x88859845, 0x0168e508), TOBN(0x8cbc9bb2, 0x99a94abd), - TOBN(0x713ac792, 0xfab0a671), TOBN(0xa3995b19, 0x6c9ebffc), - TOBN(0xe711668e, 0x1239e152), TOBN(0x56892558, 0xbbb8dff4), - TOBN(0x8bfc7dab, 0xdbf17963), TOBN(0x5b59fe5a, 0xb3de1253), - TOBN(0x7e3320eb, 0x34a9f7ae), TOBN(0xe5e8cf72, 0xd751efe4), - TOBN(0x7ea003bc, 0xd9be2f37), TOBN(0xc0f551a0, 0xb6c08ef7), - TOBN(0x56606268, 0x038f6725), TOBN(0x1dd38e35, 0x6d92d3b6), - TOBN(0x07dfce7c, 0xc3cbd686), TOBN(0x4e549e04, 0x651c5da8), - TOBN(0x4058f93b, 0x08b19340), TOBN(0xc2fae6f4, 0xcac6d89d), - TOBN(0x4bad8a8c, 0x8f159cc7), TOBN(0x0ddba4b3, 0xcb0b601c), - TOBN(0xda4fc7b5, 0x1dd95f8c), TOBN(0x1d163cd7, 0xcea5c255), - TOBN(0x30707d06, 0x274a8c4c), TOBN(0x79d9e008, 0x2802e9ce), - TOBN(0x02a29ebf, 0xe6ddd505), TOBN(0x37064e74, 0xb50bed1a), - TOBN(0x3f6bae65, 0xa7327d57), TOBN(0x3846f5f1, 0xf83920bc), - TOBN(0x87c37491, 0x60df1b9b), TOBN(0x4cfb2895, 0x2d1da29f), - TOBN(0x10a478ca, 0x4ed1743c), TOBN(0x390c6030, 0x3edd47c6), - TOBN(0x8f3e5312, 0x8c0a78de), TOBN(0xccd02bda, 0x1e85df70), - TOBN(0xd6c75c03, 0xa61b6582), TOBN(0x0762921c, 0xfc0eebd1), - TOBN(0xd34d0823, 0xd85010c0), TOBN(0xd73aaacb, 0x0044cf1f), - TOBN(0xfb4159bb, 0xa3b5e78a), TOBN(0x2287c7f7, 0xe5826f3f), - TOBN(0x4aeaf742, 0x580b1a01), TOBN(0xf080415d, 0x60423b79), - TOBN(0xe12622cd, 0xa7dea144), TOBN(0x49ea4996, 0x59d62472), - TOBN(0xb42991ef, 0x571f3913), TOBN(0x0610f214, 0xf5b25a8a), - TOBN(0x47adc585, 0x30b79e8f), TOBN(0xf90e3df6, 0x07a065a2), - TOBN(0x5d0a5deb, 0x43e2e034), TOBN(0x53fb5a34, 0x444024aa), - TOBN(0xa8628c68, 0x6b0c9f7f), TOBN(0x9c69c29c, 0xac563656), - TOBN(0x5a231feb, 0xbace47b6), TOBN(0xbdce0289, 0x9ea5a2ec), - TOBN(0x05da1fac, 0x9463853e), TOBN(0x96812c52, 0x509e78aa), - TOBN(0xd3fb5771, 0x57151692), TOBN(0xeb2721f8, 0xd98e1c44), - TOBN(0xc0506087, 0x32399be1), TOBN(0xda5a5511, 0xd979d8b8), - TOBN(0x737ed55d, 0xc6f56780), TOBN(0xe20d3004, 0x0dc7a7f4), - TOBN(0x02ce7301, 0xf5941a03), TOBN(0x91ef5215, 0xed30f83a), - TOBN(0x28727fc1, 0x4092d85f), TOBN(0x72d223c6, 0x5c49e41a), - TOBN(0xa7cf30a2, 0xba6a4d81), TOBN(0x7c086209, 0xb030d87d), - TOBN(0x04844c7d, 0xfc588b09), TOBN(0x728cd499, 0x5874bbb0), - TOBN(0xcc1281ee, 0xe84c0495), TOBN(0x0769b5ba, 0xec31958f), - TOBN(0x665c228b, 0xf99c2471), TOBN(0xf2d8a11b, 0x191eb110), - TOBN(0x4594f494, 0xd36d7024), TOBN(0x482ded8b, 0xcdcb25a1), - TOBN(0xc958a9d8, 0xdadd4885), TOBN(0x7004477e, 0xf1d2b547), - TOBN(0x0a45f6ef, 0x2a0af550), TOBN(0x4fc739d6, 0x2f8d6351), - TOBN(0x75cdaf27, 0x786f08a9), TOBN(0x8700bb26, 0x42c2737f), - TOBN(0x855a7141, 0x1c4e2670), TOBN(0x810188c1, 0x15076fef), - TOBN(0xc251d0c9, 0xabcd3297), TOBN(0xae4c8967, 0xf48108eb), - TOBN(0xbd146de7, 0x18ceed30), TOBN(0xf9d4f07a, 0xc986bced), - TOBN(0x5ad98ed5, 0x83fa1e08), TOBN(0x7780d33e, 0xbeabd1fb), - TOBN(0xe330513c, 0x903b1196), TOBN(0xba11de9e, 0xa47bc8c4), - TOBN(0x684334da, 0x02c2d064), TOBN(0x7ecf360d, 0xa48de23b), - TOBN(0x57a1b474, 0x0a9089d8), TOBN(0xf28fa439, 0xff36734c), - TOBN(0xf2a482cb, 0xea4570b3), TOBN(0xee65d68b, 0xa5ebcee9), - TOBN(0x988d0036, 0xb9694cd5), TOBN(0x53edd0e9, 0x37885d32), - TOBN(0xe37e3307, 0xbeb9bc6d), TOBN(0xe9abb907, 0x9f5c6768), - TOBN(0x4396ccd5, 0x51f2160f), TOBN(0x2500888c, 0x47336da6), - TOBN(0x383f9ed9, 0x926fce43), TOBN(0x809dd1c7, 0x04da2930), - TOBN(0x30f6f596, 0x8a4cb227), TOBN(0x0d700c7f, 0x73a56b38), - TOBN(0x1825ea33, 0xab64a065), TOBN(0xaab9b735, 0x1338df80), - TOBN(0x1516100d, 0x9b63f57f), TOBN(0x2574395a, 0x27a6a634), - TOBN(0xb5560fb6, 0x700a1acd), TOBN(0xe823fd73, 0xfd999681), - TOBN(0xda915d1f, 0x6cb4e1ba), TOBN(0x0d030118, 0x6ebe00a3), - TOBN(0x744fb0c9, 0x89fca8cd), TOBN(0x970d01db, 0xf9da0e0b), - TOBN(0x0ad8c564, 0x7931d76f), TOBN(0xb15737bf, 0xf659b96a), - TOBN(0xdc9933e8, 0xa8b484e7), TOBN(0xb2fdbdf9, 0x7a26dec7), - TOBN(0x2349e9a4, 0x9f1f0136), TOBN(0x7860368e, 0x70fddddb), - TOBN(0xd93d2c1c, 0xf9ad3e18), TOBN(0x6d6c5f17, 0x689f4e79), - TOBN(0x7a544d91, 0xb24ff1b6), TOBN(0x3e12a5eb, 0xfe16cd8c), - TOBN(0x543574e9, 0xa56b872f), TOBN(0xa1ad550c, 0xfcf68ea2), - TOBN(0x689e37d2, 0x3f560ef7), TOBN(0x8c54b9ca, 0xc9d47a8b), - TOBN(0x46d40a4a, 0x088ac342), TOBN(0xec450c7c, 0x1576c6d0), - TOBN(0xb589e31c, 0x1f9689e9), TOBN(0xdacf2602, 0xb8781718), - TOBN(0xa89237c6, 0xc8cb6b42), TOBN(0x1326fc93, 0xb96ef381), - TOBN(0x55d56c6d, 0xb5f07825), TOBN(0xacba2eea, 0x7449e22d), - TOBN(0x74e0887a, 0x633c3000), TOBN(0xcb6cd172, 0xd7cbcf71), - TOBN(0x309e81de, 0xc36cf1be), TOBN(0x07a18a6d, 0x60ae399b), - TOBN(0xb36c2679, 0x9edce57e), TOBN(0x52b892f4, 0xdf001d41), - TOBN(0xd884ae5d, 0x16a1f2c6), TOBN(0x9b329424, 0xefcc370a), - TOBN(0x3120daf2, 0xbd2e21df), TOBN(0x55298d2d, 0x02470a99), - TOBN(0x0b78af6c, 0xa05db32e), TOBN(0x5c76a331, 0x601f5636), - TOBN(0xaae861ff, 0xf8a4f29c), TOBN(0x70dc9240, 0xd68f8d49), - TOBN(0x960e649f, 0x81b1321c), TOBN(0x3d2c801b, 0x8792e4ce), - TOBN(0xf479f772, 0x42521876), TOBN(0x0bed93bc, 0x416c79b1), - TOBN(0xa67fbc05, 0x263e5bc9), TOBN(0x01e8e630, 0x521db049), - TOBN(0x76f26738, 0xc6f3431e), TOBN(0xe609cb02, 0xe3267541), - TOBN(0xb10cff2d, 0x818c877c), TOBN(0x1f0e75ce, 0x786a13cb), - TOBN(0xf4fdca64, 0x1158544d), TOBN(0x5d777e89, 0x6cb71ed0), - TOBN(0x3c233737, 0xa9aa4755), TOBN(0x7b453192, 0xe527ab40), - TOBN(0xdb59f688, 0x39f05ffe), TOBN(0x8f4f4be0, 0x6d82574e), - TOBN(0xcce3450c, 0xee292d1b), TOBN(0xaa448a12, 0x61ccd086), - TOBN(0xabce91b3, 0xf7914967), TOBN(0x4537f09b, 0x1908a5ed), - TOBN(0xa812421e, 0xf51042e7), TOBN(0xfaf5cebc, 0xec0b3a34), - TOBN(0x730ffd87, 0x4ca6b39a), TOBN(0x70fb72ed, 0x02efd342), - TOBN(0xeb4735f9, 0xd75c8edb), TOBN(0xc11f2157, 0xc278aa51), - TOBN(0xc459f635, 0xbf3bfebf), TOBN(0x3a1ff0b4, 0x6bd9601f), - TOBN(0xc9d12823, 0xc420cb73), TOBN(0x3e9af3e2, 0x3c2915a3), - TOBN(0xe0c82c72, 0xb41c3440), TOBN(0x175239e5, 0xe3039a5f), - TOBN(0xe1084b8a, 0x558795a3), TOBN(0x328d0a1d, 0xd01e5c60), - TOBN(0x0a495f2e, 0xd3788a04), TOBN(0x25d8ff16, 0x66c11a9f), - TOBN(0xf5155f05, 0x9ed692d6), TOBN(0x954fa107, 0x4f425fe4), - TOBN(0xd16aabf2, 0xe98aaa99), TOBN(0x90cd8ba0, 0x96b0f88a), - TOBN(0x957f4782, 0xc154026a), TOBN(0x54ee0734, 0x52af56d2), - TOBN(0xbcf89e54, 0x45b4147a), TOBN(0x3d102f21, 0x9a52816c), - TOBN(0x6808517e, 0x39b62e77), TOBN(0x92e25421, 0x69169ad8), - TOBN(0xd721d871, 0xbb608558), TOBN(0x60e4ebae, 0xf6d4ff9b), - TOBN(0x0ba10819, 0x41f2763e), TOBN(0xca2e45be, 0x51ee3247), - TOBN(0x66d172ec, 0x2bfd7a5f), TOBN(0x528a8f2f, 0x74d0b12d), - TOBN(0xe17f1e38, 0xdabe70dc), TOBN(0x1d5d7316, 0x9f93983c), - TOBN(0x51b2184a, 0xdf423e31), TOBN(0xcb417291, 0xaedb1a10), - TOBN(0x2054ca93, 0x625bcab9), TOBN(0x54396860, 0xa98998f0), - TOBN(0x4e53f6c4, 0xa54ae57e), TOBN(0x0ffeb590, 0xee648e9d), - TOBN(0xfbbdaadc, 0x6afaf6bc), TOBN(0xf88ae796, 0xaa3bfb8a), - TOBN(0x209f1d44, 0xd2359ed9), TOBN(0xac68dd03, 0xf3544ce2), - TOBN(0xf378da47, 0xfd51e569), TOBN(0xe1abd860, 0x2cc80097), - TOBN(0x23ca18d9, 0x343b6e3a), TOBN(0x480797e8, 0xb40a1bae), - TOBN(0xd1f0c717, 0x533f3e67), TOBN(0x44896970, 0x06e6cdfc), - TOBN(0x8ca21055, 0x52a82e8d), TOBN(0xb2caf785, 0x78460cdc), - TOBN(0x4c1b7b62, 0xe9037178), TOBN(0xefc09d2c, 0xdb514b58), - TOBN(0x5f2df9ee, 0x9113be5c), TOBN(0x2fbda78f, 0xb3f9271c), - TOBN(0xe09a81af, 0x8f83fc54), TOBN(0x06b13866, 0x8afb5141), - TOBN(0x38f6480f, 0x43e3865d), TOBN(0x72dd77a8, 0x1ddf47d9), - TOBN(0xf2a8e971, 0x4c205ff7), TOBN(0x46d449d8, 0x9d088ad8), - TOBN(0x926619ea, 0x185d706f), TOBN(0xe47e02eb, 0xc7dd7f62), - TOBN(0xe7f120a7, 0x8cbc2031), TOBN(0xc18bef00, 0x998d4ac9), - TOBN(0x18f37a9c, 0x6bdf22da), TOBN(0xefbc432f, 0x90dc82df), - TOBN(0xc52cef8e, 0x5d703651), TOBN(0x82887ba0, 0xd99881a5), - TOBN(0x7cec9dda, 0xb920ec1d), TOBN(0xd0d7e8c3, 0xec3e8d3b), - TOBN(0x445bc395, 0x4ca88747), TOBN(0xedeaa2e0, 0x9fd53535), - TOBN(0x461b1d93, 0x6cc87475), TOBN(0xd92a52e2, 0x6d2383bd), - TOBN(0xfabccb59, 0xd7903546), TOBN(0x6111a761, 0x3d14b112), - TOBN(0x0ae584fe, 0xb3d5f612), TOBN(0x5ea69b8d, 0x60e828ec), - TOBN(0x6c078985, 0x54087030), TOBN(0x649cab04, 0xac4821fe), - TOBN(0x25ecedcf, 0x8bdce214), TOBN(0xb5622f72, 0x86af7361), - TOBN(0x0e1227aa, 0x7038b9e2), TOBN(0xd0efb273, 0xac20fa77), - TOBN(0x817ff88b, 0x79df975b), TOBN(0x856bf286, 0x1999503e), - TOBN(0xb4d5351f, 0x5038ec46), TOBN(0x740a52c5, 0xfc42af6e), - TOBN(0x2e38bb15, 0x2cbb1a3f), TOBN(0xc3eb99fe, 0x17a83429), - TOBN(0xca4fcbf1, 0xdd66bb74), TOBN(0x880784d6, 0xcde5e8fc), - TOBN(0xddc84c1c, 0xb4e7a0be), TOBN(0x8780510d, 0xbd15a72f), - TOBN(0x44bcf1af, 0x81ec30e1), TOBN(0x141e50a8, 0x0a61073e), - TOBN(0x0d955718, 0x47be87ae), TOBN(0x68a61417, 0xf76a4372), - TOBN(0xf57e7e87, 0xc607c3d3), TOBN(0x043afaf8, 0x5252f332), - TOBN(0xcc14e121, 0x1552a4d2), TOBN(0xb6dee692, 0xbb4d4ab4), - TOBN(0xb6ab74c8, 0xa03816a4), TOBN(0x84001ae4, 0x6f394a29), - TOBN(0x5bed8344, 0xd795fb45), TOBN(0x57326e7d, 0xb79f55a5), - TOBN(0xc9533ce0, 0x4accdffc), TOBN(0x53473caf, 0x3993fa04), - TOBN(0x7906eb93, 0xa13df4c8), TOBN(0xa73e51f6, 0x97cbe46f), - TOBN(0xd1ab3ae1, 0x0ae4ccf8), TOBN(0x25614508, 0x8a5b3dbc), - TOBN(0x61eff962, 0x11a71b27), TOBN(0xdf71412b, 0x6bb7fa39), - TOBN(0xb31ba6b8, 0x2bd7f3ef), TOBN(0xb0b9c415, 0x69180d29), - TOBN(0xeec14552, 0x014cdde5), TOBN(0x702c624b, 0x227b4bbb), - TOBN(0x2b15e8c2, 0xd3e988f3), TOBN(0xee3bcc6d, 0xa4f7fd04), - TOBN(0x9d00822a, 0x42ac6c85), TOBN(0x2db0cea6, 0x1df9f2b7), - TOBN(0xd7cad2ab, 0x42de1e58), TOBN(0x346ed526, 0x2d6fbb61), - TOBN(0xb3962995, 0x1a2faf09), TOBN(0x2fa8a580, 0x7c25612e), - TOBN(0x30ae04da, 0x7cf56490), TOBN(0x75662908, 0x0eea3961), - TOBN(0x3609f5c5, 0x3d080847), TOBN(0xcb081d39, 0x5241d4f6), - TOBN(0xb4fb3810, 0x77961a63), TOBN(0xc20c5984, 0x2abb66fc), - TOBN(0x3d40aa7c, 0xf902f245), TOBN(0x9cb12736, 0x4e536b1e), - TOBN(0x5eda24da, 0x99b3134f), TOBN(0xafbd9c69, 0x5cd011af), - TOBN(0x9a16e30a, 0xc7088c7d), TOBN(0x5ab65710, 0x3207389f), - TOBN(0x1b09547f, 0xe7407a53), TOBN(0x2322f9d7, 0x4fdc6eab), - TOBN(0xc0f2f22d, 0x7430de4d), TOBN(0x19382696, 0xe68ca9a9), - TOBN(0x17f1eff1, 0x918e5868), TOBN(0xe3b5b635, 0x586f4204), - TOBN(0x146ef980, 0x3fbc4341), TOBN(0x359f2c80, 0x5b5eed4e), - TOBN(0x9f35744e, 0x7482e41d), TOBN(0x9a9ac3ec, 0xf3b224c2), - TOBN(0x9161a6fe, 0x91fc50ae), TOBN(0x89ccc66b, 0xc613fa7c), - TOBN(0x89268b14, 0xc732f15a), TOBN(0x7cd6f4e2, 0xb467ed03), - TOBN(0xfbf79869, 0xce56b40e), TOBN(0xf93e094c, 0xc02dde98), - TOBN(0xefe0c3a8, 0xedee2cd7), TOBN(0x90f3ffc0, 0xb268fd42), - TOBN(0x81a7fd56, 0x08241aed), TOBN(0x95ab7ad8, 0x00b1afe8), - TOBN(0x40127056, 0x3e310d52), TOBN(0xd3ffdeb1, 0x09d9fc43), - TOBN(0xc8f85c91, 0xd11a8594), TOBN(0x2e74d258, 0x31cf6db8), - TOBN(0x829c7ca3, 0x02b5dfd0), TOBN(0xe389cfbe, 0x69143c86), - TOBN(0xd01b6405, 0x941768d8), TOBN(0x45103995, 0x03bf825d), - TOBN(0xcc4ee166, 0x56cd17e2), TOBN(0xbea3c283, 0xba037e79), - TOBN(0x4e1ac06e, 0xd9a47520), TOBN(0xfbfe18aa, 0xaf852404), - TOBN(0x5615f8e2, 0x8087648a), TOBN(0x7301e47e, 0xb9d150d9), - TOBN(0x79f9f9dd, 0xb299b977), TOBN(0x76697a7b, 0xa5b78314), - TOBN(0x10d67468, 0x7d7c90e7), TOBN(0x7afffe03, 0x937210b5), - TOBN(0x5aef3e4b, 0x28c22cee), TOBN(0xefb0ecd8, 0x09fd55ae), - TOBN(0x4cea7132, 0x0d2a5d6a), TOBN(0x9cfb5fa1, 0x01db6357), - TOBN(0x395e0b57, 0xf36e1ac5), TOBN(0x008fa9ad, 0x36cafb7d), - TOBN(0x8f6cdf70, 0x5308c4db), TOBN(0x51527a37, 0x95ed2477), - TOBN(0xba0dee30, 0x5bd21311), TOBN(0x6ed41b22, 0x909c90d7), - TOBN(0xc5f6b758, 0x7c8696d3), TOBN(0x0db8eaa8, 0x3ce83a80), - TOBN(0xd297fe37, 0xb24b4b6f), TOBN(0xfe58afe8, 0x522d1f0d), - TOBN(0x97358736, 0x8c98dbd9), TOBN(0x6bc226ca, 0x9454a527), - TOBN(0xa12b384e, 0xce53c2d0), TOBN(0x779d897d, 0x5e4606da), - TOBN(0xa53e47b0, 0x73ec12b0), TOBN(0x462dbbba, 0x5756f1ad), - TOBN(0x69fe09f2, 0xcafe37b6), TOBN(0x273d1ebf, 0xecce2e17), - TOBN(0x8ac1d538, 0x3cf607fd), TOBN(0x8035f7ff, 0x12e10c25)}, - {TOBN(0x854d34c7, 0x7e6c5520), TOBN(0xc27df9ef, 0xdcb9ea58), - TOBN(0x405f2369, 0xd686666d), TOBN(0x29d1febf, 0x0417aa85), - TOBN(0x9846819e, 0x93470afe), TOBN(0x3e6a9669, 0xe2a27f9e), - TOBN(0x24d008a2, 0xe31e6504), TOBN(0xdba7cecf, 0x9cb7680a), - TOBN(0xecaff541, 0x338d6e43), TOBN(0x56f7dd73, 0x4541d5cc), - TOBN(0xb5d426de, 0x96bc88ca), TOBN(0x48d94f6b, 0x9ed3a2c3), - TOBN(0x6354a3bb, 0x2ef8279c), TOBN(0xd575465b, 0x0b1867f2), - TOBN(0xef99b0ff, 0x95225151), TOBN(0xf3e19d88, 0xf94500d8), - TOBN(0x92a83268, 0xe32dd620), TOBN(0x913ec99f, 0x627849a2), - TOBN(0xedd8fdfa, 0x2c378882), TOBN(0xaf96f33e, 0xee6f8cfe), - TOBN(0xc06737e5, 0xdc3fa8a5), TOBN(0x236bb531, 0xb0b03a1d), - TOBN(0x33e59f29, 0x89f037b0), TOBN(0x13f9b5a7, 0xd9a12a53), - TOBN(0x0d0df6ce, 0x51efb310), TOBN(0xcb5b2eb4, 0x958df5be), - TOBN(0xd6459e29, 0x36158e59), TOBN(0x82aae2b9, 0x1466e336), - TOBN(0xfb658a39, 0x411aa636), TOBN(0x7152ecc5, 0xd4c0a933), - TOBN(0xf10c758a, 0x49f026b7), TOBN(0xf4837f97, 0xcb09311f), - TOBN(0xddfb02c4, 0xc753c45f), TOBN(0x18ca81b6, 0xf9c840fe), - TOBN(0x846fd09a, 0xb0f8a3e6), TOBN(0xb1162add, 0xe7733dbc), - TOBN(0x7070ad20, 0x236e3ab6), TOBN(0xf88cdaf5, 0xb2a56326), - TOBN(0x05fc8719, 0x997cbc7a), TOBN(0x442cd452, 0x4b665272), - TOBN(0x7807f364, 0xb71698f5), TOBN(0x6ba418d2, 0x9f7b605e), - TOBN(0xfd20b00f, 0xa03b2cbb), TOBN(0x883eca37, 0xda54386f), - TOBN(0xff0be43f, 0xf3437f24), TOBN(0xe910b432, 0xa48bb33c), - TOBN(0x4963a128, 0x329df765), TOBN(0xac1dd556, 0xbe2fe6f7), - TOBN(0x557610f9, 0x24a0a3fc), TOBN(0x38e17bf4, 0xe881c3f9), - TOBN(0x6ba84faf, 0xed0dac99), TOBN(0xd4a222c3, 0x59eeb918), - TOBN(0xc79c1dbe, 0x13f542b6), TOBN(0x1fc65e0d, 0xe425d457), - TOBN(0xeffb754f, 0x1debb779), TOBN(0x638d8fd0, 0x9e08af60), - TOBN(0x994f523a, 0x626332d5), TOBN(0x7bc38833, 0x5561bb44), - TOBN(0x005ed4b0, 0x3d845ea2), TOBN(0xd39d3ee1, 0xc2a1f08a), - TOBN(0x6561fdd3, 0xe7676b0d), TOBN(0x620e35ff, 0xfb706017), - TOBN(0x36ce424f, 0xf264f9a8), TOBN(0xc4c3419f, 0xda2681f7), - TOBN(0xfb6afd2f, 0x69beb6e8), TOBN(0x3a50b993, 0x6d700d03), - TOBN(0xc840b2ad, 0x0c83a14f), TOBN(0x573207be, 0x54085bef), - TOBN(0x5af882e3, 0x09fe7e5b), TOBN(0x957678a4, 0x3b40a7e1), - TOBN(0x172d4bdd, 0x543056e2), TOBN(0x9c1b26b4, 0x0df13c0a), - TOBN(0x1c30861c, 0xf405ff06), TOBN(0xebac86bd, 0x486e828b), - TOBN(0xe791a971, 0x636933fc), TOBN(0x50e7c2be, 0x7aeee947), - TOBN(0xc3d4a095, 0xfa90d767), TOBN(0xae60eb7b, 0xe670ab7b), - TOBN(0x17633a64, 0x397b056d), TOBN(0x93a21f33, 0x105012aa), - TOBN(0x663c370b, 0xabb88643), TOBN(0x91df36d7, 0x22e21599), - TOBN(0x183ba835, 0x8b761671), TOBN(0x381eea1d, 0x728f3bf1), - TOBN(0xb9b2f1ba, 0x39966e6c), TOBN(0x7c464a28, 0xe7295492), - TOBN(0x0fd5f70a, 0x09b26b7f), TOBN(0xa9aba1f9, 0xfbe009df), - TOBN(0x857c1f22, 0x369b87ad), TOBN(0x3c00e5d9, 0x32fca556), - TOBN(0x1ad74cab, 0x90b06466), TOBN(0xa7112386, 0x550faaf2), - TOBN(0x7435e198, 0x6d9bd5f5), TOBN(0x2dcc7e38, 0x59c3463f), - TOBN(0xdc7df748, 0xca7bd4b2), TOBN(0x13cd4c08, 0x9dec2f31), - TOBN(0x0d3b5df8, 0xe3237710), TOBN(0x0dadb26e, 0xcbd2f7b0), - TOBN(0x9f5966ab, 0xe4aa082b), TOBN(0x666ec8de, 0x350e966e), - TOBN(0x1bfd1ed5, 0xee524216), TOBN(0xcd93c59b, 0x41dab0b6), - TOBN(0x658a8435, 0xd186d6ba), TOBN(0x1b7d34d2, 0x159d1195), - TOBN(0x5936e460, 0x22caf46b), TOBN(0x6a45dd8f, 0x9a96fe4f), - TOBN(0xf7925434, 0xb98f474e), TOBN(0x41410412, 0x0053ef15), - TOBN(0x71cf8d12, 0x41de97bf), TOBN(0xb8547b61, 0xbd80bef4), - TOBN(0xb47d3970, 0xc4db0037), TOBN(0xf1bcd328, 0xfef20dff), - TOBN(0x31a92e09, 0x10caad67), TOBN(0x1f591960, 0x5531a1e1), - TOBN(0x3bb852e0, 0x5f4fc840), TOBN(0x63e297ca, 0x93a72c6c), - TOBN(0x3c2b0b2e, 0x49abad67), TOBN(0x6ec405fc, 0xed3db0d9), - TOBN(0xdc14a530, 0x7fef1d40), TOBN(0xccd19846, 0x280896fc), - TOBN(0x00f83176, 0x9bb81648), TOBN(0xd69eb485, 0x653120d0), - TOBN(0xd17d75f4, 0x4ccabc62), TOBN(0x34a07f82, 0xb749fcb1), - TOBN(0x2c3af787, 0xbbfb5554), TOBN(0xb06ed4d0, 0x62e283f8), - TOBN(0x5722889f, 0xa19213a0), TOBN(0x162b085e, 0xdcf3c7b4), - TOBN(0xbcaecb31, 0xe0dd3eca), TOBN(0xc6237fbc, 0xe52f13a5), - TOBN(0xcc2b6b03, 0x27bac297), TOBN(0x2ae1cac5, 0xb917f54a), - TOBN(0x474807d4, 0x7845ae4f), TOBN(0xfec7dd92, 0xce5972e0), - TOBN(0xc3bd2541, 0x1d7915bb), TOBN(0x66f85dc4, 0xd94907ca), - TOBN(0xd981b888, 0xbdbcf0ca), TOBN(0xd75f5da6, 0xdf279e9f), - TOBN(0x128bbf24, 0x7054e934), TOBN(0x3c6ff6e5, 0x81db134b), - TOBN(0x795b7cf4, 0x047d26e4), TOBN(0xf370f7b8, 0x5049ec37), - TOBN(0xc6712d4d, 0xced945af), TOBN(0xdf30b5ec, 0x095642bc), - TOBN(0x9b034c62, 0x4896246e), TOBN(0x5652c016, 0xee90bbd1), - TOBN(0xeb38636f, 0x87fedb73), TOBN(0x5e32f847, 0x0135a613), - TOBN(0x0703b312, 0xcf933c83), TOBN(0xd05bb76e, 0x1a7f47e6), - TOBN(0x825e4f0c, 0x949c2415), TOBN(0x569e5622, 0x7250d6f8), - TOBN(0xbbe9eb3a, 0x6568013e), TOBN(0x8dbd203f, 0x22f243fc), - TOBN(0x9dbd7694, 0xb342734a), TOBN(0x8f6d12f8, 0x46afa984), - TOBN(0xb98610a2, 0xc9eade29), TOBN(0xbab4f323, 0x47dd0f18), - TOBN(0x5779737b, 0x671c0d46), TOBN(0x10b6a7c6, 0xd3e0a42a), - TOBN(0xfb19ddf3, 0x3035b41c), TOBN(0xd336343f, 0x99c45895), - TOBN(0x61fe4938, 0x54c857e5), TOBN(0xc4d506be, 0xae4e57d5), - TOBN(0x3cd8c8cb, 0xbbc33f75), TOBN(0x7281f08a, 0x9262c77d), - TOBN(0x083f4ea6, 0xf11a2823), TOBN(0x8895041e, 0x9fba2e33), - TOBN(0xfcdfea49, 0x9c438edf), TOBN(0x7678dcc3, 0x91edba44), - TOBN(0xf07b3b87, 0xe2ba50f0), TOBN(0xc13888ef, 0x43948c1b), - TOBN(0xc2135ad4, 0x1140af42), TOBN(0x8e5104f3, 0x926ed1a7), - TOBN(0xf24430cb, 0x88f6695f), TOBN(0x0ce0637b, 0x6d73c120), - TOBN(0xb2db01e6, 0xfe631e8f), TOBN(0x1c5563d7, 0xd7bdd24b), - TOBN(0x8daea3ba, 0x369ad44f), TOBN(0x000c81b6, 0x8187a9f9), - TOBN(0x5f48a951, 0xaae1fd9a), TOBN(0xe35626c7, 0x8d5aed8a), - TOBN(0x20952763, 0x0498c622), TOBN(0x76d17634, 0x773aa504), - TOBN(0x36d90dda, 0xeb300f7a), TOBN(0x9dcf7dfc, 0xedb5e801), - TOBN(0x645cb268, 0x74d5244c), TOBN(0xa127ee79, 0x348e3aa2), - TOBN(0x488acc53, 0x575f1dbb), TOBN(0x95037e85, 0x80e6161e), - TOBN(0x57e59283, 0x292650d0), TOBN(0xabe67d99, 0x14938216), - TOBN(0x3c7f944b, 0x3f8e1065), TOBN(0xed908cb6, 0x330e8924), - TOBN(0x08ee8fd5, 0x6f530136), TOBN(0x2227b7d5, 0xd7ffc169), - TOBN(0x4f55c893, 0xb5cd6dd5), TOBN(0x82225e11, 0xa62796e8), - TOBN(0x5c6cead1, 0xcb18e12c), TOBN(0x4381ae0c, 0x84f5a51a), - TOBN(0x345913d3, 0x7fafa4c8), TOBN(0x3d918082, 0x0491aac0), - TOBN(0x9347871f, 0x3e69264c), TOBN(0xbea9dd3c, 0xb4f4f0cd), - TOBN(0xbda5d067, 0x3eadd3e7), TOBN(0x0033c1b8, 0x0573bcd8), - TOBN(0x25589379, 0x5da2486c), TOBN(0xcb89ee5b, 0x86abbee7), - TOBN(0x8fe0a8f3, 0x22532e5d), TOBN(0xb6410ff0, 0x727dfc4c), - TOBN(0x619b9d58, 0x226726db), TOBN(0x5ec25669, 0x7a2b2dc7), - TOBN(0xaf4d2e06, 0x4c3beb01), TOBN(0x852123d0, 0x7acea556), - TOBN(0x0e9470fa, 0xf783487a), TOBN(0x75a7ea04, 0x5664b3eb), - TOBN(0x4ad78f35, 0x6798e4ba), TOBN(0x9214e6e5, 0xc7d0e091), - TOBN(0xc420b488, 0xb1290403), TOBN(0x64049e0a, 0xfc295749), - TOBN(0x03ef5af1, 0x3ae9841f), TOBN(0xdbe4ca19, 0xb0b662a6), - TOBN(0x46845c5f, 0xfa453458), TOBN(0xf8dabf19, 0x10b66722), - TOBN(0xb650f0aa, 0xcce2793b), TOBN(0x71db851e, 0xc5ec47c1), - TOBN(0x3eb78f3e, 0x3b234fa9), TOBN(0xb0c60f35, 0xfc0106ce), - TOBN(0x05427121, 0x774eadbd), TOBN(0x25367faf, 0xce323863), - TOBN(0x7541b5c9, 0xcd086976), TOBN(0x4ff069e2, 0xdc507ad1), - TOBN(0x74145256, 0x8776e667), TOBN(0x6e76142c, 0xb23c6bb5), - TOBN(0xdbf30712, 0x1b3a8a87), TOBN(0x60e7363e, 0x98450836), - TOBN(0x5741450e, 0xb7366d80), TOBN(0xe4ee14ca, 0x4837dbdf), - TOBN(0xa765eb9b, 0x69d4316f), TOBN(0x04548dca, 0x8ef43825), - TOBN(0x9c9f4e4c, 0x5ae888eb), TOBN(0x733abb51, 0x56e9ac99), - TOBN(0xdaad3c20, 0xba6ac029), TOBN(0x9b8dd3d3, 0x2ba3e38e), - TOBN(0xa9bb4c92, 0x0bc5d11a), TOBN(0xf20127a7, 0x9c5f88a3), - TOBN(0x4f52b06e, 0x161d3cb8), TOBN(0x26c1ff09, 0x6afaf0a6), - TOBN(0x32670d2f, 0x7189e71f), TOBN(0xc6438748, 0x5ecf91e7), - TOBN(0x15758e57, 0xdb757a21), TOBN(0x427d09f8, 0x290a9ce5), - TOBN(0x846a308f, 0x38384a7a), TOBN(0xaac3acb4, 0xb0732b99), - TOBN(0x9e941009, 0x17845819), TOBN(0x95cba111, 0xa7ce5e03), - TOBN(0x6f3d4f7f, 0xb00009c4), TOBN(0xb8396c27, 0x8ff28b5f), - TOBN(0xb1a9ae43, 0x1c97975d), TOBN(0x9d7ba8af, 0xe5d9fed5), - TOBN(0x338cf09f, 0x34f485b6), TOBN(0xbc0ddacc, 0x64122516), - TOBN(0xa450da12, 0x05d471fe), TOBN(0x4c3a6250, 0x628dd8c9), - TOBN(0x69c7d103, 0xd1295837), TOBN(0xa2893e50, 0x3807eb2f), - TOBN(0xd6e1e1de, 0xbdb41491), TOBN(0xc630745b, 0x5e138235), - TOBN(0xc892109e, 0x48661ae1), TOBN(0x8d17e7eb, 0xea2b2674), - TOBN(0x00ec0f87, 0xc328d6b5), TOBN(0x6d858645, 0xf079ff9e), - TOBN(0x6cdf243e, 0x19115ead), TOBN(0x1ce1393e, 0x4bac4fcf), - TOBN(0x2c960ed0, 0x9c29f25b), TOBN(0x59be4d8e, 0x9d388a05), - TOBN(0x0d46e06c, 0xd0def72b), TOBN(0xb923db5d, 0xe0342748), - TOBN(0xf7d3aacd, 0x936d4a3d), TOBN(0x558519cc, 0x0b0b099e), - TOBN(0x3ea8ebf8, 0x827097ef), TOBN(0x259353db, 0xd054f55d), - TOBN(0x84c89abc, 0x6d2ed089), TOBN(0x5c548b69, 0x8e096a7c), - TOBN(0xd587f616, 0x994b995d), TOBN(0x4d1531f6, 0xa5845601), - TOBN(0x792ab31e, 0x451fd9f0), TOBN(0xc8b57bb2, 0x65adf6ca), - TOBN(0x68440fcb, 0x1cd5ad73), TOBN(0xb9c860e6, 0x6144da4f), - TOBN(0x2ab286aa, 0x8462beb8), TOBN(0xcc6b8fff, 0xef46797f), - TOBN(0xac820da4, 0x20c8a471), TOBN(0x69ae05a1, 0x77ff7faf), - TOBN(0xb9163f39, 0xbfb5da77), TOBN(0xbd03e590, 0x2c73ab7a), - TOBN(0x7e862b5e, 0xb2940d9e), TOBN(0x3c663d86, 0x4b9af564), - TOBN(0xd8309031, 0xbde3033d), TOBN(0x298231b2, 0xd42c5bc6), - TOBN(0x42090d2c, 0x552ad093), TOBN(0xa4799d1c, 0xff854695), - TOBN(0x0a88b5d6, 0xd31f0d00), TOBN(0xf8b40825, 0xa2f26b46), - TOBN(0xec29b1ed, 0xf1bd7218), TOBN(0xd491c53b, 0x4b24c86e), - TOBN(0xd2fe588f, 0x3395ea65), TOBN(0x6f3764f7, 0x4456ef15), - TOBN(0xdb43116d, 0xcdc34800), TOBN(0xcdbcd456, 0xc1e33955), - TOBN(0xefdb5540, 0x74ab286b), TOBN(0x948c7a51, 0xd18c5d7c), - TOBN(0xeb81aa37, 0x7378058e), TOBN(0x41c746a1, 0x04411154), - TOBN(0xa10c73bc, 0xfb828ac7), TOBN(0x6439be91, 0x9d972b29), - TOBN(0x4bf3b4b0, 0x43a2fbad), TOBN(0x39e6dadf, 0x82b5e840), - TOBN(0x4f716408, 0x6397bd4c), TOBN(0x0f7de568, 0x7f1eeccb), - TOBN(0x5865c5a1, 0xd2ffbfc1), TOBN(0xf74211fa, 0x4ccb6451), - TOBN(0x66368a88, 0xc0b32558), TOBN(0x5b539dc2, 0x9ad7812e), - TOBN(0x579483d0, 0x2f3af6f6), TOBN(0x52132078, 0x99934ece), - TOBN(0x50b9650f, 0xdcc9e983), TOBN(0xca989ec9, 0xaee42b8a), - TOBN(0x6a44c829, 0xd6f62f99), TOBN(0x8f06a309, 0x4c2a7c0c), - TOBN(0x4ea2b3a0, 0x98a0cb0a), TOBN(0x5c547b70, 0xbeee8364), - TOBN(0x461d40e1, 0x682afe11), TOBN(0x9e0fc77a, 0x7b41c0a8), - TOBN(0x79e4aefd, 0xe20d5d36), TOBN(0x2916e520, 0x32dd9f63), - TOBN(0xf59e52e8, 0x3f883faf), TOBN(0x396f9639, 0x2b868d35), - TOBN(0xc902a9df, 0x4ca19881), TOBN(0x0fc96822, 0xdb2401a6), - TOBN(0x41237587, 0x66f1c68d), TOBN(0x10fc6de3, 0xfb476c0d), - TOBN(0xf8b6b579, 0x841f5d90), TOBN(0x2ba8446c, 0xfa24f44a), - TOBN(0xa237b920, 0xef4a9975), TOBN(0x60bb6004, 0x2330435f), - TOBN(0xd6f4ab5a, 0xcfb7e7b5), TOBN(0xb2ac5097, 0x83435391), - TOBN(0xf036ee2f, 0xb0d1ea67), TOBN(0xae779a6a, 0x74c56230), - TOBN(0x59bff8c8, 0xab838ae6), TOBN(0xcd83ca99, 0x9b38e6f0), - TOBN(0xbb27bef5, 0xe33deed3), TOBN(0xe6356f6f, 0x001892a8), - TOBN(0xbf3be6cc, 0x7adfbd3e), TOBN(0xaecbc81c, 0x33d1ac9d), - TOBN(0xe4feb909, 0xe6e861dc), TOBN(0x90a247a4, 0x53f5f801), - TOBN(0x01c50acb, 0x27346e57), TOBN(0xce29242e, 0x461acc1b), - TOBN(0x04dd214a, 0x2f998a91), TOBN(0x271ee9b1, 0xd4baf27b), - TOBN(0x7e3027d1, 0xe8c26722), TOBN(0x21d1645c, 0x1820dce5), - TOBN(0x086f242c, 0x7501779c), TOBN(0xf0061407, 0xfa0e8009), - TOBN(0xf23ce477, 0x60187129), TOBN(0x05bbdedb, 0x0fde9bd0), - TOBN(0x682f4832, 0x25d98473), TOBN(0xf207fe85, 0x5c658427), - TOBN(0xb6fdd7ba, 0x4166ffa1), TOBN(0x0c314056, 0x9eed799d), - TOBN(0x0db8048f, 0x4107e28f), TOBN(0x74ed3871, 0x41216840), - TOBN(0x74489f8f, 0x56a3c06e), TOBN(0x1e1c005b, 0x12777134), - TOBN(0xdb332a73, 0xf37ec3c3), TOBN(0xc65259bd, 0xdd59eba0), - TOBN(0x2291709c, 0xdb4d3257), TOBN(0x9a793b25, 0xbd389390), - TOBN(0xf39fe34b, 0xe43756f0), TOBN(0x2f76bdce, 0x9afb56c9), - TOBN(0x9f37867a, 0x61208b27), TOBN(0xea1d4307, 0x089972c3), - TOBN(0x8c595330, 0x8bdf623a), TOBN(0x5f5accda, 0x8441fb7d), - TOBN(0xfafa9418, 0x32ddfd95), TOBN(0x6ad40c5a, 0x0fde9be7), - TOBN(0x43faba89, 0xaeca8709), TOBN(0xc64a7cf1, 0x2c248a9d), - TOBN(0x16620252, 0x72637a76), TOBN(0xaee1c791, 0x22b8d1bb), - TOBN(0xf0f798fd, 0x21a843b2), TOBN(0x56e4ed4d, 0x8d005cb1), - TOBN(0x355f7780, 0x1f0d8abe), TOBN(0x197b04cf, 0x34522326), - TOBN(0x41f9b31f, 0xfd42c13f), TOBN(0x5ef7feb2, 0xb40f933d), - TOBN(0x27326f42, 0x5d60bad4), TOBN(0x027ecdb2, 0x8c92cf89), - TOBN(0x04aae4d1, 0x4e3352fe), TOBN(0x08414d2f, 0x73591b90), - TOBN(0x5ed6124e, 0xb7da7d60), TOBN(0xb985b931, 0x4d13d4ec), - TOBN(0xa592d3ab, 0x96bf36f9), TOBN(0x012dbed5, 0xbbdf51df), - TOBN(0xa57963c0, 0xdf6c177d), TOBN(0x010ec869, 0x87ca29cf), - TOBN(0xba1700f6, 0xbf926dff), TOBN(0x7c9fdbd1, 0xf4bf6bc2), - TOBN(0xdc18dc8f, 0x64da11f5), TOBN(0xa6074b7a, 0xd938ae75), - TOBN(0x14270066, 0xe84f44a4), TOBN(0x99998d38, 0xd27b954e), - TOBN(0xc1be8ab2, 0xb4f38e9a), TOBN(0x8bb55bbf, 0x15c01016), - TOBN(0xf73472b4, 0x0ea2ab30), TOBN(0xd365a340, 0xf73d68dd), - TOBN(0xc01a7168, 0x19c2e1eb), TOBN(0x32f49e37, 0x34061719), - TOBN(0xb73c57f1, 0x01d8b4d6), TOBN(0x03c8423c, 0x26b47700), - TOBN(0x321d0bc8, 0xa4d8826a), TOBN(0x6004213c, 0x4bc0e638), - TOBN(0xf78c64a1, 0xc1c06681), TOBN(0x16e0a16f, 0xef018e50), - TOBN(0x31cbdf91, 0xdb42b2b3), TOBN(0xf8f4ffce, 0xe0d36f58), - TOBN(0xcdcc71cd, 0x4cc5e3e0), TOBN(0xd55c7cfa, 0xa129e3e0), - TOBN(0xccdb6ba0, 0x0fb2cbf1), TOBN(0x6aba0005, 0xc4bce3cb), - TOBN(0x501cdb30, 0xd232cfc4), TOBN(0x9ddcf12e, 0xd58a3cef), - TOBN(0x02d2cf9c, 0x87e09149), TOBN(0xdc5d7ec7, 0x2c976257), - TOBN(0x6447986e, 0x0b50d7dd), TOBN(0x88fdbaf7, 0x807f112a), - TOBN(0x58c9822a, 0xb00ae9f6), TOBN(0x6abfb950, 0x6d3d27e0), - TOBN(0xd0a74487, 0x8a429f4f), TOBN(0x0649712b, 0xdb516609), - TOBN(0xb826ba57, 0xe769b5df), TOBN(0x82335df2, 0x1fc7aaf2), - TOBN(0x2389f067, 0x5c93d995), TOBN(0x59ac367a, 0x68677be6), - TOBN(0xa77985ff, 0x21d9951b), TOBN(0x038956fb, 0x85011cce), - TOBN(0x608e48cb, 0xbb734e37), TOBN(0xc08c0bf2, 0x2be5b26f), - TOBN(0x17bbdd3b, 0xf9b1a0d9), TOBN(0xeac7d898, 0x10483319), - TOBN(0xc95c4baf, 0xbc1a6dea), TOBN(0xfdd0e2bf, 0x172aafdb), - TOBN(0x40373cbc, 0x8235c41a), TOBN(0x14303f21, 0xfb6f41d5), - TOBN(0xba063621, 0x0408f237), TOBN(0xcad3b09a, 0xecd2d1ed), - TOBN(0x4667855a, 0x52abb6a2), TOBN(0xba9157dc, 0xaa8b417b), - TOBN(0xfe7f3507, 0x4f013efb), TOBN(0x1b112c4b, 0xaa38c4a2), - TOBN(0xa1406a60, 0x9ba64345), TOBN(0xe53cba33, 0x6993c80b), - TOBN(0x45466063, 0xded40d23), TOBN(0x3d5f1f4d, 0x54908e25), - TOBN(0x9ebefe62, 0x403c3c31), TOBN(0x274ea0b5, 0x0672a624), - TOBN(0xff818d99, 0x451d1b71), TOBN(0x80e82643, 0x8f79cf79), - TOBN(0xa165df13, 0x73ce37f5), TOBN(0xa744ef4f, 0xfe3a21fd), - TOBN(0x73f1e7f5, 0xcf551396), TOBN(0xc616898e, 0x868c676b), - TOBN(0x671c28c7, 0x8c442c36), TOBN(0xcfe5e558, 0x5e0a317d), - TOBN(0x1242d818, 0x7051f476), TOBN(0x56fad2a6, 0x14f03442), - TOBN(0x262068bc, 0x0a44d0f6), TOBN(0xdfa2cd6e, 0xce6edf4e), - TOBN(0x0f43813a, 0xd15d1517), TOBN(0x61214cb2, 0x377d44f5), - TOBN(0xd399aa29, 0xc639b35f), TOBN(0x42136d71, 0x54c51c19), - TOBN(0x9774711b, 0x08417221), TOBN(0x0a5546b3, 0x52545a57), - TOBN(0x80624c41, 0x1150582d), TOBN(0x9ec5c418, 0xfbc555bc), - TOBN(0x2c87dcad, 0x771849f1), TOBN(0xb0c932c5, 0x01d7bf6f), - TOBN(0x6aa5cd3e, 0x89116eb2), TOBN(0xd378c25a, 0x51ca7bd3), - TOBN(0xc612a0da, 0x9e6e3e31), TOBN(0x0417a54d, 0xb68ad5d0), - TOBN(0x00451e4a, 0x22c6edb8), TOBN(0x9fbfe019, 0xb42827ce), - TOBN(0x2fa92505, 0xba9384a2), TOBN(0x21b8596e, 0x64ad69c1), - TOBN(0x8f4fcc49, 0x983b35a6), TOBN(0xde093760, 0x72754672), - TOBN(0x2f14ccc8, 0xf7bffe6d), TOBN(0x27566bff, 0x5d94263d), - TOBN(0xb5b4e9c6, 0x2df3ec30), TOBN(0x94f1d7d5, 0x3e6ea6ba), - TOBN(0x97b7851a, 0xaaca5e9b), TOBN(0x518aa521, 0x56713b97), - TOBN(0x3357e8c7, 0x150a61f6), TOBN(0x7842e7e2, 0xec2c2b69), - TOBN(0x8dffaf65, 0x6868a548), TOBN(0xd963bd82, 0xe068fc81), - TOBN(0x64da5c8b, 0x65917733), TOBN(0x927090ff, 0x7b247328)}, - {TOBN(0x214bc9a7, 0xd298c241), TOBN(0xe3b697ba, 0x56807cfd), - TOBN(0xef1c7802, 0x4564eadb), TOBN(0xdde8cdcf, 0xb48149c5), - TOBN(0x946bf0a7, 0x5a4d2604), TOBN(0x27154d7f, 0x6c1538af), - TOBN(0x95cc9230, 0xde5b1fcc), TOBN(0xd88519e9, 0x66864f82), - TOBN(0xb828dd1a, 0x7cb1282c), TOBN(0xa08d7626, 0xbe46973a), - TOBN(0x6baf8d40, 0xe708d6b2), TOBN(0x72571fa1, 0x4daeb3f3), - TOBN(0x85b1732f, 0xf22dfd98), TOBN(0x87ab01a7, 0x0087108d), - TOBN(0xaaaafea8, 0x5988207a), TOBN(0xccc832f8, 0x69f00755), - TOBN(0x964d950e, 0x36ff3bf0), TOBN(0x8ad20f6f, 0xf0b34638), - TOBN(0x4d9177b3, 0xb5d7585f), TOBN(0xcf839760, 0xef3f019f), - TOBN(0x582fc5b3, 0x8288c545), TOBN(0x2f8e4e9b, 0x13116bd1), - TOBN(0xf91e1b2f, 0x332120ef), TOBN(0xcf568724, 0x2a17dd23), - TOBN(0x488f1185, 0xca8d9d1a), TOBN(0xadf2c77d, 0xd987ded2), - TOBN(0x5f3039f0, 0x60c46124), TOBN(0xe5d70b75, 0x71e095f4), - TOBN(0x82d58650, 0x6260e70f), TOBN(0x39d75ea7, 0xf750d105), - TOBN(0x8cf3d0b1, 0x75bac364), TOBN(0xf3a7564d, 0x21d01329), - TOBN(0x182f04cd, 0x2f52d2a7), TOBN(0x4fde149a, 0xe2df565a), - TOBN(0xb80c5eec, 0xa79fb2f7), TOBN(0xab491d7b, 0x22ddc897), - TOBN(0x99d76c18, 0xc6312c7f), TOBN(0xca0d5f3d, 0x6aa41a57), - TOBN(0x71207325, 0xd15363a0), TOBN(0xe82aa265, 0xbeb252c2), - TOBN(0x94ab4700, 0xec3128c2), TOBN(0x6c76d862, 0x8e383f49), - TOBN(0xdc36b150, 0xc03024eb), TOBN(0xfb439477, 0x53daac69), - TOBN(0xfc68764a, 0x8dc79623), TOBN(0x5b86995d, 0xb440fbb2), - TOBN(0xd66879bf, 0xccc5ee0d), TOBN(0x05228942, 0x95aa8bd3), - TOBN(0xb51a40a5, 0x1e6a75c1), TOBN(0x24327c76, 0x0ea7d817), - TOBN(0x06630182, 0x07774597), TOBN(0xd6fdbec3, 0x97fa7164), - TOBN(0x20c99dfb, 0x13c90f48), TOBN(0xd6ac5273, 0x686ef263), - TOBN(0xc6a50bdc, 0xfef64eeb), TOBN(0xcd87b281, 0x86fdfc32), - TOBN(0xb24aa43e, 0x3fcd3efc), TOBN(0xdd26c034, 0xb8088e9a), - TOBN(0xa5ef4dc9, 0xbd3d46ea), TOBN(0xa2f99d58, 0x8a4c6a6f), - TOBN(0xddabd355, 0x2f1da46c), TOBN(0x72c3f8ce, 0x1afacdd1), - TOBN(0xd90c4eee, 0x92d40578), TOBN(0xd28bb41f, 0xca623b94), - TOBN(0x50fc0711, 0x745edc11), TOBN(0x9dd9ad7d, 0x3dc87558), - TOBN(0xce6931fb, 0xb49d1e64), TOBN(0x6c77a0a2, 0xc98bd0f9), - TOBN(0x62b9a629, 0x6baf7cb1), TOBN(0xcf065f91, 0xccf72d22), - TOBN(0x7203cce9, 0x79639071), TOBN(0x09ae4885, 0xf9cb732f), - TOBN(0x5e7c3bec, 0xee8314f3), TOBN(0x1c068aed, 0xdbea298f), - TOBN(0x08d381f1, 0x7c80acec), TOBN(0x03b56be8, 0xe330495b), - TOBN(0xaeffb8f2, 0x9222882d), TOBN(0x95ff38f6, 0xc4af8bf7), - TOBN(0x50e32d35, 0x1fc57d8c), TOBN(0x6635be52, 0x17b444f0), - TOBN(0x04d15276, 0xa5177900), TOBN(0x4e1dbb47, 0xf6858752), - TOBN(0x5b475622, 0xc615796c), TOBN(0xa6fa0387, 0x691867bf), - TOBN(0xed7f5d56, 0x2844c6d0), TOBN(0xc633cf9b, 0x03a2477d), - TOBN(0xf6be5c40, 0x2d3721d6), TOBN(0xaf312eb7, 0xe9fd68e6), - TOBN(0x242792d2, 0xe7417ce1), TOBN(0xff42bc71, 0x970ee7f5), - TOBN(0x1ff4dc6d, 0x5c67a41e), TOBN(0x77709b7b, 0x20882a58), - TOBN(0x3554731d, 0xbe217f2c), TOBN(0x2af2a8cd, 0x5bb72177), - TOBN(0x58eee769, 0x591dd059), TOBN(0xbb2930c9, 0x4bba6477), - TOBN(0x863ee047, 0x7d930cfc), TOBN(0x4c262ad1, 0x396fd1f4), - TOBN(0xf4765bc8, 0x039af7e1), TOBN(0x2519834b, 0x5ba104f6), - TOBN(0x7cd61b4c, 0xd105f961), TOBN(0xa5415da5, 0xd63bca54), - TOBN(0x778280a0, 0x88a1f17c), TOBN(0xc4968949, 0x2329512c), - TOBN(0x174a9126, 0xcecdaa7a), TOBN(0xfc8c7e0e, 0x0b13247b), - TOBN(0x29c110d2, 0x3484c1c4), TOBN(0xf8eb8757, 0x831dfc3b), - TOBN(0x022f0212, 0xc0067452), TOBN(0x3f6f69ee, 0x7b9b926c), - TOBN(0x09032da0, 0xef42daf4), TOBN(0x79f00ade, 0x83f80de4), - TOBN(0x6210db71, 0x81236c97), TOBN(0x74f7685b, 0x3ee0781f), - TOBN(0x4df7da7b, 0xa3e41372), TOBN(0x2aae38b1, 0xb1a1553e), - TOBN(0x1688e222, 0xf6dd9d1b), TOBN(0x57695448, 0x5b8b6487), - TOBN(0x478d2127, 0x4b2edeaa), TOBN(0xb2818fa5, 0x1e85956a), - TOBN(0x1e6addda, 0xf176f2c0), TOBN(0x01ca4604, 0xe2572658), - TOBN(0x0a404ded, 0x85342ffb), TOBN(0x8cf60f96, 0x441838d6), - TOBN(0x9bbc691c, 0xc9071c4a), TOBN(0xfd588744, 0x34442803), - TOBN(0x97101c85, 0x809c0d81), TOBN(0xa7fb754c, 0x8c456f7f), - TOBN(0xc95f3c5c, 0xd51805e1), TOBN(0xab4ccd39, 0xb299dca8), - TOBN(0x3e03d20b, 0x47eaf500), TOBN(0xfa3165c1, 0xd7b80893), - TOBN(0x005e8b54, 0xe160e552), TOBN(0xdc4972ba, 0x9019d11f), - TOBN(0x21a6972e, 0x0c9a4a7a), TOBN(0xa52c258f, 0x37840fd7), - TOBN(0xf8559ff4, 0xc1e99d81), TOBN(0x08e1a7d6, 0xa3c617c0), - TOBN(0xb398fd43, 0x248c6ba7), TOBN(0x6ffedd91, 0xd1283794), - TOBN(0x8a6a59d2, 0xd629d208), TOBN(0xa9d141d5, 0x3490530e), - TOBN(0x42f6fc18, 0x38505989), TOBN(0x09bf250d, 0x479d94ee), - TOBN(0x223ad3b1, 0xb3822790), TOBN(0x6c5926c0, 0x93b8971c), - TOBN(0x609efc7e, 0x75f7fa62), TOBN(0x45d66a6d, 0x1ec2d989), - TOBN(0x4422d663, 0x987d2792), TOBN(0x4a73caad, 0x3eb31d2b), - TOBN(0xf06c2ac1, 0xa32cb9e6), TOBN(0xd9445c5f, 0x91aeba84), - TOBN(0x6af7a1d5, 0xaf71013f), TOBN(0xe68216e5, 0x0bedc946), - TOBN(0xf4cba30b, 0xd27370a0), TOBN(0x7981afbf, 0x870421cc), - TOBN(0x02496a67, 0x9449f0e1), TOBN(0x86cfc4be, 0x0a47edae), - TOBN(0x3073c936, 0xb1feca22), TOBN(0xf5694612, 0x03f8f8fb), - TOBN(0xd063b723, 0x901515ea), TOBN(0x4c6c77a5, 0x749cf038), - TOBN(0x6361e360, 0xab9e5059), TOBN(0x596cf171, 0xa76a37c0), - TOBN(0x800f53fa, 0x6530ae7a), TOBN(0x0f5e631e, 0x0792a7a6), - TOBN(0x5cc29c24, 0xefdb81c9), TOBN(0xa269e868, 0x3f9c40ba), - TOBN(0xec14f9e1, 0x2cb7191e), TOBN(0x78ea1bd8, 0xe5b08ea6), - TOBN(0x3c65aa9b, 0x46332bb9), TOBN(0x84cc22b3, 0xbf80ce25), - TOBN(0x0098e9e9, 0xd49d5bf1), TOBN(0xcd4ec1c6, 0x19087da4), - TOBN(0x3c9d07c5, 0xaef6e357), TOBN(0x839a0268, 0x9f8f64b8), - TOBN(0xc5e9eb62, 0xc6d8607f), TOBN(0x759689f5, 0x6aa995e4), - TOBN(0x70464669, 0xbbb48317), TOBN(0x921474bf, 0xe402417d), - TOBN(0xcabe135b, 0x2a354c8c), TOBN(0xd51e52d2, 0x812fa4b5), - TOBN(0xec741096, 0x53311fe8), TOBN(0x4f774535, 0xb864514b), - TOBN(0xbcadd671, 0x5bde48f8), TOBN(0xc9703873, 0x2189bc7d), - TOBN(0x5d45299e, 0xc709ee8a), TOBN(0xd1287ee2, 0x845aaff8), - TOBN(0x7d1f8874, 0xdb1dbf1f), TOBN(0xea46588b, 0x990c88d6), - TOBN(0x60ba649a, 0x84368313), TOBN(0xd5fdcbce, 0x60d543ae), - TOBN(0x90b46d43, 0x810d5ab0), TOBN(0x6739d8f9, 0x04d7e5cc), - TOBN(0x021c1a58, 0x0d337c33), TOBN(0x00a61162, 0x68e67c40), - TOBN(0x95ef413b, 0x379f0a1f), TOBN(0xfe126605, 0xe9e2ab95), - TOBN(0x67578b85, 0x2f5f199c), TOBN(0xf5c00329, 0x2cb84913), - TOBN(0xf7956430, 0x37577dd8), TOBN(0x83b82af4, 0x29c5fe88), - TOBN(0x9c1bea26, 0xcdbdc132), TOBN(0x589fa086, 0x9c04339e), - TOBN(0x033e9538, 0xb13799df), TOBN(0x85fa8b21, 0xd295d034), - TOBN(0xdf17f73f, 0xbd9ddcca), TOBN(0xf32bd122, 0xddb66334), - TOBN(0x55ef88a7, 0x858b044c), TOBN(0x1f0d69c2, 0x5aa9e397), - TOBN(0x55fd9cc3, 0x40d85559), TOBN(0xc774df72, 0x7785ddb2), - TOBN(0x5dcce9f6, 0xd3bd2e1c), TOBN(0xeb30da20, 0xa85dfed0), - TOBN(0x5ed7f5bb, 0xd3ed09c4), TOBN(0x7d42a35c, 0x82a9c1bd), - TOBN(0xcf3de995, 0x9890272d), TOBN(0x75f3432a, 0x3e713a10), - TOBN(0x5e13479f, 0xe28227b8), TOBN(0xb8561ea9, 0xfefacdc8), - TOBN(0xa6a297a0, 0x8332aafd), TOBN(0x9b0d8bb5, 0x73809b62), - TOBN(0xd2fa1cfd, 0x0c63036f), TOBN(0x7a16eb55, 0xbd64bda8), - TOBN(0x3f5cf5f6, 0x78e62ddc), TOBN(0x2267c454, 0x07fd752b), - TOBN(0x5e361b6b, 0x5e437bbe), TOBN(0x95c59501, 0x8354e075), - TOBN(0xec725f85, 0xf2b254d9), TOBN(0x844b617d, 0x2cb52b4e), - TOBN(0xed8554f5, 0xcf425fb5), TOBN(0xab67703e, 0x2af9f312), - TOBN(0x4cc34ec1, 0x3cf48283), TOBN(0xb09daa25, 0x9c8a705e), - TOBN(0xd1e9d0d0, 0x5b7d4f84), TOBN(0x4df6ef64, 0xdb38929d), - TOBN(0xe16b0763, 0xaa21ba46), TOBN(0xc6b1d178, 0xa293f8fb), - TOBN(0x0ff5b602, 0xd520aabf), TOBN(0x94d671bd, 0xc339397a), - TOBN(0x7c7d98cf, 0x4f5792fa), TOBN(0x7c5e0d67, 0x11215261), - TOBN(0x9b19a631, 0xa7c5a6d4), TOBN(0xc8511a62, 0x7a45274d), - TOBN(0x0c16621c, 0xa5a60d99), TOBN(0xf7fbab88, 0xcf5e48cb), - TOBN(0xab1e6ca2, 0xf7ddee08), TOBN(0x83bd08ce, 0xe7867f3c), - TOBN(0xf7e48e8a, 0x2ac13e27), TOBN(0x4494f6df, 0x4eb1a9f5), - TOBN(0xedbf84eb, 0x981f0a62), TOBN(0x49badc32, 0x536438f0), - TOBN(0x50bea541, 0x004f7571), TOBN(0xbac67d10, 0xdf1c94ee), - TOBN(0x253d73a1, 0xb727bc31), TOBN(0xb3d01cf2, 0x30686e28), - TOBN(0x51b77b1b, 0x55fd0b8b), TOBN(0xa099d183, 0xfeec3173), - TOBN(0x202b1fb7, 0x670e72b7), TOBN(0xadc88b33, 0xa8e1635f), - TOBN(0x34e8216a, 0xf989d905), TOBN(0xc2e68d20, 0x29b58d01), - TOBN(0x11f81c92, 0x6fe55a93), TOBN(0x15f1462a, 0x8f296f40), - TOBN(0x1915d375, 0xea3d62f2), TOBN(0xa17765a3, 0x01c8977d), - TOBN(0x7559710a, 0xe47b26f6), TOBN(0xe0bd29c8, 0x535077a5), - TOBN(0x615f976d, 0x08d84858), TOBN(0x370dfe85, 0x69ced5c1), - TOBN(0xbbc7503c, 0xa734fa56), TOBN(0xfbb9f1ec, 0x91ac4574), - TOBN(0x95d7ec53, 0x060dd7ef), TOBN(0xeef2dacd, 0x6e657979), - TOBN(0x54511af3, 0xe2a08235), TOBN(0x1e324aa4, 0x1f4aea3d), - TOBN(0x550e7e71, 0xe6e67671), TOBN(0xbccd5190, 0xbf52faf7), - TOBN(0xf880d316, 0x223cc62a), TOBN(0x0d402c7e, 0x2b32eb5d), - TOBN(0xa40bc039, 0x306a5a3b), TOBN(0x4e0a41fd, 0x96783a1b), - TOBN(0xa1e8d39a, 0x0253cdd4), TOBN(0x6480be26, 0xc7388638), - TOBN(0xee365e1d, 0x2285f382), TOBN(0x188d8d8f, 0xec0b5c36), - TOBN(0x34ef1a48, 0x1f0f4d82), TOBN(0x1a8f43e1, 0xa487d29a), - TOBN(0x8168226d, 0x77aefb3a), TOBN(0xf69a751e, 0x1e72c253), - TOBN(0x8e04359a, 0xe9594df1), TOBN(0x475ffd7d, 0xd14c0467), - TOBN(0xb5a2c2b1, 0x3844e95c), TOBN(0x85caf647, 0xdd12ef94), - TOBN(0x1ecd2a9f, 0xf1063d00), TOBN(0x1dd2e229, 0x23843311), - TOBN(0x38f0e09d, 0x73d17244), TOBN(0x3ede7746, 0x8fc653f1), - TOBN(0xae4459f5, 0xdc20e21c), TOBN(0x00db2ffa, 0x6a8599ea), - TOBN(0x11682c39, 0x30cfd905), TOBN(0x4934d074, 0xa5c112a6), - TOBN(0xbdf063c5, 0x568bfe95), TOBN(0x779a440a, 0x016c441a), - TOBN(0x0c23f218, 0x97d6fbdc), TOBN(0xd3a5cd87, 0xe0776aac), - TOBN(0xcee37f72, 0xd712e8db), TOBN(0xfb28c70d, 0x26f74e8d), - TOBN(0xffe0c728, 0xb61301a0), TOBN(0xa6282168, 0xd3724354), - TOBN(0x7ff4cb00, 0x768ffedc), TOBN(0xc51b3088, 0x03b02de9), - TOBN(0xa5a8147c, 0x3902dda5), TOBN(0x35d2f706, 0xfe6973b4), - TOBN(0x5ac2efcf, 0xc257457e), TOBN(0x933f48d4, 0x8700611b), - TOBN(0xc365af88, 0x4912beb2), TOBN(0x7f5a4de6, 0x162edf94), - TOBN(0xc646ba7c, 0x0c32f34b), TOBN(0x632c6af3, 0xb2091074), - TOBN(0x58d4f2e3, 0x753e43a9), TOBN(0x70e1d217, 0x24d4e23f), - TOBN(0xb24bf729, 0xafede6a6), TOBN(0x7f4a94d8, 0x710c8b60), - TOBN(0xaad90a96, 0x8d4faa6a), TOBN(0xd9ed0b32, 0xb066b690), - TOBN(0x52fcd37b, 0x78b6dbfd), TOBN(0x0b64615e, 0x8bd2b431), - TOBN(0x228e2048, 0xcfb9fad5), TOBN(0xbeaa386d, 0x240b76bd), - TOBN(0x2d6681c8, 0x90dad7bc), TOBN(0x3e553fc3, 0x06d38f5e), - TOBN(0xf27cdb9b, 0x9d5f9750), TOBN(0x3e85c52a, 0xd28c5b0e), - TOBN(0x190795af, 0x5247c39b), TOBN(0x547831eb, 0xbddd6828), - TOBN(0xf327a227, 0x4a82f424), TOBN(0x36919c78, 0x7e47f89d), - TOBN(0xe4783919, 0x43c7392c), TOBN(0xf101b9aa, 0x2316fefe), - TOBN(0xbcdc9e9c, 0x1c5009d2), TOBN(0xfb55ea13, 0x9cd18345), - TOBN(0xf5b5e231, 0xa3ce77c7), TOBN(0xde6b4527, 0xd2f2cb3d), - TOBN(0x10f6a333, 0x9bb26f5f), TOBN(0x1e85db8e, 0x044d85b6), - TOBN(0xc3697a08, 0x94197e54), TOBN(0x65e18cc0, 0xa7cb4ea8), - TOBN(0xa38c4f50, 0xa471fe6e), TOBN(0xf031747a, 0x2f13439c), - TOBN(0x53c4a6ba, 0xc007318b), TOBN(0xa8da3ee5, 0x1deccb3d), - TOBN(0x0555b31c, 0x558216b1), TOBN(0x90c7810c, 0x2f79e6c2), - TOBN(0x9b669f4d, 0xfe8eed3c), TOBN(0x70398ec8, 0xe0fac126), - TOBN(0xa96a449e, 0xf701b235), TOBN(0x0ceecdb3, 0xeb94f395), - TOBN(0x285fc368, 0xd0cb7431), TOBN(0x0d37bb52, 0x16a18c64), - TOBN(0x05110d38, 0xb880d2dd), TOBN(0xa60f177b, 0x65930d57), - TOBN(0x7da34a67, 0xf36235f5), TOBN(0x47f5e17c, 0x183816b9), - TOBN(0xc7664b57, 0xdb394af4), TOBN(0x39ba215d, 0x7036f789), - TOBN(0x46d2ca0e, 0x2f27b472), TOBN(0xc42647ee, 0xf73a84b7), - TOBN(0x44bc7545, 0x64488f1d), TOBN(0xaa922708, 0xf4cf85d5), - TOBN(0x721a01d5, 0x53e4df63), TOBN(0x649c0c51, 0x5db46ced), - TOBN(0x6bf0d64e, 0x3cffcb6c), TOBN(0xe3bf93fe, 0x50f71d96), - TOBN(0x75044558, 0xbcc194a0), TOBN(0x16ae3372, 0x6afdc554), - TOBN(0xbfc01adf, 0x5ca48f3f), TOBN(0x64352f06, 0xe22a9b84), - TOBN(0xcee54da1, 0xc1099e4a), TOBN(0xbbda54e8, 0xfa1b89c0), - TOBN(0x166a3df5, 0x6f6e55fb), TOBN(0x1ca44a24, 0x20176f88), - TOBN(0x936afd88, 0xdfb7b5ff), TOBN(0xe34c2437, 0x8611d4a0), - TOBN(0x7effbb75, 0x86142103), TOBN(0x6704ba1b, 0x1f34fc4d), - TOBN(0x7c2a468f, 0x10c1b122), TOBN(0x36b3a610, 0x8c6aace9), - TOBN(0xabfcc0a7, 0x75a0d050), TOBN(0x066f9197, 0x3ce33e32), - TOBN(0xce905ef4, 0x29fe09be), TOBN(0x89ee25ba, 0xa8376351), - TOBN(0x2a3ede22, 0xfd29dc76), TOBN(0x7fd32ed9, 0x36f17260), - TOBN(0x0cadcf68, 0x284b4126), TOBN(0x63422f08, 0xa7951fc8), - TOBN(0x562b24f4, 0x0807e199), TOBN(0xfe9ce5d1, 0x22ad4490), - TOBN(0xc2f51b10, 0x0db2b1b4), TOBN(0xeb3613ff, 0xe4541d0d), - TOBN(0xbd2c4a05, 0x2680813b), TOBN(0x527aa55d, 0x561b08d6), - TOBN(0xa9f8a40e, 0xa7205558), TOBN(0xe3eea56f, 0x243d0bec), - TOBN(0x7b853817, 0xa0ff58b3), TOBN(0xb67d3f65, 0x1a69e627), - TOBN(0x0b76bbb9, 0xa869b5d6), TOBN(0xa3afeb82, 0x546723ed), - TOBN(0x5f24416d, 0x3e554892), TOBN(0x8413b53d, 0x430e2a45), - TOBN(0x99c56aee, 0x9032a2a0), TOBN(0x09432bf6, 0xeec367b1), - TOBN(0x552850c6, 0xdaf0ecc1), TOBN(0x49ebce55, 0x5bc92048), - TOBN(0xdfb66ba6, 0x54811307), TOBN(0x1b84f797, 0x6f298597), - TOBN(0x79590481, 0x8d1d7a0d), TOBN(0xd9fabe03, 0x3a6fa556), - TOBN(0xa40f9c59, 0xba9e5d35), TOBN(0xcb1771c1, 0xf6247577), - TOBN(0x542a47ca, 0xe9a6312b), TOBN(0xa34b3560, 0x552dd8c5), - TOBN(0xfdf94de0, 0x0d794716), TOBN(0xd46124a9, 0x9c623094), - TOBN(0x56b7435d, 0x68afe8b4), TOBN(0x27f20540, 0x6c0d8ea1), - TOBN(0x12b77e14, 0x73186898), TOBN(0xdbc3dd46, 0x7479490f), - TOBN(0x951a9842, 0xc03b0c05), TOBN(0x8b1b3bb3, 0x7921bc96), - TOBN(0xa573b346, 0x2b202e0a), TOBN(0x77e4665d, 0x47254d56), - TOBN(0x08b70dfc, 0xd23e3984), TOBN(0xab86e8bc, 0xebd14236), - TOBN(0xaa3e07f8, 0x57114ba7), TOBN(0x5ac71689, 0xab0ef4f2), - TOBN(0x88fca384, 0x0139d9af), TOBN(0x72733f88, 0x76644af0), - TOBN(0xf122f72a, 0x65d74f4a), TOBN(0x13931577, 0xa5626c7a), - TOBN(0xd5b5d9eb, 0x70f8d5a4), TOBN(0x375adde7, 0xd7bbb228), - TOBN(0x31e88b86, 0x0c1c0b32), TOBN(0xd1f568c4, 0x173edbaa), - TOBN(0x1592fc83, 0x5459df02), TOBN(0x2beac0fb, 0x0fcd9a7e), - TOBN(0xb0a6fdb8, 0x1b473b0a), TOBN(0xe3224c6f, 0x0fe8fc48), - TOBN(0x680bd00e, 0xe87edf5b), TOBN(0x30385f02, 0x20e77cf5), - TOBN(0xe9ab98c0, 0x4d42d1b2), TOBN(0x72d191d2, 0xd3816d77), - TOBN(0x1564daca, 0x0917d9e5), TOBN(0x394eab59, 0x1f8fed7f), - TOBN(0xa209aa8d, 0x7fbb3896), TOBN(0x5564f3b9, 0xbe6ac98e), - TOBN(0xead21d05, 0xd73654ef), TOBN(0x68d1a9c4, 0x13d78d74), - TOBN(0x61e01708, 0x6d4973a0), TOBN(0x83da3500, 0x46e6d32a), - TOBN(0x6a3dfca4, 0x68ae0118), TOBN(0xa1b9a4c9, 0xd02da069), - TOBN(0x0b2ff9c7, 0xebab8302), TOBN(0x98af07c3, 0x944ba436), - TOBN(0x85997326, 0x995f0f9f), TOBN(0x467fade0, 0x71b58bc6), - TOBN(0x47e4495a, 0xbd625a2b), TOBN(0xfdd2d01d, 0x33c3b8cd), - TOBN(0x2c38ae28, 0xc693f9fa), TOBN(0x48622329, 0x348f7999), - TOBN(0x97bf738e, 0x2161f583), TOBN(0x15ee2fa7, 0x565e8cc9), - TOBN(0xa1a5c845, 0x5777e189), TOBN(0xcc10bee0, 0x456f2829), - TOBN(0x8ad95c56, 0xda762bd5), TOBN(0x152e2214, 0xe9d91da8), - TOBN(0x975b0e72, 0x7cb23c74), TOBN(0xfd5d7670, 0xa90c66df), - TOBN(0xb5b5b8ad, 0x225ffc53), TOBN(0xab6dff73, 0xfaded2ae), - TOBN(0xebd56781, 0x6f4cbe9d), TOBN(0x0ed8b249, 0x6a574bd7), - TOBN(0x41c246fe, 0x81a881fa), TOBN(0x91564805, 0xc3db9c70), - TOBN(0xd7c12b08, 0x5b862809), TOBN(0x1facd1f1, 0x55858d7b), - TOBN(0x7693747c, 0xaf09e92a), TOBN(0x3b69dcba, 0x189a425f), - TOBN(0x0be28e9f, 0x967365ef), TOBN(0x57300eb2, 0xe801f5c9), - TOBN(0x93b8ac6a, 0xd583352f), TOBN(0xa2cf1f89, 0xcd05b2b7), - TOBN(0x7c0c9b74, 0x4dcc40cc), TOBN(0xfee38c45, 0xada523fb), - TOBN(0xb49a4dec, 0x1099cc4d), TOBN(0x325c377f, 0x69f069c6), - TOBN(0xe12458ce, 0x476cc9ff), TOBN(0x580e0b6c, 0xc6d4cb63), - TOBN(0xd561c8b7, 0x9072289b), TOBN(0x0377f264, 0xa619e6da), - TOBN(0x26685362, 0x88e591a5), TOBN(0xa453a7bd, 0x7523ca2b), - TOBN(0x8a9536d2, 0xc1df4533), TOBN(0xc8e50f2f, 0xbe972f79), - TOBN(0xd433e50f, 0x6d3549cf), TOBN(0x6f33696f, 0xfacd665e), - TOBN(0x695bfdac, 0xce11fcb4), TOBN(0x810ee252, 0xaf7c9860), - TOBN(0x65450fe1, 0x7159bb2c), TOBN(0xf7dfbebe, 0x758b357b), - TOBN(0x2b057e74, 0xd69fea72), TOBN(0xd485717a, 0x92731745)}, - {TOBN(0x896c42e8, 0xee36860c), TOBN(0xdaf04dfd, 0x4113c22d), - TOBN(0x1adbb7b7, 0x44104213), TOBN(0xe5fd5fa1, 0x1fd394ea), - TOBN(0x68235d94, 0x1a4e0551), TOBN(0x6772cfbe, 0x18d10151), - TOBN(0x276071e3, 0x09984523), TOBN(0xe4e879de, 0x5a56ba98), - TOBN(0xaaafafb0, 0x285b9491), TOBN(0x01a0be88, 0x1e4c705e), - TOBN(0xff1d4f5d, 0x2ad9caab), TOBN(0x6e349a4a, 0xc37a233f), - TOBN(0xcf1c1246, 0x4a1c6a16), TOBN(0xd99e6b66, 0x29383260), - TOBN(0xea3d4366, 0x5f6d5471), TOBN(0x36974d04, 0xff8cc89b), - TOBN(0xc26c49a1, 0xcfe89d80), TOBN(0xb42c026d, 0xda9c8371), - TOBN(0xca6c013a, 0xdad066d2), TOBN(0xfb8f7228, 0x56a4f3ee), - TOBN(0x08b579ec, 0xd850935b), TOBN(0x34c1a74c, 0xd631e1b3), - TOBN(0xcb5fe596, 0xac198534), TOBN(0x39ff21f6, 0xe1f24f25), - TOBN(0x27f29e14, 0x8f929057), TOBN(0x7a64ae06, 0xc0c853df), - TOBN(0x256cd183, 0x58e9c5ce), TOBN(0x9d9cce82, 0xded092a5), - TOBN(0xcc6e5979, 0x6e93b7c7), TOBN(0xe1e47092, 0x31bb9e27), - TOBN(0xb70b3083, 0xaa9e29a0), TOBN(0xbf181a75, 0x3785e644), - TOBN(0xf53f2c65, 0x8ead09f7), TOBN(0x1335e1d5, 0x9780d14d), - TOBN(0x69cc20e0, 0xcd1b66bc), TOBN(0x9b670a37, 0xbbe0bfc8), - TOBN(0xce53dc81, 0x28efbeed), TOBN(0x0c74e77c, 0x8326a6e5), - TOBN(0x3604e0d2, 0xb88e9a63), TOBN(0xbab38fca, 0x13dc2248), - TOBN(0x8ed6e8c8, 0x5c0a3f1e), TOBN(0xbcad2492, 0x7c87c37f), - TOBN(0xfdfb62bb, 0x9ee3b78d), TOBN(0xeba8e477, 0xcbceba46), - TOBN(0x37d38cb0, 0xeeaede4b), TOBN(0x0bc498e8, 0x7976deb6), - TOBN(0xb2944c04, 0x6b6147fb), TOBN(0x8b123f35, 0xf71f9609), - TOBN(0xa155dcc7, 0xde79dc24), TOBN(0xf1168a32, 0x558f69cd), - TOBN(0xbac21595, 0x0d1850df), TOBN(0x15c8295b, 0xb204c848), - TOBN(0xf661aa36, 0x7d8184ff), TOBN(0xc396228e, 0x30447bdb), - TOBN(0x11cd5143, 0xbde4a59e), TOBN(0xe3a26e3b, 0x6beab5e6), - TOBN(0xd3b3a13f, 0x1402b9d0), TOBN(0x573441c3, 0x2c7bc863), - TOBN(0x4b301ec4, 0x578c3e6e), TOBN(0xc26fc9c4, 0x0adaf57e), - TOBN(0x96e71bfd, 0x7493cea3), TOBN(0xd05d4b3f, 0x1af81456), - TOBN(0xdaca2a8a, 0x6a8c608f), TOBN(0x53ef07f6, 0x0725b276), - TOBN(0x07a5fbd2, 0x7824fc56), TOBN(0x34675218, 0x13289077), - TOBN(0x5bf69fd5, 0xe0c48349), TOBN(0xa613ddd3, 0xb6aa7875), - TOBN(0x7f78c19c, 0x5450d866), TOBN(0x46f4409c, 0x8f84a481), - TOBN(0x9f1d1928, 0x90fce239), TOBN(0x016c4168, 0xb2ce44b9), - TOBN(0xbae023f0, 0xc7435978), TOBN(0xb152c888, 0x20e30e19), - TOBN(0x9c241645, 0xe3fa6faf), TOBN(0x735d95c1, 0x84823e60), - TOBN(0x03197573, 0x03955317), TOBN(0x0b4b02a9, 0xf03b4995), - TOBN(0x076bf559, 0x70274600), TOBN(0x32c5cc53, 0xaaf57508), - TOBN(0xe8af6d1f, 0x60624129), TOBN(0xb7bc5d64, 0x9a5e2b5e), - TOBN(0x3814b048, 0x5f082d72), TOBN(0x76f267f2, 0xce19677a), - TOBN(0x626c630f, 0xb36eed93), TOBN(0x55230cd7, 0x3bf56803), - TOBN(0x78837949, 0xce2736a0), TOBN(0x0d792d60, 0xaa6c55f1), - TOBN(0x0318dbfd, 0xd5c7c5d2), TOBN(0xb38f8da7, 0x072b342d), - TOBN(0x3569bddc, 0x7b8de38a), TOBN(0xf25b5887, 0xa1c94842), - TOBN(0xb2d5b284, 0x2946ad60), TOBN(0x854f29ad, 0xe9d1707e), - TOBN(0xaa5159dc, 0x2c6a4509), TOBN(0x899f94c0, 0x57189837), - TOBN(0xcf6adc51, 0xf4a55b03), TOBN(0x261762de, 0x35e3b2d5), - TOBN(0x4cc43012, 0x04827b51), TOBN(0xcd22a113, 0xc6021442), - TOBN(0xce2fd61a, 0x247c9569), TOBN(0x59a50973, 0xd152beca), - TOBN(0x6c835a11, 0x63a716d4), TOBN(0xc26455ed, 0x187dedcf), - TOBN(0x27f536e0, 0x49ce89e7), TOBN(0x18908539, 0xcc890cb5), - TOBN(0x308909ab, 0xd83c2aa1), TOBN(0xecd3142b, 0x1ab73bd3), - TOBN(0x6a85bf59, 0xb3f5ab84), TOBN(0x3c320a68, 0xf2bea4c6), - TOBN(0xad8dc538, 0x6da4541f), TOBN(0xeaf34eb0, 0xb7c41186), - TOBN(0x1c780129, 0x977c97c4), TOBN(0x5ff9beeb, 0xc57eb9fa), - TOBN(0xa24d0524, 0xc822c478), TOBN(0xfd8eec2a, 0x461cd415), - TOBN(0xfbde194e, 0xf027458c), TOBN(0xb4ff5319, 0x1d1be115), - TOBN(0x63f874d9, 0x4866d6f4), TOBN(0x35c75015, 0xb21ad0c9), - TOBN(0xa6b5c9d6, 0x46ac49d2), TOBN(0x42c77c0b, 0x83137aa9), - TOBN(0x24d000fc, 0x68225a38), TOBN(0x0f63cfc8, 0x2fe1e907), - TOBN(0x22d1b01b, 0xc6441f95), TOBN(0x7d38f719, 0xec8e448f), - TOBN(0x9b33fa5f, 0x787fb1ba), TOBN(0x94dcfda1, 0x190158df), - TOBN(0xc47cb339, 0x5f6d4a09), TOBN(0x6b4f355c, 0xee52b826), - TOBN(0x3d100f5d, 0xf51b930a), TOBN(0xf4512fac, 0x9f668f69), - TOBN(0x546781d5, 0x206c4c74), TOBN(0xd021d4d4, 0xcb4d2e48), - TOBN(0x494a54c2, 0xca085c2d), TOBN(0xf1dbaca4, 0x520850a8), - TOBN(0x63c79326, 0x490a1aca), TOBN(0xcb64dd9c, 0x41526b02), - TOBN(0xbb772591, 0xa2979258), TOBN(0x3f582970, 0x48d97846), - TOBN(0xd66b70d1, 0x7c213ba7), TOBN(0xc28febb5, 0xe8a0ced4), - TOBN(0x6b911831, 0xc10338c1), TOBN(0x0d54e389, 0xbf0126f3), - TOBN(0x7048d460, 0x4af206ee), TOBN(0x786c88f6, 0x77e97cb9), - TOBN(0xd4375ae1, 0xac64802e), TOBN(0x469bcfe1, 0xd53ec11c), - TOBN(0xfc9b340d, 0x47062230), TOBN(0xe743bb57, 0xc5b4a3ac), - TOBN(0xfe00b4aa, 0x59ef45ac), TOBN(0x29a4ef23, 0x59edf188), - TOBN(0x40242efe, 0xb483689b), TOBN(0x2575d3f6, 0x513ac262), - TOBN(0xf30037c8, 0x0ca6db72), TOBN(0xc9fcce82, 0x98864be2), - TOBN(0x84a112ff, 0x0149362d), TOBN(0x95e57582, 0x1c4ae971), - TOBN(0x1fa4b1a8, 0x945cf86c), TOBN(0x4525a734, 0x0b024a2f), - TOBN(0xe76c8b62, 0x8f338360), TOBN(0x483ff593, 0x28edf32b), - TOBN(0x67e8e90a, 0x298b1aec), TOBN(0x9caab338, 0x736d9a21), - TOBN(0x5c09d2fd, 0x66892709), TOBN(0x2496b4dc, 0xb55a1d41), - TOBN(0x93f5fb1a, 0xe24a4394), TOBN(0x08c75049, 0x6fa8f6c1), - TOBN(0xcaead1c2, 0xc905d85f), TOBN(0xe9d7f790, 0x0733ae57), - TOBN(0x24c9a65c, 0xf07cdd94), TOBN(0x7389359c, 0xa4b55931), - TOBN(0xf58709b7, 0x367e45f7), TOBN(0x1f203067, 0xcb7e7adc), - TOBN(0x82444bff, 0xc7b72818), TOBN(0x07303b35, 0xbaac8033), - TOBN(0x1e1ee4e4, 0xd13b7ea1), TOBN(0xe6489b24, 0xe0e74180), - TOBN(0xa5f2c610, 0x7e70ef70), TOBN(0xa1655412, 0xbdd10894), - TOBN(0x555ebefb, 0x7af4194e), TOBN(0x533c1c3c, 0x8e89bd9c), - TOBN(0x735b9b57, 0x89895856), TOBN(0x15fb3cd2, 0x567f5c15), - TOBN(0x057fed45, 0x526f09fd), TOBN(0xe8a4f10c, 0x8128240a), - TOBN(0x9332efc4, 0xff2bfd8d), TOBN(0x214e77a0, 0xbd35aa31), - TOBN(0x32896d73, 0x14faa40e), TOBN(0x767867ec, 0x01e5f186), - TOBN(0xc9adf8f1, 0x17a1813e), TOBN(0xcb6cda78, 0x54741795), - TOBN(0xb7521b6d, 0x349d51aa), TOBN(0xf56b5a9e, 0xe3c7b8e9), - TOBN(0xc6f1e5c9, 0x32a096df), TOBN(0x083667c4, 0xa3635024), - TOBN(0x365ea135, 0x18087f2f), TOBN(0xf1b8eaac, 0xd136e45d), - TOBN(0xc8a0e484, 0x73aec989), TOBN(0xd75a324b, 0x142c9259), - TOBN(0xb7b4d001, 0x01dae185), TOBN(0x45434e0b, 0x9b7a94bc), - TOBN(0xf54339af, 0xfbd8cb0b), TOBN(0xdcc4569e, 0xe98ef49e), - TOBN(0x7789318a, 0x09a51299), TOBN(0x81b4d206, 0xb2b025d8), - TOBN(0xf64aa418, 0xfae85792), TOBN(0x3e50258f, 0xacd7baf7), - TOBN(0xdce84cdb, 0x2996864b), TOBN(0xa2e67089, 0x1f485fa4), - TOBN(0xb28b2bb6, 0x534c6a5a), TOBN(0x31a7ec6b, 0xc94b9d39), - TOBN(0x1d217766, 0xd6bc20da), TOBN(0x4acdb5ec, 0x86761190), - TOBN(0x68726328, 0x73701063), TOBN(0x4d24ee7c, 0x2128c29b), - TOBN(0xc072ebd3, 0xa19fd868), TOBN(0x612e481c, 0xdb8ddd3b), - TOBN(0xb4e1d754, 0x1a64d852), TOBN(0x00ef95ac, 0xc4c6c4ab), - TOBN(0x1536d2ed, 0xaa0a6c46), TOBN(0x61294086, 0x43774790), - TOBN(0x54af25e8, 0x343fda10), TOBN(0x9ff9d98d, 0xfd25d6f2), - TOBN(0x0746af7c, 0x468b8835), TOBN(0x977a31cb, 0x730ecea7), - TOBN(0xa5096b80, 0xc2cf4a81), TOBN(0xaa986833, 0x6458c37a), - TOBN(0x6af29bf3, 0xa6bd9d34), TOBN(0x6a62fe9b, 0x33c5d854), - TOBN(0x50e6c304, 0xb7133b5e), TOBN(0x04b60159, 0x7d6e6848), - TOBN(0x4cd296df, 0x5579bea4), TOBN(0x10e35ac8, 0x5ceedaf1), - TOBN(0x04c4c5fd, 0xe3bcc5b1), TOBN(0x95f9ee8a, 0x89412cf9), - TOBN(0x2c9459ee, 0x82b6eb0f), TOBN(0x2e845765, 0x95c2aadd), - TOBN(0x774a84ae, 0xd327fcfe), TOBN(0xd8c93722, 0x0368d476), - TOBN(0x0dbd5748, 0xf83e8a3b), TOBN(0xa579aa96, 0x8d2495f3), - TOBN(0x535996a0, 0xae496e9b), TOBN(0x07afbfe9, 0xb7f9bcc2), - TOBN(0x3ac1dc6d, 0x5b7bd293), TOBN(0x3b592cff, 0x7022323d), - TOBN(0xba0deb98, 0x9c0a3e76), TOBN(0x18e78e9f, 0x4b197acb), - TOBN(0x211cde10, 0x296c36ef), TOBN(0x7ee89672, 0x82c4da77), - TOBN(0xb617d270, 0xa57836da), TOBN(0xf0cd9c31, 0x9cb7560b), - TOBN(0x01fdcbf7, 0xe455fe90), TOBN(0x3fb53cbb, 0x7e7334f3), - TOBN(0x781e2ea4, 0x4e7de4ec), TOBN(0x8adab3ad, 0x0b384fd0), - TOBN(0x129eee2f, 0x53d64829), TOBN(0x7a471e17, 0xa261492b), - TOBN(0xe4f9adb9, 0xe4cb4a2c), TOBN(0x3d359f6f, 0x97ba2c2d), - TOBN(0x346c6786, 0x0aacd697), TOBN(0x92b444c3, 0x75c2f8a8), - TOBN(0xc79fa117, 0xd85df44e), TOBN(0x56782372, 0x398ddf31), - TOBN(0x60e690f2, 0xbbbab3b8), TOBN(0x4851f8ae, 0x8b04816b), - TOBN(0xc72046ab, 0x9c92e4d2), TOBN(0x518c74a1, 0x7cf3136b), - TOBN(0xff4eb50a, 0xf9877d4c), TOBN(0x14578d90, 0xa919cabb), - TOBN(0x8218f8c4, 0xac5eb2b6), TOBN(0xa3ccc547, 0x542016e4), - TOBN(0x025bf48e, 0x327f8349), TOBN(0xf3e97346, 0xf43cb641), - TOBN(0xdc2bafdf, 0x500f1085), TOBN(0x57167876, 0x2f063055), - TOBN(0x5bd914b9, 0x411925a6), TOBN(0x7c078d48, 0xa1123de5), - TOBN(0xee6bf835, 0x182b165d), TOBN(0xb11b5e5b, 0xba519727), - TOBN(0xe33ea76c, 0x1eea7b85), TOBN(0x2352b461, 0x92d4f85e), - TOBN(0xf101d334, 0xafe115bb), TOBN(0xfabc1294, 0x889175a3), - TOBN(0x7f6bcdc0, 0x5233f925), TOBN(0xe0a802db, 0xe77fec55), - TOBN(0xbdb47b75, 0x8069b659), TOBN(0x1c5e12de, 0xf98fbd74), - TOBN(0x869c58c6, 0x4b8457ee), TOBN(0xa5360f69, 0x4f7ea9f7), - TOBN(0xe576c09f, 0xf460b38f), TOBN(0x6b70d548, 0x22b7fb36), - TOBN(0x3fd237f1, 0x3bfae315), TOBN(0x33797852, 0xcbdff369), - TOBN(0x97df25f5, 0x25b516f9), TOBN(0x46f388f2, 0xba38ad2d), - TOBN(0x656c4658, 0x89d8ddbb), TOBN(0x8830b26e, 0x70f38ee8), - TOBN(0x4320fd5c, 0xde1212b0), TOBN(0xc34f30cf, 0xe4a2edb2), - TOBN(0xabb131a3, 0x56ab64b8), TOBN(0x7f77f0cc, 0xd99c5d26), - TOBN(0x66856a37, 0xbf981d94), TOBN(0x19e76d09, 0x738bd76e), - TOBN(0xe76c8ac3, 0x96238f39), TOBN(0xc0a482be, 0xa830b366), - TOBN(0xb7b8eaff, 0x0b4eb499), TOBN(0x8ecd83bc, 0x4bfb4865), - TOBN(0x971b2cb7, 0xa2f3776f), TOBN(0xb42176a4, 0xf4b88adf), - TOBN(0xb9617df5, 0xbe1fa446), TOBN(0x8b32d508, 0xcd031bd2), - TOBN(0x1c6bd47d, 0x53b618c0), TOBN(0xc424f46c, 0x6a227923), - TOBN(0x7303ffde, 0xdd92d964), TOBN(0xe9712878, 0x71b5abf2), - TOBN(0x8f48a632, 0xf815561d), TOBN(0x85f48ff5, 0xd3c055d1), - TOBN(0x222a1427, 0x7525684f), TOBN(0xd0d841a0, 0x67360cc3), - TOBN(0x4245a926, 0x0b9267c6), TOBN(0xc78913f1, 0xcf07f863), - TOBN(0xaa844c8e, 0x4d0d9e24), TOBN(0xa42ad522, 0x3d5f9017), - TOBN(0xbd371749, 0xa2c989d5), TOBN(0x928292df, 0xe1f5e78e), - TOBN(0x493b383e, 0x0a1ea6da), TOBN(0x5136fd8d, 0x13aee529), - TOBN(0x860c44b1, 0xf2c34a99), TOBN(0x3b00aca4, 0xbf5855ac), - TOBN(0xabf6aaa0, 0xfaaf37be), TOBN(0x65f43682, 0x2a53ec08), - TOBN(0x1d9a5801, 0xa11b12e1), TOBN(0x78a7ab2c, 0xe20ed475), - TOBN(0x0de1067e, 0x9a41e0d5), TOBN(0x30473f5f, 0x305023ea), - TOBN(0xdd3ae09d, 0x169c7d97), TOBN(0x5cd5baa4, 0xcfaef9cd), - TOBN(0x5cd7440b, 0x65a44803), TOBN(0xdc13966a, 0x47f364de), - TOBN(0x077b2be8, 0x2b8357c1), TOBN(0x0cb1b4c5, 0xe9d57c2a), - TOBN(0x7a4ceb32, 0x05ff363e), TOBN(0xf310fa4d, 0xca35a9ef), - TOBN(0xdbb7b352, 0xf97f68c6), TOBN(0x0c773b50, 0x0b02cf58), - TOBN(0xea2e4821, 0x3c1f96d9), TOBN(0xffb357b0, 0xeee01815), - TOBN(0xb9c924cd, 0xe0f28039), TOBN(0x0b36c95a, 0x46a3fbe4), - TOBN(0x1faaaea4, 0x5e46db6c), TOBN(0xcae575c3, 0x1928aaff), - TOBN(0x7f671302, 0xa70dab86), TOBN(0xfcbd12a9, 0x71c58cfc), - TOBN(0xcbef9acf, 0xbee0cb92), TOBN(0x573da0b9, 0xf8c1b583), - TOBN(0x4752fcfe, 0x0d41d550), TOBN(0xe7eec0e3, 0x2155cffe), - TOBN(0x0fc39fcb, 0x545ae248), TOBN(0x522cb8d1, 0x8065f44e), - TOBN(0x263c962a, 0x70cbb96c), TOBN(0xe034362a, 0xbcd124a9), - TOBN(0xf120db28, 0x3c2ae58d), TOBN(0xb9a38d49, 0xfef6d507), - TOBN(0xb1fd2a82, 0x1ff140fd), TOBN(0xbd162f30, 0x20aee7e0), - TOBN(0x4e17a5d4, 0xcb251949), TOBN(0x2aebcb83, 0x4f7e1c3d), - TOBN(0x608eb25f, 0x937b0527), TOBN(0xf42e1e47, 0xeb7d9997), - TOBN(0xeba699c4, 0xb8a53a29), TOBN(0x1f921c71, 0xe091b536), - TOBN(0xcce29e7b, 0x5b26bbd5), TOBN(0x7a8ef5ed, 0x3b61a680), - TOBN(0xe5ef8043, 0xba1f1c7e), TOBN(0x16ea8217, 0x18158dda), - TOBN(0x01778a2b, 0x599ff0f9), TOBN(0x68a923d7, 0x8104fc6b), - TOBN(0x5bfa44df, 0xda694ff3), TOBN(0x4f7199db, 0xf7667f12), - TOBN(0xc06d8ff6, 0xe46f2a79), TOBN(0x08b5dead, 0xe9f8131d), - TOBN(0x02519a59, 0xabb4ce7c), TOBN(0xc4f710bc, 0xb42aec3e), - TOBN(0x3d77b057, 0x78bde41a), TOBN(0x6474bf80, 0xb4186b5a), - TOBN(0x048b3f67, 0x88c65741), TOBN(0xc64519de, 0x03c7c154), - TOBN(0xdf073846, 0x0edfcc4f), TOBN(0x319aa737, 0x48f1aa6b), - TOBN(0x8b9f8a02, 0xca909f77), TOBN(0x90258139, 0x7580bfef), - TOBN(0xd8bfd3ca, 0xc0c22719), TOBN(0xc60209e4, 0xc9ca151e), - TOBN(0x7a744ab5, 0xd9a1a69c), TOBN(0x6de5048b, 0x14937f8f), - TOBN(0x171938d8, 0xe115ac04), TOBN(0x7df70940, 0x1c6b16d2), - TOBN(0xa6aeb663, 0x7f8e94e7), TOBN(0xc130388e, 0x2a2cf094), - TOBN(0x1850be84, 0x77f54e6e), TOBN(0x9f258a72, 0x65d60fe5), - TOBN(0xff7ff0c0, 0x6c9146d6), TOBN(0x039aaf90, 0xe63a830b), - TOBN(0x38f27a73, 0x9460342f), TOBN(0x4703148c, 0x3f795f8a), - TOBN(0x1bb5467b, 0x9681a97e), TOBN(0x00931ba5, 0xecaeb594), - TOBN(0xcdb6719d, 0x786f337c), TOBN(0xd9c01cd2, 0xe704397d), - TOBN(0x0f4a3f20, 0x555c2fef), TOBN(0x00452509, 0x7c0af223), - TOBN(0x54a58047, 0x84db8e76), TOBN(0x3bacf1aa, 0x93c8aa06), - TOBN(0x11ca957c, 0xf7919422), TOBN(0x50641053, 0x78cdaa40), - TOBN(0x7a303874, 0x9f7144ae), TOBN(0x170c963f, 0x43d4acfd), - TOBN(0x5e148149, 0x58ddd3ef), TOBN(0xa7bde582, 0x9e72dba8), - TOBN(0x0769da8b, 0x6fa68750), TOBN(0xfa64e532, 0x572e0249), - TOBN(0xfcaadf9d, 0x2619ad31), TOBN(0x87882daa, 0xa7b349cd), - TOBN(0x9f6eb731, 0x6c67a775), TOBN(0xcb10471a, 0xefc5d0b1), - TOBN(0xb433750c, 0xe1b806b2), TOBN(0x19c5714d, 0x57b1ae7e), - TOBN(0xc0dc8b7b, 0xed03fd3f), TOBN(0xdd03344f, 0x31bc194e), - TOBN(0xa66c52a7, 0x8c6320b5), TOBN(0x8bc82ce3, 0xd0b6fd93), - TOBN(0xf8e13501, 0xb35f1341), TOBN(0xe53156dd, 0x25a43e42), - TOBN(0xd3adf27e, 0x4daeb85c), TOBN(0xb81d8379, 0xbbeddeb5), - TOBN(0x1b0b546e, 0x2e435867), TOBN(0x9020eb94, 0xeba5dd60), - TOBN(0x37d91161, 0x8210cb9d), TOBN(0x4c596b31, 0x5c91f1cf), - TOBN(0xb228a90f, 0x0e0b040d), TOBN(0xbaf02d82, 0x45ff897f), - TOBN(0x2aac79e6, 0x00fa6122), TOBN(0x24828817, 0x8e36f557), - TOBN(0xb9521d31, 0x113ec356), TOBN(0x9e48861e, 0x15eff1f8), - TOBN(0x2aa1d412, 0xe0d41715), TOBN(0x71f86203, 0x53f131b8), - TOBN(0xf60da8da, 0x3fd19408), TOBN(0x4aa716dc, 0x278d9d99), - TOBN(0x394531f7, 0xa8c51c90), TOBN(0xb560b0e8, 0xf59db51c), - TOBN(0xa28fc992, 0xfa34bdad), TOBN(0xf024fa14, 0x9cd4f8bd), - TOBN(0x5cf530f7, 0x23a9d0d3), TOBN(0x615ca193, 0xe28c9b56), - TOBN(0x6d2a483d, 0x6f73c51e), TOBN(0xa4cb2412, 0xea0dc2dd), - TOBN(0x50663c41, 0x1eb917ff), TOBN(0x3d3a74cf, 0xeade299e), - TOBN(0x29b3990f, 0x4a7a9202), TOBN(0xa9bccf59, 0xa7b15c3d), - TOBN(0x66a3ccdc, 0xa5df9208), TOBN(0x48027c14, 0x43f2f929), - TOBN(0xd385377c, 0x40b557f0), TOBN(0xe001c366, 0xcd684660), - TOBN(0x1b18ed6b, 0xe2183a27), TOBN(0x879738d8, 0x63210329), - TOBN(0xa687c74b, 0xbda94882), TOBN(0xd1bbcc48, 0xa684b299), - TOBN(0xaf6f1112, 0x863b3724), TOBN(0x6943d1b4, 0x2c8ce9f8), - TOBN(0xe044a3bb, 0x098cafb4), TOBN(0x27ed2310, 0x60d48caf), - TOBN(0x542b5675, 0x3a31b84d), TOBN(0xcbf3dd50, 0xfcddbed7), - TOBN(0x25031f16, 0x41b1d830), TOBN(0xa7ec851d, 0xcb0c1e27), - TOBN(0xac1c8fe0, 0xb5ae75db), TOBN(0xb24c7557, 0x08c52120), - TOBN(0x57f811dc, 0x1d4636c3), TOBN(0xf8436526, 0x681a9939), - TOBN(0x1f6bc6d9, 0x9c81adb3), TOBN(0x840f8ac3, 0x5b7d80d4), - TOBN(0x731a9811, 0xf4387f1a), TOBN(0x7c501cd3, 0xb5156880), - TOBN(0xa5ca4a07, 0xdfe68867), TOBN(0xf123d8f0, 0x5fcea120), - TOBN(0x1fbb0e71, 0xd607039e), TOBN(0x2b70e215, 0xcd3a4546), - TOBN(0x32d2f01d, 0x53324091), TOBN(0xb796ff08, 0x180ab19b), - TOBN(0x32d87a86, 0x3c57c4aa), TOBN(0x2aed9caf, 0xb7c49a27), - TOBN(0x9fb35eac, 0x31630d98), TOBN(0x338e8cdf, 0x5c3e20a3), - TOBN(0x80f16182, 0x66cde8db), TOBN(0x4e159980, 0x2d72fd36), - TOBN(0xd7b8f13b, 0x9b6e5072), TOBN(0xf5213907, 0x3b7b5dc1), - TOBN(0x4d431f1d, 0x8ce4396e), TOBN(0x37a1a680, 0xa7ed2142), - TOBN(0xbf375696, 0xd01aaf6b), TOBN(0xaa1c0c54, 0xe63aab66), - TOBN(0x3014368b, 0x4ed80940), TOBN(0x67e6d056, 0x7a6fcedd), - TOBN(0x7c208c49, 0xca97579f), TOBN(0xfe3d7a81, 0xa23597f6), - TOBN(0x5e203202, 0x7e096ae2), TOBN(0xb1f3e1e7, 0x24b39366), - TOBN(0x26da26f3, 0x2fdcdffc), TOBN(0x79422f1d, 0x6097be83)}, - {TOBN(0x263a2cfb, 0x9db3b381), TOBN(0x9c3a2dee, 0xd4df0a4b), - TOBN(0x728d06e9, 0x7d04e61f), TOBN(0x8b1adfbc, 0x42449325), - TOBN(0x6ec1d939, 0x7e053a1b), TOBN(0xee2be5c7, 0x66daf707), - TOBN(0x80ba1e14, 0x810ac7ab), TOBN(0xdd2ae778, 0xf530f174), - TOBN(0x0435d97a, 0x205b9d8b), TOBN(0x6eb8f064, 0x056756d4), - TOBN(0xd5e88a8b, 0xb6f8210e), TOBN(0x070ef12d, 0xec9fd9ea), - TOBN(0x4d849505, 0x3bcc876a), TOBN(0x12a75338, 0xa7404ce3), - TOBN(0xd22b49e1, 0xb8a1db5e), TOBN(0xec1f2051, 0x14bfa5ad), - TOBN(0xadbaeb79, 0xb6828f36), TOBN(0x9d7a0258, 0x01bd5b9e), - TOBN(0xeda01e0d, 0x1e844b0c), TOBN(0x4b625175, 0x887edfc9), - TOBN(0x14109fdd, 0x9669b621), TOBN(0x88a2ca56, 0xf6f87b98), - TOBN(0xfe2eb788, 0x170df6bc), TOBN(0x0cea06f4, 0xffa473f9), - TOBN(0x43ed81b5, 0xc4e83d33), TOBN(0xd9f35879, 0x5efd488b), - TOBN(0x164a620f, 0x9deb4d0f), TOBN(0xc6927bdb, 0xac6a7394), - TOBN(0x45c28df7, 0x9f9e0f03), TOBN(0x2868661e, 0xfcd7e1a9), - TOBN(0x7cf4e8d0, 0xffa348f1), TOBN(0x6bd4c284, 0x398538e0), - TOBN(0x2618a091, 0x289a8619), TOBN(0xef796e60, 0x6671b173), - TOBN(0x664e46e5, 0x9090c632), TOBN(0xa38062d4, 0x1e66f8fb), - TOBN(0x6c744a20, 0x0573274e), TOBN(0xd07b67e4, 0xa9271394), - TOBN(0x391223b2, 0x6bdc0e20), TOBN(0xbe2d93f1, 0xeb0a05a7), - TOBN(0xf23e2e53, 0x3f36d141), TOBN(0xe84bb3d4, 0x4dfca442), - TOBN(0xb804a48d, 0x6b7c023a), TOBN(0x1e16a8fa, 0x76431c3b), - TOBN(0x1b5452ad, 0xddd472e0), TOBN(0x7d405ee7, 0x0d1ee127), - TOBN(0x50fc6f1d, 0xffa27599), TOBN(0x351ac53c, 0xbf391b35), - TOBN(0x7efa14b8, 0x4444896b), TOBN(0x64974d2f, 0xf94027fb), - TOBN(0xefdcd0e8, 0xde84487d), TOBN(0x8c45b260, 0x2b48989b), - TOBN(0xa8fcbbc2, 0xd8463487), TOBN(0xd1b2b3f7, 0x3fbc476c), - TOBN(0x21d005b7, 0xc8f443c0), TOBN(0x518f2e67, 0x40c0139c), - TOBN(0x56036e8c, 0x06d75fc1), TOBN(0x2dcf7bb7, 0x3249a89f), - TOBN(0x81dd1d3d, 0xe245e7dd), TOBN(0xf578dc4b, 0xebd6e2a7), - TOBN(0x4c028903, 0xdf2ce7a0), TOBN(0xaee36288, 0x9c39afac), - TOBN(0xdc847c31, 0x146404ab), TOBN(0x6304c0d8, 0xa4e97818), - TOBN(0xae51dca2, 0xa91f6791), TOBN(0x2abe4190, 0x9baa9efc), - TOBN(0xd9d2e2f4, 0x559c7ac1), TOBN(0xe82f4b51, 0xfc9f773a), - TOBN(0xa7713027, 0x4073e81c), TOBN(0xc0276fac, 0xfbb596fc), - TOBN(0x1d819fc9, 0xa684f70c), TOBN(0x29b47fdd, 0xc9f7b1e0), - TOBN(0x358de103, 0x459b1940), TOBN(0xec881c59, 0x5b013e93), - TOBN(0x51574c93, 0x49532ad3), TOBN(0x2db1d445, 0xb37b46de), - TOBN(0xc6445b87, 0xdf239fd8), TOBN(0xc718af75, 0x151d24ee), - TOBN(0xaea1c4a4, 0xf43c6259), TOBN(0x40c0e5d7, 0x70be02f7), - TOBN(0x6a4590f4, 0x721b33f2), TOBN(0x2124f1fb, 0xfedf04ea), - TOBN(0xf8e53cde, 0x9745efe7), TOBN(0xe7e10432, 0x65f046d9), - TOBN(0xc3fca28e, 0xe4d0c7e6), TOBN(0x847e339a, 0x87253b1b), - TOBN(0x9b595348, 0x3743e643), TOBN(0xcb6a0a0b, 0x4fd12fc5), - TOBN(0xfb6836c3, 0x27d02dcc), TOBN(0x5ad00982, 0x7a68bcc2), - TOBN(0x1b24b44c, 0x005e912d), TOBN(0xcc83d20f, 0x811fdcfe), - TOBN(0x36527ec1, 0x666fba0c), TOBN(0x69948197, 0x14754635), - TOBN(0xfcdcb1a8, 0x556da9c2), TOBN(0xa5934267, 0x81a732b2), - TOBN(0xec1214ed, 0xa714181d), TOBN(0x609ac13b, 0x6067b341), - TOBN(0xff4b4c97, 0xa545df1f), TOBN(0xa1240501, 0x34d2076b), - TOBN(0x6efa0c23, 0x1409ca97), TOBN(0x254cc1a8, 0x20638c43), - TOBN(0xd4e363af, 0xdcfb46cd), TOBN(0x62c2adc3, 0x03942a27), - TOBN(0xc67b9df0, 0x56e46483), TOBN(0xa55abb20, 0x63736356), - TOBN(0xab93c098, 0xc551bc52), TOBN(0x382b49f9, 0xb15fe64b), - TOBN(0x9ec221ad, 0x4dff8d47), TOBN(0x79caf615, 0x437df4d6), - TOBN(0x5f13dc64, 0xbb456509), TOBN(0xe4c589d9, 0x191f0714), - TOBN(0x27b6a8ab, 0x3fd40e09), TOBN(0xe455842e, 0x77313ea9), - TOBN(0x8b51d1e2, 0x1f55988b), TOBN(0x5716dd73, 0x062bbbfc), - TOBN(0x633c11e5, 0x4e8bf3de), TOBN(0x9a0e77b6, 0x1b85be3b), - TOBN(0x56510729, 0x0911cca6), TOBN(0x27e76495, 0xefa6590f), - TOBN(0xe4ac8b33, 0x070d3aab), TOBN(0x2643672b, 0x9a2cd5e5), - TOBN(0x52eff79b, 0x1cfc9173), TOBN(0x665ca49b, 0x90a7c13f), - TOBN(0x5a8dda59, 0xb3efb998), TOBN(0x8a5b922d, 0x052f1341), - TOBN(0xae9ebbab, 0x3cf9a530), TOBN(0x35986e7b, 0xf56da4d7), - TOBN(0x3a636b5c, 0xff3513cc), TOBN(0xbb0cf8ba, 0x3198f7dd), - TOBN(0xb8d40522, 0x41f16f86), TOBN(0x760575d8, 0xde13a7bf), - TOBN(0x36f74e16, 0x9f7aa181), TOBN(0x163a3ecf, 0xf509ed1c), - TOBN(0x6aead61f, 0x3c40a491), TOBN(0x158c95fc, 0xdfe8fcaa), - TOBN(0xa3991b6e, 0x13cda46f), TOBN(0x79482415, 0x342faed0), - TOBN(0xf3ba5bde, 0x666b5970), TOBN(0x1d52e6bc, 0xb26ab6dd), - TOBN(0x768ba1e7, 0x8608dd3d), TOBN(0x4930db2a, 0xea076586), - TOBN(0xd9575714, 0xe7dc1afa), TOBN(0x1fc7bf7d, 0xf7c58817), - TOBN(0x6b47accd, 0xd9eee96c), TOBN(0x0ca277fb, 0xe58cec37), - TOBN(0x113fe413, 0xe702c42a), TOBN(0xdd1764ee, 0xc47cbe51), - TOBN(0x041e7cde, 0x7b3ed739), TOBN(0x50cb7459, 0x5ce9e1c0), - TOBN(0x35568513, 0x2925b212), TOBN(0x7cff95c4, 0x001b081c), - TOBN(0x63ee4cbd, 0x8088b454), TOBN(0xdb7f32f7, 0x9a9e0c8a), - TOBN(0xb377d418, 0x6b2447cb), TOBN(0xe3e982aa, 0xd370219b), - TOBN(0x06ccc1e4, 0xc2a2a593), TOBN(0x72c36865, 0x0773f24f), - TOBN(0xa13b4da7, 0x95859423), TOBN(0x8bbf1d33, 0x75040c8f), - TOBN(0x726f0973, 0xda50c991), TOBN(0x48afcd5b, 0x822d6ee2), - TOBN(0xe5fc718b, 0x20fd7771), TOBN(0xb9e8e77d, 0xfd0807a1), - TOBN(0x7f5e0f44, 0x99a7703d), TOBN(0x6972930e, 0x618e36f3), - TOBN(0x2b7c77b8, 0x23807bbe), TOBN(0xe5b82405, 0xcb27ff50), - TOBN(0xba8b8be3, 0xbd379062), TOBN(0xd64b7a1d, 0x2dce4a92), - TOBN(0x040a73c5, 0xb2952e37), TOBN(0x0a9e252e, 0xd438aeca), - TOBN(0xdd43956b, 0xc39d3bcb), TOBN(0x1a31ca00, 0xb32b2d63), - TOBN(0xd67133b8, 0x5c417a18), TOBN(0xd08e4790, 0x2ef442c8), - TOBN(0x98cb1ae9, 0x255c0980), TOBN(0x4bd86381, 0x2b4a739f), - TOBN(0x5a5c31e1, 0x1e4a45a1), TOBN(0x1e5d55fe, 0x9cb0db2f), - TOBN(0x74661b06, 0x8ff5cc29), TOBN(0x026b389f, 0x0eb8a4f4), - TOBN(0x536b21a4, 0x58848c24), TOBN(0x2e5bf8ec, 0x81dc72b0), - TOBN(0x03c187d0, 0xad886aac), TOBN(0x5c16878a, 0xb771b645), - TOBN(0xb07dfc6f, 0xc74045ab), TOBN(0x2c6360bf, 0x7800caed), - TOBN(0x24295bb5, 0xb9c972a3), TOBN(0xc9e6f88e, 0x7c9a6dba), - TOBN(0x90ffbf24, 0x92a79aa6), TOBN(0xde29d50a, 0x41c26ac2), - TOBN(0x9f0af483, 0xd309cbe6), TOBN(0x5b020d8a, 0xe0bced4f), - TOBN(0x606e986d, 0xb38023e3), TOBN(0xad8f2c9d, 0x1abc6933), - TOBN(0x19292e1d, 0xe7400e93), TOBN(0xfe3e18a9, 0x52be5e4d), - TOBN(0xe8e9771d, 0x2e0680bf), TOBN(0x8c5bec98, 0xc54db063), - TOBN(0x2af9662a, 0x74a55d1f), TOBN(0xe3fbf28f, 0x046f66d8), - TOBN(0xa3a72ab4, 0xd4dc4794), TOBN(0x09779f45, 0x5c7c2dd8), - TOBN(0xd893bdaf, 0xc3d19d8d), TOBN(0xd5a75094, 0x57d6a6df), - TOBN(0x8cf8fef9, 0x952e6255), TOBN(0x3da67cfb, 0xda9a8aff), - TOBN(0x4c23f62a, 0x2c160dcd), TOBN(0x34e6c5e3, 0x8f90eaef), - TOBN(0x35865519, 0xa9a65d5a), TOBN(0x07c48aae, 0x8fd38a3d), - TOBN(0xb7e7aeda, 0x50068527), TOBN(0x2c09ef23, 0x1c90936a), - TOBN(0x31ecfeb6, 0xe879324c), TOBN(0xa0871f6b, 0xfb0ec938), - TOBN(0xb1f0fb68, 0xd84d835d), TOBN(0xc90caf39, 0x861dc1e6), - TOBN(0x12e5b046, 0x7594f8d7), TOBN(0x26897ae2, 0x65012b92), - TOBN(0xbcf68a08, 0xa4d6755d), TOBN(0x403ee41c, 0x0991fbda), - TOBN(0x733e343e, 0x3bbf17e8), TOBN(0xd2c7980d, 0x679b3d65), - TOBN(0x33056232, 0xd2e11305), TOBN(0x966be492, 0xf3c07a6f), - TOBN(0x6a8878ff, 0xbb15509d), TOBN(0xff221101, 0x0a9b59a4), - TOBN(0x6c9f564a, 0xabe30129), TOBN(0xc6f2c940, 0x336e64cf), - TOBN(0x0fe75262, 0x8b0c8022), TOBN(0xbe0267e9, 0x6ae8db87), - TOBN(0x22e192f1, 0x93bc042b), TOBN(0xf085b534, 0xb237c458), - TOBN(0xa0d192bd, 0x832c4168), TOBN(0x7a76e9e3, 0xbdf6271d), - TOBN(0x52a882fa, 0xb88911b5), TOBN(0xc85345e4, 0xb4db0eb5), - TOBN(0xa3be02a6, 0x81a7c3ff), TOBN(0x51889c8c, 0xf0ec0469), - TOBN(0x9d031369, 0xa5e829e5), TOBN(0xcbb4c6fc, 0x1607aa41), - TOBN(0x75ac59a6, 0x241d84c1), TOBN(0xc043f2bf, 0x8829e0ee), - TOBN(0x82a38f75, 0x8ea5e185), TOBN(0x8bda40b9, 0xd87cbd9f), - TOBN(0x9e65e75e, 0x2d8fc601), TOBN(0x3d515f74, 0xa35690b3), - TOBN(0x534acf4f, 0xda79e5ac), TOBN(0x68b83b3a, 0x8630215f), - TOBN(0x5c748b2e, 0xd085756e), TOBN(0xb0317258, 0xe5d37cb2), - TOBN(0x6735841a, 0xc5ccc2c4), TOBN(0x7d7dc96b, 0x3d9d5069), - TOBN(0xa147e410, 0xfd1754bd), TOBN(0x65296e94, 0xd399ddd5), - TOBN(0xf6b5b2d0, 0xbc8fa5bc), TOBN(0x8a5ead67, 0x500c277b), - TOBN(0x214625e6, 0xdfa08a5d), TOBN(0x51fdfedc, 0x959cf047), - TOBN(0x6bc9430b, 0x289fca32), TOBN(0xe36ff0cf, 0x9d9bdc3f), - TOBN(0x2fe187cb, 0x58ea0ede), TOBN(0xed66af20, 0x5a900b3f), - TOBN(0x00e0968b, 0x5fa9f4d6), TOBN(0x2d4066ce, 0x37a362e7), - TOBN(0xa99a9748, 0xbd07e772), TOBN(0x710989c0, 0x06a4f1d0), - TOBN(0xd5dedf35, 0xce40cbd8), TOBN(0xab55c5f0, 0x1743293d), - TOBN(0x766f1144, 0x8aa24e2c), TOBN(0x94d874f8, 0x605fbcb4), - TOBN(0xa365f0e8, 0xa518001b), TOBN(0xee605eb6, 0x9d04ef0f), - TOBN(0x5a3915cd, 0xba8d4d25), TOBN(0x44c0e1b8, 0xb5113472), - TOBN(0xcbb024e8, 0x8b6740dc), TOBN(0x89087a53, 0xee1d4f0c), - TOBN(0xa88fa05c, 0x1fc4e372), TOBN(0x8bf395cb, 0xaf8b3af2), - TOBN(0x1e71c9a1, 0xdeb8568b), TOBN(0xa35daea0, 0x80fb3d32), - TOBN(0xe8b6f266, 0x2cf8fb81), TOBN(0x6d51afe8, 0x9490696a), - TOBN(0x81beac6e, 0x51803a19), TOBN(0xe3d24b7f, 0x86219080), - TOBN(0x727cfd9d, 0xdf6f463c), TOBN(0x8c6865ca, 0x72284ee8), - TOBN(0x32c88b7d, 0xb743f4ef), TOBN(0x3793909b, 0xe7d11dce), - TOBN(0xd398f922, 0x2ff2ebe8), TOBN(0x2c70ca44, 0xe5e49796), - TOBN(0xdf4d9929, 0xcb1131b1), TOBN(0x7826f298, 0x25888e79), - TOBN(0x4d3a112c, 0xf1d8740a), TOBN(0x00384cb6, 0x270afa8b), - TOBN(0xcb64125b, 0x3ab48095), TOBN(0x3451c256, 0x62d05106), - TOBN(0xd73d577d, 0xa4955845), TOBN(0x39570c16, 0xbf9f4433), - TOBN(0xd7dfaad3, 0xadecf263), TOBN(0xf1c3d8d1, 0xdc76e102), - TOBN(0x5e774a58, 0x54c6a836), TOBN(0xdad4b672, 0x3e92d47b), - TOBN(0xbe7e990f, 0xf0d796a0), TOBN(0x5fc62478, 0xdf0e8b02), - TOBN(0x8aae8bf4, 0x030c00ad), TOBN(0x3d2db93b, 0x9004ba0f), - TOBN(0xe48c8a79, 0xd85d5ddc), TOBN(0xe907caa7, 0x6bb07f34), - TOBN(0x58db343a, 0xa39eaed5), TOBN(0x0ea6e007, 0xadaf5724), - TOBN(0xe00df169, 0xd23233f3), TOBN(0x3e322796, 0x77cb637f), - TOBN(0x1f897c0e, 0x1da0cf6c), TOBN(0xa651f5d8, 0x31d6bbdd), - TOBN(0xdd61af19, 0x1a230c76), TOBN(0xbd527272, 0xcdaa5e4a), - TOBN(0xca753636, 0xd0abcd7e), TOBN(0x78bdd37c, 0x370bd8dc), - TOBN(0xc23916c2, 0x17cd93fe), TOBN(0x65b97a4d, 0xdadce6e2), - TOBN(0xe04ed4eb, 0x174e42f8), TOBN(0x1491ccaa, 0xbb21480a), - TOBN(0x145a8280, 0x23196332), TOBN(0x3c3862d7, 0x587b479a), - TOBN(0x9f4a88a3, 0x01dcd0ed), TOBN(0x4da2b7ef, 0x3ea12f1f), - TOBN(0xf8e7ae33, 0xb126e48e), TOBN(0x404a0b32, 0xf494e237), - TOBN(0x9beac474, 0xc55acadb), TOBN(0x4ee5cf3b, 0xcbec9fd9), - TOBN(0x336b33b9, 0x7df3c8c3), TOBN(0xbd905fe3, 0xb76808fd), - TOBN(0x8f436981, 0xaa45c16a), TOBN(0x255c5bfa, 0x3dd27b62), - TOBN(0x71965cbf, 0xc3dd9b4d), TOBN(0xce23edbf, 0xfc068a87), - TOBN(0xb78d4725, 0x745b029b), TOBN(0x74610713, 0xcefdd9bd), - TOBN(0x7116f75f, 0x1266bf52), TOBN(0x02046722, 0x18e49bb6), - TOBN(0xdf43df9f, 0x3d6f19e3), TOBN(0xef1bc7d0, 0xe685cb2f), - TOBN(0xcddb27c1, 0x7078c432), TOBN(0xe1961b9c, 0xb77fedb7), - TOBN(0x1edc2f5c, 0xc2290570), TOBN(0x2c3fefca, 0x19cbd886), - TOBN(0xcf880a36, 0xc2af389a), TOBN(0x96c610fd, 0xbda71cea), - TOBN(0xf03977a9, 0x32aa8463), TOBN(0x8eb7763f, 0x8586d90a), - TOBN(0x3f342454, 0x2a296e77), TOBN(0xc8718683, 0x42837a35), - TOBN(0x7dc71090, 0x6a09c731), TOBN(0x54778ffb, 0x51b816db), - TOBN(0x6b33bfec, 0xaf06defd), TOBN(0xfe3c105f, 0x8592b70b), - TOBN(0xf937fda4, 0x61da6114), TOBN(0x3c13e651, 0x4c266ad7), - TOBN(0xe363a829, 0x855938e8), TOBN(0x2eeb5d9e, 0x9de54b72), - TOBN(0xbeb93b0e, 0x20ccfab9), TOBN(0x3dffbb5f, 0x25e61a25), - TOBN(0x7f655e43, 0x1acc093d), TOBN(0x0cb6cc3d, 0x3964ce61), - TOBN(0x6ab283a1, 0xe5e9b460), TOBN(0x55d787c5, 0xa1c7e72d), - TOBN(0x4d2efd47, 0xdeadbf02), TOBN(0x11e80219, 0xac459068), - TOBN(0x810c7626, 0x71f311f0), TOBN(0xfa17ef8d, 0x4ab6ef53), - TOBN(0xaf47fd25, 0x93e43bff), TOBN(0x5cb5ff3f, 0x0be40632), - TOBN(0x54687106, 0x8ee61da3), TOBN(0x7764196e, 0xb08afd0f), - TOBN(0x831ab3ed, 0xf0290a8f), TOBN(0xcae81966, 0xcb47c387), - TOBN(0xaad7dece, 0x184efb4f), TOBN(0xdcfc53b3, 0x4749110e), - TOBN(0x6698f23c, 0x4cb632f9), TOBN(0xc42a1ad6, 0xb91f8067), - TOBN(0xb116a81d, 0x6284180a), TOBN(0xebedf5f8, 0xe901326f), - TOBN(0xf2274c9f, 0x97e3e044), TOBN(0x42018520, 0x11d09fc9), - TOBN(0x56a65f17, 0xd18e6e23), TOBN(0x2ea61e2a, 0x352b683c), - TOBN(0x27d291bc, 0x575eaa94), TOBN(0x9e7bc721, 0xb8ff522d), - TOBN(0x5f7268bf, 0xa7f04d6f), TOBN(0x5868c73f, 0xaba41748), - TOBN(0x9f85c2db, 0x7be0eead), TOBN(0x511e7842, 0xff719135), - TOBN(0x5a06b1e9, 0xc5ea90d7), TOBN(0x0c19e283, 0x26fab631), - TOBN(0x8af8f0cf, 0xe9206c55), TOBN(0x89389cb4, 0x3553c06a), - TOBN(0x39dbed97, 0xf65f8004), TOBN(0x0621b037, 0xc508991d), - TOBN(0x1c52e635, 0x96e78cc4), TOBN(0x5385c8b2, 0x0c06b4a8), - TOBN(0xd84ddfdb, 0xb0e87d03), TOBN(0xc49dfb66, 0x934bafad), - TOBN(0x7071e170, 0x59f70772), TOBN(0x3a073a84, 0x3a1db56b), - TOBN(0x03494903, 0x3b8af190), TOBN(0x7d882de3, 0xd32920f0), - TOBN(0x91633f0a, 0xb2cf8940), TOBN(0x72b0b178, 0x6f948f51), - TOBN(0x2d28dc30, 0x782653c8), TOBN(0x88829849, 0xdb903a05), - TOBN(0xb8095d0c, 0x6a19d2bb), TOBN(0x4b9e7f0c, 0x86f782cb), - TOBN(0x7af73988, 0x2d907064), TOBN(0xd12be0fe, 0x8b32643c), - TOBN(0x358ed23d, 0x0e165dc3), TOBN(0x3d47ce62, 0x4e2378ce), - TOBN(0x7e2bb0b9, 0xfeb8a087), TOBN(0x3246e8ae, 0xe29e10b9), - TOBN(0x459f4ec7, 0x03ce2b4d), TOBN(0xe9b4ca1b, 0xbbc077cf), - TOBN(0x2613b4f2, 0x0e9940c1), TOBN(0xfc598bb9, 0x047d1eb1), - TOBN(0x9744c62b, 0x45036099), TOBN(0xa9dee742, 0x167c65d8), - TOBN(0x0c511525, 0xdabe1943), TOBN(0xda110554, 0x93c6c624), - TOBN(0xae00a52c, 0x651a3be2), TOBN(0xcda5111d, 0x884449a6), - TOBN(0x063c06f4, 0xff33bed1), TOBN(0x73baaf9a, 0x0d3d76b4), - TOBN(0x52fb0c9d, 0x7fc63668), TOBN(0x6886c9dd, 0x0c039cde), - TOBN(0x602bd599, 0x55b22351), TOBN(0xb00cab02, 0x360c7c13), - TOBN(0x8cb616bc, 0x81b69442), TOBN(0x41486700, 0xb55c3cee), - TOBN(0x71093281, 0xf49ba278), TOBN(0xad956d9c, 0x64a50710), - TOBN(0x9561f28b, 0x638a7e81), TOBN(0x54155cdf, 0x5980ddc3), - TOBN(0xb2db4a96, 0xd26f247a), TOBN(0x9d774e4e, 0x4787d100), - TOBN(0x1a9e6e2e, 0x078637d2), TOBN(0x1c363e2d, 0x5e0ae06a), - TOBN(0x7493483e, 0xe9cfa354), TOBN(0x76843cb3, 0x7f74b98d), - TOBN(0xbaca6591, 0xd4b66947), TOBN(0xb452ce98, 0x04460a8c), - TOBN(0x6830d246, 0x43768f55), TOBN(0xf4197ed8, 0x7dff12df), - TOBN(0x6521b472, 0x400dd0f7), TOBN(0x59f5ca8f, 0x4b1e7093), - TOBN(0x6feff11b, 0x080338ae), TOBN(0x0ada31f6, 0xa29ca3c6), - TOBN(0x24794eb6, 0x94a2c215), TOBN(0xd83a43ab, 0x05a57ab4), - TOBN(0x264a543a, 0x2a6f89fe), TOBN(0x2c2a3868, 0xdd5ec7c2), - TOBN(0xd3373940, 0x8439d9b2), TOBN(0x715ea672, 0x0acd1f11), - TOBN(0x42c1d235, 0xe7e6cc19), TOBN(0x81ce6e96, 0xb990585c), - TOBN(0x04e5dfe0, 0xd809c7bd), TOBN(0xd7b2580c, 0x8f1050ab), - TOBN(0x6d91ad78, 0xd8a4176f), TOBN(0x0af556ee, 0x4e2e897c), - TOBN(0x162a8b73, 0x921de0ac), TOBN(0x52ac9c22, 0x7ea78400), - TOBN(0xee2a4eea, 0xefce2174), TOBN(0xbe61844e, 0x6d637f79), - TOBN(0x0491f1bc, 0x789a283b), TOBN(0x72d3ac3d, 0x880836f4), - TOBN(0xaa1c5ea3, 0x88e5402d), TOBN(0x1b192421, 0xd5cc473d), - TOBN(0x5c0b9998, 0x9dc84cac), TOBN(0xb0a8482d, 0x9c6e75b8), - TOBN(0x639961d0, 0x3a191ce2), TOBN(0xda3bc865, 0x6d837930), - TOBN(0xca990653, 0x056e6f8f), TOBN(0x84861c41, 0x64d133a7), - TOBN(0x8b403276, 0x746abe40), TOBN(0xb7b4d51a, 0xebf8e303), - TOBN(0x05b43211, 0x220a255d), TOBN(0xc997152c, 0x02419e6e), - TOBN(0x76ff47b6, 0x630c2fea), TOBN(0x50518677, 0x281fdade), - TOBN(0x3283b8ba, 0xcf902b0b), TOBN(0x8d4b4eb5, 0x37db303b), - TOBN(0xcc89f42d, 0x755011bc), TOBN(0xb43d74bb, 0xdd09d19b), - TOBN(0x65746bc9, 0x8adba350), TOBN(0x364eaf8c, 0xb51c1927), - TOBN(0x13c76596, 0x10ad72ec), TOBN(0x30045121, 0xf8d40c20), - TOBN(0x6d2d99b7, 0xea7b979b), TOBN(0xcd78cd74, 0xe6fb3bcd), - TOBN(0x11e45a9e, 0x86cffbfe), TOBN(0x78a61cf4, 0x637024f6), - TOBN(0xd06bc872, 0x3d502295), TOBN(0xf1376854, 0x458cb288), - TOBN(0xb9db26a1, 0x342f8586), TOBN(0xf33effcf, 0x4beee09e), - TOBN(0xd7e0c4cd, 0xb30cfb3a), TOBN(0x6d09b8c1, 0x6c9db4c8), - TOBN(0x40ba1a42, 0x07c8d9df), TOBN(0x6fd495f7, 0x1c52c66d), - TOBN(0xfb0e169f, 0x275264da), TOBN(0x80c2b746, 0xe57d8362), - TOBN(0xedd987f7, 0x49ad7222), TOBN(0xfdc229af, 0x4398ec7b)}, - {TOBN(0xb0d1ed84, 0x52666a58), TOBN(0x4bcb6e00, 0xe6a9c3c2), - TOBN(0x3c57411c, 0x26906408), TOBN(0xcfc20755, 0x13556400), - TOBN(0xa08b1c50, 0x5294dba3), TOBN(0xa30ba286, 0x8b7dd31e), - TOBN(0xd70ba90e, 0x991eca74), TOBN(0x094e142c, 0xe762c2b9), - TOBN(0xb81d783e, 0x979f3925), TOBN(0x1efd130a, 0xaf4c89a7), - TOBN(0x525c2144, 0xfd1bf7fa), TOBN(0x4b296904, 0x1b265a9e), - TOBN(0xed8e9634, 0xb9db65b6), TOBN(0x35c82e32, 0x03599d8a), - TOBN(0xdaa7a54f, 0x403563f3), TOBN(0x9df088ad, 0x022c38ab), - TOBN(0xe5cfb066, 0xbb3fd30a), TOBN(0x429169da, 0xeff0354e), - TOBN(0x809cf852, 0x3524e36c), TOBN(0x136f4fb3, 0x0155be1d), - TOBN(0x4826af01, 0x1fbba712), TOBN(0x6ef0f0b4, 0x506ba1a1), - TOBN(0xd9928b31, 0x77aea73e), TOBN(0xe2bf6af2, 0x5eaa244e), - TOBN(0x8d084f12, 0x4237b64b), TOBN(0x688ebe99, 0xe3ecfd07), - TOBN(0x57b8a70c, 0xf6845dd8), TOBN(0x808fc59c, 0x5da4a325), - TOBN(0xa9032b2b, 0xa3585862), TOBN(0xb66825d5, 0xedf29386), - TOBN(0xb5a5a8db, 0x431ec29b), TOBN(0xbb143a98, 0x3a1e8dc8), - TOBN(0x35ee94ce, 0x12ae381b), TOBN(0x3a7f176c, 0x86ccda90), - TOBN(0xc63a657e, 0x4606eaca), TOBN(0x9ae5a380, 0x43cd04df), - TOBN(0x9bec8d15, 0xed251b46), TOBN(0x1f5d6d30, 0xcaca5e64), - TOBN(0x347b3b35, 0x9ff20f07), TOBN(0x4d65f034, 0xf7e4b286), - TOBN(0x9e93ba24, 0xf111661e), TOBN(0xedced484, 0xb105eb04), - TOBN(0x96dc9ba1, 0xf424b578), TOBN(0xbf8f66b7, 0xe83e9069), - TOBN(0x872d4df4, 0xd7ed8216), TOBN(0xbf07f377, 0x8e2cbecf), - TOBN(0x4281d899, 0x98e73754), TOBN(0xfec85fbb, 0x8aab8708), - TOBN(0x9a3c0dee, 0xa5ba5b0b), TOBN(0xe6a116ce, 0x42d05299), - TOBN(0xae9775fe, 0xe9b02d42), TOBN(0x72b05200, 0xa1545cb6), - TOBN(0xbc506f7d, 0x31a3b4ea), TOBN(0xe5893078, 0x8bbd9b32), - TOBN(0xc8bc5f37, 0xe4b12a97), TOBN(0x6b000c06, 0x4a73b671), - TOBN(0x13b5bf22, 0x765fa7d0), TOBN(0x59805bf0, 0x1d6a5370), - TOBN(0x67a5e29d, 0x4280db98), TOBN(0x4f53916f, 0x776b1ce3), - TOBN(0x714ff61f, 0x33ddf626), TOBN(0x4206238e, 0xa085d103), - TOBN(0x1c50d4b7, 0xe5809ee3), TOBN(0x999f450d, 0x85f8eb1d), - TOBN(0x658a6051, 0xe4c79e9b), TOBN(0x1394cb73, 0xc66a9fea), - TOBN(0x27f31ed5, 0xc6be7b23), TOBN(0xf4c88f36, 0x5aa6f8fe), - TOBN(0x0fb0721f, 0x4aaa499e), TOBN(0x68b3a7d5, 0xe3fb2a6b), - TOBN(0xa788097d, 0x3a92851d), TOBN(0x060e7f8a, 0xe96f4913), - TOBN(0x82eebe73, 0x1a3a93bc), TOBN(0x42bbf465, 0xa21adc1a), - TOBN(0xc10b6fa4, 0xef030efd), TOBN(0x247aa4c7, 0x87b097bb), - TOBN(0x8b8dc632, 0xf60c77da), TOBN(0x6ffbc26a, 0xc223523e), - TOBN(0xa4f6ff11, 0x344579cf), TOBN(0x5825653c, 0x980250f6), - TOBN(0xb2dd097e, 0xbc1aa2b9), TOBN(0x07889393, 0x37a0333a), - TOBN(0x1cf55e71, 0x37a0db38), TOBN(0x2648487f, 0x792c1613), - TOBN(0xdad01336, 0x3fcef261), TOBN(0x6239c81d, 0x0eabf129), - TOBN(0x8ee761de, 0x9d276be2), TOBN(0x406a7a34, 0x1eda6ad3), - TOBN(0x4bf367ba, 0x4a493b31), TOBN(0x54f20a52, 0x9bf7f026), - TOBN(0xb696e062, 0x9795914b), TOBN(0xcddab96d, 0x8bf236ac), - TOBN(0x4ff2c70a, 0xed25ea13), TOBN(0xfa1d09eb, 0x81cbbbe7), - TOBN(0x88fc8c87, 0x468544c5), TOBN(0x847a670d, 0x696b3317), - TOBN(0xf133421e, 0x64bcb626), TOBN(0xaea638c8, 0x26dee0b5), - TOBN(0xd6e7680b, 0xb310346c), TOBN(0xe06f4097, 0xd5d4ced3), - TOBN(0x09961452, 0x7512a30b), TOBN(0xf3d867fd, 0xe589a59a), - TOBN(0x2e73254f, 0x52d0c180), TOBN(0x9063d8a3, 0x333c74ac), - TOBN(0xeda6c595, 0xd314e7bc), TOBN(0x2ee7464b, 0x467899ed), - TOBN(0x1cef423c, 0x0a1ed5d3), TOBN(0x217e76ea, 0x69cc7613), - TOBN(0x27ccce1f, 0xe7cda917), TOBN(0x12d8016b, 0x8a893f16), - TOBN(0xbcd6de84, 0x9fc74f6b), TOBN(0xfa5817e2, 0xf3144e61), - TOBN(0x1f354164, 0x0821ee4c), TOBN(0x1583eab4, 0x0bc61992), - TOBN(0x7490caf6, 0x1d72879f), TOBN(0x998ad9f3, 0xf76ae7b2), - TOBN(0x1e181950, 0xa41157f7), TOBN(0xa9d7e1e6, 0xe8da3a7e), - TOBN(0x963784eb, 0x8426b95f), TOBN(0x0ee4ed6e, 0x542e2a10), - TOBN(0xb79d4cc5, 0xac751e7b), TOBN(0x93f96472, 0xfd4211bd), - TOBN(0x8c72d3d2, 0xc8de4fc6), TOBN(0x7b69cbf5, 0xdf44f064), - TOBN(0x3da90ca2, 0xf4bf94e1), TOBN(0x1a5325f8, 0xf12894e2), - TOBN(0x0a437f6c, 0x7917d60b), TOBN(0x9be70486, 0x96c9cb5d), - TOBN(0xb4d880bf, 0xe1dc5c05), TOBN(0xd738adda, 0xeebeeb57), - TOBN(0x6f0119d3, 0xdf0fe6a3), TOBN(0x5c686e55, 0x66eaaf5a), - TOBN(0x9cb10b50, 0xdfd0b7ec), TOBN(0xbdd0264b, 0x6a497c21), - TOBN(0xfc093514, 0x8c546c96), TOBN(0x58a947fa, 0x79dbf42a), - TOBN(0xc0b48d4e, 0x49ccd6d7), TOBN(0xff8fb02c, 0x88bd5580), - TOBN(0xc75235e9, 0x07d473b2), TOBN(0x4fab1ac5, 0xa2188af3), - TOBN(0x030fa3bc, 0x97576ec0), TOBN(0xe8c946e8, 0x0b7e7d2f), - TOBN(0x40a5c9cc, 0x70305600), TOBN(0x6d8260a9, 0xc8b013b4), - TOBN(0x0368304f, 0x70bba85c), TOBN(0xad090da1, 0xa4a0d311), - TOBN(0x7170e870, 0x2415eec1), TOBN(0xbfba35fe, 0x8461ea47), - TOBN(0x6279019a, 0xc1e91938), TOBN(0xa47638f3, 0x1afc415f), - TOBN(0x36c65cbb, 0xbcba0e0f), TOBN(0x02160efb, 0x034e2c48), - TOBN(0xe6c51073, 0x615cd9e4), TOBN(0x498ec047, 0xf1243c06), - TOBN(0x3e5a8809, 0xb17b3d8c), TOBN(0x5cd99e61, 0x0cc565f1), - TOBN(0x81e312df, 0x7851dafe), TOBN(0xf156f5ba, 0xa79061e2), - TOBN(0x80d62b71, 0x880c590e), TOBN(0xbec9746f, 0x0a39faa1), - TOBN(0x1d98a9c1, 0xc8ed1f7a), TOBN(0x09e43bb5, 0xa81d5ff2), - TOBN(0xd5f00f68, 0x0da0794a), TOBN(0x412050d9, 0x661aa836), - TOBN(0xa89f7c4e, 0x90747e40), TOBN(0x6dc05ebb, 0xb62a3686), - TOBN(0xdf4de847, 0x308e3353), TOBN(0x53868fbb, 0x9fb53bb9), - TOBN(0x2b09d2c3, 0xcfdcf7dd), TOBN(0x41a9fce3, 0x723fcab4), - TOBN(0x73d905f7, 0x07f57ca3), TOBN(0x080f9fb1, 0xac8e1555), - TOBN(0x7c088e84, 0x9ba7a531), TOBN(0x07d35586, 0xed9a147f), - TOBN(0x602846ab, 0xaf48c336), TOBN(0x7320fd32, 0x0ccf0e79), - TOBN(0xaa780798, 0xb18bd1ff), TOBN(0x52c2e300, 0xafdd2905), - TOBN(0xf27ea3d6, 0x434267cd), TOBN(0x8b96d16d, 0x15605b5f), - TOBN(0x7bb31049, 0x4b45706b), TOBN(0xe7f58b8e, 0x743d25f8), - TOBN(0xe9b5e45b, 0x87f30076), TOBN(0xd19448d6, 0x5d053d5a), - TOBN(0x1ecc8cb9, 0xd3210a04), TOBN(0x6bc7d463, 0xdafb5269), - TOBN(0x3e59b10a, 0x67c3489f), TOBN(0x1769788c, 0x65641e1b), - TOBN(0x8a53b82d, 0xbd6cb838), TOBN(0x7066d6e6, 0x236d5f22), - TOBN(0x03aa1c61, 0x6908536e), TOBN(0xc971da0d, 0x66ae9809), - TOBN(0x01b3a86b, 0xc49a2fac), TOBN(0x3b8420c0, 0x3092e77a), - TOBN(0x02057300, 0x7d6fb556), TOBN(0x6941b2a1, 0xbff40a87), - TOBN(0x140b6308, 0x0658ff2a), TOBN(0x87804363, 0x3424ab36), - TOBN(0x0253bd51, 0x5751e299), TOBN(0xc75bcd76, 0x449c3e3a), - TOBN(0x92eb4090, 0x7f8f875d), TOBN(0x9c9d754e, 0x56c26bbf), - TOBN(0x158cea61, 0x8110bbe7), TOBN(0x62a6b802, 0x745f91ea), - TOBN(0xa79c41aa, 0xc6e7394b), TOBN(0x445b6a83, 0xad57ef10), - TOBN(0x0c5277eb, 0x6ea6f40c), TOBN(0x319fe96b, 0x88633365), - TOBN(0x0b0fc61f, 0x385f63cb), TOBN(0x41250c84, 0x22bdd127), - TOBN(0x67d153f1, 0x09e942c2), TOBN(0x60920d08, 0xc021ad5d), - TOBN(0x229f5746, 0x724d81a5), TOBN(0xb7ffb892, 0x5bba3299), - TOBN(0x518c51a1, 0xde413032), TOBN(0x2a9bfe77, 0x3c2fd94c), - TOBN(0xcbcde239, 0x3191f4fd), TOBN(0x43093e16, 0xd3d6ada1), - TOBN(0x184579f3, 0x58769606), TOBN(0x2c94a8b3, 0xd236625c), - TOBN(0x6922b9c0, 0x5c437d8e), TOBN(0x3d4ae423, 0xd8d9f3c8), - TOBN(0xf72c31c1, 0x2e7090a2), TOBN(0x4ac3f5f3, 0xd76a55bd), - TOBN(0x342508fc, 0x6b6af991), TOBN(0x0d527100, 0x1b5cebbd), - TOBN(0xb84740d0, 0xdd440dd7), TOBN(0x748ef841, 0x780162fd), - TOBN(0xa8dbfe0e, 0xdfc6fafb), TOBN(0xeadfdf05, 0xf7300f27), - TOBN(0x7d06555f, 0xfeba4ec9), TOBN(0x12c56f83, 0x9e25fa97), - TOBN(0x77f84203, 0xd39b8c34), TOBN(0xed8b1be6, 0x3125eddb), - TOBN(0x5bbf2441, 0xf6e39dc5), TOBN(0xb00f6ee6, 0x6a5d678a), - TOBN(0xba456ecf, 0x57d0ea99), TOBN(0xdcae0f58, 0x17e06c43), - TOBN(0x01643de4, 0x0f5b4baa), TOBN(0x2c324341, 0xd161b9be), - TOBN(0x80177f55, 0xe126d468), TOBN(0xed325f1f, 0x76748e09), - TOBN(0x6116004a, 0xcfa9bdc2), TOBN(0x2d8607e6, 0x3a9fb468), - TOBN(0x0e573e27, 0x6009d660), TOBN(0x3a525d2e, 0x8d10c5a1), - TOBN(0xd26cb45c, 0x3b9009a0), TOBN(0xb6b0cdc0, 0xde9d7448), - TOBN(0x949c9976, 0xe1337c26), TOBN(0x6faadebd, 0xd73d68e5), - TOBN(0x9e158614, 0xf1b768d9), TOBN(0x22dfa557, 0x9cc4f069), - TOBN(0xccd6da17, 0xbe93c6d6), TOBN(0x24866c61, 0xa504f5b9), - TOBN(0x2121353c, 0x8d694da1), TOBN(0x1c6ca580, 0x0140b8c6), - TOBN(0xc245ad8c, 0xe964021e), TOBN(0xb83bffba, 0x032b82b3), - TOBN(0xfaa220c6, 0x47ef9898), TOBN(0x7e8d3ac6, 0x982c948a), - TOBN(0x1faa2091, 0xbc2d124a), TOBN(0xbd54c3dd, 0x05b15ff4), - TOBN(0x386bf3ab, 0xc87c6fb7), TOBN(0xfb2b0563, 0xfdeb6f66), - TOBN(0x4e77c557, 0x5b45afb4), TOBN(0xe9ded649, 0xefb8912d), - TOBN(0x7ec9bbf5, 0x42f6e557), TOBN(0x2570dfff, 0x62671f00), - TOBN(0x2b3bfb78, 0x88e084bd), TOBN(0xa024b238, 0xf37fe5b4), - TOBN(0x44e7dc04, 0x95649aee), TOBN(0x498ca255, 0x5e7ec1d8), - TOBN(0x3bc766ea, 0xaaa07e86), TOBN(0x0db6facb, 0xf3608586), - TOBN(0xbadd2549, 0xbdc259c8), TOBN(0x95af3c6e, 0x041c649f), - TOBN(0xb36a928c, 0x02e30afb), TOBN(0x9b5356ad, 0x008a88b8), - TOBN(0x4b67a5f1, 0xcf1d9e9d), TOBN(0xc6542e47, 0xa5d8d8ce), - TOBN(0x73061fe8, 0x7adfb6cc), TOBN(0xcc826fd3, 0x98678141), - TOBN(0x00e758b1, 0x3c80515a), TOBN(0x6afe3247, 0x41485083), - TOBN(0x0fcb08b9, 0xb6ae8a75), TOBN(0xb8cf388d, 0x4acf51e1), - TOBN(0x344a5560, 0x6961b9d6), TOBN(0x1a6778b8, 0x6a97fd0c), - TOBN(0xd840fdc1, 0xecc4c7e3), TOBN(0xde9fe47d, 0x16db68cc), - TOBN(0xe95f89de, 0xa3e216aa), TOBN(0x84f1a6a4, 0x9594a8be), - TOBN(0x7ddc7d72, 0x5a7b162b), TOBN(0xc5cfda19, 0xadc817a3), - TOBN(0x80a5d350, 0x78b58d46), TOBN(0x93365b13, 0x82978f19), - TOBN(0x2e44d225, 0x26a1fc90), TOBN(0x0d6d10d2, 0x4d70705d), - TOBN(0xd94b6b10, 0xd70c45f4), TOBN(0x0f201022, 0xb216c079), - TOBN(0xcec966c5, 0x658fde41), TOBN(0xa8d2bc7d, 0x7e27601d), - TOBN(0xbfcce3e1, 0xff230be7), TOBN(0x3394ff6b, 0x0033ffb5), - TOBN(0xd890c509, 0x8132c9af), TOBN(0xaac4b0eb, 0x361e7868), - TOBN(0x5194ded3, 0xe82d15aa), TOBN(0x4550bd2e, 0x23ae6b7d), - TOBN(0x3fda318e, 0xea5399d4), TOBN(0xd989bffa, 0x91638b80), - TOBN(0x5ea124d0, 0xa14aa12d), TOBN(0x1fb1b899, 0x3667b944), - TOBN(0x95ec7969, 0x44c44d6a), TOBN(0x91df144a, 0x57e86137), - TOBN(0x915fd620, 0x73adac44), TOBN(0x8f01732d, 0x59a83801), - TOBN(0xec579d25, 0x3aa0a633), TOBN(0x06de5e7c, 0xc9d6d59c), - TOBN(0xc132f958, 0xb1ef8010), TOBN(0x29476f96, 0xe65c1a02), - TOBN(0x336a77c0, 0xd34c3565), TOBN(0xef1105b2, 0x1b9f1e9e), - TOBN(0x63e6d08b, 0xf9e08002), TOBN(0x9aff2f21, 0xc613809e), - TOBN(0xb5754f85, 0x3a80e75d), TOBN(0xde71853e, 0x6bbda681), - TOBN(0x86f041df, 0x8197fd7a), TOBN(0x8b332e08, 0x127817fa), - TOBN(0x05d99be8, 0xb9c20cda), TOBN(0x89f7aad5, 0xd5cd0c98), - TOBN(0x7ef936fe, 0x5bb94183), TOBN(0x92ca0753, 0xb05cd7f2), - TOBN(0x9d65db11, 0x74a1e035), TOBN(0x02628cc8, 0x13eaea92), - TOBN(0xf2d9e242, 0x49e4fbf2), TOBN(0x94fdfd9b, 0xe384f8b7), - TOBN(0x65f56054, 0x63428c6b), TOBN(0x2f7205b2, 0x90b409a5), - TOBN(0xf778bb78, 0xff45ae11), TOBN(0xa13045be, 0xc5ee53b2), - TOBN(0xe00a14ff, 0x03ef77fe), TOBN(0x689cd59f, 0xffef8bef), - TOBN(0x3578f0ed, 0x1e9ade22), TOBN(0xe99f3ec0, 0x6268b6a8), - TOBN(0xa2057d91, 0xea1b3c3e), TOBN(0x2d1a7053, 0xb8823a4a), - TOBN(0xabbb336a, 0x2cca451e), TOBN(0xcd2466e3, 0x2218bb5d), - TOBN(0x3ac1f42f, 0xc8cb762d), TOBN(0x7e312aae, 0x7690211f), - TOBN(0xebb9bd73, 0x45d07450), TOBN(0x207c4b82, 0x46c2213f), - TOBN(0x99d425c1, 0x375913ec), TOBN(0x94e45e96, 0x67908220), - TOBN(0xc08f3087, 0xcd67dbf6), TOBN(0xa5670fbe, 0xc0887056), - TOBN(0x6717b64a, 0x66f5b8fc), TOBN(0xd5a56aea, 0x786fec28), - TOBN(0xa8c3f55f, 0xc0ff4952), TOBN(0xa77fefae, 0x457ac49b), - TOBN(0x29882d7c, 0x98379d44), TOBN(0xd000bdfb, 0x509edc8a), - TOBN(0xc6f95979, 0xe66fe464), TOBN(0x504a6115, 0xfa61bde0), - TOBN(0x56b3b871, 0xeffea31a), TOBN(0x2d3de26d, 0xf0c21a54), - TOBN(0x21dbff31, 0x834753bf), TOBN(0xe67ecf49, 0x69269d86), - TOBN(0x7a176952, 0x151fe690), TOBN(0x03515804, 0x7f2adb5f), - TOBN(0xee794b15, 0xd1b62a8d), TOBN(0xf004ceec, 0xaae454e6), - TOBN(0x0897ea7c, 0xf0386fac), TOBN(0x3b62ff12, 0xd1fca751), - TOBN(0x154181df, 0x1b7a04ec), TOBN(0x2008e04a, 0xfb5847ec), - TOBN(0xd147148e, 0x41dbd772), TOBN(0x2b419f73, 0x22942654), - TOBN(0x669f30d3, 0xe9c544f7), TOBN(0x52a2c223, 0xc8540149), - TOBN(0x5da9ee14, 0x634dfb02), TOBN(0x5f074ff0, 0xf47869f3), - TOBN(0x74ee878d, 0xa3933acc), TOBN(0xe6510651, 0x4fe35ed1), - TOBN(0xb3eb9482, 0xf1012e7a), TOBN(0x51013cc0, 0xa8a566ae), - TOBN(0xdd5e9243, 0x47c00d3b), TOBN(0x7fde089d, 0x946bb0e5), - TOBN(0x030754fe, 0xc731b4b3), TOBN(0x12a136a4, 0x99fda062), - TOBN(0x7c1064b8, 0x5a1a35bc), TOBN(0xbf1f5763, 0x446c84ef), - TOBN(0xed29a56d, 0xa16d4b34), TOBN(0x7fba9d09, 0xdca21c4f), - TOBN(0x66d7ac00, 0x6d8de486), TOBN(0x60061987, 0x73a2a5e1), - TOBN(0x8b400f86, 0x9da28ff0), TOBN(0x3133f708, 0x43c4599c), - TOBN(0x9911c9b8, 0xee28cb0d), TOBN(0xcd7e2874, 0x8e0af61d), - TOBN(0x5a85f0f2, 0x72ed91fc), TOBN(0x85214f31, 0x9cd4a373), - TOBN(0x881fe5be, 0x1925253c), TOBN(0xd8dc98e0, 0x91e8bc76), - TOBN(0x7120affe, 0x585cc3a2), TOBN(0x724952ed, 0x735bf97a), - TOBN(0x5581e7dc, 0x3eb34581), TOBN(0x5cbff4f2, 0xe52ee57d), - TOBN(0x8d320a0e, 0x87d8cc7b), TOBN(0x9beaa7f3, 0xf1d280d0), - TOBN(0x7a0b9571, 0x9beec704), TOBN(0x9126332e, 0x5b7f0057), - TOBN(0x01fbc1b4, 0x8ed3bd6d), TOBN(0x35bb2c12, 0xd945eb24), - TOBN(0x6404694e, 0x9a8ae255), TOBN(0xb6092eec, 0x8d6abfb3), - TOBN(0x4d76143f, 0xcc058865), TOBN(0x7b0a5af2, 0x6e249922), - TOBN(0x8aef9440, 0x6a50d353), TOBN(0xe11e4bcc, 0x64f0e07a), - TOBN(0x4472993a, 0xa14a90fa), TOBN(0x7706e20c, 0xba0c51d4), - TOBN(0xf403292f, 0x1532672d), TOBN(0x52573bfa, 0x21829382), - TOBN(0x6a7bb6a9, 0x3b5bdb83), TOBN(0x08da65c0, 0xa4a72318), - TOBN(0xc58d22aa, 0x63eb065f), TOBN(0x1717596c, 0x1b15d685), - TOBN(0x112df0d0, 0xb266d88b), TOBN(0xf688ae97, 0x5941945a), - TOBN(0x487386e3, 0x7c292cac), TOBN(0x42f3b50d, 0x57d6985c), - TOBN(0x6da4f998, 0x6a90fc34), TOBN(0xc8f257d3, 0x65ca8a8d), - TOBN(0xc2feabca, 0x6951f762), TOBN(0xe1bc81d0, 0x74c323ac), - TOBN(0x1bc68f67, 0x251a2a12), TOBN(0x10d86587, 0xbe8a70dc), - TOBN(0xd648af7f, 0xf0f84d2e), TOBN(0xf0aa9ebc, 0x6a43ac92), - TOBN(0x69e3be04, 0x27596893), TOBN(0xb6bb02a6, 0x45bf452b), - TOBN(0x0875c11a, 0xf4c698c8), TOBN(0x6652b5c7, 0xbece3794), - TOBN(0x7b3755fd, 0x4f5c0499), TOBN(0x6ea16558, 0xb5532b38), - TOBN(0xd1c69889, 0xa2e96ef7), TOBN(0x9c773c3a, 0x61ed8f48), - TOBN(0x2b653a40, 0x9b323abc), TOBN(0xe26605e1, 0xf0e1d791), - TOBN(0x45d41064, 0x4a87157a), TOBN(0x8f9a78b7, 0xcbbce616), - TOBN(0xcf1e44aa, 0xc407eddd), TOBN(0x81ddd1d8, 0xa35b964f), - TOBN(0x473e339e, 0xfd083999), TOBN(0x6c94bdde, 0x8e796802), - TOBN(0x5a304ada, 0x8545d185), TOBN(0x82ae44ea, 0x738bb8cb), - TOBN(0x628a35e3, 0xdf87e10e), TOBN(0xd3624f3d, 0xa15b9fe3), - TOBN(0xcc44209b, 0x14be4254), TOBN(0x7d0efcbc, 0xbdbc2ea5), - TOBN(0x1f603362, 0x04c37bbe), TOBN(0x21f363f5, 0x56a5852c), - TOBN(0xa1503d1c, 0xa8501550), TOBN(0x2251e0e1, 0xd8ab10bb), - TOBN(0xde129c96, 0x6961c51c), TOBN(0x1f7246a4, 0x81910f68), - TOBN(0x2eb744ee, 0x5f2591f2), TOBN(0x3c47d33f, 0x5e627157), - TOBN(0x4d6d62c9, 0x22f3bd68), TOBN(0x6120a64b, 0xcb8df856), - TOBN(0x3a9ac6c0, 0x7b5d07df), TOBN(0xa92b9558, 0x7ef39783), - TOBN(0xe128a134, 0xab3a9b4f), TOBN(0x41c18807, 0xb1252f05), - TOBN(0xfc7ed089, 0x80ba9b1c), TOBN(0xac8dc6de, 0xc532a9dd), - TOBN(0xbf829cef, 0x55246809), TOBN(0x101b784f, 0x5b4ee80f), - TOBN(0xc09945bb, 0xb6f11603), TOBN(0x57b09dbe, 0x41d2801e), - TOBN(0xfba5202f, 0xa97534a8), TOBN(0x7fd8ae5f, 0xc17b9614), - TOBN(0xa50ba666, 0x78308435), TOBN(0x9572f77c, 0xd3868c4d), - TOBN(0x0cef7bfd, 0x2dd7aab0), TOBN(0xe7958e08, 0x2c7c79ff), - TOBN(0x81262e42, 0x25346689), TOBN(0x716da290, 0xb07c7004), - TOBN(0x35f911ea, 0xb7950ee3), TOBN(0x6fd72969, 0x261d21b5), - TOBN(0x52389803, 0x08b640d3), TOBN(0x5b0026ee, 0x887f12a1), - TOBN(0x20e21660, 0x742e9311), TOBN(0x0ef6d541, 0x5ff77ff7), - TOBN(0x969127f0, 0xf9c41135), TOBN(0xf21d60c9, 0x68a64993), - TOBN(0x656e5d0c, 0xe541875c), TOBN(0xf1e0f84e, 0xa1d3c233), - TOBN(0x9bcca359, 0x06002d60), TOBN(0xbe2da60c, 0x06191552), - TOBN(0x5da8bbae, 0x61181ec3), TOBN(0x9f04b823, 0x65806f19), - TOBN(0xf1604a7d, 0xd4b79bb8), TOBN(0xaee806fb, 0x52c878c8), - TOBN(0x34144f11, 0x8d47b8e8), TOBN(0x72edf52b, 0x949f9054), - TOBN(0xebfca84e, 0x2127015a), TOBN(0x9051d0c0, 0x9cb7cef3), - TOBN(0x86e8fe58, 0x296deec8), TOBN(0x33b28188, 0x41010d74)}, - {TOBN(0x01079383, 0x171b445f), TOBN(0x9bcf21e3, 0x8131ad4c), - TOBN(0x8cdfe205, 0xc93987e8), TOBN(0xe63f4152, 0xc92e8c8f), - TOBN(0x729462a9, 0x30add43d), TOBN(0x62ebb143, 0xc980f05a), - TOBN(0x4f3954e5, 0x3b06e968), TOBN(0xfe1d75ad, 0x242cf6b1), - TOBN(0x5f95c6c7, 0xaf8685c8), TOBN(0xd4c1c8ce, 0x2f8f01aa), - TOBN(0xc44bbe32, 0x2574692a), TOBN(0xb8003478, 0xd4a4a068), - TOBN(0x7c8fc6e5, 0x2eca3cdb), TOBN(0xea1db16b, 0xec04d399), - TOBN(0xb05bc82e, 0x8f2bc5cf), TOBN(0x763d517f, 0xf44793d2), - TOBN(0x4451c1b8, 0x08bd98d0), TOBN(0x644b1cd4, 0x6575f240), - TOBN(0x6907eb33, 0x7375d270), TOBN(0x56c8bebd, 0xfa2286bd), - TOBN(0xc713d2ac, 0xc4632b46), TOBN(0x17da427a, 0xafd60242), - TOBN(0x313065b7, 0xc95c7546), TOBN(0xf8239898, 0xbf17a3de), - TOBN(0xf3b7963f, 0x4c830320), TOBN(0x842c7aa0, 0x903203e3), - TOBN(0xaf22ca0a, 0xe7327afb), TOBN(0x38e13092, 0x967609b6), - TOBN(0x73b8fb62, 0x757558f1), TOBN(0x3cc3e831, 0xf7eca8c1), - TOBN(0xe4174474, 0xf6331627), TOBN(0xa77989ca, 0xc3c40234), - TOBN(0xe5fd17a1, 0x44a081e0), TOBN(0xd797fb7d, 0xb70e296a), - TOBN(0x2b472b30, 0x481f719c), TOBN(0x0e632a98, 0xfe6f8c52), - TOBN(0x89ccd116, 0xc5f0c284), TOBN(0xf51088af, 0x2d987c62), - TOBN(0x2a2bccda, 0x4c2de6cf), TOBN(0x810f9efe, 0xf679f0f9), - TOBN(0xb0f394b9, 0x7ffe4b3e), TOBN(0x0b691d21, 0xe5fa5d21), - TOBN(0xb0bd7747, 0x9dfbbc75), TOBN(0xd2830fda, 0xfaf78b00), - TOBN(0xf78c249c, 0x52434f57), TOBN(0x4b1f7545, 0x98096dab), - TOBN(0x73bf6f94, 0x8ff8c0b3), TOBN(0x34aef03d, 0x454e134c), - TOBN(0xf8d151f4, 0xb7ac7ec5), TOBN(0xd6ceb95a, 0xe50da7d5), - TOBN(0xa1b492b0, 0xdc3a0eb8), TOBN(0x75157b69, 0xb3dd2863), - TOBN(0xe2c4c74e, 0xc5413d62), TOBN(0xbe329ff7, 0xbc5fc4c7), - TOBN(0x835a2aea, 0x60fa9dda), TOBN(0xf117f5ad, 0x7445cb87), - TOBN(0xae8317f4, 0xb0166f7a), TOBN(0xfbd3e3f7, 0xceec74e6), - TOBN(0xfdb516ac, 0xe0874bfd), TOBN(0x3d846019, 0xc681f3a3), - TOBN(0x0b12ee5c, 0x7c1620b0), TOBN(0xba68b4dd, 0x2b63c501), - TOBN(0xac03cd32, 0x6668c51e), TOBN(0x2a6279f7, 0x4e0bcb5b), - TOBN(0x17bd69b0, 0x6ae85c10), TOBN(0x72946979, 0x1dfdd3a6), - TOBN(0xd9a03268, 0x2c078bec), TOBN(0x41c6a658, 0xbfd68a52), - TOBN(0xcdea1024, 0x0e023900), TOBN(0xbaeec121, 0xb10d144d), - TOBN(0x5a600e74, 0x058ab8dc), TOBN(0x1333af21, 0xbb89ccdd), - TOBN(0xdf25eae0, 0x3aaba1f1), TOBN(0x2cada16e, 0x3b7144cf), - TOBN(0x657ee27d, 0x71ab98bc), TOBN(0x99088b4c, 0x7a6fc96e), - TOBN(0x05d5c0a0, 0x3549dbd4), TOBN(0x42cbdf8f, 0xf158c3ac), - TOBN(0x3fb6b3b0, 0x87edd685), TOBN(0x22071cf6, 0x86f064d0), - TOBN(0xd2d6721f, 0xff2811e5), TOBN(0xdb81b703, 0xfe7fae8c), - TOBN(0x3cfb74ef, 0xd3f1f7bb), TOBN(0x0cdbcd76, 0x16cdeb5d), - TOBN(0x4f39642a, 0x566a808c), TOBN(0x02b74454, 0x340064d6), - TOBN(0xfabbadca, 0x0528fa6f), TOBN(0xe4c3074c, 0xd3fc0bb6), - TOBN(0xb32cb8b0, 0xb796d219), TOBN(0xc3e95f4f, 0x34741dd9), - TOBN(0x87212125, 0x68edf6f5), TOBN(0x7a03aee4, 0xa2b9cb8e), - TOBN(0x0cd3c376, 0xf53a89aa), TOBN(0x0d8af9b1, 0x948a28dc), - TOBN(0xcf86a3f4, 0x902ab04f), TOBN(0x8aacb62a, 0x7f42002d), - TOBN(0x106985eb, 0xf62ffd52), TOBN(0xe670b54e, 0x5797bf10), - TOBN(0x4b405209, 0xc5e30aef), TOBN(0x12c97a20, 0x4365b5e9), - TOBN(0x104646ce, 0x1fe32093), TOBN(0x13cb4ff6, 0x3907a8c9), - TOBN(0x8b9f30d1, 0xd46e726b), TOBN(0xe1985e21, 0xaba0f499), - TOBN(0xc573dea9, 0x10a230cd), TOBN(0x24f46a93, 0xcd30f947), - TOBN(0xf2623fcf, 0xabe2010a), TOBN(0x3f278cb2, 0x73f00e4f), - TOBN(0xed55c67d, 0x50b920eb), TOBN(0xf1cb9a2d, 0x8e760571), - TOBN(0x7c50d109, 0x0895b709), TOBN(0x4207cf07, 0x190d4369), - TOBN(0x3b027e81, 0xc4127fe1), TOBN(0xa9f8b9ad, 0x3ae9c566), - TOBN(0x5ab10851, 0xacbfbba5), TOBN(0xa747d648, 0x569556f5), - TOBN(0xcc172b5c, 0x2ba97bf7), TOBN(0x15e0f77d, 0xbcfa3324), - TOBN(0xa345b797, 0x7686279d), TOBN(0x5a723480, 0xe38003d3), - TOBN(0xfd8e139f, 0x8f5fcda8), TOBN(0xf3e558c4, 0xbdee5bfd), - TOBN(0xd76cbaf4, 0xe33f9f77), TOBN(0x3a4c97a4, 0x71771969), - TOBN(0xda27e84b, 0xf6dce6a7), TOBN(0xff373d96, 0x13e6c2d1), - TOBN(0xf115193c, 0xd759a6e9), TOBN(0x3f9b7025, 0x63d2262c), - TOBN(0xd9764a31, 0x317cd062), TOBN(0x30779d8e, 0x199f8332), - TOBN(0xd8074106, 0x16b11b0b), TOBN(0x7917ab9f, 0x78aeaed8), - TOBN(0xb67a9cbe, 0x28fb1d8e), TOBN(0x2e313563, 0x136eda33), - TOBN(0x010b7069, 0xa371a86c), TOBN(0x44d90fa2, 0x6744e6b7), - TOBN(0x68190867, 0xd6b3e243), TOBN(0x9fe6cd9d, 0x59048c48), - TOBN(0xb900b028, 0x95731538), TOBN(0xa012062f, 0x32cae04f), - TOBN(0x8107c8bc, 0x9399d082), TOBN(0x47e8c54a, 0x41df12e2), - TOBN(0x14ba5117, 0xb6ef3f73), TOBN(0x22260bea, 0x81362f0b), - TOBN(0x90ea261e, 0x1a18cc20), TOBN(0x2192999f, 0x2321d636), - TOBN(0xef64d314, 0xe311b6a0), TOBN(0xd7401e4c, 0x3b54a1f5), - TOBN(0x19019983, 0x6fbca2ba), TOBN(0x46ad3293, 0x8fbffc4b), - TOBN(0xa142d3f6, 0x3786bf40), TOBN(0xeb5cbc26, 0xb67039fc), - TOBN(0x9cb0ae6c, 0x252bd479), TOBN(0x05e0f88a, 0x12b5848f), - TOBN(0x78f6d2b2, 0xa5c97663), TOBN(0x6f6e149b, 0xc162225c), - TOBN(0xe602235c, 0xde601a89), TOBN(0xd17bbe98, 0xf373be1f), - TOBN(0xcaf49a5b, 0xa8471827), TOBN(0x7e1a0a85, 0x18aaa116), - TOBN(0x6c833196, 0x270580c3), TOBN(0x1e233839, 0xf1c98a14), - TOBN(0x67b2f7b4, 0xae34e0a5), TOBN(0x47ac8745, 0xd8ce7289), - TOBN(0x2b74779a, 0x100dd467), TOBN(0x274a4337, 0x4ee50d09), - TOBN(0x603dcf13, 0x83608bc9), TOBN(0xcd9da6c3, 0xc89e8388), - TOBN(0x2660199f, 0x355116ac), TOBN(0xcc38bb59, 0xb6d18eed), - TOBN(0x3075f31f, 0x2f4bc071), TOBN(0x9774457f, 0x265dc57e), - TOBN(0x06a6a9c8, 0xc6db88bb), TOBN(0x6429d07f, 0x4ec98e04), - TOBN(0x8d05e57b, 0x05ecaa8b), TOBN(0x20f140b1, 0x7872ea7b), - TOBN(0xdf8c0f09, 0xca494693), TOBN(0x48d3a020, 0xf252e909), - TOBN(0x4c5c29af, 0x57b14b12), TOBN(0x7e6fa37d, 0xbf47ad1c), - TOBN(0x66e7b506, 0x49a0c938), TOBN(0xb72c0d48, 0x6be5f41f), - TOBN(0x6a6242b8, 0xb2359412), TOBN(0xcd35c774, 0x8e859480), - TOBN(0x12536fea, 0x87baa627), TOBN(0x58c1fec1, 0xf72aa680), - TOBN(0x6c29b637, 0x601e5dc9), TOBN(0x9e3c3c1c, 0xde9e01b9), - TOBN(0xefc8127b, 0x2bcfe0b0), TOBN(0x35107102, 0x2a12f50d), - TOBN(0x6ccd6cb1, 0x4879b397), TOBN(0xf792f804, 0xf8a82f21), - TOBN(0x509d4804, 0xa9b46402), TOBN(0xedddf85d, 0xc10f0850), - TOBN(0x928410dc, 0x4b6208aa), TOBN(0xf6229c46, 0x391012dc), - TOBN(0xc5a7c41e, 0x7727b9b6), TOBN(0x289e4e4b, 0xaa444842), - TOBN(0x049ba1d9, 0xe9a947ea), TOBN(0x44f9e47f, 0x83c8debc), - TOBN(0xfa77a1fe, 0x611f8b8e), TOBN(0xfd2e416a, 0xf518f427), - TOBN(0xc5fffa70, 0x114ebac3), TOBN(0xfe57c4e9, 0x5d89697b), - TOBN(0xfdd053ac, 0xb1aaf613), TOBN(0x31df210f, 0xea585a45), - TOBN(0x318cc10e, 0x24985034), TOBN(0x1a38efd1, 0x5f1d6130), - TOBN(0xbf86f237, 0x0b1e9e21), TOBN(0xb258514d, 0x1dbe88aa), - TOBN(0x1e38a588, 0x90c1baf9), TOBN(0x2936a01e, 0xbdb9b692), - TOBN(0xd576de98, 0x6dd5b20c), TOBN(0xb586bf71, 0x70f98ecf), - TOBN(0xcccf0f12, 0xc42d2fd7), TOBN(0x8717e61c, 0xfb35bd7b), - TOBN(0x8b1e5722, 0x35e6fc06), TOBN(0x3477728f, 0x0b3e13d5), - TOBN(0x150c294d, 0xaa8a7372), TOBN(0xc0291d43, 0x3bfa528a), - TOBN(0xc6c8bc67, 0xcec5a196), TOBN(0xdeeb31e4, 0x5c2e8a7c), - TOBN(0xba93e244, 0xfb6e1c51), TOBN(0xb9f8b71b, 0x2e28e156), - TOBN(0xce65a287, 0x968a2ab9), TOBN(0xe3c5ce69, 0x46bbcb1f), - TOBN(0xf8c835b9, 0xe7ae3f30), TOBN(0x16bbee26, 0xff72b82b), - TOBN(0x665e2017, 0xfd42cd22), TOBN(0x1e139970, 0xf8b1d2a0), - TOBN(0x125cda29, 0x79204932), TOBN(0x7aee94a5, 0x49c3bee5), - TOBN(0x68c70160, 0x89821a66), TOBN(0xf7c37678, 0x8f981669), - TOBN(0xd90829fc, 0x48cc3645), TOBN(0x346af049, 0xd70addfc), - TOBN(0x2057b232, 0x370bf29c), TOBN(0xf90c73ce, 0x42e650ee), - TOBN(0xe03386ea, 0xa126ab90), TOBN(0x0e266e7e, 0x975a087b), - TOBN(0x80578eb9, 0x0fca65d9), TOBN(0x7e2989ea, 0x16af45b8), - TOBN(0x7438212d, 0xcac75a4e), TOBN(0x38c7ca39, 0x4fef36b8), - TOBN(0x8650c494, 0xd402676a), TOBN(0x26ab5a66, 0xf72c7c48), - TOBN(0x4e6cb426, 0xce3a464e), TOBN(0xf8f99896, 0x2b72f841), - TOBN(0x8c318491, 0x1a335cc8), TOBN(0x563459ba, 0x6a5913e4), - TOBN(0x1b920d61, 0xc7b32919), TOBN(0x805ab8b6, 0xa02425ad), - TOBN(0x2ac512da, 0x8d006086), TOBN(0x6ca4846a, 0xbcf5c0fd), - TOBN(0xafea51d8, 0xac2138d7), TOBN(0xcb647545, 0x344cd443), - TOBN(0x0429ee8f, 0xbd7d9040), TOBN(0xee66a2de, 0x819b9c96), - TOBN(0x54f9ec25, 0xdea7d744), TOBN(0x2ffea642, 0x671721bb), - TOBN(0x4f19dbd1, 0x114344ea), TOBN(0x04304536, 0xfd0dbc8b), - TOBN(0x014b50aa, 0x29ec7f91), TOBN(0xb5fc22fe, 0xbb06014d), - TOBN(0x60d963a9, 0x1ee682e0), TOBN(0xdf48abc0, 0xfe85c727), - TOBN(0x0cadba13, 0x2e707c2d), TOBN(0xde608d3a, 0xa645aeff), - TOBN(0x05f1c28b, 0xedafd883), TOBN(0x3c362ede, 0xbd94de1f), - TOBN(0x8dd0629d, 0x13593e41), TOBN(0x0a5e736f, 0x766d6eaf), - TOBN(0xbfa92311, 0xf68cf9d1), TOBN(0xa4f9ef87, 0xc1797556), - TOBN(0x10d75a1f, 0x5601c209), TOBN(0x651c374c, 0x09b07361), - TOBN(0x49950b58, 0x88b5cead), TOBN(0x0ef00058, 0x6fa9dbaa), - TOBN(0xf51ddc26, 0x4e15f33a), TOBN(0x1f8b5ca6, 0x2ef46140), - TOBN(0x343ac0a3, 0xee9523f0), TOBN(0xbb75eab2, 0x975ea978), - TOBN(0x1bccf332, 0x107387f4), TOBN(0x790f9259, 0x9ab0062e), - TOBN(0xf1a363ad, 0x1e4f6a5f), TOBN(0x06e08b84, 0x62519a50), - TOBN(0x60915187, 0x7265f1ee), TOBN(0x6a80ca34, 0x93ae985e), - TOBN(0x81b29768, 0xaaba4864), TOBN(0xb13cabf2, 0x8d52a7d6), - TOBN(0xb5c36348, 0x8ead03f1), TOBN(0xc932ad95, 0x81c7c1c0), - TOBN(0x5452708e, 0xcae1e27b), TOBN(0x9dac4269, 0x1b0df648), - TOBN(0x233e3f0c, 0xdfcdb8bc), TOBN(0xe6ceccdf, 0xec540174), - TOBN(0xbd0d845e, 0x95081181), TOBN(0xcc8a7920, 0x699355d5), - TOBN(0x111c0f6d, 0xc3b375a8), TOBN(0xfd95bc6b, 0xfd51e0dc), - TOBN(0x4a106a26, 0x6888523a), TOBN(0x4d142bd6, 0xcb01a06d), - TOBN(0x79bfd289, 0xadb9b397), TOBN(0x0bdbfb94, 0xe9863914), - TOBN(0x29d8a229, 0x1660f6a6), TOBN(0x7f6abcd6, 0x551c042d), - TOBN(0x13039deb, 0x0ac3ffe8), TOBN(0xa01be628, 0xec8523fb), - TOBN(0x6ea34103, 0x0ca1c328), TOBN(0xc74114bd, 0xb903928e), - TOBN(0x8aa4ff4e, 0x9e9144b0), TOBN(0x7064091f, 0x7f9a4b17), - TOBN(0xa3f4f521, 0xe447f2c4), TOBN(0x81b8da7a, 0x604291f0), - TOBN(0xd680bc46, 0x7d5926de), TOBN(0x84f21fd5, 0x34a1202f), - TOBN(0x1d1e3181, 0x4e9df3d8), TOBN(0x1ca4861a, 0x39ab8d34), - TOBN(0x809ddeec, 0x5b19aa4a), TOBN(0x59f72f7e, 0x4d329366), - TOBN(0xa2f93f41, 0x386d5087), TOBN(0x40bf739c, 0xdd67d64f), - TOBN(0xb4494205, 0x66702158), TOBN(0xc33c65be, 0x73b1e178), - TOBN(0xcdcd657c, 0x38ca6153), TOBN(0x97f4519a, 0xdc791976), - TOBN(0xcc7c7f29, 0xcd6e1f39), TOBN(0x38de9cfb, 0x7e3c3932), - TOBN(0xe448eba3, 0x7b793f85), TOBN(0xe9f8dbf9, 0xf067e914), - TOBN(0xc0390266, 0xf114ae87), TOBN(0x39ed75a7, 0xcd6a8e2a), - TOBN(0xadb14848, 0x7ffba390), TOBN(0x67f8cb8b, 0x6af9bc09), - TOBN(0x322c3848, 0x9c7476db), TOBN(0xa320fecf, 0x52a538d6), - TOBN(0xe0493002, 0xb2aced2b), TOBN(0xdfba1809, 0x616bd430), - TOBN(0x531c4644, 0xc331be70), TOBN(0xbc04d32e, 0x90d2e450), - TOBN(0x1805a0d1, 0x0f9f142d), TOBN(0x2c44a0c5, 0x47ee5a23), - TOBN(0x31875a43, 0x3989b4e3), TOBN(0x6b1949fd, 0x0c063481), - TOBN(0x2dfb9e08, 0xbe0f4492), TOBN(0x3ff0da03, 0xe9d5e517), - TOBN(0x03dbe9a1, 0xf79466a8), TOBN(0x0b87bcd0, 0x15ea9932), - TOBN(0xeb64fc83, 0xab1f58ab), TOBN(0x6d9598da, 0x817edc8a), - TOBN(0x699cff66, 0x1d3b67e5), TOBN(0x645c0f29, 0x92635853), - TOBN(0x253cdd82, 0xeabaf21c), TOBN(0x82b9602a, 0x2241659e), - TOBN(0x2cae07ec, 0x2d9f7091), TOBN(0xbe4c720c, 0x8b48cd9b), - TOBN(0x6ce5bc03, 0x6f08d6c9), TOBN(0x36e8a997, 0xaf10bf40), - TOBN(0x83422d21, 0x3e10ff12), TOBN(0x7b26d3eb, 0xbcc12494), - TOBN(0xb240d2d0, 0xc9469ad6), TOBN(0xc4a11b4d, 0x30afa05b), - TOBN(0x4b604ace, 0xdd6ba286), TOBN(0x18486600, 0x3ee2864c), - TOBN(0x5869d6ba, 0x8d9ce5be), TOBN(0x0d8f68c5, 0xff4bfb0d), - TOBN(0xb69f210b, 0x5700cf73), TOBN(0x61f6653a, 0x6d37c135), - TOBN(0xff3d432b, 0x5aff5a48), TOBN(0x0d81c4b9, 0x72ba3a69), - TOBN(0xee879ae9, 0xfa1899ef), TOBN(0xbac7e2a0, 0x2d6acafd), - TOBN(0xd6d93f6c, 0x1c664399), TOBN(0x4c288de1, 0x5bcb135d), - TOBN(0x83031dab, 0x9dab7cbf), TOBN(0xfe23feb0, 0x3abbf5f0), - TOBN(0x9f1b2466, 0xcdedca85), TOBN(0x140bb710, 0x1a09538c), - TOBN(0xac8ae851, 0x5e11115d), TOBN(0x0d63ff67, 0x6f03f59e), - TOBN(0x755e5551, 0x7d234afb), TOBN(0x61c2db4e, 0x7e208fc1), - TOBN(0xaa9859ce, 0xf28a4b5d), TOBN(0xbdd6d4fc, 0x34af030f), - TOBN(0xd1c4a26d, 0x3be01cb1), TOBN(0x9ba14ffc, 0x243aa07c), - TOBN(0xf95cd3a9, 0xb2503502), TOBN(0xe379bc06, 0x7d2a93ab), - TOBN(0x3efc18e9, 0xd4ca8d68), TOBN(0x083558ec, 0x80bb412a), - TOBN(0xd903b940, 0x9645a968), TOBN(0xa499f0b6, 0x9ba6054f), - TOBN(0x208b573c, 0xb8349abe), TOBN(0x3baab3e5, 0x30b4fc1c), - TOBN(0x87e978ba, 0xcb524990), TOBN(0x3524194e, 0xccdf0e80), - TOBN(0x62711725, 0x7d4bcc42), TOBN(0xe90a3d9b, 0xb90109ba), - TOBN(0x3b1bdd57, 0x1323e1e0), TOBN(0xb78e9bd5, 0x5eae1599), - TOBN(0x0794b746, 0x9e03d278), TOBN(0x80178605, 0xd70e6297), - TOBN(0x171792f8, 0x99c97855), TOBN(0x11b393ee, 0xf5a86b5c), - TOBN(0x48ef6582, 0xd8884f27), TOBN(0xbd44737a, 0xbf19ba5f), - TOBN(0x8698de4c, 0xa42062c6), TOBN(0x8975eb80, 0x61ce9c54), - TOBN(0xd50e57c7, 0xd7fe71f3), TOBN(0x15342190, 0xbc97ce38), - TOBN(0x51bda2de, 0x4df07b63), TOBN(0xba12aeae, 0x200eb87d), - TOBN(0xabe135d2, 0xa9b4f8f6), TOBN(0x04619d65, 0xfad6d99c), - TOBN(0x4a6683a7, 0x7994937c), TOBN(0x7a778c8b, 0x6f94f09a), - TOBN(0x8c508623, 0x20a71b89), TOBN(0x241a2aed, 0x1c229165), - TOBN(0x352be595, 0xaaf83a99), TOBN(0x9fbfee7f, 0x1562bac8), - TOBN(0xeaf658b9, 0x5c4017e3), TOBN(0x1dc7f9e0, 0x15120b86), - TOBN(0xd84f13dd, 0x4c034d6f), TOBN(0x283dd737, 0xeaea3038), - TOBN(0x197f2609, 0xcd85d6a2), TOBN(0x6ebbc345, 0xfae60177), - TOBN(0xb80f031b, 0x4e12fede), TOBN(0xde55d0c2, 0x07a2186b), - TOBN(0x1fb3e37f, 0x24dcdd5a), TOBN(0x8d602da5, 0x7ed191fb), - TOBN(0x108fb056, 0x76023e0d), TOBN(0x70178c71, 0x459c20c0), - TOBN(0xfad5a386, 0x3fe54cf0), TOBN(0xa4a3ec4f, 0x02bbb475), - TOBN(0x1aa5ec20, 0x919d94d7), TOBN(0x5d3b63b5, 0xa81e4ab3), - TOBN(0x7fa733d8, 0x5ad3d2af), TOBN(0xfbc586dd, 0xd1ac7a37), - TOBN(0x282925de, 0x40779614), TOBN(0xfe0ffffb, 0xe74a242a), - TOBN(0x3f39e67f, 0x906151e5), TOBN(0xcea27f5f, 0x55e10649), - TOBN(0xdca1d4e1, 0xc17cf7b7), TOBN(0x0c326d12, 0x2fe2362d), - TOBN(0x05f7ac33, 0x7dd35df3), TOBN(0x0c3b7639, 0xc396dbdf), - TOBN(0x0912f5ac, 0x03b7db1c), TOBN(0x9dea4b70, 0x5c9ed4a9), - TOBN(0x475e6e53, 0xaae3f639), TOBN(0xfaba0e7c, 0xfc278bac), - TOBN(0x16f9e221, 0x9490375f), TOBN(0xaebf9746, 0xa5a7ed0a), - TOBN(0x45f9af3f, 0xf41ad5d6), TOBN(0x03c4623c, 0xb2e99224), - TOBN(0x82c5bb5c, 0xb3cf56aa), TOBN(0x64311819, 0x34567ed3), - TOBN(0xec57f211, 0x8be489ac), TOBN(0x2821895d, 0xb9a1104b), - TOBN(0x610dc875, 0x6064e007), TOBN(0x8e526f3f, 0x5b20d0fe), - TOBN(0x6e71ca77, 0x5b645aee), TOBN(0x3d1dcb9f, 0x800e10ff), - TOBN(0x36b51162, 0x189cf6de), TOBN(0x2c5a3e30, 0x6bb17353), - TOBN(0xc186cd3e, 0x2a6c6fbf), TOBN(0xa74516fa, 0x4bf97906), - TOBN(0x5b4b8f4b, 0x279d6901), TOBN(0x0c4e57b4, 0x2b573743), - TOBN(0x75fdb229, 0xb6e386b6), TOBN(0xb46793fd, 0x99deac27), - TOBN(0xeeec47ea, 0xcf712629), TOBN(0xe965f3c4, 0xcbc3b2dd), - TOBN(0x8dd1fb83, 0x425c6559), TOBN(0x7fc00ee6, 0x0af06fda), - TOBN(0xe98c9225, 0x33d956df), TOBN(0x0f1ef335, 0x4fbdc8a2), - TOBN(0x2abb5145, 0xb79b8ea2), TOBN(0x40fd2945, 0xbdbff288), - TOBN(0x6a814ac4, 0xd7185db7), TOBN(0xc4329d6f, 0xc084609a), - TOBN(0xc9ba7b52, 0xed1be45d), TOBN(0x891dd20d, 0xe4cd2c74), - TOBN(0x5a4d4a7f, 0x824139b1), TOBN(0x66c17716, 0xb873c710), - TOBN(0x5e5bc141, 0x2843c4e0), TOBN(0xd5ac4817, 0xb97eb5bf), - TOBN(0xc0f8af54, 0x450c95c7), TOBN(0xc91b3fa0, 0x318406c5), - TOBN(0x360c340a, 0xab9d97f8), TOBN(0xfb57bd07, 0x90a2d611), - TOBN(0x4339ae3c, 0xa6a6f7e5), TOBN(0x9c1fcd2a, 0x2feb8a10), - TOBN(0x972bcca9, 0xc7ea7432), TOBN(0x1b0b924c, 0x308076f6), - TOBN(0x80b2814a, 0x2a5b4ca5), TOBN(0x2f78f55b, 0x61ef3b29), - TOBN(0xf838744a, 0xc18a414f), TOBN(0xc611eaae, 0x903d0a86), - TOBN(0x94dabc16, 0x2a453f55), TOBN(0xe6f2e3da, 0x14efb279), - TOBN(0x5b7a6017, 0x9320dc3c), TOBN(0x692e382f, 0x8df6b5a4), - TOBN(0x3f5e15e0, 0x2d40fa90), TOBN(0xc87883ae, 0x643dd318), - TOBN(0x511053e4, 0x53544774), TOBN(0x834d0ecc, 0x3adba2bc), - TOBN(0x4215d7f7, 0xbae371f5), TOBN(0xfcfd57bf, 0x6c8663bc), - TOBN(0xded2383d, 0xd6901b1d), TOBN(0x3b49fbb4, 0xb5587dc3), - TOBN(0xfd44a08d, 0x07625f62), TOBN(0x3ee4d65b, 0x9de9b762)}, - {TOBN(0x64e5137d, 0x0d63d1fa), TOBN(0x658fc052, 0x02a9d89f), - TOBN(0x48894874, 0x50436309), TOBN(0xe9ae30f8, 0xd598da61), - TOBN(0x2ed710d1, 0x818baf91), TOBN(0xe27e9e06, 0x8b6a0c20), - TOBN(0x1e28dcfb, 0x1c1a6b44), TOBN(0x883acb64, 0xd6ac57dc), - TOBN(0x8735728d, 0xc2c6ff70), TOBN(0x79d6122f, 0xc5dc2235), - TOBN(0x23f5d003, 0x19e277f9), TOBN(0x7ee84e25, 0xdded8cc7), - TOBN(0x91a8afb0, 0x63cd880a), TOBN(0x3f3ea7c6, 0x3574af60), - TOBN(0x0cfcdc84, 0x02de7f42), TOBN(0x62d0792f, 0xb31aa152), - TOBN(0x8e1b4e43, 0x8a5807ce), TOBN(0xad283893, 0xe4109a7e), - TOBN(0xc30cc9cb, 0xafd59dda), TOBN(0xf65f36c6, 0x3d8d8093), - TOBN(0xdf31469e, 0xa60d32b2), TOBN(0xee93df4b, 0x3e8191c8), - TOBN(0x9c1017c5, 0x355bdeb5), TOBN(0xd2623185, 0x8616aa28), - TOBN(0xb02c83f9, 0xdec31a21), TOBN(0x988c8b23, 0x6ad9d573), - TOBN(0x53e983ae, 0xa57be365), TOBN(0xe968734d, 0x646f834e), - TOBN(0x9137ea8f, 0x5da6309b), TOBN(0x10f3a624, 0xc1f1ce16), - TOBN(0x782a9ea2, 0xca440921), TOBN(0xdf94739e, 0x5b46f1b5), - TOBN(0x9f9be006, 0xcce85c9b), TOBN(0x360e70d6, 0xa4c7c2d3), - TOBN(0x2cd5beea, 0xaefa1e60), TOBN(0x64cf63c0, 0x8c3d2b6d), - TOBN(0xfb107fa3, 0xe1cf6f90), TOBN(0xb7e937c6, 0xd5e044e6), - TOBN(0x74e8ca78, 0xce34db9f), TOBN(0x4f8b36c1, 0x3e210bd0), - TOBN(0x1df165a4, 0x34a35ea8), TOBN(0x3418e0f7, 0x4d4412f6), - TOBN(0x5af1f8af, 0x518836c3), TOBN(0x42ceef4d, 0x130e1965), - TOBN(0x5560ca0b, 0x543a1957), TOBN(0xc33761e5, 0x886cb123), - TOBN(0x66624b1f, 0xfe98ed30), TOBN(0xf772f4bf, 0x1090997d), - TOBN(0xf4e540bb, 0x4885d410), TOBN(0x7287f810, 0x9ba5f8d7), - TOBN(0x22d0d865, 0xde98dfb1), TOBN(0x49ff51a1, 0xbcfbb8a3), - TOBN(0xb6b6fa53, 0x6bc3012e), TOBN(0x3d31fd72, 0x170d541d), - TOBN(0x8018724f, 0x4b0f4966), TOBN(0x79e7399f, 0x87dbde07), - TOBN(0x56f8410e, 0xf4f8b16a), TOBN(0x97241afe, 0xc47b266a), - TOBN(0x0a406b8e, 0x6d9c87c1), TOBN(0x803f3e02, 0xcd42ab1b), - TOBN(0x7f0309a8, 0x04dbec69), TOBN(0xa83b85f7, 0x3bbad05f), - TOBN(0xc6097273, 0xad8e197f), TOBN(0xc097440e, 0x5067adc1), - TOBN(0x730eafb6, 0x3524ff16), TOBN(0xd7f9b51e, 0x823fc6ce), - TOBN(0x27bd0d32, 0x443e4ac0), TOBN(0x40c59ad9, 0x4d66f217), - TOBN(0x6c33136f, 0x17c387a4), TOBN(0x5043b8d5, 0xeb86804d), - TOBN(0x74970312, 0x675a73c9), TOBN(0x838fdb31, 0xf16669b6), - TOBN(0xc507b6dd, 0x418e7ddd), TOBN(0x39888d93, 0x472f19d6), - TOBN(0x7eae26be, 0x0c27eb4d), TOBN(0x17b53ed3, 0xfbabb884), - TOBN(0xfc27021b, 0x2b01ae4f), TOBN(0x88462e87, 0xcf488682), - TOBN(0xbee096ec, 0x215e2d87), TOBN(0xeb2fea9a, 0xd242e29b), - TOBN(0x5d985b5f, 0xb821fc28), TOBN(0x89d2e197, 0xdc1e2ad2), - TOBN(0x55b566b8, 0x9030ba62), TOBN(0xe3fd41b5, 0x4f41b1c6), - TOBN(0xb738ac2e, 0xb9a96d61), TOBN(0x7f8567ca, 0x369443f4), - TOBN(0x8698622d, 0xf803a440), TOBN(0x2b586236, 0x8fe2f4dc), - TOBN(0xbbcc00c7, 0x56b95bce), TOBN(0x5ec03906, 0x616da680), - TOBN(0x79162ee6, 0x72214252), TOBN(0x43132b63, 0x86a892d2), - TOBN(0x4bdd3ff2, 0x2f3263bf), TOBN(0xd5b3733c, 0x9cd0a142), - TOBN(0x592eaa82, 0x44415ccb), TOBN(0x663e8924, 0x8d5474ea), - TOBN(0x8058a25e, 0x5236344e), TOBN(0x82e8df9d, 0xbda76ee6), - TOBN(0xdcf6efd8, 0x11cc3d22), TOBN(0x00089cda, 0x3b4ab529), - TOBN(0x91d3a071, 0xbd38a3db), TOBN(0x4ea97fc0, 0xef72b925), - TOBN(0x0c9fc15b, 0xea3edf75), TOBN(0x5a6297cd, 0xa4348ed3), - TOBN(0x0d38ab35, 0xce7c42d4), TOBN(0x9fd493ef, 0x82feab10), - TOBN(0x46056b6d, 0x82111b45), TOBN(0xda11dae1, 0x73efc5c3), - TOBN(0xdc740278, 0x5545a7fb), TOBN(0xbdb2601c, 0x40d507e6), - TOBN(0x121dfeeb, 0x7066fa58), TOBN(0x214369a8, 0x39ae8c2a), - TOBN(0x195709cb, 0x06e0956c), TOBN(0x4c9d254f, 0x010cd34b), - TOBN(0xf51e13f7, 0x0471a532), TOBN(0xe19d6791, 0x1e73054d), - TOBN(0xf702a628, 0xdb5c7be3), TOBN(0xc7141218, 0xb24dde05), - TOBN(0xdc18233c, 0xf29b2e2e), TOBN(0x3a6bd1e8, 0x85342dba), - TOBN(0x3f747fa0, 0xb311898c), TOBN(0xe2a272e4, 0xcd0eac65), - TOBN(0x4bba5851, 0xf914d0bc), TOBN(0x7a1a9660, 0xc4a43ee3), - TOBN(0xe5a367ce, 0xa1c8cde9), TOBN(0x9d958ba9, 0x7271abe3), - TOBN(0xf3ff7eb6, 0x3d1615cd), TOBN(0xa2280dce, 0xf5ae20b0), - TOBN(0x56dba5c1, 0xcf640147), TOBN(0xea5a2e3d, 0x5e83d118), - TOBN(0x04cd6b6d, 0xda24c511), TOBN(0x1c0f4671, 0xe854d214), - TOBN(0x91a6b7a9, 0x69565381), TOBN(0xdc966240, 0xdecf1f5b), - TOBN(0x1b22d21c, 0xfcf5d009), TOBN(0x2a05f641, 0x9021dbd5), - TOBN(0x8c0ed566, 0xd4312483), TOBN(0x5179a95d, 0x643e216f), - TOBN(0xcc185fec, 0x17044493), TOBN(0xb3063339, 0x54991a21), - TOBN(0xd801ecdb, 0x0081a726), TOBN(0x0149b0c6, 0x4fa89bbb), - TOBN(0xafe9065a, 0x4391b6b9), TOBN(0xedc92786, 0xd633f3a3), - TOBN(0xe408c24a, 0xae6a8e13), TOBN(0x85833fde, 0x9f3897ab), - TOBN(0x43800e7e, 0xd81a0715), TOBN(0xde08e346, 0xb44ffc5f), - TOBN(0x7094184c, 0xcdeff2e0), TOBN(0x49f9387b, 0x165eaed1), - TOBN(0x635d6129, 0x777c468a), TOBN(0x8c0dcfd1, 0x538c2dd8), - TOBN(0xd6d9d9e3, 0x7a6a308b), TOBN(0x62375830, 0x4c2767d3), - TOBN(0x874a8bc6, 0xf38cbeb6), TOBN(0xd94d3f1a, 0xccb6fd9e), - TOBN(0x92a9735b, 0xba21f248), TOBN(0x272ad0e5, 0x6cd1efb0), - TOBN(0x7437b69c, 0x05b03284), TOBN(0xe7f04702, 0x6948c225), - TOBN(0x8a56c04a, 0xcba2ecec), TOBN(0x0c181270, 0xe3a73e41), - TOBN(0x6cb34e9d, 0x03e93725), TOBN(0xf77c8713, 0x496521a9), - TOBN(0x94569183, 0xfa7f9f90), TOBN(0xf2e7aa4c, 0x8c9707ad), - TOBN(0xced2c9ba, 0x26c1c9a3), TOBN(0x9109fe96, 0x40197507), - TOBN(0x9ae868a9, 0xe9adfe1c), TOBN(0x3984403d, 0x314e39bb), - TOBN(0xb5875720, 0xf2fe378f), TOBN(0x33f901e0, 0xba44a628), - TOBN(0xea1125fe, 0x3652438c), TOBN(0xae9ec4e6, 0x9dd1f20b), - TOBN(0x1e740d9e, 0xbebf7fbd), TOBN(0x6dbd3ddc, 0x42dbe79c), - TOBN(0x62082aec, 0xedd36776), TOBN(0xf612c478, 0xe9859039), - TOBN(0xa493b201, 0x032f7065), TOBN(0xebd4d8f2, 0x4ff9b211), - TOBN(0x3f23a0aa, 0xaac4cb32), TOBN(0xea3aadb7, 0x15ed4005), - TOBN(0xacf17ea4, 0xafa27e63), TOBN(0x56125c1a, 0xc11fd66c), - TOBN(0x266344a4, 0x3794f8dc), TOBN(0xdcca923a, 0x483c5c36), - TOBN(0x2d6b6bbf, 0x3f9d10a0), TOBN(0xb320c5ca, 0x81d9bdf3), - TOBN(0x620e28ff, 0x47b50a95), TOBN(0x933e3b01, 0xcef03371), - TOBN(0xf081bf85, 0x99100153), TOBN(0x183be9a0, 0xc3a8c8d6), - TOBN(0x4e3ddc5a, 0xd6bbe24d), TOBN(0xc6c74630, 0x53843795), - TOBN(0x78193dd7, 0x65ec2d4c), TOBN(0xb8df26cc, 0xcd3c89b2), - TOBN(0x98dbe399, 0x5a483f8d), TOBN(0x72d8a957, 0x7dd3313a), - TOBN(0x65087294, 0xab0bd375), TOBN(0xfcd89248, 0x7c259d16), - TOBN(0x8a9443d7, 0x7613aa81), TOBN(0x80100800, 0x85fe6584), - TOBN(0x70fc4dbc, 0x7fb10288), TOBN(0xf58280d3, 0xe86beee8), - TOBN(0x14fdd82f, 0x7c978c38), TOBN(0xdf1204c1, 0x0de44d7b), - TOBN(0xa08a1c84, 0x4160252f), TOBN(0x591554ca, 0xc17646a5), - TOBN(0x214a37d6, 0xa05bd525), TOBN(0x48d5f09b, 0x07957b3c), - TOBN(0x0247cdcb, 0xd7109bc9), TOBN(0x40f9e4bb, 0x30599ce7), - TOBN(0xc325fa03, 0xf46ad2ec), TOBN(0x00f766cf, 0xc3e3f9ee), - TOBN(0xab556668, 0xd43a4577), TOBN(0x68d30a61, 0x3ee03b93), - TOBN(0x7ddc81ea, 0x77b46a08), TOBN(0xcf5a6477, 0xc7480699), - TOBN(0x43a8cb34, 0x6633f683), TOBN(0x1b867e6b, 0x92363c60), - TOBN(0x43921114, 0x1f60558e), TOBN(0xcdbcdd63, 0x2f41450e), - TOBN(0x7fc04601, 0xcc630e8b), TOBN(0xea7c66d5, 0x97038b43), - TOBN(0x7259b8a5, 0x04e99fd8), TOBN(0x98a8dd12, 0x4785549a), - TOBN(0x0e459a7c, 0x840552e1), TOBN(0xcdfcf4d0, 0x4bb0909e), - TOBN(0x34a86db2, 0x53758da7), TOBN(0xe643bb83, 0xeac997e1), - TOBN(0x96400bd7, 0x530c5b7e), TOBN(0x9f97af87, 0xb41c8b52), - TOBN(0x34fc8820, 0xfbeee3f9), TOBN(0x93e53490, 0x49091afd), - TOBN(0x764b9be5, 0x9a31f35c), TOBN(0x71f37864, 0x57e3d924), - TOBN(0x02fb34e0, 0x943aa75e), TOBN(0xa18c9c58, 0xab8ff6e4), - TOBN(0x080f31b1, 0x33cf0d19), TOBN(0x5c9682db, 0x083518a7), - TOBN(0x873d4ca6, 0xb709c3de), TOBN(0x64a84262, 0x3575b8f0), - TOBN(0x6275da1f, 0x020154bb), TOBN(0x97678caa, 0xd17cf1ab), - TOBN(0x8779795f, 0x951a95c3), TOBN(0xdd35b163, 0x50fccc08), - TOBN(0x32709627, 0x33d8f031), TOBN(0x3c5ab10a, 0x498dd85c), - TOBN(0xb6c185c3, 0x41dca566), TOBN(0x7de7feda, 0xd8622aa3), - TOBN(0x99e84d92, 0x901b6dfb), TOBN(0x30a02b0e, 0x7c4ad288), - TOBN(0xc7c81daa, 0x2fd3cf36), TOBN(0xd1319547, 0xdf89e59f), - TOBN(0xb2be8184, 0xcd496733), TOBN(0xd5f449eb, 0x93d3412b), - TOBN(0x7ea41b1b, 0x25fe531d), TOBN(0xf9797432, 0x6a1d5646), - TOBN(0x86067f72, 0x2bde501a), TOBN(0xf91481c0, 0x0c85e89c), - TOBN(0xca8ee465, 0xf8b05bc6), TOBN(0x1844e1cf, 0x02e83cda), - TOBN(0xca82114a, 0xb4dbe33b), TOBN(0x0f9f8769, 0x4eabfde2), - TOBN(0x4936b1c0, 0x38b27fe2), TOBN(0x63b6359b, 0xaba402df), - TOBN(0x40c0ea2f, 0x656bdbab), TOBN(0x9c992a89, 0x6580c39c), - TOBN(0x600e8f15, 0x2a60aed1), TOBN(0xeb089ca4, 0xe0bf49df), - TOBN(0x9c233d7d, 0x2d42d99a), TOBN(0x648d3f95, 0x4c6bc2fa), - TOBN(0xdcc383a8, 0xe1add3f3), TOBN(0xf42c0c6a, 0x4f64a348), - TOBN(0x2abd176f, 0x0030dbdb), TOBN(0x4de501a3, 0x7d6c215e), - TOBN(0x4a107c1f, 0x4b9a64bc), TOBN(0xa77f0ad3, 0x2496cd59), - TOBN(0xfb78ac62, 0x7688dffb), TOBN(0x7025a2ca, 0x67937d8e), - TOBN(0xfde8b2d1, 0xd1a8f4e7), TOBN(0xf5b3da47, 0x7354927c), - TOBN(0xe48606a3, 0xd9205735), TOBN(0xac477cc6, 0xe177b917), - TOBN(0xfb1f73d2, 0xa883239a), TOBN(0xe12572f6, 0xcc8b8357), - TOBN(0x9d355e9c, 0xfb1f4f86), TOBN(0x89b795f8, 0xd9f3ec6e), - TOBN(0x27be56f1, 0xb54398dc), TOBN(0x1890efd7, 0x3fedeed5), - TOBN(0x62f77f1f, 0x9c6d0140), TOBN(0x7ef0e314, 0x596f0ee4), - TOBN(0x50ca6631, 0xcc61dab3), TOBN(0x4a39801d, 0xf4866e4f), - TOBN(0x66c8d032, 0xae363b39), TOBN(0x22c591e5, 0x2ead66aa), - TOBN(0x954ba308, 0xde02a53e), TOBN(0x2a6c060f, 0xd389f357), - TOBN(0xe6cfcde8, 0xfbf40b66), TOBN(0x8e02fc56, 0xc6340ce1), - TOBN(0xe4957795, 0x73adb4ba), TOBN(0x7b86122c, 0xa7b03805), - TOBN(0x63f83512, 0x0c8e6fa6), TOBN(0x83660ea0, 0x057d7804), - TOBN(0xbad79105, 0x21ba473c), TOBN(0xb6c50bee, 0xded5389d), - TOBN(0xee2caf4d, 0xaa7c9bc0), TOBN(0xd97b8de4, 0x8c4e98a7), - TOBN(0xa9f63e70, 0xab3bbddb), TOBN(0x3898aabf, 0x2597815a), - TOBN(0x7659af89, 0xac15b3d9), TOBN(0xedf7725b, 0x703ce784), - TOBN(0x25470fab, 0xe085116b), TOBN(0x04a43375, 0x87285310), - TOBN(0x4e39187e, 0xe2bfd52f), TOBN(0x36166b44, 0x7d9ebc74), - TOBN(0x92ad433c, 0xfd4b322c), TOBN(0x726aa817, 0xba79ab51), - TOBN(0xf96eacd8, 0xc1db15eb), TOBN(0xfaf71e91, 0x0476be63), - TOBN(0xdd69a640, 0x641fad98), TOBN(0xb7995918, 0x29622559), - TOBN(0x03c6daa5, 0xde4199dc), TOBN(0x92cadc97, 0xad545eb4), - TOBN(0x1028238b, 0x256534e4), TOBN(0x73e80ce6, 0x8595409a), - TOBN(0x690d4c66, 0xd05dc59b), TOBN(0xc95f7b8f, 0x981dee80), - TOBN(0xf4337014, 0xd856ac25), TOBN(0x441bd9dd, 0xac524dca), - TOBN(0x640b3d85, 0x5f0499f5), TOBN(0x39cf84a9, 0xd5fda182), - TOBN(0x04e7b055, 0xb2aa95a0), TOBN(0x29e33f0a, 0x0ddf1860), - TOBN(0x082e74b5, 0x423f6b43), TOBN(0x217edeb9, 0x0aaa2b0f), - TOBN(0x58b83f35, 0x83cbea55), TOBN(0xc485ee4d, 0xbc185d70), - TOBN(0x833ff03b, 0x1e5f6992), TOBN(0xb5b9b9cc, 0xcf0c0dd5), - TOBN(0x7caaee8e, 0x4e9e8a50), TOBN(0x462e907b, 0x6269dafd), - TOBN(0x6ed5cee9, 0xfbe791c6), TOBN(0x68ca3259, 0xed430790), - TOBN(0x2b72bdf2, 0x13b5ba88), TOBN(0x60294c8a, 0x35ef0ac4), - TOBN(0x9c3230ed, 0x19b99b08), TOBN(0x560fff17, 0x6c2589aa), - TOBN(0x552b8487, 0xd6770374), TOBN(0xa373202d, 0x9a56f685), - TOBN(0xd3e7f907, 0x45f175d9), TOBN(0x3c2f315f, 0xd080d810), - TOBN(0x1130e9dd, 0x7b9520e8), TOBN(0xc078f9e2, 0x0af037b5), - TOBN(0x38cd2ec7, 0x1e9c104c), TOBN(0x0f684368, 0xc472fe92), - TOBN(0xd3f1b5ed, 0x6247e7ef), TOBN(0xb32d33a9, 0x396dfe21), - TOBN(0x46f59cf4, 0x4a9aa2c2), TOBN(0x69cd5168, 0xff0f7e41), - TOBN(0x3f59da0f, 0x4b3234da), TOBN(0xcf0b0235, 0xb4579ebe), - TOBN(0x6d1cbb25, 0x6d2476c7), TOBN(0x4f0837e6, 0x9dc30f08), - TOBN(0x9a4075bb, 0x906f6e98), TOBN(0x253bb434, 0xc761e7d1), - TOBN(0xde2e645f, 0x6e73af10), TOBN(0xb89a4060, 0x0c5f131c), - TOBN(0xd12840c5, 0xb8cc037f), TOBN(0x3d093a5b, 0x7405bb47), - TOBN(0x6202c253, 0x206348b8), TOBN(0xbf5d57fc, 0xc55a3ca7), - TOBN(0x89f6c90c, 0x8c3bef48), TOBN(0x23ac7623, 0x5a0a960a), - TOBN(0xdfbd3d6b, 0x552b42ab), TOBN(0x3ef22458, 0x132061f6), - TOBN(0xd74e9bda, 0xc97e6516), TOBN(0x88779360, 0xc230f49e), - TOBN(0xa6ec1de3, 0x1e74ea49), TOBN(0x581dcee5, 0x3fb645a2), - TOBN(0xbaef2391, 0x8f483f14), TOBN(0x6d2dddfc, 0xd137d13b), - TOBN(0x54cde50e, 0xd2743a42), TOBN(0x89a34fc5, 0xe4d97e67), - TOBN(0x13f1f5b3, 0x12e08ce5), TOBN(0xa80540b8, 0xa7f0b2ca), - TOBN(0x854bcf77, 0x01982805), TOBN(0xb8653ffd, 0x233bea04), - TOBN(0x8e7b8787, 0x02b0b4c9), TOBN(0x2675261f, 0x9acb170a), - TOBN(0x061a9d90, 0x930c14e5), TOBN(0xb59b30e0, 0xdef0abea), - TOBN(0x1dc19ea6, 0x0200ec7d), TOBN(0xb6f4a3f9, 0x0bce132b), - TOBN(0xb8d5de90, 0xf13e27e0), TOBN(0xbaee5ef0, 0x1fade16f), - TOBN(0x6f406aaa, 0xe4c6cf38), TOBN(0xab4cfe06, 0xd1369815), - TOBN(0x0dcffe87, 0xefd550c6), TOBN(0x9d4f59c7, 0x75ff7d39), - TOBN(0xb02553b1, 0x51deb6ad), TOBN(0x812399a4, 0xb1877749), - TOBN(0xce90f71f, 0xca6006e1), TOBN(0xc32363a6, 0xb02b6e77), - TOBN(0x02284fbe, 0xdc36c64d), TOBN(0x86c81e31, 0xa7e1ae61), - TOBN(0x2576c7e5, 0xb909d94a), TOBN(0x8b6f7d02, 0x818b2bb0), - TOBN(0xeca3ed07, 0x56faa38a), TOBN(0xa3790e6c, 0x9305bb54), - TOBN(0xd784eeda, 0x7bc73061), TOBN(0xbd56d369, 0x6dd50614), - TOBN(0xd6575949, 0x229a8aa9), TOBN(0xdcca8f47, 0x4595ec28), - TOBN(0x814305c1, 0x06ab4fe6), TOBN(0xc8c39768, 0x24f43f16), - TOBN(0xe2a45f36, 0x523f2b36), TOBN(0x995c6493, 0x920d93bb), - TOBN(0xf8afdab7, 0x90f1632b), TOBN(0x79ebbecd, 0x1c295954), - TOBN(0xc7bb3ddb, 0x79592f48), TOBN(0x67216a7b, 0x5f88e998), - TOBN(0xd91f098b, 0xbc01193e), TOBN(0xf7d928a5, 0xb1db83fc), - TOBN(0x55e38417, 0xe991f600), TOBN(0x2a91113e, 0x2981a934), - TOBN(0xcbc9d648, 0x06b13bde), TOBN(0xb011b6ac, 0x0755ff44), - TOBN(0x6f4cb518, 0x045ec613), TOBN(0x522d2d31, 0xc2f5930a), - TOBN(0x5acae1af, 0x382e65de), TOBN(0x57643067, 0x27bc966f), - TOBN(0x5e12705d, 0x1c7193f0), TOBN(0xf0f32f47, 0x3be8858e), - TOBN(0x785c3d7d, 0x96c6dfc7), TOBN(0xd75b4a20, 0xbf31795d), - TOBN(0x91acf17b, 0x342659d4), TOBN(0xe596ea34, 0x44f0378f), - TOBN(0x4515708f, 0xce52129d), TOBN(0x17387e1e, 0x79f2f585), - TOBN(0x72cfd2e9, 0x49dee168), TOBN(0x1ae05223, 0x3e2af239), - TOBN(0x009e75be, 0x1d94066a), TOBN(0x6cca31c7, 0x38abf413), - TOBN(0xb50bd61d, 0x9bc49908), TOBN(0x4a9b4a8c, 0xf5e2bc1e), - TOBN(0xeb6cc5f7, 0x946f83ac), TOBN(0x27da93fc, 0xebffab28), - TOBN(0xea314c96, 0x4821c8c5), TOBN(0x8de49ded, 0xa83c15f4), - TOBN(0x7a64cf20, 0x7af33004), TOBN(0x45f1bfeb, 0xc9627e10), - TOBN(0x878b0626, 0x54b9df60), TOBN(0x5e4fdc3c, 0xa95c0b33), - TOBN(0xe54a37ca, 0xc2035d8e), TOBN(0x9087cda9, 0x80f20b8c), - TOBN(0x36f61c23, 0x8319ade4), TOBN(0x766f287a, 0xde8cfdf8), - TOBN(0x48821948, 0x346f3705), TOBN(0x49a7b853, 0x16e4f4a2), - TOBN(0xb9b3f8a7, 0x5cedadfd), TOBN(0x8f562815, 0x8db2a815), - TOBN(0xc0b7d554, 0x01f68f95), TOBN(0x12971e27, 0x688a208e), - TOBN(0xc9f8b696, 0xd0ff34fc), TOBN(0x20824de2, 0x1222718c), - TOBN(0x7213cf9f, 0x0c95284d), TOBN(0xe2ad741b, 0xdc158240), - TOBN(0x0ee3a6df, 0x54043ccf), TOBN(0x16ff479b, 0xd84412b3), - TOBN(0xf6c74ee0, 0xdfc98af0), TOBN(0xa78a169f, 0x52fcd2fb), - TOBN(0xd8ae8746, 0x99c930e9), TOBN(0x1d33e858, 0x49e117a5), - TOBN(0x7581fcb4, 0x6624759f), TOBN(0xde50644f, 0x5bedc01d), - TOBN(0xbeec5d00, 0xcaf3155e), TOBN(0x672d66ac, 0xbc73e75f), - TOBN(0x86b9d8c6, 0x270b01db), TOBN(0xd249ef83, 0x50f55b79), - TOBN(0x6131d6d4, 0x73978fe3), TOBN(0xcc4e4542, 0x754b00a1), - TOBN(0x4e05df05, 0x57dfcfe9), TOBN(0x94b29cdd, 0x51ef6bf0), - TOBN(0xe4530cff, 0x9bc7edf2), TOBN(0x8ac236fd, 0xd3da65f3), - TOBN(0x0faf7d5f, 0xc8eb0b48), TOBN(0x4d2de14c, 0x660eb039), - TOBN(0xc006bba7, 0x60430e54), TOBN(0x10a2d0d6, 0xda3289ab), - TOBN(0x9c037a5d, 0xd7979c59), TOBN(0x04d1f3d3, 0xa116d944), - TOBN(0x9ff22473, 0x8a0983cd), TOBN(0x28e25b38, 0xc883cabb), - TOBN(0xe968dba5, 0x47a58995), TOBN(0x2c80b505, 0x774eebdf), - TOBN(0xee763b71, 0x4a953beb), TOBN(0x502e223f, 0x1642e7f6), - TOBN(0x6fe4b641, 0x61d5e722), TOBN(0x9d37c5b0, 0xdbef5316), - TOBN(0x0115ed70, 0xf8330bc7), TOBN(0x139850e6, 0x75a72789), - TOBN(0x27d7faec, 0xffceccc2), TOBN(0x3016a860, 0x4fd9f7f6), - TOBN(0xc492ec64, 0x4cd8f64c), TOBN(0x58a2d790, 0x279d7b51), - TOBN(0x0ced1fc5, 0x1fc75256), TOBN(0x3e658aed, 0x8f433017), - TOBN(0x0b61942e, 0x05da59eb), TOBN(0xba3d60a3, 0x0ddc3722), - TOBN(0x7c311cd1, 0x742e7f87), TOBN(0x6473ffee, 0xf6b01b6e)}, - {TOBN(0x8303604f, 0x692ac542), TOBN(0xf079ffe1, 0x227b91d3), - TOBN(0x19f63e63, 0x15aaf9bd), TOBN(0xf99ee565, 0xf1f344fb), - TOBN(0x8a1d661f, 0xd6219199), TOBN(0x8c883bc6, 0xd48ce41c), - TOBN(0x1065118f, 0x3c74d904), TOBN(0x713889ee, 0x0faf8b1b), - TOBN(0x972b3f8f, 0x81a1b3be), TOBN(0x4f3ce145, 0xce2764a0), - TOBN(0xe2d0f1cc, 0x28c4f5f7), TOBN(0xdeee0c0d, 0xc7f3985b), - TOBN(0x7df4adc0, 0xd39e25c3), TOBN(0x40619820, 0xc467a080), - TOBN(0x440ebc93, 0x61cf5a58), TOBN(0x527729a6, 0x422ad600), - TOBN(0xca6c0937, 0xb1b76ba6), TOBN(0x1a2eab85, 0x4d2026dc), - TOBN(0xb1715e15, 0x19d9ae0a), TOBN(0xf1ad9199, 0xbac4a026), - TOBN(0x35b3dfb8, 0x07ea7b0e), TOBN(0xedf5496f, 0x3ed9eb89), - TOBN(0x8932e5ff, 0x2d6d08ab), TOBN(0xf314874e, 0x25bd2731), - TOBN(0xefb26a75, 0x3f73f449), TOBN(0x1d1c94f8, 0x8d44fc79), - TOBN(0x49f0fbc5, 0x3bc0dc4d), TOBN(0xb747ea0b, 0x3698a0d0), - TOBN(0x5218c3fe, 0x228d291e), TOBN(0x35b804b5, 0x43c129d6), - TOBN(0xfac859b8, 0xd1acc516), TOBN(0x6c10697d, 0x95d6e668), - TOBN(0xc38e438f, 0x0876fd4e), TOBN(0x45f0c307, 0x83d2f383), - TOBN(0x203cc2ec, 0xb10934cb), TOBN(0x6a8f2439, 0x2c9d46ee), - TOBN(0xf16b431b, 0x65ccde7b), TOBN(0x41e2cd18, 0x27e76a6f), - TOBN(0xb9c8cf8f, 0x4e3484d7), TOBN(0x64426efd, 0x8315244a), - TOBN(0x1c0a8e44, 0xfc94dea3), TOBN(0x34c8cdbf, 0xdad6a0b0), - TOBN(0x919c3840, 0x04113cef), TOBN(0xfd32fba4, 0x15490ffa), - TOBN(0x58d190f6, 0x795dcfb7), TOBN(0xfef01b03, 0x83588baf), - TOBN(0x9e6d1d63, 0xca1fc1c0), TOBN(0x53173f96, 0xf0a41ac9), - TOBN(0x2b1d402a, 0xba16f73b), TOBN(0x2fb31014, 0x8cf9b9fc), - TOBN(0x2d51e60e, 0x446ef7bf), TOBN(0xc731021b, 0xb91e1745), - TOBN(0x9d3b4724, 0x4fee99d4), TOBN(0x4bca48b6, 0xfac5c1ea), - TOBN(0x70f5f514, 0xbbea9af7), TOBN(0x751f55a5, 0x974c283a), - TOBN(0x6e30251a, 0xcb452fdb), TOBN(0x31ee6965, 0x50f30650), - TOBN(0xb0b3e508, 0x933548d9), TOBN(0xb8949a4f, 0xf4b0ef5b), - TOBN(0x208b8326, 0x3c88f3bd), TOBN(0xab147c30, 0xdb1d9989), - TOBN(0xed6515fd, 0x44d4df03), TOBN(0x17a12f75, 0xe72eb0c5), - TOBN(0x3b59796d, 0x36cf69db), TOBN(0x1219eee9, 0x56670c18), - TOBN(0xfe3341f7, 0x7a070d8e), TOBN(0x9b70130b, 0xa327f90c), - TOBN(0x36a32462, 0x0ae18e0e), TOBN(0x2021a623, 0x46c0a638), - TOBN(0x251b5817, 0xc62eb0d4), TOBN(0x87bfbcdf, 0x4c762293), - TOBN(0xf78ab505, 0xcdd61d64), TOBN(0x8c7a53fc, 0xc8c18857), - TOBN(0xa653ce6f, 0x16147515), TOBN(0x9c923aa5, 0xea7d52d5), - TOBN(0xc24709cb, 0x5c18871f), TOBN(0x7d53bec8, 0x73b3cc74), - TOBN(0x59264aff, 0xfdd1d4c4), TOBN(0x5555917e, 0x240da582), - TOBN(0xcae8bbda, 0x548f5a0e), TOBN(0x1910eaba, 0x3bbfbbe1), - TOBN(0xae579685, 0x7677afc3), TOBN(0x49ea61f1, 0x73ff0b5c), - TOBN(0x78655478, 0x4f7c3922), TOBN(0x95d337cd, 0x20c68eef), - TOBN(0x68f1e1e5, 0xdf779ab9), TOBN(0x14b491b0, 0xb5cf69a8), - TOBN(0x7a6cbbe0, 0x28e3fe89), TOBN(0xe7e1fee4, 0xc5aac0eb), - TOBN(0x7f47eda5, 0x697e5140), TOBN(0x4f450137, 0xb454921f), - TOBN(0xdb625f84, 0x95cd8185), TOBN(0x74be0ba1, 0xcdb2e583), - TOBN(0xaee4fd7c, 0xdd5e6de4), TOBN(0x4251437d, 0xe8101739), - TOBN(0x686d72a0, 0xac620366), TOBN(0x4be3fb9c, 0xb6d59344), - TOBN(0x6e8b44e7, 0xa1eb75b9), TOBN(0x84e39da3, 0x91a5c10c), - TOBN(0x37cc1490, 0xb38f0409), TOBN(0x02951943, 0x2c2ade82), - TOBN(0x9b688783, 0x1190a2d8), TOBN(0x25627d14, 0x231182ba), - TOBN(0x6eb550aa, 0x658a6d87), TOBN(0x1405aaa7, 0xcf9c7325), - TOBN(0xd147142e, 0x5c8748c9), TOBN(0x7f637e4f, 0x53ede0e0), - TOBN(0xf8ca2776, 0x14ffad2c), TOBN(0xe58fb1bd, 0xbafb6791), - TOBN(0x17158c23, 0xbf8f93fc), TOBN(0x7f15b373, 0x0a4a4655), - TOBN(0x39d4add2, 0xd842ca72), TOBN(0xa71e4391, 0x3ed96305), - TOBN(0x5bb09cbe, 0x6700be14), TOBN(0x68d69d54, 0xd8befcf6), - TOBN(0xa45f5367, 0x37183bcf), TOBN(0x7152b7bb, 0x3370dff7), - TOBN(0xcf887baa, 0xbf12525b), TOBN(0xe7ac7bdd, 0xd6d1e3cd), - TOBN(0x25914f78, 0x81fdad90), TOBN(0xcf638f56, 0x0d2cf6ab), - TOBN(0xb90bc03f, 0xcc054de5), TOBN(0x932811a7, 0x18b06350), - TOBN(0x2f00b330, 0x9bbd11ff), TOBN(0x76108a6f, 0xb4044974), - TOBN(0x801bb9e0, 0xa851d266), TOBN(0x0dd099be, 0xbf8990c1), - TOBN(0x58c5aaaa, 0xabe32986), TOBN(0x0fe9dd2a, 0x50d59c27), - TOBN(0x84951ff4, 0x8d307305), TOBN(0x6c23f829, 0x86529b78), - TOBN(0x50bb2218, 0x0b136a79), TOBN(0x7e2174de, 0x77a20996), - TOBN(0x6f00a4b9, 0xc0bb4da6), TOBN(0x89a25a17, 0xefdde8da), - TOBN(0xf728a27e, 0xc11ee01d), TOBN(0xf900553a, 0xe5f10dfb), - TOBN(0x189a83c8, 0x02ec893c), TOBN(0x3ca5bdc1, 0x23f66d77), - TOBN(0x98781537, 0x97eada9f), TOBN(0x59c50ab3, 0x10256230), - TOBN(0x346042d9, 0x323c69b3), TOBN(0x1b715a6d, 0x2c460449), - TOBN(0xa41dd476, 0x6ae06e0b), TOBN(0xcdd7888e, 0x9d42e25f), - TOBN(0x0f395f74, 0x56b25a20), TOBN(0xeadfe0ae, 0x8700e27e), - TOBN(0xb09d52a9, 0x69950093), TOBN(0x3525d9cb, 0x327f8d40), - TOBN(0xb8235a94, 0x67df886a), TOBN(0x77e4b0dd, 0x035faec2), - TOBN(0x115eb20a, 0x517d7061), TOBN(0x77fe3433, 0x6c2df683), - TOBN(0x6870ddc7, 0xcdc6fc67), TOBN(0xb1610588, 0x0b87de83), - TOBN(0x343584ca, 0xd9c4ddbe), TOBN(0xb3164f1c, 0x3d754be2), - TOBN(0x0731ed3a, 0xc1e6c894), TOBN(0x26327dec, 0x4f6b904c), - TOBN(0x9d49c6de, 0x97b5cd32), TOBN(0x40835dae, 0xb5eceecd), - TOBN(0xc66350ed, 0xd9ded7fe), TOBN(0x8aeebb5c, 0x7a678804), - TOBN(0x51d42fb7, 0x5b8ee9ec), TOBN(0xd7a17bdd, 0x8e3ca118), - TOBN(0x40d7511a, 0x2ef4400e), TOBN(0xc48990ac, 0x875a66f4), - TOBN(0x8de07d2a, 0x2199e347), TOBN(0xbee75556, 0x2a39e051), - TOBN(0x56918786, 0x916e51dc), TOBN(0xeb191313, 0x4a2d89ec), - TOBN(0x6679610d, 0x37d341ed), TOBN(0x434fbb41, 0x56d51c2b), - TOBN(0xe54b7ee7, 0xd7492dba), TOBN(0xaa33a79a, 0x59021493), - TOBN(0x49fc5054, 0xe4bd6d3d), TOBN(0x09540f04, 0x5ab551d0), - TOBN(0x8acc9085, 0x4942d3a6), TOBN(0x231af02f, 0x2d28323b), - TOBN(0x93458cac, 0x0992c163), TOBN(0x1fef8e71, 0x888e3bb4), - TOBN(0x27578da5, 0xbe8c268c), TOBN(0xcc8be792, 0xe805ec00), - TOBN(0x29267bae, 0xc61c3855), TOBN(0xebff429d, 0x58c1fd3b), - TOBN(0x22d886c0, 0x8c0b93b8), TOBN(0xca5e00b2, 0x2ddb8953), - TOBN(0xcf330117, 0xc3fed8b7), TOBN(0xd49ac6fa, 0x819c01f6), - TOBN(0x6ddaa6bd, 0x3c0fbd54), TOBN(0x91743068, 0x8049a2cf), - TOBN(0xd67f981e, 0xaff2ef81), TOBN(0xc3654d35, 0x2818ae80), - TOBN(0x81d05044, 0x1b2aa892), TOBN(0x2db067bf, 0x3d099328), - TOBN(0xe7c79e86, 0x703dcc97), TOBN(0xe66f9b37, 0xe133e215), - TOBN(0xcdf119a6, 0xe39a7a5c), TOBN(0x47c60de3, 0x876f1b61), - TOBN(0x6e405939, 0xd860f1b2), TOBN(0x3e9a1dbc, 0xf5ed4d4a), - TOBN(0x3f23619e, 0xc9b6bcbd), TOBN(0x5ee790cf, 0x734e4497), - TOBN(0xf0a834b1, 0x5bdaf9bb), TOBN(0x02cedda7, 0x4ca295f0), - TOBN(0x4619aa2b, 0xcb8e378c), TOBN(0xe5613244, 0xcc987ea4), - TOBN(0x0bc022cc, 0x76b23a50), TOBN(0x4a2793ad, 0x0a6c21ce), - TOBN(0x38328780, 0x89cac3f5), TOBN(0x29176f1b, 0xcba26d56), - TOBN(0x06296187, 0x4f6f59eb), TOBN(0x86e9bca9, 0x8bdc658e), - TOBN(0x2ca9c4d3, 0x57e30402), TOBN(0x5438b216, 0x516a09bb), - TOBN(0x0a6a063c, 0x7672765a), TOBN(0x37a3ce64, 0x0547b9bf), - TOBN(0x42c099c8, 0x98b1a633), TOBN(0xb5ab800d, 0x05ee6961), - TOBN(0xf1963f59, 0x11a5acd6), TOBN(0xbaee6157, 0x46201063), - TOBN(0x36d9a649, 0xa596210a), TOBN(0xaed04363, 0x1ba7138c), - TOBN(0xcf817d1c, 0xa4a82b76), TOBN(0x5586960e, 0xf3806be9), - TOBN(0x7ab67c89, 0x09dc6bb5), TOBN(0x52ace7a0, 0x114fe7eb), - TOBN(0xcd987618, 0xcbbc9b70), TOBN(0x4f06fd5a, 0x604ca5e1), - TOBN(0x90af14ca, 0x6dbde133), TOBN(0x1afe4322, 0x948a3264), - TOBN(0xa70d2ca6, 0xc44b2c6c), TOBN(0xab726799, 0x0ef87dfe), - TOBN(0x310f64dc, 0x2e696377), TOBN(0x49b42e68, 0x4c8126a0), - TOBN(0x0ea444c3, 0xcea0b176), TOBN(0x53a8ddf7, 0xcb269182), - TOBN(0xf3e674eb, 0xbbba9dcb), TOBN(0x0d2878a8, 0xd8669d33), - TOBN(0x04b935d5, 0xd019b6a3), TOBN(0xbb5cf88e, 0x406f1e46), - TOBN(0xa1912d16, 0x5b57c111), TOBN(0x9803fc21, 0x19ebfd78), - TOBN(0x4f231c9e, 0xc07764a9), TOBN(0xd93286ee, 0xb75bd055), - TOBN(0x83a9457d, 0x8ee6c9de), TOBN(0x04695915, 0x6087ec90), - TOBN(0x14c6dd8a, 0x58d6cd46), TOBN(0x9cb633b5, 0x8e6634d2), - TOBN(0xc1305047, 0xf81bc328), TOBN(0x12ede0e2, 0x26a177e5), - TOBN(0x332cca62, 0x065a6f4f), TOBN(0xc3a47ecd, 0x67be487b), - TOBN(0x741eb187, 0x0f47ed1c), TOBN(0x99e66e58, 0xe7598b14), - TOBN(0x6f0544ca, 0x63d0ff12), TOBN(0xe5efc784, 0xb610a05f), - TOBN(0xf72917b1, 0x7cad7b47), TOBN(0x3ff6ea20, 0xf2cac0c0), - TOBN(0xcc23791b, 0xf21db8b7), TOBN(0x7dac70b1, 0xd7d93565), - TOBN(0x682cda1d, 0x694bdaad), TOBN(0xeb88bb8c, 0x1023516d), - TOBN(0xc4c634b4, 0xdfdbeb1b), TOBN(0x22f5ca72, 0xb4ee4dea), - TOBN(0x1045a368, 0xe6524821), TOBN(0xed9e8a3f, 0x052b18b2), - TOBN(0x9b7f2cb1, 0xb961f49a), TOBN(0x7fee2ec1, 0x7b009670), - TOBN(0x350d8754, 0x22507a6d), TOBN(0x561bd711, 0x4db55f1d), - TOBN(0x4c189ccc, 0x320bbcaf), TOBN(0x568434cf, 0xdf1de48c), - TOBN(0x6af1b00e, 0x0fa8f128), TOBN(0xf0ba9d02, 0x8907583c), - TOBN(0x735a4004, 0x32ff9f60), TOBN(0x3dd8e4b6, 0xc25dcf33), - TOBN(0xf2230f16, 0x42c74cef), TOBN(0xd8117623, 0x013fa8ad), - TOBN(0x36822876, 0xf51fe76e), TOBN(0x8a6811cc, 0x11d62589), - TOBN(0xc3fc7e65, 0x46225718), TOBN(0xb7df2c9f, 0xc82fdbcd), - TOBN(0x3b1d4e52, 0xdd7b205b), TOBN(0xb6959478, 0x47a2e414), - TOBN(0x05e4d793, 0xefa91148), TOBN(0xb47ed446, 0xfd2e9675), - TOBN(0x1a7098b9, 0x04c9d9bf), TOBN(0x661e2881, 0x1b793048), - TOBN(0xb1a16966, 0xb01ee461), TOBN(0xbc521308, 0x2954746f), - TOBN(0xc909a0fc, 0x2477de50), TOBN(0xd80bb41c, 0x7dbd51ef), - TOBN(0xa85be7ec, 0x53294905), TOBN(0x6d465b18, 0x83958f97), - TOBN(0x16f6f330, 0xfb6840fd), TOBN(0xfaaeb214, 0x3401e6c8), - TOBN(0xaf83d30f, 0xccb5b4f8), TOBN(0x22885739, 0x266dec4b), - TOBN(0x51b4367c, 0x7bc467df), TOBN(0x926562e3, 0xd842d27a), - TOBN(0xdfcb6614, 0x0fea14a6), TOBN(0xeb394dae, 0xf2734cd9), - TOBN(0x3eeae5d2, 0x11c0be98), TOBN(0xb1e6ed11, 0x814e8165), - TOBN(0x191086bc, 0xe52bce1c), TOBN(0x14b74cc6, 0xa75a04da), - TOBN(0x63cf1186, 0x8c060985), TOBN(0x071047de, 0x2dbd7f7c), - TOBN(0x4e433b8b, 0xce0942ca), TOBN(0xecbac447, 0xd8fec61d), - TOBN(0x8f0ed0e2, 0xebf3232f), TOBN(0xfff80f9e, 0xc52a2edd), - TOBN(0xad9ab433, 0x75b55fdb), TOBN(0x73ca7820, 0xe42e0c11), - TOBN(0x6dace0a0, 0xe6251b46), TOBN(0x89bc6b5c, 0x4c0d932d), - TOBN(0x3438cd77, 0x095da19a), TOBN(0x2f24a939, 0x8d48bdfb), - TOBN(0x99b47e46, 0x766561b7), TOBN(0x736600e6, 0x0ed0322a), - TOBN(0x06a47cb1, 0x638e1865), TOBN(0x927c1c2d, 0xcb136000), - TOBN(0x29542337, 0x0cc5df69), TOBN(0x99b37c02, 0x09d649a9), - TOBN(0xc5f0043c, 0x6aefdb27), TOBN(0x6cdd9987, 0x1be95c27), - TOBN(0x69850931, 0x390420d2), TOBN(0x299c40ac, 0x0983efa4), - TOBN(0x3a05e778, 0xaf39aead), TOBN(0x84274408, 0x43a45193), - TOBN(0x6bcd0fb9, 0x91a711a0), TOBN(0x461592c8, 0x9f52ab17), - TOBN(0xb49302b4, 0xda3c6ed6), TOBN(0xc51fddc7, 0x330d7067), - TOBN(0x94babeb6, 0xda50d531), TOBN(0x521b840d, 0xa6a7b9da), - TOBN(0x5305151e, 0x404bdc89), TOBN(0x1bcde201, 0xd0d07449), - TOBN(0xf427a78b, 0x3b76a59a), TOBN(0xf84841ce, 0x07791a1b), - TOBN(0xebd314be, 0xbf91ed1c), TOBN(0x8e61d34c, 0xbf172943), - TOBN(0x1d5dc451, 0x5541b892), TOBN(0xb186ee41, 0xfc9d9e54), - TOBN(0x9d9f345e, 0xd5bf610d), TOBN(0x3e7ba65d, 0xf6acca9f), - TOBN(0x9dda787a, 0xa8369486), TOBN(0x09f9dab7, 0x8eb5ba53), - TOBN(0x5afb2033, 0xd6481bc3), TOBN(0x76f4ce30, 0xafa62104), - TOBN(0xa8fa00cf, 0xf4f066b5), TOBN(0x89ab5143, 0x461dafc2), - TOBN(0x44339ed7, 0xa3389998), TOBN(0x2ff862f1, 0xbc214903), - TOBN(0x2c88f985, 0xb05556e3), TOBN(0xcd96058e, 0x3467081e), - TOBN(0x7d6a4176, 0xedc637ea), TOBN(0xe1743d09, 0x36a5acdc), - TOBN(0x66fd72e2, 0x7eb37726), TOBN(0xf7fa264e, 0x1481a037), - TOBN(0x9fbd3bde, 0x45f4aa79), TOBN(0xed1e0147, 0x767c3e22), - TOBN(0x7621f979, 0x82e7abe2), TOBN(0x19eedc72, 0x45f633f8), - TOBN(0xe69b155e, 0x6137bf3a), TOBN(0xa0ad13ce, 0x414ee94e), - TOBN(0x93e3d524, 0x1c0e651a), TOBN(0xab1a6e2a, 0x02ce227e), - TOBN(0xe7af1797, 0x4ab27eca), TOBN(0x245446de, 0xbd444f39), - TOBN(0x59e22a21, 0x56c07613), TOBN(0x43deafce, 0xf4275498), - TOBN(0x10834ccb, 0x67fd0946), TOBN(0xa75841e5, 0x47406edf), - TOBN(0xebd6a677, 0x7b0ac93d), TOBN(0xa6e37b0d, 0x78f5e0d7), - TOBN(0x2516c096, 0x76f5492b), TOBN(0x1e4bf888, 0x9ac05f3a), - TOBN(0xcdb42ce0, 0x4df0ba2b), TOBN(0x935d5cfd, 0x5062341b), - TOBN(0x8a303333, 0x82acac20), TOBN(0x429438c4, 0x5198b00e), - TOBN(0x1d083bc9, 0x049d33fa), TOBN(0x58b82dda, 0x946f67ff), - TOBN(0xac3e2db8, 0x67a1d6a3), TOBN(0x62e6bead, 0x1798aac8), - TOBN(0xfc85980f, 0xde46c58c), TOBN(0xa7f69379, 0x69c8d7be), - TOBN(0x23557927, 0x837b35ec), TOBN(0x06a933d8, 0xe0790c0c), - TOBN(0x827c0e9b, 0x077ff55d), TOBN(0x53977798, 0xbb26e680), - TOBN(0x59530874, 0x1d9cb54f), TOBN(0xcca3f449, 0x4aac53ef), - TOBN(0x11dc5c87, 0xa07eda0f), TOBN(0xc138bccf, 0xfd6400c8), - TOBN(0x549680d3, 0x13e5da72), TOBN(0xc93eed82, 0x4540617e), - TOBN(0xfd3db157, 0x4d0b75c0), TOBN(0x9716eb42, 0x6386075b), - TOBN(0x0639605c, 0x817b2c16), TOBN(0x09915109, 0xf1e4f201), - TOBN(0x35c9a928, 0x5cca6c3b), TOBN(0xb25f7d1a, 0x3505c900), - TOBN(0xeb9f7d20, 0x630480c4), TOBN(0xc3c7b8c6, 0x2a1a501c), - TOBN(0x3f99183c, 0x5a1f8e24), TOBN(0xfdb118fa, 0x9dd255f0), - TOBN(0xb9b18b90, 0xc27f62a6), TOBN(0xe8f732f7, 0x396ec191), - TOBN(0x524a2d91, 0x0be786ab), TOBN(0x5d32adef, 0x0ac5a0f5), - TOBN(0x9b53d4d6, 0x9725f694), TOBN(0x032a76c6, 0x0510ba89), - TOBN(0x840391a3, 0xebeb1544), TOBN(0x44b7b88c, 0x3ed73ac3), - TOBN(0xd24bae7a, 0x256cb8b3), TOBN(0x7ceb151a, 0xe394cb12), - TOBN(0xbd6b66d0, 0x5bc1e6a8), TOBN(0xec70cecb, 0x090f07bf), - TOBN(0x270644ed, 0x7d937589), TOBN(0xee9e1a3d, 0x5f1dccfe), - TOBN(0xb0d40a84, 0x745b98d2), TOBN(0xda429a21, 0x2556ed40), - TOBN(0xf676eced, 0x85148cb9), TOBN(0x5a22d40c, 0xded18936), - TOBN(0x3bc4b9e5, 0x70e8a4ce), TOBN(0xbfd1445b, 0x9eae0379), - TOBN(0xf23f2c0c, 0x1a0bd47e), TOBN(0xa9c0bb31, 0xe1845531), - TOBN(0x9ddc4d60, 0x0a4c3f6b), TOBN(0xbdfaad79, 0x2c15ef44), - TOBN(0xce55a236, 0x7f484acc), TOBN(0x08653ca7, 0x055b1f15), - TOBN(0x2efa8724, 0x538873a3), TOBN(0x09299e5d, 0xace1c7e7), - TOBN(0x07afab66, 0xade332ba), TOBN(0x9be1fdf6, 0x92dd71b7), - TOBN(0xa49b5d59, 0x5758b11c), TOBN(0x0b852893, 0xc8654f40), - TOBN(0xb63ef6f4, 0x52379447), TOBN(0xd4957d29, 0x105e690c), - TOBN(0x7d484363, 0x646559b0), TOBN(0xf4a8273c, 0x49788a8e), - TOBN(0xee406cb8, 0x34ce54a9), TOBN(0x1e1c260f, 0xf86fda9b), - TOBN(0xe150e228, 0xcf6a4a81), TOBN(0x1fa3b6a3, 0x1b488772), - TOBN(0x1e6ff110, 0xc5a9c15b), TOBN(0xc6133b91, 0x8ad6aa47), - TOBN(0x8ac5d55c, 0x9dffa978), TOBN(0xba1d1c1d, 0x5f3965f2), - TOBN(0xf969f4e0, 0x7732b52f), TOBN(0xfceecdb5, 0xa5172a07), - TOBN(0xb0120a5f, 0x10f2b8f5), TOBN(0xc83a6cdf, 0x5c4c2f63), - TOBN(0x4d47a491, 0xf8f9c213), TOBN(0xd9e1cce5, 0xd3f1bbd5), - TOBN(0x0d91bc7c, 0xaba7e372), TOBN(0xfcdc74c8, 0xdfd1a2db), - TOBN(0x05efa800, 0x374618e5), TOBN(0x11216969, 0x15a7925e), - TOBN(0xd4c89823, 0xf6021c5d), TOBN(0x880d5e84, 0xeff14423), - TOBN(0x6523bc5a, 0x6dcd1396), TOBN(0xd1acfdfc, 0x113c978b), - TOBN(0xb0c164e8, 0xbbb66840), TOBN(0xf7f4301e, 0x72b58459), - TOBN(0xc29ad4a6, 0xa638e8ec), TOBN(0xf5ab8961, 0x46b78699), - TOBN(0x9dbd7974, 0x0e954750), TOBN(0x0121de88, 0x64f9d2c6), - TOBN(0x2e597b42, 0xd985232e), TOBN(0x55b6c3c5, 0x53451777), - TOBN(0xbb53e547, 0x519cb9fb), TOBN(0xf134019f, 0x8428600d), - TOBN(0x5a473176, 0xe081791a), TOBN(0x2f3e2263, 0x35fb0c08), - TOBN(0xb28c3017, 0x73d273b0), TOBN(0xccd21076, 0x7721ef9a), - TOBN(0x054cc292, 0xb650dc39), TOBN(0x662246de, 0x6188045e), - TOBN(0x904b52fa, 0x6b83c0d1), TOBN(0xa72df267, 0x97e9cd46), - TOBN(0x886b43cd, 0x899725e4), TOBN(0x2b651688, 0xd849ff22), - TOBN(0x60479b79, 0x02f34533), TOBN(0x5e354c14, 0x0c77c148), - TOBN(0xb4bb7581, 0xa8537c78), TOBN(0x188043d7, 0xefe1495f), - TOBN(0x9ba12f42, 0x8c1d5026), TOBN(0x2e0c8a26, 0x93d4aaab), - TOBN(0xbdba7b8b, 0xaa57c450), TOBN(0x140c9ad6, 0x9bbdafef), - TOBN(0x2067aa42, 0x25ac0f18), TOBN(0xf7b1295b, 0x04d1fbf3), - TOBN(0x14829111, 0xa4b04824), TOBN(0x2ce3f192, 0x33bd5e91), - TOBN(0x9c7a1d55, 0x8f2e1b72), TOBN(0xfe932286, 0x302aa243), - TOBN(0x497ca7b4, 0xd4be9554), TOBN(0xb8e821b8, 0xe0547a6e), - TOBN(0xfb2838be, 0x67e573e0), TOBN(0x05891db9, 0x4084c44b), - TOBN(0x91311373, 0x96c1c2c5), TOBN(0x6aebfa3f, 0xd958444b), - TOBN(0xac9cdce9, 0xe56e55c1), TOBN(0x7148ced3, 0x2caa46d0), - TOBN(0x2e10c7ef, 0xb61fe8eb), TOBN(0x9fd835da, 0xff97cf4d)}, - {TOBN(0xa36da109, 0x081e9387), TOBN(0xfb9780d7, 0x8c935828), - TOBN(0xd5940332, 0xe540b015), TOBN(0xc9d7b51b, 0xe0f466fa), - TOBN(0xfaadcd41, 0xd6d9f671), TOBN(0xba6c1e28, 0xb1a2ac17), - TOBN(0x066a7833, 0xed201e5f), TOBN(0x19d99719, 0xf90f462b), - TOBN(0xf431f462, 0x060b5f61), TOBN(0xa56f46b4, 0x7bd057c2), - TOBN(0x348dca6c, 0x47e1bf65), TOBN(0x9a38783e, 0x41bcf1ff), - TOBN(0x7a5d33a9, 0xda710718), TOBN(0x5a779987, 0x2e0aeaf6), - TOBN(0xca87314d, 0x2d29d187), TOBN(0xfa0edc3e, 0xc687d733), - TOBN(0x9df33621, 0x6a31e09b), TOBN(0xde89e44d, 0xc1350e35), - TOBN(0x29214871, 0x4ca0cf52), TOBN(0xdf379672, 0x0b88a538), - TOBN(0xc92a510a, 0x2591d61b), TOBN(0x79aa87d7, 0x585b447b), - TOBN(0xf67db604, 0xe5287f77), TOBN(0x1697c8bf, 0x5efe7a80), - TOBN(0x1c894849, 0xcb198ac7), TOBN(0xa884a93d, 0x0f264665), - TOBN(0x2da964ef, 0x9b200678), TOBN(0x3c351b87, 0x009834e6), - TOBN(0xafb2ef9f, 0xe2c4b44b), TOBN(0x580f6c47, 0x3326790c), - TOBN(0xb8480521, 0x0b02264a), TOBN(0x8ba6f9e2, 0x42a194e2), - TOBN(0xfc87975f, 0x8fb54738), TOBN(0x35160788, 0x27c3ead3), - TOBN(0x834116d2, 0xb74a085a), TOBN(0x53c99a73, 0xa62fe996), - TOBN(0x87585be0, 0x5b81c51b), TOBN(0x925bafa8, 0xbe0852b7), - TOBN(0x76a4fafd, 0xa84d19a7), TOBN(0x39a45982, 0x585206d4), - TOBN(0x499b6ab6, 0x5eb03c0e), TOBN(0xf19b7954, 0x72bc3fde), - TOBN(0xa86b5b9c, 0x6e3a80d2), TOBN(0xe4377508, 0x6d42819f), - TOBN(0xc1663650, 0xbb3ee8a3), TOBN(0x75eb14fc, 0xb132075f), - TOBN(0xa8ccc906, 0x7ad834f6), TOBN(0xea6a2474, 0xe6e92ffd), - TOBN(0x9d72fd95, 0x0f8d6758), TOBN(0xcb84e101, 0x408c07dd), - TOBN(0xb9114bfd, 0xa5e23221), TOBN(0x358b5fe2, 0xe94e742c), - TOBN(0x1c0577ec, 0x95f40e75), TOBN(0xf0155451, 0x3d73f3d6), - TOBN(0x9d55cd67, 0xbd1b9b66), TOBN(0x63e86e78, 0xaf8d63c7), - TOBN(0x39d934ab, 0xd3c095f1), TOBN(0x04b261be, 0xe4b76d71), - TOBN(0x1d2e6970, 0xe73e6984), TOBN(0x879fb23b, 0x5e5fcb11), - TOBN(0x11506c72, 0xdfd75490), TOBN(0x3a97d085, 0x61bcf1c1), - TOBN(0x43201d82, 0xbf5e7007), TOBN(0x7f0ac52f, 0x798232a7), - TOBN(0x2715cbc4, 0x6eb564d4), TOBN(0x8d6c752c, 0x9e570e29), - TOBN(0xf80247c8, 0x9ef5fd5d), TOBN(0xc3c66b46, 0xd53eb514), - TOBN(0x9666b401, 0x0f87de56), TOBN(0xce62c06f, 0xc6c603b5), - TOBN(0xae7b4c60, 0x7e4fc942), TOBN(0x38ac0b77, 0x663a9c19), - TOBN(0xcb4d20ee, 0x4b049136), TOBN(0x8b63bf12, 0x356a4613), - TOBN(0x1221aef6, 0x70e08128), TOBN(0xe62d8c51, 0x4acb6b16), - TOBN(0x71f64a67, 0x379e7896), TOBN(0xb25237a2, 0xcafd7fa5), - TOBN(0xf077bd98, 0x3841ba6a), TOBN(0xc4ac0244, 0x3cd16e7e), - TOBN(0x548ba869, 0x21fea4ca), TOBN(0xd36d0817, 0xf3dfdac1), - TOBN(0x09d8d71f, 0xf4685faf), TOBN(0x8eff66be, 0xc52c459a), - TOBN(0x182faee7, 0x0b57235e), TOBN(0xee3c39b1, 0x0106712b), - TOBN(0x5107331f, 0xc0fcdcb0), TOBN(0x669fb9dc, 0xa51054ba), - TOBN(0xb25101fb, 0x319d7682), TOBN(0xb0293129, 0x0a982fee), - TOBN(0x51c1c9b9, 0x0261b344), TOBN(0x0e008c5b, 0xbfd371fa), - TOBN(0xd866dd1c, 0x0278ca33), TOBN(0x666f76a6, 0xe5aa53b1), - TOBN(0xe5cfb779, 0x6013a2cf), TOBN(0x1d3a1aad, 0xa3521836), - TOBN(0xcedd2531, 0x73faa485), TOBN(0xc8ee6c4f, 0xc0a76878), - TOBN(0xddbccfc9, 0x2a11667d), TOBN(0x1a418ea9, 0x1c2f695a), - TOBN(0xdb11bd92, 0x51f73971), TOBN(0x3e4b3c82, 0xda2ed89f), - TOBN(0x9a44f3f4, 0xe73e0319), TOBN(0xd1e3de0f, 0x303431af), - TOBN(0x3c5604ff, 0x50f75f9c), TOBN(0x1d8eddf3, 0x7e752b22), - TOBN(0x0ef074dd, 0x3c9a1118), TOBN(0xd0ffc172, 0xccb86d7b), - TOBN(0xabd1ece3, 0x037d90f2), TOBN(0xe3f307d6, 0x6055856c), - TOBN(0x422f9328, 0x7e4c6daf), TOBN(0x902aac66, 0x334879a0), - TOBN(0xb6a1e7bf, 0x94cdfade), TOBN(0x6c97e1ed, 0x7fc6d634), - TOBN(0x662ad24d, 0xa2fb63f8), TOBN(0xf81be1b9, 0xa5928405), - TOBN(0x86d765e4, 0xd14b4206), TOBN(0xbecc2e0e, 0x8fa0db65), - TOBN(0xa28838e0, 0xb17fc76c), TOBN(0xe49a602a, 0xe37cf24e), - TOBN(0x76b4131a, 0x567193ec), TOBN(0xaf3c305a, 0xe5f6e70b), - TOBN(0x9587bd39, 0x031eebdd), TOBN(0x5709def8, 0x71bbe831), - TOBN(0x57059983, 0x0eb2b669), TOBN(0x4d80ce1b, 0x875b7029), - TOBN(0x838a7da8, 0x0364ac16), TOBN(0x2f431d23, 0xbe1c83ab), - TOBN(0xe56812a6, 0xf9294dd3), TOBN(0xb448d01f, 0x9b4b0d77), - TOBN(0xf3ae6061, 0x04e8305c), TOBN(0x2bead645, 0x94d8c63e), - TOBN(0x0a85434d, 0x84fd8b07), TOBN(0x537b983f, 0xf7a9dee5), - TOBN(0xedcc5f18, 0xef55bd85), TOBN(0x2041af62, 0x21c6cf8b), - TOBN(0x8e52874c, 0xb940c71e), TOBN(0x211935a9, 0xdb5f4b3a), - TOBN(0x94350492, 0x301b1dc3), TOBN(0x33d2646d, 0x29958620), - TOBN(0x16b0d64b, 0xef911404), TOBN(0x9d1f25ea, 0x9a3c5ef4), - TOBN(0x20f200eb, 0x4a352c78), TOBN(0x43929f2c, 0x4bd0b428), - TOBN(0xa5656667, 0xc7196e29), TOBN(0x7992c2f0, 0x9391be48), - TOBN(0xaaa97cbd, 0x9ee0cd6e), TOBN(0x51b0310c, 0x3dc8c9bf), - TOBN(0x237f8acf, 0xdd9f22cb), TOBN(0xbb1d81a1, 0xb585d584), - TOBN(0x8d5d85f5, 0x8c416388), TOBN(0x0d6e5a5a, 0x42fe474f), - TOBN(0xe7812766, 0x38235d4e), TOBN(0x1c62bd67, 0x496e3298), - TOBN(0x8378660c, 0x3f175bc8), TOBN(0x4d04e189, 0x17afdd4d), - TOBN(0x32a81601, 0x85a8068c), TOBN(0xdb58e4e1, 0x92b29a85), - TOBN(0xe8a65b86, 0xc70d8a3b), TOBN(0x5f0e6f4e, 0x98a0403b), - TOBN(0x08129684, 0x69ed2370), TOBN(0x34dc30bd, 0x0871ee26), - TOBN(0x3a5ce948, 0x7c9c5b05), TOBN(0x7d487b80, 0x43a90c87), - TOBN(0x4089ba37, 0xdd0e7179), TOBN(0x45f80191, 0xb4041811), - TOBN(0x1c3e1058, 0x98747ba5), TOBN(0x98c4e13a, 0x6e1ae592), - TOBN(0xd44636e6, 0xe82c9f9e), TOBN(0x711db87c, 0xc33a1043), - TOBN(0x6f431263, 0xaa8aec05), TOBN(0x43ff120d, 0x2744a4aa), - TOBN(0xd3bd892f, 0xae77779b), TOBN(0xf0fe0cc9, 0x8cdc9f82), - TOBN(0xca5f7fe6, 0xf1c5b1bc), TOBN(0xcc63a682, 0x44929a72), - TOBN(0xc7eaba0c, 0x09dbe19a), TOBN(0x2f3585ad, 0x6b5c73c2), - TOBN(0x8ab8924b, 0x0ae50c30), TOBN(0x17fcd27a, 0x638b30ba), - TOBN(0xaf414d34, 0x10b3d5a5), TOBN(0x09c107d2, 0x2a9accf1), - TOBN(0x15dac49f, 0x946a6242), TOBN(0xaec3df2a, 0xd707d642), - TOBN(0x2c2492b7, 0x3f894ae0), TOBN(0xf59df3e5, 0xb75f18ce), - TOBN(0x7cb740d2, 0x8f53cad0), TOBN(0x3eb585fb, 0xc4f01294), - TOBN(0x17da0c86, 0x32c7f717), TOBN(0xeb8c795b, 0xaf943f4c), - TOBN(0x4ee23fb5, 0xf67c51d2), TOBN(0xef187575, 0x68889949), - TOBN(0xa6b4bdb2, 0x0389168b), TOBN(0xc4ecd258, 0xea577d03), - TOBN(0x3a63782b, 0x55743082), TOBN(0x6f678f4c, 0xc72f08cd), - TOBN(0x553511cf, 0x65e58dd8), TOBN(0xd53b4e3e, 0xd402c0cd), - TOBN(0x37de3e29, 0xa037c14c), TOBN(0x86b6c516, 0xc05712aa), - TOBN(0x2834da3e, 0xb38dff6f), TOBN(0xbe012c52, 0xea636be8), - TOBN(0x292d238c, 0x61dd37f8), TOBN(0x0e54523f, 0x8f8142db), - TOBN(0xe31eb436, 0x036a05d8), TOBN(0x83e3cdff, 0x1e93c0ff), - TOBN(0x3fd2fe0f, 0x50821ddf), TOBN(0xc8e19b0d, 0xff9eb33b), - TOBN(0xc8cc943f, 0xb569a5fe), TOBN(0xad0090d4, 0xd4342d75), - TOBN(0x82090b4b, 0xcaeca000), TOBN(0xca39687f, 0x1bd410eb), - TOBN(0xe7bb0df7, 0x65959d77), TOBN(0x39d78218, 0x9c964999), - TOBN(0xd87f62e8, 0xb2415451), TOBN(0xe5efb774, 0xbed76108), - TOBN(0x3ea011a4, 0xe822f0d0), TOBN(0xbc647ad1, 0x5a8704f8), - TOBN(0xbb315b35, 0x50c6820f), TOBN(0x863dec3d, 0xb7e76bec), - TOBN(0x01ff5d3a, 0xf017bfc7), TOBN(0x20054439, 0x976b8229), - TOBN(0x067fca37, 0x0bbd0d3b), TOBN(0xf63dde64, 0x7f5e3d0f), - TOBN(0x22dbefb3, 0x2a4c94e9), TOBN(0xafbff0fe, 0x96f8278a), - TOBN(0x80aea0b1, 0x3503793d), TOBN(0xb2238029, 0x5f06cd29), - TOBN(0x65703e57, 0x8ec3feca), TOBN(0x06c38314, 0x393e7053), - TOBN(0xa0b751eb, 0x7c6734c4), TOBN(0xd2e8a435, 0xc59f0f1e), - TOBN(0x147d9052, 0x5e9ca895), TOBN(0x2f4dd31e, 0x972072df), - TOBN(0xa16fda8e, 0xe6c6755c), TOBN(0xc66826ff, 0xcf196558), - TOBN(0x1f1a76a3, 0x0cf43895), TOBN(0xa9d604e0, 0x83c3097b), - TOBN(0xe1908309, 0x66390e0e), TOBN(0xa50bf753, 0xb3c85eff), - TOBN(0x0696bdde, 0xf6a70251), TOBN(0x548b801b, 0x3c6ab16a), - TOBN(0x37fcf704, 0xa4d08762), TOBN(0x090b3def, 0xdff76c4e), - TOBN(0x87e8cb89, 0x69cb9158), TOBN(0x44a90744, 0x995ece43), - TOBN(0xf85395f4, 0x0ad9fbf5), TOBN(0x49b0f6c5, 0x4fb0c82d), - TOBN(0x75d9bc15, 0xadf7cccf), TOBN(0x81a3e5d6, 0xdfa1e1b0), - TOBN(0x8c39e444, 0x249bc17e), TOBN(0xf37dccb2, 0x8ea7fd43), - TOBN(0xda654873, 0x907fba12), TOBN(0x35daa6da, 0x4a372904), - TOBN(0x0564cfc6, 0x6283a6c5), TOBN(0xd09fa4f6, 0x4a9395bf), - TOBN(0x688e9ec9, 0xaeb19a36), TOBN(0xd913f1ce, 0xc7bfbfb4), - TOBN(0x797b9a3c, 0x61c2faa6), TOBN(0x2f979bec, 0x6a0a9c12), - TOBN(0xb5969d0f, 0x359679ec), TOBN(0xebcf523d, 0x079b0460), - TOBN(0xfd6b0008, 0x10fab870), TOBN(0x3f2edcda, 0x9373a39c), - TOBN(0x0d64f9a7, 0x6f568431), TOBN(0xf848c27c, 0x02f8898c), - TOBN(0xf418ade1, 0x260b5bd5), TOBN(0xc1f3e323, 0x6973dee8), - TOBN(0x46e9319c, 0x26c185dd), TOBN(0x6d85b7d8, 0x546f0ac4), - TOBN(0x427965f2, 0x247f9d57), TOBN(0xb519b636, 0xb0035f48), - TOBN(0x6b6163a9, 0xab87d59c), TOBN(0xff9f58c3, 0x39caaa11), - TOBN(0x4ac39cde, 0x3177387b), TOBN(0x5f6557c2, 0x873e77f9), - TOBN(0x67504006, 0x36a83041), TOBN(0x9b1c96ca, 0x75ef196c), - TOBN(0xf34283de, 0xb08c7940), TOBN(0x7ea09644, 0x1128c316), - TOBN(0xb510b3b5, 0x6aa39dff), TOBN(0x59b43da2, 0x9f8e4d8c), - TOBN(0xa8ce31fd, 0x9e4c4b9f), TOBN(0x0e20be26, 0xc1303c01), - TOBN(0x18187182, 0xe8ee47c9), TOBN(0xd9687cdb, 0x7db98101), - TOBN(0x7a520e4d, 0xa1e14ff6), TOBN(0x429808ba, 0x8836d572), - TOBN(0xa37ca60d, 0x4944b663), TOBN(0xf901f7a9, 0xa3f91ae5), - TOBN(0xe4e3e76e, 0x9e36e3b1), TOBN(0x9aa219cf, 0x29d93250), - TOBN(0x347fe275, 0x056a2512), TOBN(0xa4d643d9, 0xde65d95c), - TOBN(0x9669d396, 0x699fc3ed), TOBN(0xb598dee2, 0xcf8c6bbe), - TOBN(0x682ac1e5, 0xdda9e5c6), TOBN(0x4e0d3c72, 0xcaa9fc95), - TOBN(0x17faaade, 0x772bea44), TOBN(0x5ef8428c, 0xab0009c8), - TOBN(0xcc4ce47a, 0x460ff016), TOBN(0xda6d12bf, 0x725281cb), - TOBN(0x44c67848, 0x0223aad2), TOBN(0x6e342afa, 0x36256e28), - TOBN(0x1400bb0b, 0x93a37c04), TOBN(0x62b1bc9b, 0xdd10bd96), - TOBN(0x7251adeb, 0x0dac46b7), TOBN(0x7d33b92e, 0x7be4ef51), - TOBN(0x28b2a94b, 0xe61fa29a), TOBN(0x4b2be13f, 0x06422233), - TOBN(0x36d6d062, 0x330d8d37), TOBN(0x5ef80e1e, 0xb28ca005), - TOBN(0x174d4699, 0x6d16768e), TOBN(0x9fc4ff6a, 0x628bf217), - TOBN(0x77705a94, 0x154e490d), TOBN(0x9d96dd28, 0x8d2d997a), - TOBN(0x77e2d9d8, 0xce5d72c4), TOBN(0x9d06c5a4, 0xc11c714f), - TOBN(0x02aa5136, 0x79e4a03e), TOBN(0x1386b3c2, 0x030ff28b), - TOBN(0xfe82e8a6, 0xfb283f61), TOBN(0x7df203e5, 0xf3abc3fb), - TOBN(0xeec7c351, 0x3a4d3622), TOBN(0xf7d17dbf, 0xdf762761), - TOBN(0xc3956e44, 0x522055f0), TOBN(0xde3012db, 0x8fa748db), - TOBN(0xca9fcb63, 0xbf1dcc14), TOBN(0xa56d9dcf, 0xbe4e2f3a), - TOBN(0xb86186b6, 0x8bcec9c2), TOBN(0x7cf24df9, 0x680b9f06), - TOBN(0xc46b45ea, 0xc0d29281), TOBN(0xfff42bc5, 0x07b10e12), - TOBN(0x12263c40, 0x4d289427), TOBN(0x3d5f1899, 0xb4848ec4), - TOBN(0x11f97010, 0xd040800c), TOBN(0xb4c5f529, 0x300feb20), - TOBN(0xcc543f8f, 0xde94fdcb), TOBN(0xe96af739, 0xc7c2f05e), - TOBN(0xaa5e0036, 0x882692e1), TOBN(0x09c75b68, 0x950d4ae9), - TOBN(0x62f63df2, 0xb5932a7a), TOBN(0x2658252e, 0xde0979ad), - TOBN(0x2a19343f, 0xb5e69631), TOBN(0x718c7501, 0x525b666b), - TOBN(0x26a42d69, 0xea40dc3a), TOBN(0xdc84ad22, 0xaecc018f), - TOBN(0x25c36c7b, 0x3270f04a), TOBN(0x46ba6d47, 0x50fa72ed), - TOBN(0x6c37d1c5, 0x93e58a8e), TOBN(0xa2394731, 0x120c088c), - TOBN(0xc3be4263, 0xcb6e86da), TOBN(0x2c417d36, 0x7126d038), - TOBN(0x5b70f9c5, 0x8b6f8efa), TOBN(0x671a2faa, 0x37718536), - TOBN(0xd3ced3c6, 0xb539c92b), TOBN(0xe56f1bd9, 0xa31203c2), - TOBN(0x8b096ec4, 0x9ff3c8eb), TOBN(0x2deae432, 0x43491cea), - TOBN(0x2465c6eb, 0x17943794), TOBN(0x5d267e66, 0x20586843), - TOBN(0x9d3d116d, 0xb07159d0), TOBN(0xae07a67f, 0xc1896210), - TOBN(0x8fc84d87, 0xbb961579), TOBN(0x30009e49, 0x1c1f8dd6), - TOBN(0x8a8caf22, 0xe3132819), TOBN(0xcffa197c, 0xf23ab4ff), - TOBN(0x58103a44, 0x205dd687), TOBN(0x57b796c3, 0x0ded67a2), - TOBN(0x0b9c3a6c, 0xa1779ad7), TOBN(0xa33cfe2e, 0x357c09c5), - TOBN(0x2ea29315, 0x3db4a57e), TOBN(0x91959695, 0x8ebeb52e), - TOBN(0x118db9a6, 0xe546c879), TOBN(0x8e996df4, 0x6295c8d6), - TOBN(0xdd990484, 0x55ec806b), TOBN(0x24f291ca, 0x165c1035), - TOBN(0xcca523bb, 0x440e2229), TOBN(0x324673a2, 0x73ef4d04), - TOBN(0xaf3adf34, 0x3e11ec39), TOBN(0x6136d7f1, 0xdc5968d3), - TOBN(0x7a7b2899, 0xb053a927), TOBN(0x3eaa2661, 0xae067ecd), - TOBN(0x8549b9c8, 0x02779cd9), TOBN(0x061d7940, 0xc53385ea), - TOBN(0x3e0ba883, 0xf06d18bd), TOBN(0x4ba6de53, 0xb2700843), - TOBN(0xb966b668, 0x591a9e4d), TOBN(0x93f67567, 0x7f4fa0ed), - TOBN(0x5a02711b, 0x4347237b), TOBN(0xbc041e2f, 0xe794608e), - TOBN(0x55af10f5, 0x70f73d8c), TOBN(0xd2d4d4f7, 0xbb7564f7), - TOBN(0xd7d27a89, 0xb3e93ce7), TOBN(0xf7b5a875, 0x5d3a2c1b), - TOBN(0xb29e68a0, 0x255b218a), TOBN(0xb533837e, 0x8af76754), - TOBN(0xd1b05a73, 0x579fab2e), TOBN(0xb41055a1, 0xecd74385), - TOBN(0xb2369274, 0x445e9115), TOBN(0x2972a7c4, 0xf520274e), - TOBN(0x6c08334e, 0xf678e68a), TOBN(0x4e4160f0, 0x99b057ed), - TOBN(0x3cfe11b8, 0x52ccb69a), TOBN(0x2fd1823a, 0x21c8f772), - TOBN(0xdf7f072f, 0x3298f055), TOBN(0x8c0566f9, 0xfec74a6e), - TOBN(0xe549e019, 0x5bb4d041), TOBN(0x7c3930ba, 0x9208d850), - TOBN(0xe07141fc, 0xaaa2902b), TOBN(0x539ad799, 0xe4f69ad3), - TOBN(0xa6453f94, 0x813f9ffd), TOBN(0xc58d3c48, 0x375bc2f7), - TOBN(0xb3326fad, 0x5dc64e96), TOBN(0x3aafcaa9, 0xb240e354), - TOBN(0x1d1b0903, 0xaca1e7a9), TOBN(0x4ceb9767, 0x1211b8a0), - TOBN(0xeca83e49, 0xe32a858e), TOBN(0x4c32892e, 0xae907bad), - TOBN(0xd5b42ab6, 0x2eb9b494), TOBN(0x7fde3ee2, 0x1eabae1b), - TOBN(0x13b5ab09, 0xcaf54957), TOBN(0xbfb028be, 0xe5f5d5d5), - TOBN(0x928a0650, 0x2003e2c0), TOBN(0x90793aac, 0x67476843), - TOBN(0x5e942e79, 0xc81710a0), TOBN(0x557e4a36, 0x27ccadd4), - TOBN(0x72a2bc56, 0x4bcf6d0c), TOBN(0x09ee5f43, 0x26d7b80c), - TOBN(0x6b70dbe9, 0xd4292f19), TOBN(0x56f74c26, 0x63f16b18), - TOBN(0xc23db0f7, 0x35fbb42a), TOBN(0xb606bdf6, 0x6ae10040), - TOBN(0x1eb15d4d, 0x044573ac), TOBN(0x7dc3cf86, 0x556b0ba4), - TOBN(0x97af9a33, 0xc60df6f7), TOBN(0x0b1ef85c, 0xa716ce8c), - TOBN(0x2922f884, 0xc96958be), TOBN(0x7c32fa94, 0x35690963), - TOBN(0x2d7f667c, 0xeaa00061), TOBN(0xeaaf7c17, 0x3547365c), - TOBN(0x1eb4de46, 0x87032d58), TOBN(0xc54f3d83, 0x5e2c79e0), - TOBN(0x07818df4, 0x5d04ef23), TOBN(0x55faa9c8, 0x673d41b4), - TOBN(0xced64f6f, 0x89b95355), TOBN(0x4860d2ea, 0xb7415c84), - TOBN(0x5fdb9bd2, 0x050ebad3), TOBN(0xdb53e0cc, 0x6685a5bf), - TOBN(0xb830c031, 0x9feb6593), TOBN(0xdd87f310, 0x6accff17), - TOBN(0x2303ebab, 0x9f555c10), TOBN(0x94603695, 0x287e7065), - TOBN(0xf88311c3, 0x2e83358c), TOBN(0x508dd9b4, 0xeefb0178), - TOBN(0x7ca23706, 0x2dba8652), TOBN(0x62aac5a3, 0x0047abe5), - TOBN(0x9a61d2a0, 0x8b1ea7b3), TOBN(0xd495ab63, 0xae8b1485), - TOBN(0x38740f84, 0x87052f99), TOBN(0x178ebe5b, 0xb2974eea), - TOBN(0x030bbcca, 0x5b36d17f), TOBN(0xb5e4cce3, 0xaaf86eea), - TOBN(0xb51a0220, 0x68f8e9e0), TOBN(0xa4348796, 0x09eb3e75), - TOBN(0xbe592309, 0xeef1a752), TOBN(0x5d7162d7, 0x6f2aa1ed), - TOBN(0xaebfb5ed, 0x0f007dd2), TOBN(0x255e14b2, 0xc89edd22), - TOBN(0xba85e072, 0x0303b697), TOBN(0xc5d17e25, 0xf05720ff), - TOBN(0x02b58d6e, 0x5128ebb6), TOBN(0x2c80242d, 0xd754e113), - TOBN(0x919fca5f, 0xabfae1ca), TOBN(0x937afaac, 0x1a21459b), - TOBN(0x9e0ca91c, 0x1f66a4d2), TOBN(0x194cc7f3, 0x23ec1331), - TOBN(0xad25143a, 0x8aa11690), TOBN(0xbe40ad8d, 0x09b59e08), - TOBN(0x37d60d9b, 0xe750860a), TOBN(0x6c53b008, 0xc6bf434c), - TOBN(0xb572415d, 0x1356eb80), TOBN(0xb8bf9da3, 0x9578ded8), - TOBN(0x22658e36, 0x5e8fb38b), TOBN(0x9b70ce22, 0x5af8cb22), - TOBN(0x7c00018a, 0x829a8180), TOBN(0x84329f93, 0xb81ed295), - TOBN(0x7c343ea2, 0x5f3cea83), TOBN(0x38f8655f, 0x67586536), - TOBN(0xa661a0d0, 0x1d3ec517), TOBN(0x98744652, 0x512321ae), - TOBN(0x084ca591, 0xeca92598), TOBN(0xa9bb9dc9, 0x1dcb3feb), - TOBN(0x14c54355, 0x78b4c240), TOBN(0x5ed62a3b, 0x610cafdc), - TOBN(0x07512f37, 0x1b38846b), TOBN(0x571bb70a, 0xb0e38161), - TOBN(0xb556b95b, 0x2da705d2), TOBN(0x3ef8ada6, 0xb1a08f98), - TOBN(0x85302ca7, 0xddecfbe5), TOBN(0x0e530573, 0x943105cd), - TOBN(0x60554d55, 0x21a9255d), TOBN(0x63a32fa1, 0xf2f3802a), - TOBN(0x35c8c5b0, 0xcd477875), TOBN(0x97f458ea, 0x6ad42da1), - TOBN(0x832d7080, 0xeb6b242d), TOBN(0xd30bd023, 0x3b71e246), - TOBN(0x7027991b, 0xbe31139d), TOBN(0x68797e91, 0x462e4e53), - TOBN(0x423fe20a, 0x6b4e185a), TOBN(0x82f2c67e, 0x42d9b707), - TOBN(0x25c81768, 0x4cf7811b), TOBN(0xbd53005e, 0x045bb95d)}, - {TOBN(0xe5f649be, 0x9d8e68fd), TOBN(0xdb0f0533, 0x1b044320), - TOBN(0xf6fde9b3, 0xe0c33398), TOBN(0x92f4209b, 0x66c8cfae), - TOBN(0xe9d1afcc, 0x1a739d4b), TOBN(0x09aea75f, 0xa28ab8de), - TOBN(0x14375fb5, 0xeac6f1d0), TOBN(0x6420b560, 0x708f7aa5), - TOBN(0x9eae499c, 0x6254dc41), TOBN(0x7e293924, 0x7a837e7e), - TOBN(0x74aec08c, 0x090524a7), TOBN(0xf82b9219, 0x8d6f55f2), - TOBN(0x493c962e, 0x1402cec5), TOBN(0x9f17ca17, 0xfa2f30e7), - TOBN(0xbcd783e8, 0xe9b879cb), TOBN(0xea3d8c14, 0x5a6f145f), - TOBN(0xdede15e7, 0x5e0dee6e), TOBN(0x74f24872, 0xdc628aa2), - TOBN(0xd3e9c4fe, 0x7861bb93), TOBN(0x56d4822a, 0x6187b2e0), - TOBN(0xb66417cf, 0xc59826f9), TOBN(0xca260969, 0x2408169e), - TOBN(0xedf69d06, 0xc79ef885), TOBN(0x00031f8a, 0xdc7d138f), - TOBN(0x103c46e6, 0x0ebcf726), TOBN(0x4482b831, 0x6231470e), - TOBN(0x6f6dfaca, 0x487c2109), TOBN(0x2e0ace97, 0x62e666ef), - TOBN(0x3246a9d3, 0x1f8d1f42), TOBN(0x1b1e83f1, 0x574944d2), - TOBN(0x13dfa63a, 0xa57f334b), TOBN(0x0cf8daed, 0x9f025d81), - TOBN(0x30d78ea8, 0x00ee11c1), TOBN(0xeb053cd4, 0xb5e3dd75), - TOBN(0x9b65b13e, 0xd58c43c5), TOBN(0xc3ad49bd, 0xbd151663), - TOBN(0x99fd8e41, 0xb6427990), TOBN(0x12cf15bd, 0x707eae1e), - TOBN(0x29ad4f1b, 0x1aabb71e), TOBN(0x5143e74d, 0x07545d0e), - TOBN(0x30266336, 0xc88bdee1), TOBN(0x25f29306, 0x5876767c), - TOBN(0x9c078571, 0xc6731996), TOBN(0xc88690b2, 0xed552951), - TOBN(0x274f2c2d, 0x852705b4), TOBN(0xb0bf8d44, 0x4e09552d), - TOBN(0x7628beeb, 0x986575d1), TOBN(0x407be238, 0x7f864651), - TOBN(0x0e5e3049, 0xa639fc6b), TOBN(0xe75c35d9, 0x86003625), - TOBN(0x0cf35bd8, 0x5dcc1646), TOBN(0x8bcaced2, 0x6c26273a), - TOBN(0xe22ecf1d, 0xb5536742), TOBN(0x013dd897, 0x1a9e068b), - TOBN(0x17f411cb, 0x8a7909c5), TOBN(0x5757ac98, 0x861dd506), - TOBN(0x85de1f0d, 0x1e935abb), TOBN(0xdefd10b4, 0x154de37a), - TOBN(0xb8d9e392, 0x369cebb5), TOBN(0x54d5ef9b, 0x761324be), - TOBN(0x4d6341ba, 0x74f17e26), TOBN(0xc0a0e3c8, 0x78c1dde4), - TOBN(0xa6d77581, 0x87d918fd), TOBN(0x66876015, 0x02ca3a13), - TOBN(0xc7313e9c, 0xf36658f0), TOBN(0xc433ef1c, 0x71f8057e), - TOBN(0x85326246, 0x1b6a835a), TOBN(0xc8f05398, 0x7c86394c), - TOBN(0xff398cdf, 0xe983c4a1), TOBN(0xbf5e8162, 0x03b7b931), - TOBN(0x93193c46, 0xb7b9045b), TOBN(0x1e4ebf5d, 0xa4a6e46b), - TOBN(0xf9942a60, 0x43a24fe7), TOBN(0x29c1191e, 0xffb3492b), - TOBN(0x9f662449, 0x902fde05), TOBN(0xc792a7ac, 0x6713c32d), - TOBN(0x2fd88ad8, 0xb737982c), TOBN(0x7e3a0319, 0xa21e60e3), - TOBN(0x09b0de44, 0x7383591a), TOBN(0x6df141ee, 0x8310a456), - TOBN(0xaec1a039, 0xe6d6f471), TOBN(0x14b2ba0f, 0x1198d12e), - TOBN(0xebc1a160, 0x3aeee5ac), TOBN(0x401f4836, 0xe0b964ce), - TOBN(0x2ee43796, 0x4fd03f66), TOBN(0x3fdb4e49, 0xdd8f3f12), - TOBN(0x6ef267f6, 0x29380f18), TOBN(0x3e8e9670, 0x8da64d16), - TOBN(0xbc19180c, 0x207674f1), TOBN(0x112e09a7, 0x33ae8fdb), - TOBN(0x99667554, 0x6aaeb71e), TOBN(0x79432af1, 0xe101b1c7), - TOBN(0xd5eb558f, 0xde2ddec6), TOBN(0x81392d1f, 0x5357753f), - TOBN(0xa7a76b97, 0x3ae1158a), TOBN(0x416fbbff, 0x4a899991), - TOBN(0x9e65fdfd, 0x0d4a9dcf), TOBN(0x7bc29e48, 0x944ddf12), - TOBN(0xbc1a92d9, 0x3c856866), TOBN(0x273c6905, 0x6e98dfe2), - TOBN(0x69fce418, 0xcdfaa6b8), TOBN(0x606bd823, 0x5061c69f), - TOBN(0x42d495a0, 0x6af75e27), TOBN(0x8ed3d505, 0x6d873a1f), - TOBN(0xaf552841, 0x6ab25b6a), TOBN(0xc6c0ffc7, 0x2b1a4523), - TOBN(0xab18827b, 0x21c99e03), TOBN(0x060e8648, 0x9034691b), - TOBN(0x5207f90f, 0x93c7f398), TOBN(0x9f4a96cb, 0x82f8d10b), - TOBN(0xdd71cd79, 0x3ad0f9e3), TOBN(0x84f435d2, 0xfc3a54f5), - TOBN(0x4b03c55b, 0x8e33787f), TOBN(0xef42f975, 0xa6384673), - TOBN(0xff7304f7, 0x5051b9f0), TOBN(0x18aca1dc, 0x741c87c2), - TOBN(0x56f120a7, 0x2d4bfe80), TOBN(0xfd823b3d, 0x053e732c), - TOBN(0x11bccfe4, 0x7537ca16), TOBN(0xdf6c9c74, 0x1b5a996b), - TOBN(0xee7332c7, 0x904fc3fa), TOBN(0x14a23f45, 0xc7e3636a), - TOBN(0xc38659c3, 0xf091d9aa), TOBN(0x4a995e5d, 0xb12d8540), - TOBN(0x20a53bec, 0xf3a5598a), TOBN(0x56534b17, 0xb1eaa995), - TOBN(0x9ed3dca4, 0xbf04e03c), TOBN(0x716c563a, 0xd8d56268), - TOBN(0x27ba77a4, 0x1d6178e7), TOBN(0xe4c80c40, 0x68a1ff8e), - TOBN(0x75011099, 0x0a13f63d), TOBN(0x7bf33521, 0xa61d46f3), - TOBN(0x0aff218e, 0x10b365bb), TOBN(0x81021804, 0x0fd7ea75), - TOBN(0x05a3fd8a, 0xa4b3a925), TOBN(0xb829e75f, 0x9b3db4e6), - TOBN(0x6bdc75a5, 0x4d53e5fb), TOBN(0x04a5dc02, 0xd52717e3), - TOBN(0x86af502f, 0xe9a42ec2), TOBN(0x8867e8fb, 0x2630e382), - TOBN(0xbf845c6e, 0xbec9889b), TOBN(0x54f491f2, 0xcb47c98d), - TOBN(0xa3091fba, 0x790c2a12), TOBN(0xd7f6fd78, 0xc20f708b), - TOBN(0xa569ac30, 0xacde5e17), TOBN(0xd0f996d0, 0x6852b4d7), - TOBN(0xe51d4bb5, 0x4609ae54), TOBN(0x3fa37d17, 0x0daed061), - TOBN(0x62a88684, 0x34b8fb41), TOBN(0x99a2acbd, 0x9efb64f1), - TOBN(0xb75c1a5e, 0x6448e1f2), TOBN(0xfa99951a, 0x42b5a069), - TOBN(0x6d956e89, 0x2f3b26e7), TOBN(0xf4709860, 0xda875247), - TOBN(0x3ad15179, 0x2482dda3), TOBN(0xd64110e3, 0x017d82f0), - TOBN(0x14928d2c, 0xfad414e4), TOBN(0x2b155f58, 0x2ed02b24), - TOBN(0x481a141b, 0xcb821bf1), TOBN(0x12e3c770, 0x4f81f5da), - TOBN(0xe49c5de5, 0x9fff8381), TOBN(0x11053232, 0x5bbec894), - TOBN(0xa0d051cc, 0x454d88c4), TOBN(0x4f6db89c, 0x1f8e531b), - TOBN(0x34fe3fd6, 0xca563a44), TOBN(0x7f5c2215, 0x58da8ab9), - TOBN(0x8445016d, 0x9474f0a1), TOBN(0x17d34d61, 0xcb7d8a0a), - TOBN(0x8e9d3910, 0x1c474019), TOBN(0xcaff2629, 0xd52ceefb), - TOBN(0xf9cf3e32, 0xc1622c2b), TOBN(0xd4b95e3c, 0xe9071a05), - TOBN(0xfbbca61f, 0x1594438c), TOBN(0x1eb6e6a6, 0x04aadedf), - TOBN(0x853027f4, 0x68e14940), TOBN(0x221d322a, 0xdfabda9c), - TOBN(0xed8ea9f6, 0xb7cb179a), TOBN(0xdc7b764d, 0xb7934dcc), - TOBN(0xfcb13940, 0x5e09180d), TOBN(0x6629a6bf, 0xb47dc2dd), - TOBN(0xbfc55e4e, 0x9f5a915e), TOBN(0xb1db9d37, 0x6204441e), - TOBN(0xf82d68cf, 0x930c5f53), TOBN(0x17d3a142, 0xcbb605b1), - TOBN(0xdd5944ea, 0x308780f2), TOBN(0xdc8de761, 0x3845f5e4), - TOBN(0x6beaba7d, 0x7624d7a3), TOBN(0x1e709afd, 0x304df11e), - TOBN(0x95364376, 0x02170456), TOBN(0xbf204b3a, 0xc8f94b64), - TOBN(0x4e53af7c, 0x5680ca68), TOBN(0x0526074a, 0xe0c67574), - TOBN(0x95d8cef8, 0xecd92af6), TOBN(0xe6b9fa7a, 0x6cd1745a), - TOBN(0x3d546d3d, 0xa325c3e4), TOBN(0x1f57691d, 0x9ae93aae), - TOBN(0xe891f3fe, 0x9d2e1a33), TOBN(0xd430093f, 0xac063d35), - TOBN(0xeda59b12, 0x5513a327), TOBN(0xdc2134f3, 0x5536f18f), - TOBN(0xaa51fe2c, 0x5c210286), TOBN(0x3f68aaee, 0x1cab658c), - TOBN(0x5a23a00b, 0xf9357292), TOBN(0x9a626f39, 0x7efdabed), - TOBN(0xfe2b3bf3, 0x199d78e3), TOBN(0xb7a2af77, 0x71bbc345), - TOBN(0x3d19827a, 0x1e59802c), TOBN(0x823bbc15, 0xb487a51c), - TOBN(0x856139f2, 0x99d0a422), TOBN(0x9ac3df65, 0xf456c6fb), - TOBN(0xaddf65c6, 0x701f8bd6), TOBN(0x149f321e, 0x3758df87), - TOBN(0xb1ecf714, 0x721b7eba), TOBN(0xe17df098, 0x31a3312a), - TOBN(0xdb2fd6ec, 0xd5c4d581), TOBN(0xfd02996f, 0x8fcea1b3), - TOBN(0xe29fa63e, 0x7882f14f), TOBN(0xc9f6dc35, 0x07c6cadc), - TOBN(0x46f22d6f, 0xb882bed0), TOBN(0x1a45755b, 0xd118e52c), - TOBN(0x9f2c7c27, 0x7c4608cf), TOBN(0x7ccbdf32, 0x568012c2), - TOBN(0xfcb0aedd, 0x61729b0e), TOBN(0x7ca2ca9e, 0xf7d75dbf), - TOBN(0xf58fecb1, 0x6f640f62), TOBN(0xe274b92b, 0x39f51946), - TOBN(0x7f4dfc04, 0x6288af44), TOBN(0x0a91f32a, 0xeac329e5), - TOBN(0x43ad274b, 0xd6aaba31), TOBN(0x719a1640, 0x0f6884f9), - TOBN(0x685d29f6, 0xdaf91e20), TOBN(0x5ec1cc33, 0x27e49d52), - TOBN(0x38f4de96, 0x3b54a059), TOBN(0x0e0015e5, 0xefbcfdb3), - TOBN(0x177d23d9, 0x4dbb8da6), TOBN(0x98724aa2, 0x97a617ad), - TOBN(0x30f0885b, 0xfdb6558e), TOBN(0xf9f7a28a, 0xc7899a96), - TOBN(0xd2ae8ac8, 0x872dc112), TOBN(0xfa0642ca, 0x73c3c459), - TOBN(0x15296981, 0xe7dfc8d6), TOBN(0x67cd4450, 0x1fb5b94a), - TOBN(0x0ec71cf1, 0x0eddfd37), TOBN(0xc7e5eeb3, 0x9a8eddc7), - TOBN(0x02ac8e3d, 0x81d95028), TOBN(0x0088f172, 0x70b0e35d), - TOBN(0xec041fab, 0xe1881fe3), TOBN(0x62cf71b8, 0xd99e7faa), - TOBN(0x5043dea7, 0xe0f222c2), TOBN(0x309d42ac, 0x72e65142), - TOBN(0x94fe9ddd, 0x9216cd30), TOBN(0xd6539c7d, 0x0f87feec), - TOBN(0x03c5a57c, 0x432ac7d7), TOBN(0x72692cf0, 0x327fda10), - TOBN(0xec28c85f, 0x280698de), TOBN(0x2331fb46, 0x7ec283b1), - TOBN(0xd34bfa32, 0x2867e633), TOBN(0x78709a82, 0x0a9cc815), - TOBN(0xb7fe6964, 0x875e2fa5), TOBN(0x25cc064f, 0x9e98bfb5), - TOBN(0x9eb0151c, 0x493a65c5), TOBN(0x5fb5d941, 0x53182464), - TOBN(0x69e6f130, 0xf04618e2), TOBN(0xa8ecec22, 0xf89c8ab6), - TOBN(0xcd6ac88b, 0xb96209bd), TOBN(0x65fa8cdb, 0xb3e1c9e0), - TOBN(0xa47d22f5, 0x4a8d8eac), TOBN(0x83895cdf, 0x8d33f963), - TOBN(0xa8adca59, 0xb56cd3d1), TOBN(0x10c8350b, 0xdaf38232), - TOBN(0x2b161fb3, 0xa5080a9f), TOBN(0xbe7f5c64, 0x3af65b3a), - TOBN(0x2c754039, 0x97403a11), TOBN(0x94626cf7, 0x121b96af), - TOBN(0x431de7c4, 0x6a983ec2), TOBN(0x3780dd3a, 0x52cc3df7), - TOBN(0xe28a0e46, 0x2baf8e3b), TOBN(0xabe68aad, 0x51d299ae), - TOBN(0x603eb8f9, 0x647a2408), TOBN(0x14c61ed6, 0x5c750981), - TOBN(0x88b34414, 0xc53352e7), TOBN(0x5a34889c, 0x1337d46e), - TOBN(0x612c1560, 0xf95f2bc8), TOBN(0x8a3f8441, 0xd4807a3a), - TOBN(0x680d9e97, 0x5224da68), TOBN(0x60cd6e88, 0xc3eb00e9), - TOBN(0x3875a98e, 0x9a6bc375), TOBN(0xdc80f924, 0x4fd554c2), - TOBN(0x6c4b3415, 0x6ac77407), TOBN(0xa1e5ea8f, 0x25420681), - TOBN(0x541bfa14, 0x4607a458), TOBN(0x5dbc7e7a, 0x96d7fbf9), - TOBN(0x646a851b, 0x31590a47), TOBN(0x039e85ba, 0x15ee6df8), - TOBN(0xd19fa231, 0xd7b43fc0), TOBN(0x84bc8be8, 0x299a0e04), - TOBN(0x2b9d2936, 0xf20df03a), TOBN(0x24054382, 0x8608d472), - TOBN(0x76b6ba04, 0x9149202a), TOBN(0xb21c3831, 0x3670e7b7), - TOBN(0xddd93059, 0xd6fdee10), TOBN(0x9da47ad3, 0x78488e71), - TOBN(0x99cc1dfd, 0xa0fcfb25), TOBN(0x42abde10, 0x64696954), - TOBN(0x14cc15fc, 0x17eab9fe), TOBN(0xd6e863e4, 0xd3e70972), - TOBN(0x29a7765c, 0x6432112c), TOBN(0x88660001, 0x5b0774d8), - TOBN(0x3729175a, 0x2c088eae), TOBN(0x13afbcae, 0x8230b8d4), - TOBN(0x44768151, 0x915f4379), TOBN(0xf086431a, 0xd8d22812), - TOBN(0x37461955, 0xc298b974), TOBN(0x905fb5f0, 0xf8711e04), - TOBN(0x787abf3a, 0xfe969d18), TOBN(0x392167c2, 0x6f6a494e), - TOBN(0xfc7a0d2d, 0x28c511da), TOBN(0xf127c7dc, 0xb66a262d), - TOBN(0xf9c4bb95, 0xfd63fdf0), TOBN(0x90016589, 0x3913ef46), - TOBN(0x74d2a73c, 0x11aa600d), TOBN(0x2f5379bd, 0x9fb5ab52), - TOBN(0xe49e53a4, 0x7fb70068), TOBN(0x68dd39e5, 0x404aa9a7), - TOBN(0xb9b0cf57, 0x2ecaa9c3), TOBN(0xba0e103b, 0xe824826b), - TOBN(0x60c2198b, 0x4631a3c4), TOBN(0xc5ff84ab, 0xfa8966a2), - TOBN(0x2d6ebe22, 0xac95aff8), TOBN(0x1c9bb6db, 0xb5a46d09), - TOBN(0x419062da, 0x53ee4f8d), TOBN(0x7b9042d0, 0xbb97efef), - TOBN(0x0f87f080, 0x830cf6bd), TOBN(0x4861d19a, 0x6ec8a6c6), - TOBN(0xd3a0daa1, 0x202f01aa), TOBN(0xb0111674, 0xf25afbd5), - TOBN(0x6d00d6cf, 0x1afb20d9), TOBN(0x13695000, 0x40671bc5), - TOBN(0x913ab0dc, 0x2485ea9b), TOBN(0x1f2bed06, 0x9eef61ac), - TOBN(0x850c8217, 0x6d799e20), TOBN(0x93415f37, 0x3271c2de), - TOBN(0x5afb06e9, 0x6c4f5910), TOBN(0x688a52df, 0xc4e9e421), - TOBN(0x30495ba3, 0xe2a9a6db), TOBN(0x4601303d, 0x58f9268b), - TOBN(0xbe3b0dad, 0x7eb0f04f), TOBN(0x4ea47250, 0x4456936d), - TOBN(0x8caf8798, 0xd33fd3e7), TOBN(0x1ccd8a89, 0xeb433708), - TOBN(0x9effe3e8, 0x87fd50ad), TOBN(0xbe240a56, 0x6b29c4df), - TOBN(0xec4ffd98, 0xca0e7ebd), TOBN(0xf586783a, 0xe748616e), - TOBN(0xa5b00d8f, 0xc77baa99), TOBN(0x0acada29, 0xb4f34c9c), - TOBN(0x36dad67d, 0x0fe723ac), TOBN(0x1d8e53a5, 0x39c36c1e), - TOBN(0xe4dd342d, 0x1f4bea41), TOBN(0x64fd5e35, 0xebc9e4e0), - TOBN(0x96f01f90, 0x57908805), TOBN(0xb5b9ea3d, 0x5ed480dd), - TOBN(0x366c5dc2, 0x3efd2dd0), TOBN(0xed2fe305, 0x6e9dfa27), - TOBN(0x4575e892, 0x6e9197e2), TOBN(0x11719c09, 0xab502a5d), - TOBN(0x264c7bec, 0xe81f213f), TOBN(0x741b9241, 0x55f5c457), - TOBN(0x78ac7b68, 0x49a5f4f4), TOBN(0xf91d70a2, 0x9fc45b7d), - TOBN(0x39b05544, 0xb0f5f355), TOBN(0x11f06bce, 0xeef930d9), - TOBN(0xdb84d25d, 0x038d05e1), TOBN(0x04838ee5, 0xbacc1d51), - TOBN(0x9da3ce86, 0x9e8ee00b), TOBN(0xc3412057, 0xc36eda1f), - TOBN(0xae80b913, 0x64d9c2f4), TOBN(0x7468bac3, 0xa010a8ff), - TOBN(0xdfd20037, 0x37359d41), TOBN(0x1a0f5ab8, 0x15efeacc), - TOBN(0x7c25ad2f, 0x659d0ce0), TOBN(0x4011bcbb, 0x6785cff1), - TOBN(0x128b9912, 0x7e2192c7), TOBN(0xa549d8e1, 0x13ccb0e8), - TOBN(0x805588d8, 0xc85438b1), TOBN(0x5680332d, 0xbc25cb27), - TOBN(0xdcd1bc96, 0x1a4bfdf4), TOBN(0x779ff428, 0x706f6566), - TOBN(0x8bbee998, 0xf059987a), TOBN(0xf6ce8cf2, 0xcc686de7), - TOBN(0xf8ad3c4a, 0x953cfdb2), TOBN(0xd1d426d9, 0x2205da36), - TOBN(0xb3c0f13f, 0xc781a241), TOBN(0x3e89360e, 0xd75362a8), - TOBN(0xccd05863, 0xc8a91184), TOBN(0x9bd0c9b7, 0xefa8a7f4), - TOBN(0x97ee4d53, 0x8a912a4b), TOBN(0xde5e15f8, 0xbcf518fd), - TOBN(0x6a055bf8, 0xc467e1e0), TOBN(0x10be4b4b, 0x1587e256), - TOBN(0xd90c14f2, 0x668621c9), TOBN(0xd5518f51, 0xab9c92c1), - TOBN(0x8e6a0100, 0xd6d47b3c), TOBN(0xcbe980dd, 0x66716175), - TOBN(0x500d3f10, 0xddd83683), TOBN(0x3b6cb35d, 0x99cac73c), - TOBN(0x53730c8b, 0x6083d550), TOBN(0xcf159767, 0xdf0a1987), - TOBN(0x84bfcf53, 0x43ad73b3), TOBN(0x1b528c20, 0x4f035a94), - TOBN(0x4294edf7, 0x33eeac69), TOBN(0xb6283e83, 0x817f3240), - TOBN(0xc3fdc959, 0x0a5f25b1), TOBN(0xefaf8aa5, 0x5844ee22), - TOBN(0xde269ba5, 0xdbdde4de), TOBN(0xe3347160, 0xc56133bf), - TOBN(0xc1184219, 0x8d9ea9f8), TOBN(0x090de5db, 0xf3fc1ab5), - TOBN(0x404c37b1, 0x0bf22cda), TOBN(0x7de20ec8, 0xf5618894), - TOBN(0x754c588e, 0xecdaecab), TOBN(0x6ca4b0ed, 0x88342743), - TOBN(0x76f08bdd, 0xf4a938ec), TOBN(0xd182de89, 0x91493ccb), - TOBN(0xd652c53e, 0xc8a4186a), TOBN(0xb3e878db, 0x946d8e33), - TOBN(0x088453c0, 0x5f37663c), TOBN(0x5cd9daaa, 0xb407748b), - TOBN(0xa1f5197f, 0x586d5e72), TOBN(0x47500be8, 0xc443ca59), - TOBN(0x78ef35b2, 0xe2652424), TOBN(0x09c5d26f, 0x6dd7767d), - TOBN(0x7175a79a, 0xa74d3f7b), TOBN(0x0428fd8d, 0xcf5ea459), - TOBN(0x511cb97c, 0xa5d1746d), TOBN(0x36363939, 0xe71d1278), - TOBN(0xcf2df955, 0x10350bf4), TOBN(0xb3817439, 0x60aae782), - TOBN(0xa748c0e4, 0x3e688809), TOBN(0x98021fbf, 0xd7a5a006), - TOBN(0x9076a70c, 0x0e367a98), TOBN(0xbea1bc15, 0x0f62b7c2), - TOBN(0x2645a68c, 0x30fe0343), TOBN(0xacaffa78, 0x699dc14f), - TOBN(0xf4469964, 0x457bf9c4), TOBN(0x0db6407b, 0x0d2ead83), - TOBN(0x68d56cad, 0xb2c6f3eb), TOBN(0x3b512e73, 0xf376356c), - TOBN(0xe43b0e1f, 0xfce10408), TOBN(0x89ddc003, 0x5a5e257d), - TOBN(0xb0ae0d12, 0x0362e5b3), TOBN(0x07f983c7, 0xb0519161), - TOBN(0xc2e94d15, 0x5d5231e7), TOBN(0xcff22aed, 0x0b4f9513), - TOBN(0xb02588dd, 0x6ad0b0b5), TOBN(0xb967d1ac, 0x11d0dcd5), - TOBN(0x8dac6bc6, 0xcf777b6c), TOBN(0x0062bdbd, 0x4c6d1959), - TOBN(0x53da71b5, 0x0ef5cc85), TOBN(0x07012c7d, 0x4006f14f), - TOBN(0x4617f962, 0xac47800d), TOBN(0x53365f2b, 0xc102ed75), - TOBN(0xb422efcb, 0x4ab8c9d3), TOBN(0x195cb26b, 0x34af31c9), - TOBN(0x3a926e29, 0x05f2c4ce), TOBN(0xbd2bdecb, 0x9856966c), - TOBN(0x5d16ab3a, 0x85527015), TOBN(0x9f81609e, 0x4486c231), - TOBN(0xd8b96b2c, 0xda350002), TOBN(0xbd054690, 0xfa1b7d36), - TOBN(0xdc90ebf5, 0xe71d79bc), TOBN(0xf241b6f9, 0x08964e4e), - TOBN(0x7c838643, 0x2fe3cd4c), TOBN(0xe0f33acb, 0xb4bc633c), - TOBN(0xb4a9ecec, 0x3d139f1f), TOBN(0x05ce69cd, 0xdc4a1f49), - TOBN(0xa19d1b16, 0xf5f98aaf), TOBN(0x45bb71d6, 0x6f23e0ef), - TOBN(0x33789fcd, 0x46cdfdd3), TOBN(0x9b8e2978, 0xcee040ca), - TOBN(0x9c69b246, 0xae0a6828), TOBN(0xba533d24, 0x7078d5aa), - TOBN(0x7a2e42c0, 0x7bb4fbdb), TOBN(0xcfb4879a, 0x7035385c), - TOBN(0x8c3dd30b, 0x3281705b), TOBN(0x7e361c6c, 0x404fe081), - TOBN(0x7b21649c, 0x3f604edf), TOBN(0x5dbf6a3f, 0xe52ffe47), - TOBN(0xc41b7c23, 0x4b54d9bf), TOBN(0x1374e681, 0x3511c3d9), - TOBN(0x1863bf16, 0xc1b2b758), TOBN(0x90e78507, 0x1e9e6a96), - TOBN(0xab4bf98d, 0x5d86f174), TOBN(0xd74e0bd3, 0x85e96fe4), - TOBN(0x8afde39f, 0xcac5d344), TOBN(0x90946dbc, 0xbd91b847), - TOBN(0xf5b42358, 0xfe1a838c), TOBN(0x05aae6c5, 0x620ac9d8), - TOBN(0x8e193bd8, 0xa1ce5a0b), TOBN(0x8f710571, 0x4dabfd72), - TOBN(0x8d8fdd48, 0x182caaac), TOBN(0x8c4aeefa, 0x040745cf), - TOBN(0x73c6c30a, 0xf3b93e6d), TOBN(0x991241f3, 0x16f42011), - TOBN(0xa0158eea, 0xe457a477), TOBN(0xd19857db, 0xee6ddc05), - TOBN(0xb3265224, 0x18c41671), TOBN(0x3ffdfc7e, 0x3c2c0d58), - TOBN(0x3a3a5254, 0x26ee7cda), TOBN(0x341b0869, 0xdf02c3a8), - TOBN(0xa023bf42, 0x723bbfc8), TOBN(0x3d15002a, 0x14452691)}, - {TOBN(0x5ef7324c, 0x85edfa30), TOBN(0x25976554, 0x87d4f3da), - TOBN(0x352f5bc0, 0xdcb50c86), TOBN(0x8f6927b0, 0x4832a96c), - TOBN(0xd08ee1ba, 0x55f2f94c), TOBN(0x6a996f99, 0x344b45fa), - TOBN(0xe133cb8d, 0xa8aa455d), TOBN(0x5d0721ec, 0x758dc1f7), - TOBN(0x6ba7a920, 0x79e5fb67), TOBN(0xe1331feb, 0x70aa725e), - TOBN(0x5080ccf5, 0x7df5d837), TOBN(0xe4cae01d, 0x7ff72e21), - TOBN(0xd9243ee6, 0x0412a77d), TOBN(0x06ff7cac, 0xdf449025), - TOBN(0xbe75f7cd, 0x23ef5a31), TOBN(0xbc957822, 0x0ddef7a8), - TOBN(0x8cf7230c, 0xb0ce1c55), TOBN(0x5b534d05, 0x0bbfb607), - TOBN(0xee1ef113, 0x0e16363b), TOBN(0x27e0aa7a, 0xb4999e82), - TOBN(0xce1dac2d, 0x79362c41), TOBN(0x67920c90, 0x91bb6cb0), - TOBN(0x1e648d63, 0x2223df24), TOBN(0x0f7d9eef, 0xe32e8f28), - TOBN(0x6943f39a, 0xfa833834), TOBN(0x22951722, 0xa6328562), - TOBN(0x81d63dd5, 0x4170fc10), TOBN(0x9f5fa58f, 0xaecc2e6d), - TOBN(0xb66c8725, 0xe77d9a3b), TOBN(0x11235cea, 0x6384ebe0), - TOBN(0x06a8c118, 0x5845e24a), TOBN(0x0137b286, 0xebd093b1), - TOBN(0xc589e1ce, 0x44ace150), TOBN(0xe0f8d3d9, 0x4381e97c), - TOBN(0x59e99b11, 0x62c5a4b8), TOBN(0x90d262f7, 0xfd0ec9f9), - TOBN(0xfbc854c9, 0x283e13c9), TOBN(0x2d04fde7, 0xaedc7085), - TOBN(0x057d7765, 0x47dcbecb), TOBN(0x8dbdf591, 0x9a76fa5f), - TOBN(0xd0150695, 0x0de1e578), TOBN(0x2e1463e7, 0xe9f72bc6), - TOBN(0xffa68441, 0x1b39eca5), TOBN(0x673c8530, 0x7c037f2f), - TOBN(0xd0d6a600, 0x747f91da), TOBN(0xb08d43e1, 0xc9cb78e9), - TOBN(0x0fc0c644, 0x27b5cef5), TOBN(0x5c1d160a, 0xa60a2fd6), - TOBN(0xf98cae53, 0x28c8e13b), TOBN(0x375f10c4, 0xb2eddcd1), - TOBN(0xd4eb8b7f, 0x5cce06ad), TOBN(0xb4669f45, 0x80a2e1ef), - TOBN(0xd593f9d0, 0x5bbd8699), TOBN(0x5528a4c9, 0xe7976d13), - TOBN(0x3923e095, 0x1c7e28d3), TOBN(0xb9293790, 0x3f6bb577), - TOBN(0xdb567d6a, 0xc42bd6d2), TOBN(0x6df86468, 0xbb1f96ae), - TOBN(0x0efe5b1a, 0x4843b28e), TOBN(0x961bbb05, 0x6379b240), - TOBN(0xb6caf5f0, 0x70a6a26b), TOBN(0x70686c0d, 0x328e6e39), - TOBN(0x80da06cf, 0x895fc8d3), TOBN(0x804d8810, 0xb363fdc9), - TOBN(0xbe22877b, 0x207f1670), TOBN(0x9b0dd188, 0x4e615291), - TOBN(0x625ae8dc, 0x97a3c2bf), TOBN(0x08584ef7, 0x439b86e8), - TOBN(0xde7190a5, 0xdcd898ff), TOBN(0x26286c40, 0x2058ee3d), - TOBN(0x3db0b217, 0x5f87b1c1), TOBN(0xcc334771, 0x102a6db5), - TOBN(0xd99de954, 0x2f770fb1), TOBN(0x97c1c620, 0x4cd7535e), - TOBN(0xd3b6c448, 0x3f09cefc), TOBN(0xd725af15, 0x5a63b4f8), - TOBN(0x0c95d24f, 0xc01e20ec), TOBN(0xdfd37494, 0x9ae7121f), - TOBN(0x7d6ddb72, 0xec77b7ec), TOBN(0xfe079d3b, 0x0353a4ae), - TOBN(0x3066e70a, 0x2e6ac8d2), TOBN(0x9c6b5a43, 0x106e5c05), - TOBN(0x52d3c6f5, 0xede59b8c), TOBN(0x30d6a5c3, 0xfccec9ae), - TOBN(0xedec7c22, 0x4fc0a9ef), TOBN(0x190ff083, 0x95c16ced), - TOBN(0xbe12ec8f, 0x94de0fde), TOBN(0x0d131ab8, 0x852d3433), - TOBN(0x42ace07e, 0x85701291), TOBN(0x94793ed9, 0x194061a8), - TOBN(0x30e83ed6, 0xd7f4a485), TOBN(0x9eec7269, 0xf9eeff4d), - TOBN(0x90acba59, 0x0c9d8005), TOBN(0x5feca458, 0x1e79b9d1), - TOBN(0x8fbe5427, 0x1d506a1e), TOBN(0xa32b2c8e, 0x2439cfa7), - TOBN(0x1671c173, 0x73dd0b4e), TOBN(0x37a28214, 0x44a054c6), - TOBN(0x81760a1b, 0x4e8b53f1), TOBN(0xa6c04224, 0xf9f93b9e), - TOBN(0x18784b34, 0xcf671e3c), TOBN(0x81bbecd2, 0xcda9b994), - TOBN(0x38831979, 0xb2ab3848), TOBN(0xef54feb7, 0xf2e03c2d), - TOBN(0xcf197ca7, 0xfb8088fa), TOBN(0x01427247, 0x4ddc96c5), - TOBN(0xa2d2550a, 0x30777176), TOBN(0x53469898, 0x4d0cf71d), - TOBN(0x6ce937b8, 0x3a2aaac6), TOBN(0xe9f91dc3, 0x5af38d9b), - TOBN(0x2598ad83, 0xc8bf2899), TOBN(0x8e706ac9, 0xb5536c16), - TOBN(0x40dc7495, 0xf688dc98), TOBN(0x26490cd7, 0x124c4afc), - TOBN(0xe651ec84, 0x1f18775c), TOBN(0x393ea6c3, 0xb4fdaf4a), - TOBN(0x1e1f3343, 0x7f338e0d), TOBN(0x39fb832b, 0x6053e7b5), - TOBN(0x46e702da, 0x619e14d5), TOBN(0x859cacd1, 0xcdeef6e0), - TOBN(0x63b99ce7, 0x4462007d), TOBN(0xb8ab48a5, 0x4cb5f5b7), - TOBN(0x9ec673d2, 0xf55edde7), TOBN(0xd1567f74, 0x8cfaefda), - TOBN(0x46381b6b, 0x0887bcec), TOBN(0x694497ce, 0xe178f3c2), - TOBN(0x5e6525e3, 0x1e6266cb), TOBN(0x5931de26, 0x697d6413), - TOBN(0x87f8df7c, 0x0e58d493), TOBN(0xb1ae5ed0, 0x58b73f12), - TOBN(0xc368f784, 0xdea0c34d), TOBN(0x9bd0a120, 0x859a91a0), - TOBN(0xb00d88b7, 0xcc863c68), TOBN(0x3a1cc11e, 0x3d1f4d65), - TOBN(0xea38e0e7, 0x0aa85593), TOBN(0x37f13e98, 0x7dc4aee8), - TOBN(0x10d38667, 0xbc947bad), TOBN(0x738e07ce, 0x2a36ee2e), - TOBN(0xc93470cd, 0xc577fcac), TOBN(0xdee1b616, 0x2782470d), - TOBN(0x36a25e67, 0x2e793d12), TOBN(0xd6aa6cae, 0xe0f186da), - TOBN(0x474d0fd9, 0x80e07af7), TOBN(0xf7cdc47d, 0xba8a5cd4), - TOBN(0x28af6d9d, 0xab15247f), TOBN(0x7c789c10, 0x493a537f), - TOBN(0x7ac9b110, 0x23a334e7), TOBN(0x0236ac09, 0x12c9c277), - TOBN(0xa7e5bd25, 0x1d7a5144), TOBN(0x098b9c2a, 0xf13ec4ec), - TOBN(0x3639daca, 0xd3f0abca), TOBN(0x642da81a, 0xa23960f9), - TOBN(0x7d2e5c05, 0x4f7269b1), TOBN(0xfcf30777, 0xe287c385), - TOBN(0x10edc84f, 0xf2a46f21), TOBN(0x35441757, 0x4f43fa36), - TOBN(0xf1327899, 0xfd703431), TOBN(0xa438d7a6, 0x16dd587a), - TOBN(0x65c34c57, 0xe9c8352d), TOBN(0xa728edab, 0x5cc5a24e), - TOBN(0xaed78abc, 0x42531689), TOBN(0x0a51a0e8, 0x010963ef), - TOBN(0x5776fa0a, 0xd717d9b3), TOBN(0xf356c239, 0x7dd3428b), - TOBN(0x29903fff, 0x8d3a3dac), TOBN(0x409597fa, 0x3d94491f), - TOBN(0x4cd7a5ff, 0xbf4a56a4), TOBN(0xe5096474, 0x8adab462), - TOBN(0xa97b5126, 0x5c3427b0), TOBN(0x6401405c, 0xd282c9bd), - TOBN(0x3629f8d7, 0x222c5c45), TOBN(0xb1c02c16, 0xe8d50aed), - TOBN(0xbea2ed75, 0xd9635bc9), TOBN(0x226790c7, 0x6e24552f), - TOBN(0x3c33f2a3, 0x65f1d066), TOBN(0x2a43463e, 0x6dfccc2e), - TOBN(0x8cc3453a, 0xdb483761), TOBN(0xe7cc6085, 0x65d5672b), - TOBN(0x277ed6cb, 0xde3efc87), TOBN(0x19f2f368, 0x69234eaf), - TOBN(0x9aaf4317, 0x5c0b800b), TOBN(0x1f1e7c89, 0x8b6da6e2), - TOBN(0x6cfb4715, 0xb94ec75e), TOBN(0xd590dd5f, 0x453118c2), - TOBN(0x14e49da1, 0x1f17a34c), TOBN(0x5420ab39, 0x235a1456), - TOBN(0xb7637241, 0x2f50363b), TOBN(0x7b15d623, 0xc3fabb6e), - TOBN(0xa0ef40b1, 0xe274e49c), TOBN(0x5cf50744, 0x96b1860a), - TOBN(0xd6583fbf, 0x66afe5a4), TOBN(0x44240510, 0xf47e3e9a), - TOBN(0x99254343, 0x11b2d595), TOBN(0xf1367499, 0xeec8df57), - TOBN(0x3cb12c61, 0x3e73dd05), TOBN(0xd248c033, 0x7dac102a), - TOBN(0xcf154f13, 0xa77739f5), TOBN(0xbf4288cb, 0x23d2af42), - TOBN(0xaa64c9b6, 0x32e4a1cf), TOBN(0xee8c07a8, 0xc8a208f3), - TOBN(0xe10d4999, 0x6fe8393f), TOBN(0x0f809a3f, 0xe91f3a32), - TOBN(0x61096d1c, 0x802f63c8), TOBN(0x289e1462, 0x57750d3d), - TOBN(0xed06167e, 0x9889feea), TOBN(0xd5c9c0e2, 0xe0993909), - TOBN(0x46fca0d8, 0x56508ac6), TOBN(0x91826047, 0x4f1b8e83), - TOBN(0x4f2c877a, 0x9a4a2751), TOBN(0x71bd0072, 0xcae6fead), - TOBN(0x38df8dcc, 0x06aa1941), TOBN(0x5a074b4c, 0x63beeaa8), - TOBN(0xd6d65934, 0xc1cec8ed), TOBN(0xa6ecb49e, 0xaabc03bd), - TOBN(0xaade91c2, 0xde8a8415), TOBN(0xcfb0efdf, 0x691136e0), - TOBN(0x11af45ee, 0x23ab3495), TOBN(0xa132df88, 0x0b77463d), - TOBN(0x8923c15c, 0x815d06f4), TOBN(0xc3ceb3f5, 0x0d61a436), - TOBN(0xaf52291d, 0xe88fb1da), TOBN(0xea057974, 0x1da12179), - TOBN(0xb0d7218c, 0xd2fef720), TOBN(0x6c0899c9, 0x8e1d8845), - TOBN(0x98157504, 0x752ddad7), TOBN(0xd60bd74f, 0xa1a68a97), - TOBN(0x7047a3a9, 0xf658fb99), TOBN(0x1f5d86d6, 0x5f8511e4), - TOBN(0xb8a4bc42, 0x4b5a6d88), TOBN(0x69eb2c33, 0x1abefa7d), - TOBN(0x95bf39e8, 0x13c9c510), TOBN(0xf571960a, 0xd48aab43), - TOBN(0x7e8cfbcf, 0x704e23c6), TOBN(0xc71b7d22, 0x28aaa65b), - TOBN(0xa041b2bd, 0x245e3c83), TOBN(0x69b98834, 0xd21854ff), - TOBN(0x89d227a3, 0x963bfeec), TOBN(0x99947aaa, 0xde7da7cb), - TOBN(0x1d9ee9db, 0xee68a9b1), TOBN(0x0a08f003, 0x698ec368), - TOBN(0xe9ea4094, 0x78ef2487), TOBN(0xc8d2d415, 0x02cfec26), - TOBN(0xc52f9a6e, 0xb7dcf328), TOBN(0x0ed489e3, 0x85b6a937), - TOBN(0x9b94986b, 0xbef3366e), TOBN(0x0de59c70, 0xedddddb8), - TOBN(0xffdb748c, 0xeadddbe2), TOBN(0x9b9784bb, 0x8266ea40), - TOBN(0x142b5502, 0x1a93507a), TOBN(0xb4cd1187, 0x8d3c06cf), - TOBN(0xdf70e76a, 0x91ec3f40), TOBN(0x484e81ad, 0x4e7553c2), - TOBN(0x830f87b5, 0x272e9d6e), TOBN(0xea1c93e5, 0xc6ff514a), - TOBN(0x67cc2adc, 0xc4192a8e), TOBN(0xc77e27e2, 0x42f4535a), - TOBN(0x9cdbab36, 0xd2b713c5), TOBN(0x86274ea0, 0xcf7b0cd3), - TOBN(0x784680f3, 0x09af826b), TOBN(0xbfcc837a, 0x0c72dea3), - TOBN(0xa8bdfe9d, 0xd6529b73), TOBN(0x708aa228, 0x63a88002), - TOBN(0x6c7a9a54, 0xc91d45b9), TOBN(0xdf1a38bb, 0xfd004f56), - TOBN(0x2e8c9a26, 0xb8bad853), TOBN(0x2d52cea3, 0x3723eae7), - TOBN(0x054d6d81, 0x56ca2830), TOBN(0xa3317d14, 0x9a8dc411), - TOBN(0xa08662fe, 0xfd4ddeda), TOBN(0xed2a153a, 0xb55d792b), - TOBN(0x7035c16a, 0xbfc6e944), TOBN(0xb6bc5834, 0x00171cf3), - TOBN(0xe27152b3, 0x83d102b6), TOBN(0xfe695a47, 0x0646b848), - TOBN(0xa5bb09d8, 0x916e6d37), TOBN(0xb4269d64, 0x0d17015e), - TOBN(0x8d8156a1, 0x0a1d2285), TOBN(0xfeef6c51, 0x46d26d72), - TOBN(0x9dac57c8, 0x4c5434a7), TOBN(0x0282e5be, 0x59d39e31), - TOBN(0xedfff181, 0x721c486d), TOBN(0x301baf10, 0xbc58824e), - TOBN(0x8136a6aa, 0x00570031), TOBN(0x55aaf78c, 0x1cddde68), - TOBN(0x26829371, 0x59c63952), TOBN(0x3a3bd274, 0x8bc25baf), - TOBN(0xecdf8657, 0xb7e52dc3), TOBN(0x2dd8c087, 0xfd78e6c8), - TOBN(0x20553274, 0xf5531461), TOBN(0x8b4a1281, 0x5d95499b), - TOBN(0xe2c8763a, 0x1a80f9d2), TOBN(0xd1dbe32b, 0x4ddec758), - TOBN(0xaf12210d, 0x30c34169), TOBN(0xba74a953, 0x78baa533), - TOBN(0x3d133c6e, 0xa438f254), TOBN(0xa431531a, 0x201bef5b), - TOBN(0x15295e22, 0xf669d7ec), TOBN(0xca374f64, 0x357fb515), - TOBN(0x8a8406ff, 0xeaa3fdb3), TOBN(0x106ae448, 0xdf3f2da8), - TOBN(0x8f9b0a90, 0x33c8e9a1), TOBN(0x234645e2, 0x71ad5885), - TOBN(0x3d083224, 0x1c0aed14), TOBN(0xf10a7d3e, 0x7a942d46), - TOBN(0x7c11deee, 0x40d5c9be), TOBN(0xb2bae7ff, 0xba84ed98), - TOBN(0x93e97139, 0xaad58ddd), TOBN(0x3d872796, 0x3f6d1fa3), - TOBN(0x483aca81, 0x8569ff13), TOBN(0x8b89a5fb, 0x9a600f72), - TOBN(0x4cbc27c3, 0xc06f2b86), TOBN(0x22130713, 0x63ad9c0b), - TOBN(0xb5358b1e, 0x48ac2840), TOBN(0x18311294, 0xecba9477), - TOBN(0xda58f990, 0xa6946b43), TOBN(0x3098baf9, 0x9ab41819), - TOBN(0x66c4c158, 0x4198da52), TOBN(0xab4fc17c, 0x146bfd1b), - TOBN(0x2f0a4c3c, 0xbf36a908), TOBN(0x2ae9e34b, 0x58cf7838), - TOBN(0xf411529e, 0x3fa11b1f), TOBN(0x21e43677, 0x974af2b4), - TOBN(0x7c20958e, 0xc230793b), TOBN(0x710ea885, 0x16e840f3), - TOBN(0xfc0b21fc, 0xc5dc67cf), TOBN(0x08d51647, 0x88405718), - TOBN(0xd955c21f, 0xcfe49eb7), TOBN(0x9722a5d5, 0x56dd4a1f), - TOBN(0xc9ef50e2, 0xc861baa5), TOBN(0xc0c21a5d, 0x9505ac3e), - TOBN(0xaf6b9a33, 0x8b7c063f), TOBN(0xc6370339, 0x2f4779c1), - TOBN(0x22df99c7, 0x638167c3), TOBN(0xfe6ffe76, 0x795db30c), - TOBN(0x2b822d33, 0xa4854989), TOBN(0xfef031dd, 0x30563aa5), - TOBN(0x16b09f82, 0xd57c667f), TOBN(0xc70312ce, 0xcc0b76f1), - TOBN(0xbf04a9e6, 0xc9118aec), TOBN(0x82fcb419, 0x3409d133), - TOBN(0x1a8ab385, 0xab45d44d), TOBN(0xfba07222, 0x617b83a3), - TOBN(0xb05f50dd, 0x58e81b52), TOBN(0x1d8db553, 0x21ce5aff), - TOBN(0x3097b8d4, 0xe344a873), TOBN(0x7d8d116d, 0xfe36d53e), - TOBN(0x6db22f58, 0x7875e750), TOBN(0x2dc5e373, 0x43e144ea), - TOBN(0xc05f32e6, 0xe799eb95), TOBN(0xe9e5f4df, 0x6899e6ec), - TOBN(0xbdc3bd68, 0x1fab23d5), TOBN(0xb72b8ab7, 0x73af60e6), - TOBN(0x8db27ae0, 0x2cecc84a), TOBN(0x600016d8, 0x7bdb871c), - TOBN(0x42a44b13, 0xd7c46f58), TOBN(0xb8919727, 0xc3a77d39), - TOBN(0xcfc6bbbd, 0xdafd6088), TOBN(0x1a740146, 0x6bd20d39), - TOBN(0x8c747abd, 0x98c41072), TOBN(0x4c91e765, 0xbdf68ea1), - TOBN(0x7c95e5ca, 0x08819a78), TOBN(0xcf48b729, 0xc9587921), - TOBN(0x091c7c5f, 0xdebbcc7d), TOBN(0x6f287404, 0xf0e05149), - TOBN(0xf83b5ac2, 0x26cd44ec), TOBN(0x88ae32a6, 0xcfea250e), - TOBN(0x6ac5047a, 0x1d06ebc5), TOBN(0xc7e550b4, 0xd434f781), - TOBN(0x61ab1cf2, 0x5c727bd2), TOBN(0x2e4badb1, 0x1cf915b0), - TOBN(0x1b4dadec, 0xf69d3920), TOBN(0xe61b1ca6, 0xf14c1dfe), - TOBN(0x90b479cc, 0xbd6bd51f), TOBN(0x8024e401, 0x8045ec30), - TOBN(0xcab29ca3, 0x25ef0e62), TOBN(0x4f2e9416, 0x49e4ebc0), - TOBN(0x45eb40ec, 0x0ccced58), TOBN(0x25cd4b9c, 0x0da44f98), - TOBN(0x43e06458, 0x871812c6), TOBN(0x99f80d55, 0x16cef651), - TOBN(0x571340c9, 0xce6dc153), TOBN(0x138d5117, 0xd8665521), - TOBN(0xacdb45bc, 0x4e07014d), TOBN(0x2f34bb38, 0x84b60b91), - TOBN(0xf44a4fd2, 0x2ae8921e), TOBN(0xb039288e, 0x892ba1e2), - TOBN(0x9da50174, 0xb1c180b2), TOBN(0x6b70ab66, 0x1693dc87), - TOBN(0x7e9babc9, 0xe7057481), TOBN(0x4581ddef, 0x9c80dc41), - TOBN(0x0c890da9, 0x51294682), TOBN(0x0b5629d3, 0x3f4736e5), - TOBN(0x2340c79e, 0xb06f5b41), TOBN(0xa42e84ce, 0x4e243469), - TOBN(0xf9a20135, 0x045a71a9), TOBN(0xefbfb415, 0xd27b6fb6), - TOBN(0x25ebea23, 0x9d33cd6f), TOBN(0x9caedb88, 0xaa6c0af8), - TOBN(0x53dc7e9a, 0xd9ce6f96), TOBN(0x3897f9fd, 0x51e0b15a), - TOBN(0xf51cb1f8, 0x8e5d788e), TOBN(0x1aec7ba8, 0xe1d490ee), - TOBN(0x265991e0, 0xcc58cb3c), TOBN(0x9f306e8c, 0x9fc3ad31), - TOBN(0x5fed006e, 0x5040a0ac), TOBN(0xca9d5043, 0xfb476f2e), - TOBN(0xa19c06e8, 0xbeea7a23), TOBN(0xd2865801, 0x0edabb63), - TOBN(0xdb92293f, 0x6967469a), TOBN(0x2894d839, 0x8d8a8ed8), - TOBN(0x87c9e406, 0xbbc77122), TOBN(0x8671c6f1, 0x2ea3a26a), - TOBN(0xe42df8d6, 0xd7de9853), TOBN(0x2e3ce346, 0xb1f2bcc7), - TOBN(0xda601dfc, 0x899d50cf), TOBN(0xbfc913de, 0xfb1b598f), - TOBN(0x81c4909f, 0xe61f7908), TOBN(0x192e304f, 0x9bbc7b29), - TOBN(0xc3ed8738, 0xc104b338), TOBN(0xedbe9e47, 0x783f5d61), - TOBN(0x0c06e9be, 0x2db30660), TOBN(0xda3e613f, 0xc0eb7d8e), - TOBN(0xd8fa3e97, 0x322e096e), TOBN(0xfebd91e8, 0xd336e247), - TOBN(0x8f13ccc4, 0xdf655a49), TOBN(0xa9e00dfc, 0x5eb20210), - TOBN(0x84631d0f, 0xc656b6ea), TOBN(0x93a058cd, 0xd8c0d947), - TOBN(0x6846904a, 0x67bd3448), TOBN(0x4a3d4e1a, 0xf394fd5c), - TOBN(0xc102c1a5, 0xdb225f52), TOBN(0xe3455bba, 0xfc4f5e9a), - TOBN(0x6b36985b, 0x4b9ad1ce), TOBN(0xa9818536, 0x5bb7f793), - TOBN(0x6c25e1d0, 0x48b1a416), TOBN(0x1381dd53, 0x3c81bee7), - TOBN(0xd2a30d61, 0x7a4a7620), TOBN(0xc8412926, 0x39b8944c), - TOBN(0x3c1c6fbe, 0x7a97c33a), TOBN(0x941e541d, 0x938664e7), - TOBN(0x417499e8, 0x4a34f239), TOBN(0x15fdb83c, 0xb90402d5), - TOBN(0xb75f46bf, 0x433aa832), TOBN(0xb61e15af, 0x63215db1), - TOBN(0xaabe59d4, 0xa127f89a), TOBN(0x5d541e0c, 0x07e816da), - TOBN(0xaaba0659, 0xa618b692), TOBN(0x55327733, 0x17266026), - TOBN(0xaf53a0fc, 0x95f57552), TOBN(0x32947650, 0x6cacb0c9), - TOBN(0x253ff58d, 0xc821be01), TOBN(0xb0309531, 0xa06f1146), - TOBN(0x59bbbdf5, 0x05c2e54d), TOBN(0x158f27ad, 0x26e8dd22), - TOBN(0xcc5b7ffb, 0x397e1e53), TOBN(0xae03f65b, 0x7fc1e50d), - TOBN(0xa9784ebd, 0x9c95f0f9), TOBN(0x5ed9deb2, 0x24640771), - TOBN(0x31244af7, 0x035561c4), TOBN(0x87332f3a, 0x7ee857de), - TOBN(0x09e16e9e, 0x2b9e0d88), TOBN(0x52d910f4, 0x56a06049), - TOBN(0x507ed477, 0xa9592f48), TOBN(0x85cb917b, 0x2365d678), - TOBN(0xf8511c93, 0x4c8998d1), TOBN(0x2186a3f1, 0x730ea58f), - TOBN(0x50189626, 0xb2029db0), TOBN(0x9137a6d9, 0x02ceb75a), - TOBN(0x2fe17f37, 0x748bc82c), TOBN(0x87c2e931, 0x80469f8c), - TOBN(0x850f71cd, 0xbf891aa2), TOBN(0x0ca1b89b, 0x75ec3d8d), - TOBN(0x516c43aa, 0x5e1cd3cd), TOBN(0x89397808, 0x9a887c28), - TOBN(0x0059c699, 0xddea1f9f), TOBN(0x7737d6fa, 0x8e6868f7), - TOBN(0x6d93746a, 0x60f1524b), TOBN(0x36985e55, 0xba052aa7), - TOBN(0x41b1d322, 0xed923ea5), TOBN(0x3429759f, 0x25852a11), - TOBN(0xbeca6ec3, 0x092e9f41), TOBN(0x3a238c66, 0x62256bbd), - TOBN(0xd82958ea, 0x70ad487d), TOBN(0x4ac8aaf9, 0x65610d93), - TOBN(0x3fa101b1, 0x5e4ccab0), TOBN(0x9bf430f2, 0x9de14bfb), - TOBN(0xa10f5cc6, 0x6531899d), TOBN(0x590005fb, 0xea8ce17d), - TOBN(0xc437912f, 0x24544cb6), TOBN(0x9987b71a, 0xd79ac2e3), - TOBN(0x13e3d9dd, 0xc058a212), TOBN(0x00075aac, 0xd2de9606), - TOBN(0x80ab508b, 0x6cac8369), TOBN(0x87842be7, 0xf54f6c89), - TOBN(0xa7ad663d, 0x6bc532a4), TOBN(0x67813de7, 0x78a91bc8), - TOBN(0x5dcb61ce, 0xc3427239), TOBN(0x5f3c7cf0, 0xc56934d9), - TOBN(0xc079e0fb, 0xe3191591), TOBN(0xe40896bd, 0xb01aada7), - TOBN(0x8d466791, 0x0492d25f), TOBN(0x8aeb30c9, 0xe7408276), - TOBN(0xe9437495, 0x9287aacc), TOBN(0x23d4708d, 0x79fe03d4), - TOBN(0x8cda9cf2, 0xd0c05199), TOBN(0x502fbc22, 0xfae78454), - TOBN(0xc0bda9df, 0xf572a182), TOBN(0x5f9b71b8, 0x6158b372), - TOBN(0xe0f33a59, 0x2b82dd07), TOBN(0x76302735, 0x9523032e), - TOBN(0x7fe1a721, 0xc4505a32), TOBN(0x7b6e3e82, 0xf796409f)}, - {TOBN(0xe3417bc0, 0x35d0b34a), TOBN(0x440b386b, 0x8327c0a7), - TOBN(0x8fb7262d, 0xac0362d1), TOBN(0x2c41114c, 0xe0cdf943), - TOBN(0x2ba5cef1, 0xad95a0b1), TOBN(0xc09b37a8, 0x67d54362), - TOBN(0x26d6cdd2, 0x01e486c9), TOBN(0x20477abf, 0x42ff9297), - TOBN(0xa004dcb3, 0x292a9287), TOBN(0xddc15cf6, 0x77b092c7), - TOBN(0x083a8464, 0x806c0605), TOBN(0x4a68df70, 0x3db997b0), - TOBN(0x9c134e45, 0x05bf7dd0), TOBN(0xa4e63d39, 0x8ccf7f8c), - TOBN(0xa6e6517f, 0x41b5f8af), TOBN(0xaa8b9342, 0xad7bc1cc), - TOBN(0x126f35b5, 0x1e706ad9), TOBN(0xb99cebb4, 0xc3a9ebdf), - TOBN(0xa75389af, 0xbf608d90), TOBN(0x76113c4f, 0xc6c89858), - TOBN(0x80de8eb0, 0x97e2b5aa), TOBN(0x7e1022cc, 0x63b91304), - TOBN(0x3bdab605, 0x6ccc066c), TOBN(0x33cbb144, 0xb2edf900), - TOBN(0xc4176471, 0x7af715d2), TOBN(0xe2f7f594, 0xd0134a96), - TOBN(0x2c1873ef, 0xa41ec956), TOBN(0xe4e7b4f6, 0x77821304), - TOBN(0xe5c8ff97, 0x88d5374a), TOBN(0x2b915e63, 0x80823d5b), - TOBN(0xea6bc755, 0xb2ee8fe2), TOBN(0x6657624c, 0xe7112651), - TOBN(0x157af101, 0xdace5aca), TOBN(0xc4fdbcf2, 0x11a6a267), - TOBN(0xdaddf340, 0xc49c8609), TOBN(0x97e49f52, 0xe9604a65), - TOBN(0x9be8e790, 0x937e2ad5), TOBN(0x846e2508, 0x326e17f1), - TOBN(0x3f38007a, 0x0bbbc0dc), TOBN(0xcf03603f, 0xb11e16d6), - TOBN(0xd6f800e0, 0x7442f1d5), TOBN(0x475607d1, 0x66e0e3ab), - TOBN(0x82807f16, 0xb7c64047), TOBN(0x8858e1e3, 0xa749883d), - TOBN(0x5859120b, 0x8231ee10), TOBN(0x1b80e7eb, 0x638a1ece), - TOBN(0xcb72525a, 0xc6aa73a4), TOBN(0xa7cdea3d, 0x844423ac), - TOBN(0x5ed0c007, 0xf8ae7c38), TOBN(0x6db07a5c, 0x3d740192), - TOBN(0xbe5e9c2a, 0x5fe36db3), TOBN(0xd5b9d57a, 0x76e95046), - TOBN(0x54ac32e7, 0x8eba20f2), TOBN(0xef11ca8f, 0x71b9a352), - TOBN(0x305e373e, 0xff98a658), TOBN(0xffe5a100, 0x823eb667), - TOBN(0x57477b11, 0xe51732d2), TOBN(0xdfd6eb28, 0x2538fc0e), - TOBN(0x5c43b0cc, 0x3b39eec5), TOBN(0x6af12778, 0xcb36cc57), - TOBN(0x70b0852d, 0x06c425ae), TOBN(0x6df92f8c, 0x5c221b9b), - TOBN(0x6c8d4f9e, 0xce826d9c), TOBN(0xf59aba7b, 0xb49359c3), - TOBN(0x5c8ed8d5, 0xda64309d), TOBN(0x61a6de56, 0x91b30704), - TOBN(0xd6b52f6a, 0x2f9b5808), TOBN(0x0eee4194, 0x98c958a7), - TOBN(0xcddd9aab, 0x771e4caa), TOBN(0x83965dfd, 0x78bc21be), - TOBN(0x02affce3, 0xb3b504f5), TOBN(0x30847a21, 0x561c8291), - TOBN(0xd2eb2cf1, 0x52bfda05), TOBN(0xe0e4c4e9, 0x6197b98c), - TOBN(0x1d35076c, 0xf8a1726f), TOBN(0x6c06085b, 0x2db11e3d), - TOBN(0x15c0c4d7, 0x4463ba14), TOBN(0x9d292f83, 0x0030238c), - TOBN(0x1311ee8b, 0x3727536d), TOBN(0xfeea86ef, 0xbeaedc1e), - TOBN(0xb9d18cd3, 0x66131e2e), TOBN(0xf31d974f, 0x80fe2682), - TOBN(0xb6e49e0f, 0xe4160289), TOBN(0x7c48ec0b, 0x08e92799), - TOBN(0x818111d8, 0xd1989aa7), TOBN(0xb34fa0aa, 0xebf926f9), - TOBN(0xdb5fe2f5, 0xa245474a), TOBN(0xf80a6ebb, 0x3c7ca756), - TOBN(0xa7f96054, 0xafa05dd8), TOBN(0x26dfcf21, 0xfcaf119e), - TOBN(0xe20ef2e3, 0x0564bb59), TOBN(0xef4dca50, 0x61cb02b8), - TOBN(0xcda7838a, 0x65d30672), TOBN(0x8b08d534, 0xfd657e86), - TOBN(0x4c5b4395, 0x46d595c8), TOBN(0x39b58725, 0x425cb836), - TOBN(0x8ea61059, 0x3de9abe3), TOBN(0x40434881, 0x9cdc03be), - TOBN(0x9b261245, 0xcfedce8c), TOBN(0x78c318b4, 0xcf5234a1), - TOBN(0x510bcf16, 0xfde24c99), TOBN(0x2a77cb75, 0xa2c2ff5d), - TOBN(0x9c895c2b, 0x27960fb4), TOBN(0xd30ce975, 0xb0eda42b), - TOBN(0xfda85393, 0x1a62cc26), TOBN(0x23c69b96, 0x50c0e052), - TOBN(0xa227df15, 0xbfc633f3), TOBN(0x2ac78848, 0x1bae7d48), - TOBN(0x487878f9, 0x187d073d), TOBN(0x6c2be919, 0x967f807d), - TOBN(0x765861d8, 0x336e6d8f), TOBN(0x88b8974c, 0xce528a43), - TOBN(0x09521177, 0xff57d051), TOBN(0x2ff38037, 0xfb6a1961), - TOBN(0xfc0aba74, 0xa3d76ad4), TOBN(0x7c764803, 0x25a7ec17), - TOBN(0x7532d75f, 0x48879bc8), TOBN(0xea7eacc0, 0x58ce6bc1), - TOBN(0xc82176b4, 0x8e896c16), TOBN(0x9a30e0b2, 0x2c750fed), - TOBN(0xc37e2c2e, 0x421d3aa4), TOBN(0xf926407c, 0xe84fa840), - TOBN(0x18abc03d, 0x1454e41c), TOBN(0x26605ecd, 0x3f7af644), - TOBN(0x242341a6, 0xd6a5eabf), TOBN(0x1edb84f4, 0x216b668e), - TOBN(0xd836edb8, 0x04010102), TOBN(0x5b337ce7, 0x945e1d8c), - TOBN(0xd2075c77, 0xc055dc14), TOBN(0x2a0ffa25, 0x81d89cdf), - TOBN(0x8ce815ea, 0x6ffdcbaf), TOBN(0xa3428878, 0xfb648867), - TOBN(0x277699cf, 0x884655fb), TOBN(0xfa5b5bd6, 0x364d3e41), - TOBN(0x01f680c6, 0x441e1cb7), TOBN(0x3fd61e66, 0xb70a7d67), - TOBN(0x666ba2dc, 0xcc78cf66), TOBN(0xb3018174, 0x6fdbff77), - TOBN(0x8d4dd0db, 0x168d4668), TOBN(0x259455d0, 0x1dab3a2a), - TOBN(0xf58564c5, 0xcde3acec), TOBN(0x77141925, 0x13adb276), - TOBN(0x527d725d, 0x8a303f65), TOBN(0x55deb6c9, 0xe6f38f7b), - TOBN(0xfd5bb657, 0xb1fa70fb), TOBN(0xfa07f50f, 0xd8073a00), - TOBN(0xf72e3aa7, 0xbca02500), TOBN(0xf68f895d, 0x9975740d), - TOBN(0x30112060, 0x5cae2a6a), TOBN(0x01bd7218, 0x02874842), - TOBN(0x3d423891, 0x7ce47bd3), TOBN(0xa66663c1, 0x789544f6), - TOBN(0x864d05d7, 0x3272d838), TOBN(0xe22924f9, 0xfa6295c5), - TOBN(0x8189593f, 0x6c2fda32), TOBN(0x330d7189, 0xb184b544), - TOBN(0x79efa62c, 0xbde1f714), TOBN(0x35771c94, 0xe5cb1a63), - TOBN(0x2f4826b8, 0x641c8332), TOBN(0x00a894fb, 0xc8cee854), - TOBN(0xb4b9a39b, 0x36194d40), TOBN(0xe857a7c5, 0x77612601), - TOBN(0xf4209dd2, 0x4ecf2f58), TOBN(0x82b9e66d, 0x5a033487), - TOBN(0xc1e36934, 0xe4e8b9dd), TOBN(0xd2372c9d, 0xa42377d7), - TOBN(0x51dc94c7, 0x0e3ae43b), TOBN(0x4c57761e, 0x04474f6f), - TOBN(0xdcdacd0a, 0x1058a318), TOBN(0x369cf3f5, 0x78053a9a), - TOBN(0xc6c3de50, 0x31c68de2), TOBN(0x4653a576, 0x3c4b6d9f), - TOBN(0x1688dd5a, 0xaa4e5c97), TOBN(0x5be80aa1, 0xb7ab3c74), - TOBN(0x70cefe7c, 0xbc65c283), TOBN(0x57f95f13, 0x06867091), - TOBN(0xa39114e2, 0x4415503b), TOBN(0xc08ff7c6, 0x4cbb17e9), - TOBN(0x1eff674d, 0xd7dec966), TOBN(0x6d4690af, 0x53376f63), - TOBN(0xff6fe32e, 0xea74237b), TOBN(0xc436d17e, 0xcd57508e), - TOBN(0x15aa28e1, 0xedcc40fe), TOBN(0x0d769c04, 0x581bbb44), - TOBN(0xc240b6de, 0x34eaacda), TOBN(0xd9e116e8, 0x2ba0f1de), - TOBN(0xcbe45ec7, 0x79438e55), TOBN(0x91787c9d, 0x96f752d7), - TOBN(0x897f532b, 0xf129ac2f), TOBN(0xd307b7c8, 0x5a36e22c), - TOBN(0x91940675, 0x749fb8f3), TOBN(0xd14f95d0, 0x157fdb28), - TOBN(0xfe51d029, 0x6ae55043), TOBN(0x8931e98f, 0x44a87de1), - TOBN(0xe57f1cc6, 0x09e4fee2), TOBN(0x0d063b67, 0x4e072d92), - TOBN(0x70a998b9, 0xed0e4316), TOBN(0xe74a736b, 0x306aca46), - TOBN(0xecf0fbf2, 0x4fda97c7), TOBN(0xa40f65cb, 0x3e178d93), - TOBN(0x16253604, 0x16df4285), TOBN(0xb0c9babb, 0xd0c56ae2), - TOBN(0x73032b19, 0xcfc5cfc3), TOBN(0xe497e5c3, 0x09752056), - TOBN(0x12096bb4, 0x164bda96), TOBN(0x1ee42419, 0xa0b74da1), - TOBN(0x8fc36243, 0x403826ba), TOBN(0x0c8f0069, 0xdc09e660), - TOBN(0x8667e981, 0xc27253c9), TOBN(0x05a6aefb, 0x92b36a45), - TOBN(0xa62c4b36, 0x9cb7bb46), TOBN(0x8394f375, 0x11f7027b), - TOBN(0x747bc79c, 0x5f109d0f), TOBN(0xcad88a76, 0x5b8cc60a), - TOBN(0x80c5a66b, 0x58f09e68), TOBN(0xe753d451, 0xf6127eac), - TOBN(0xc44b74a1, 0x5b0ec6f5), TOBN(0x47989fe4, 0x5289b2b8), - TOBN(0x745f8484, 0x58d6fc73), TOBN(0xec362a6f, 0xf61c70ab), - TOBN(0x070c98a7, 0xb3a8ad41), TOBN(0x73a20fc0, 0x7b63db51), - TOBN(0xed2c2173, 0xf44c35f4), TOBN(0x8a56149d, 0x9acc9dca), - TOBN(0x98f17881, 0x9ac6e0f4), TOBN(0x360fdeaf, 0xa413b5ed), - TOBN(0x0625b8f4, 0xa300b0fd), TOBN(0xf1f4d76a, 0x5b3222d3), - TOBN(0x9d6f5109, 0x587f76b8), TOBN(0x8b4ee08d, 0x2317fdb5), - TOBN(0x88089bb7, 0x8c68b095), TOBN(0x95570e9a, 0x5808d9b9), - TOBN(0xa395c36f, 0x35d33ae7), TOBN(0x200ea123, 0x50bb5a94), - TOBN(0x20c789bd, 0x0bafe84b), TOBN(0x243ef52d, 0x0919276a), - TOBN(0x3934c577, 0xe23ae233), TOBN(0xb93807af, 0xa460d1ec), - TOBN(0xb72a53b1, 0xf8fa76a4), TOBN(0xd8914cb0, 0xc3ca4491), - TOBN(0x2e128494, 0x3fb42622), TOBN(0x3b2700ac, 0x500907d5), - TOBN(0xf370fb09, 0x1a95ec63), TOBN(0xf8f30be2, 0x31b6dfbd), - TOBN(0xf2b2f8d2, 0x69e55f15), TOBN(0x1fead851, 0xcc1323e9), - TOBN(0xfa366010, 0xd9e5eef6), TOBN(0x64d487b0, 0xe316107e), - TOBN(0x4c076b86, 0xd23ddc82), TOBN(0x03fd344c, 0x7e0143f0), - TOBN(0xa95362ff, 0x317af2c5), TOBN(0x0add3db7, 0xe18b7a4f), - TOBN(0x9c673e3f, 0x8260e01b), TOBN(0xfbeb49e5, 0x54a1cc91), - TOBN(0x91351bf2, 0x92f2e433), TOBN(0xc755e7ec, 0x851141eb), - TOBN(0xc9a95139, 0x29607745), TOBN(0x0ca07420, 0xa26f2b28), - TOBN(0xcb2790e7, 0x4bc6f9dd), TOBN(0x345bbb58, 0xadcaffc0), - TOBN(0xc65ea38c, 0xbe0f27a2), TOBN(0x67c24d7c, 0x641fcb56), - TOBN(0x2c25f0a7, 0xa9e2c757), TOBN(0x93f5cdb0, 0x16f16c49), - TOBN(0x2ca5a9d7, 0xc5ee30a1), TOBN(0xd1593635, 0xb909b729), - TOBN(0x804ce9f3, 0xdadeff48), TOBN(0xec464751, 0xb07c30c3), - TOBN(0x89d65ff3, 0x9e49af6a), TOBN(0xf2d6238a, 0x6f3d01bc), - TOBN(0x1095561e, 0x0bced843), TOBN(0x51789e12, 0xc8a13fd8), - TOBN(0xd633f929, 0x763231df), TOBN(0x46df9f7d, 0xe7cbddef), - TOBN(0x01c889c0, 0xcb265da8), TOBN(0xfce1ad10, 0xaf4336d2), - TOBN(0x8d110df6, 0xfc6a0a7e), TOBN(0xdd431b98, 0x6da425dc), - TOBN(0xcdc4aeab, 0x1834aabe), TOBN(0x84deb124, 0x8439b7fc), - TOBN(0x8796f169, 0x3c2a5998), TOBN(0x9b9247b4, 0x7947190d), - TOBN(0x55b9d9a5, 0x11597014), TOBN(0x7e9dd70d, 0x7b1566ee), - TOBN(0x94ad78f7, 0xcbcd5e64), TOBN(0x0359ac17, 0x9bd4c032), - TOBN(0x3b11baaf, 0x7cc222ae), TOBN(0xa6a6e284, 0xba78e812), - TOBN(0x8392053f, 0x24cea1a0), TOBN(0xc97bce4a, 0x33621491), - TOBN(0x7eb1db34, 0x35399ee9), TOBN(0x473f78ef, 0xece81ad1), - TOBN(0x41d72fe0, 0xf63d3d0d), TOBN(0xe620b880, 0xafab62fc), - TOBN(0x92096bc9, 0x93158383), TOBN(0x41a21357, 0x8f896f6c), - TOBN(0x1b5ee2fa, 0xc7dcfcab), TOBN(0x650acfde, 0x9546e007), - TOBN(0xc081b749, 0xb1b02e07), TOBN(0xda9e41a0, 0xf9eca03d), - TOBN(0x013ba727, 0x175a54ab), TOBN(0xca0cd190, 0xea5d8d10), - TOBN(0x85ea52c0, 0x95fd96a9), TOBN(0x2c591b9f, 0xbc5c3940), - TOBN(0x6fb4d4e4, 0x2bad4d5f), TOBN(0xfa4c3590, 0xfef0059b), - TOBN(0x6a10218a, 0xf5122294), TOBN(0x9a78a81a, 0xa85751d1), - TOBN(0x04f20579, 0xa98e84e7), TOBN(0xfe1242c0, 0x4997e5b5), - TOBN(0xe77a273b, 0xca21e1e4), TOBN(0xfcc8b1ef, 0x9411939d), - TOBN(0xe20ea302, 0x92d0487a), TOBN(0x1442dbec, 0x294b91fe), - TOBN(0x1f7a4afe, 0xbb6b0e8f), TOBN(0x1700ef74, 0x6889c318), - TOBN(0xf5bbffc3, 0x70f1fc62), TOBN(0x3b31d4b6, 0x69c79cca), - TOBN(0xe8bc2aab, 0xa7f6340d), TOBN(0xb0b08ab4, 0xa725e10a), - TOBN(0x44f05701, 0xae340050), TOBN(0xba4b3016, 0x1cf0c569), - TOBN(0x5aa29f83, 0xfbe19a51), TOBN(0x1b9ed428, 0xb71d752e), - TOBN(0x1666e54e, 0xeb4819f5), TOBN(0x616cdfed, 0x9e18b75b), - TOBN(0x112ed5be, 0x3ee27b0b), TOBN(0xfbf28319, 0x44c7de4d), - TOBN(0xd685ec85, 0xe0e60d84), TOBN(0x68037e30, 0x1db7ee78), - TOBN(0x5b65bdcd, 0x003c4d6e), TOBN(0x33e7363a, 0x93e29a6a), - TOBN(0x995b3a61, 0x08d0756c), TOBN(0xd727f85c, 0x2faf134b), - TOBN(0xfac6edf7, 0x1d337823), TOBN(0x99b9aa50, 0x0439b8b4), - TOBN(0x722eb104, 0xe2b4e075), TOBN(0x49987295, 0x437c4926), - TOBN(0xb1e4c0e4, 0x46a9b82d), TOBN(0xd0cb3197, 0x57a006f5), - TOBN(0xf3de0f7d, 0xd7808c56), TOBN(0xb5c54d8f, 0x51f89772), - TOBN(0x500a114a, 0xadbd31aa), TOBN(0x9afaaaa6, 0x295f6cab), - TOBN(0x94705e21, 0x04cf667a), TOBN(0xfc2a811b, 0x9d3935d7), - TOBN(0x560b0280, 0x6d09267c), TOBN(0xf19ed119, 0xf780e53b), - TOBN(0xf0227c09, 0x067b6269), TOBN(0x967b8533, 0x5caef599), - TOBN(0x155b9243, 0x68efeebc), TOBN(0xcd6d34f5, 0xc497bae6), - TOBN(0x1dd8d5d3, 0x6cceb370), TOBN(0x2aeac579, 0xa78d7bf9), - TOBN(0x5d65017d, 0x70b67a62), TOBN(0x70c8e44f, 0x17c53f67), - TOBN(0xd1fc0950, 0x86a34d09), TOBN(0xe0fca256, 0xe7134907), - TOBN(0xe24fa29c, 0x80fdd315), TOBN(0x2c4acd03, 0xd87499ad), - TOBN(0xbaaf7517, 0x3b5a9ba6), TOBN(0xb9cbe1f6, 0x12e51a51), - TOBN(0xd88edae3, 0x5e154897), TOBN(0xe4309c3c, 0x77b66ca0), - TOBN(0xf5555805, 0xf67f3746), TOBN(0x85fc37ba, 0xa36401ff), - TOBN(0xdf86e2ca, 0xd9499a53), TOBN(0x6270b2a3, 0xecbc955b), - TOBN(0xafae64f5, 0x974ad33b), TOBN(0x04d85977, 0xfe7b2df1), - TOBN(0x2a3db3ff, 0x4ab03f73), TOBN(0x0b87878a, 0x8702740a), - TOBN(0x6d263f01, 0x5a061732), TOBN(0xc25430ce, 0xa32a1901), - TOBN(0xf7ebab3d, 0xdb155018), TOBN(0x3a86f693, 0x63a9b78e), - TOBN(0x349ae368, 0xda9f3804), TOBN(0x470f07fe, 0xa164349c), - TOBN(0xd52f4cc9, 0x8562baa5), TOBN(0xc74a9e86, 0x2b290df3), - TOBN(0xd3a1aa35, 0x43471a24), TOBN(0x239446be, 0xb8194511), - TOBN(0xbec2dd00, 0x81dcd44d), TOBN(0xca3d7f0f, 0xc42ac82d), - TOBN(0x1f3db085, 0xfdaf4520), TOBN(0xbb6d3e80, 0x4549daf2), - TOBN(0xf5969d8a, 0x19ad5c42), TOBN(0x7052b13d, 0xdbfd1511), - TOBN(0x11890d1b, 0x682b9060), TOBN(0xa71d3883, 0xac34452c), - TOBN(0xa438055b, 0x783805b4), TOBN(0x43241277, 0x4725b23e), - TOBN(0xf20cf96e, 0x4901bbed), TOBN(0x6419c710, 0xf432a2bb), - TOBN(0x57a0fbb9, 0xdfa9cd7d), TOBN(0x589111e4, 0x00daa249), - TOBN(0x19809a33, 0x7b60554e), TOBN(0xea5f8887, 0xede283a4), - TOBN(0x2d713802, 0x503bfd35), TOBN(0x151bb0af, 0x585d2a53), - TOBN(0x40b08f74, 0x43b30ca8), TOBN(0xe10b5bba, 0xd9934583), - TOBN(0xe8a546d6, 0xb51110ad), TOBN(0x1dd50e66, 0x28e0b6c5), - TOBN(0x292e9d54, 0xcff2b821), TOBN(0x3882555d, 0x47281760), - TOBN(0x134838f8, 0x3724d6e3), TOBN(0xf2c679e0, 0x22ddcda1), - TOBN(0x40ee8815, 0x6d2a5768), TOBN(0x7f227bd2, 0x1c1e7e2d), - TOBN(0x487ba134, 0xd04ff443), TOBN(0x76e2ff3d, 0xc614e54b), - TOBN(0x36b88d6f, 0xa3177ec7), TOBN(0xbf731d51, 0x2328fff5), - TOBN(0x758caea2, 0x49ba158e), TOBN(0x5ab8ff4c, 0x02938188), - TOBN(0x33e16056, 0x35edc56d), TOBN(0x5a69d349, 0x7e940d79), - TOBN(0x6c4fd001, 0x03866dcb), TOBN(0x20a38f57, 0x4893cdef), - TOBN(0xfbf3e790, 0xfac3a15b), TOBN(0x6ed7ea2e, 0x7a4f8e6b), - TOBN(0xa663eb4f, 0xbc3aca86), TOBN(0x22061ea5, 0x080d53f7), - TOBN(0x2480dfe6, 0xf546783f), TOBN(0xd38bc6da, 0x5a0a641e), - TOBN(0xfb093cd1, 0x2ede8965), TOBN(0x89654db4, 0xacb455cf), - TOBN(0x413cbf9a, 0x26e1adee), TOBN(0x291f3764, 0x373294d4), - TOBN(0x00797257, 0x648083fe), TOBN(0x25f504d3, 0x208cc341), - TOBN(0x635a8e5e, 0xc3a0ee43), TOBN(0x70aaebca, 0x679898ff), - TOBN(0x9ee9f547, 0x5dc63d56), TOBN(0xce987966, 0xffb34d00), - TOBN(0xf9f86b19, 0x5e26310a), TOBN(0x9e435484, 0x382a8ca8), - TOBN(0x253bcb81, 0xc2352fe4), TOBN(0xa4eac8b0, 0x4474b571), - TOBN(0xc1b97512, 0xc1ad8cf8), TOBN(0x193b4e9e, 0x99e0b697), - TOBN(0x939d2716, 0x01e85df0), TOBN(0x4fb265b3, 0xcd44eafd), - TOBN(0x321e7dcd, 0xe51e1ae2), TOBN(0x8e3a8ca6, 0xe3d8b096), - TOBN(0x8de46cb0, 0x52604998), TOBN(0x91099ad8, 0x39072aa7), - TOBN(0x2617f91c, 0x93aa96b8), TOBN(0x0fc8716b, 0x7fca2e13), - TOBN(0xa7106f5e, 0x95328723), TOBN(0xd1c9c40b, 0x262e6522), - TOBN(0xb9bafe86, 0x42b7c094), TOBN(0x1873439d, 0x1543c021), - TOBN(0xe1baa5de, 0x5cbefd5d), TOBN(0xa363fc5e, 0x521e8aff), - TOBN(0xefe6320d, 0xf862eaac), TOBN(0x14419c63, 0x22c647dc), - TOBN(0x0e06707c, 0x4e46d428), TOBN(0xcb6c834f, 0x4a178f8f), - TOBN(0x0f993a45, 0xd30f917c), TOBN(0xd4c4b049, 0x9879afee), - TOBN(0xb6142a1e, 0x70500063), TOBN(0x7c9b41c3, 0xa5d9d605), - TOBN(0xbc00fc2f, 0x2f8ba2c7), TOBN(0x0966eb2f, 0x7c67aa28), - TOBN(0x13f7b516, 0x5a786972), TOBN(0x3bfb7557, 0x8a2fbba0), - TOBN(0x131c4f23, 0x5a2b9620), TOBN(0xbff3ed27, 0x6faf46be), - TOBN(0x9b4473d1, 0x7e172323), TOBN(0x421e8878, 0x339f6246), - TOBN(0x0fa8587a, 0x25a41632), TOBN(0xc0814124, 0xa35b6c93), - TOBN(0x2b18a9f5, 0x59ebb8db), TOBN(0x264e3357, 0x76edb29c), - TOBN(0xaf245ccd, 0xc87c51e2), TOBN(0x16b3015b, 0x501e6214), - TOBN(0xbb31c560, 0x0a3882ce), TOBN(0x6961bb94, 0xfec11e04), - TOBN(0x3b825b8d, 0xeff7a3a0), TOBN(0xbec33738, 0xb1df7326), - TOBN(0x68ad747c, 0x99604a1f), TOBN(0xd154c934, 0x9a3bd499), - TOBN(0xac33506f, 0x1cc7a906), TOBN(0x73bb5392, 0x6c560e8f), - TOBN(0x6428fcbe, 0x263e3944), TOBN(0xc11828d5, 0x1c387434), - TOBN(0x3cd04be1, 0x3e4b12ff), TOBN(0xc3aad9f9, 0x2d88667c), - TOBN(0xc52ddcf8, 0x248120cf), TOBN(0x985a892e, 0x2a389532), - TOBN(0xfbb4b21b, 0x3bb85fa0), TOBN(0xf95375e0, 0x8dfc6269), - TOBN(0xfb4fb06c, 0x7ee2acea), TOBN(0x6785426e, 0x309c4d1f), - TOBN(0x659b17c8, 0xd8ceb147), TOBN(0x9b649eee, 0xb70a5554), - TOBN(0x6b7fa0b5, 0xac6bc634), TOBN(0xd99fe2c7, 0x1d6e732f), - TOBN(0x30e6e762, 0x8d3abba2), TOBN(0x18fee6e7, 0xa797b799), - TOBN(0x5c9d360d, 0xc696464d), TOBN(0xe3baeb48, 0x27bfde12), - TOBN(0x2bf5db47, 0xf23206d5), TOBN(0x2f6d3420, 0x1d260152), - TOBN(0x17b87653, 0x3f8ff89a), TOBN(0x5157c30c, 0x378fa458), - TOBN(0x7517c5c5, 0x2d4fb936), TOBN(0xef22f7ac, 0xe6518cdc), - TOBN(0xdeb483e6, 0xbf847a64), TOBN(0xf5084558, 0x92e0fa89)}, - {TOBN(0xab9659d8, 0xdf7304d4), TOBN(0xb71bcf1b, 0xff210e8e), - TOBN(0xa9a2438b, 0xd73fbd60), TOBN(0x4595cd1f, 0x5d11b4de), - TOBN(0x9c0d329a, 0x4835859d), TOBN(0x4a0f0d2d, 0x7dbb6e56), - TOBN(0xc6038e5e, 0xdf928a4e), TOBN(0xc9429621, 0x8f5ad154), - TOBN(0x91213462, 0xf23f2d92), TOBN(0x6cab71bd, 0x60b94078), - TOBN(0x6bdd0a63, 0x176cde20), TOBN(0x54c9b20c, 0xee4d54bc), - TOBN(0x3cd2d8aa, 0x9f2ac02f), TOBN(0x03f8e617, 0x206eedb0), - TOBN(0xc7f68e16, 0x93086434), TOBN(0x831469c5, 0x92dd3db9), - TOBN(0x8521df24, 0x8f981354), TOBN(0x587e23ec, 0x3588a259), - TOBN(0xcbedf281, 0xd7a0992c), TOBN(0x06930a55, 0x38961407), - TOBN(0x09320deb, 0xbe5bbe21), TOBN(0xa7ffa5b5, 0x2491817f), - TOBN(0xe6c8b4d9, 0x09065160), TOBN(0xac4f3992, 0xfff6d2a9), - TOBN(0x7aa7a158, 0x3ae9c1bd), TOBN(0xe0af6d98, 0xe37ce240), - TOBN(0xe54342d9, 0x28ab38b4), TOBN(0xe8b75007, 0x0a1c98ca), - TOBN(0xefce86af, 0xe02358f2), TOBN(0x31b8b856, 0xea921228), - TOBN(0x052a1912, 0x0a1c67fc), TOBN(0xb4069ea4, 0xe3aead59), - TOBN(0x3232d6e2, 0x7fa03cb3), TOBN(0xdb938e5b, 0x0fdd7d88), - TOBN(0x04c1d2cd, 0x2ccbfc5d), TOBN(0xd2f45c12, 0xaf3a580f), - TOBN(0x592620b5, 0x7883e614), TOBN(0x5fd27e68, 0xbe7c5f26), - TOBN(0x139e45a9, 0x1567e1e3), TOBN(0x2cc71d2d, 0x44d8aaaf), - TOBN(0x4a9090cd, 0xe36d0757), TOBN(0xf722d7b1, 0xd9a29382), - TOBN(0xfb7fb04c, 0x04b48ddf), TOBN(0x628ad2a7, 0xebe16f43), - TOBN(0xcd3fbfb5, 0x20226040), TOBN(0x6c34ecb1, 0x5104b6c4), - TOBN(0x30c0754e, 0xc903c188), TOBN(0xec336b08, 0x2d23cab0), - TOBN(0x473d62a2, 0x1e206ee5), TOBN(0xf1e27480, 0x8c49a633), - TOBN(0x87ab956c, 0xe9f6b2c3), TOBN(0x61830b48, 0x62b606ea), - TOBN(0x67cd6846, 0xe78e815f), TOBN(0xfe40139f, 0x4c02082a), - TOBN(0x52bbbfcb, 0x952ec365), TOBN(0x74c11642, 0x6b9836ab), - TOBN(0x9f51439e, 0x558df019), TOBN(0x230da4ba, 0xac712b27), - TOBN(0x518919e3, 0x55185a24), TOBN(0x4dcefcdd, 0x84b78f50), - TOBN(0xa7d90fb2, 0xa47d4c5a), TOBN(0x55ac9abf, 0xb30e009e), - TOBN(0xfd2fc359, 0x74eed273), TOBN(0xb72d824c, 0xdbea8faf), - TOBN(0xce721a74, 0x4513e2ca), TOBN(0x0b418612, 0x38240b2c), - TOBN(0x05199968, 0xd5baa450), TOBN(0xeb1757ed, 0x2b0e8c25), - TOBN(0x6ebc3e28, 0x3dfac6d5), TOBN(0xb2431e2e, 0x48a237f5), - TOBN(0x2acb5e23, 0x52f61499), TOBN(0x5558a2a7, 0xe06c936b), - TOBN(0xd213f923, 0xcbb13d1b), TOBN(0x98799f42, 0x5bfb9bfe), - TOBN(0x1ae8ddc9, 0x701144a9), TOBN(0x0b8b3bb6, 0x4c5595ee), - TOBN(0x0ea9ef2e, 0x3ecebb21), TOBN(0x17cb6c4b, 0x3671f9a7), - TOBN(0x47ef464f, 0x726f1d1f), TOBN(0x171b9484, 0x6943a276), - TOBN(0x51a4ae2d, 0x7ef0329c), TOBN(0x08509222, 0x91c4402a), - TOBN(0x64a61d35, 0xafd45bbc), TOBN(0x38f096fe, 0x3035a851), - TOBN(0xc7468b74, 0xa1dec027), TOBN(0xe8cf10e7, 0x4fc7dcba), - TOBN(0xea35ff40, 0xf4a06353), TOBN(0x0b4c0dfa, 0x8b77dd66), - TOBN(0x779b8552, 0xde7e5c19), TOBN(0xfab28609, 0xc1c0256c), - TOBN(0x64f58eee, 0xabd4743d), TOBN(0x4e8ef838, 0x7b6cc93b), - TOBN(0xee650d26, 0x4cb1bf3d), TOBN(0x4c1f9d09, 0x73dedf61), - TOBN(0xaef7c9d7, 0xbfb70ced), TOBN(0x1ec0507e, 0x1641de1e), - TOBN(0xcd7e5cc7, 0xcde45079), TOBN(0xde173c9a, 0x516ac9e4), - TOBN(0x517a8494, 0xc170315c), TOBN(0x438fd905, 0x91d8e8fb), - TOBN(0x5145c506, 0xc7d9630b), TOBN(0x6457a87b, 0xf47d4d75), - TOBN(0xd31646bf, 0x0d9a80e8), TOBN(0x453add2b, 0xcef3aabe), - TOBN(0xc9941109, 0xa607419d), TOBN(0xfaa71e62, 0xbb6bca80), - TOBN(0x34158c13, 0x07c431f3), TOBN(0x594abebc, 0x992bc47a), - TOBN(0x6dfea691, 0xeb78399f), TOBN(0x48aafb35, 0x3f42cba4), - TOBN(0xedcd65af, 0x077c04f0), TOBN(0x1a29a366, 0xe884491a), - TOBN(0x023a40e5, 0x1c21f2bf), TOBN(0xf99a513c, 0xa5057aee), - TOBN(0xa3fe7e25, 0xbcab072e), TOBN(0x8568d2e1, 0x40e32bcf), - TOBN(0x904594eb, 0xd3f69d9f), TOBN(0x181a9733, 0x07affab1), - TOBN(0xe4d68d76, 0xb6e330f4), TOBN(0x87a6dafb, 0xc75a7fc1), - TOBN(0x549db2b5, 0xef7d9289), TOBN(0x2480d4a8, 0x197f015a), - TOBN(0x61d5590b, 0xc40493b6), TOBN(0x3a55b52e, 0x6f780331), - TOBN(0x40eb8115, 0x309eadb0), TOBN(0xdea7de5a, 0x92e5c625), - TOBN(0x64d631f0, 0xcc6a3d5a), TOBN(0x9d5e9d7c, 0x93e8dd61), - TOBN(0xf297bef5, 0x206d3ffc), TOBN(0x23d5e033, 0x7d808bd4), - TOBN(0x4a4f6912, 0xd24cf5ba), TOBN(0xe4d8163b, 0x09cdaa8a), - TOBN(0x0e0de9ef, 0xd3082e8e), TOBN(0x4fe1246c, 0x0192f360), - TOBN(0x1f900150, 0x4b8eee0a), TOBN(0x5219da81, 0xf1da391b), - TOBN(0x7bf6a5c1, 0xf7ea25aa), TOBN(0xd165e6bf, 0xfbb07d5f), - TOBN(0xe3539361, 0x89e78671), TOBN(0xa3fcac89, 0x2bac4219), - TOBN(0xdfab6fd4, 0xf0baa8ab), TOBN(0x5a4adac1, 0xe2c1c2e5), - TOBN(0x6cd75e31, 0x40d85849), TOBN(0xce263fea, 0x19b39181), - TOBN(0xcb6803d3, 0x07032c72), TOBN(0x7f40d5ce, 0x790968c8), - TOBN(0xa6de86bd, 0xdce978f0), TOBN(0x25547c4f, 0x368f751c), - TOBN(0xb1e685fd, 0x65fb2a9e), TOBN(0xce69336f, 0x1eb9179c), - TOBN(0xb15d1c27, 0x12504442), TOBN(0xb7df465c, 0xb911a06b), - TOBN(0xb8d804a3, 0x315980cd), TOBN(0x693bc492, 0xfa3bebf7), - TOBN(0x3578aeee, 0x2253c504), TOBN(0x158de498, 0xcd2474a2), - TOBN(0x1331f5c7, 0xcfda8368), TOBN(0xd2d7bbb3, 0x78d7177e), - TOBN(0xdf61133a, 0xf3c1e46e), TOBN(0x5836ce7d, 0xd30e7be8), - TOBN(0x83084f19, 0x94f834cb), TOBN(0xd35653d4, 0x429ed782), - TOBN(0xa542f16f, 0x59e58243), TOBN(0xc2b52f65, 0x0470a22d), - TOBN(0xe3b6221b, 0x18f23d96), TOBN(0xcb05abac, 0x3f5252b4), - TOBN(0xca00938b, 0x87d61402), TOBN(0x2f186cdd, 0x411933e4), - TOBN(0xe042ece5, 0x9a29a5c5), TOBN(0xb19b3c07, 0x3b6c8402), - TOBN(0xc97667c7, 0x19d92684), TOBN(0xb5624622, 0xebc66372), - TOBN(0x0cb96e65, 0x3c04fa02), TOBN(0x83a7176c, 0x8eaa39aa), - TOBN(0x2033561d, 0xeaa1633f), TOBN(0x45a9d086, 0x4533df73), - TOBN(0xe0542c1d, 0x3dc090bc), TOBN(0x82c996ef, 0xaa59c167), - TOBN(0xe3f735e8, 0x0ee7fc4d), TOBN(0x7b179393, 0x7c35db79), - TOBN(0xb6419e25, 0xf8c5dbfd), TOBN(0x4d9d7a1e, 0x1f327b04), - TOBN(0x979f6f9b, 0x298dfca8), TOBN(0xc7c5dff1, 0x8de9366a), - TOBN(0x1b7a588d, 0x04c82bdd), TOBN(0x68005534, 0xf8319dfd), - TOBN(0xde8a55b5, 0xd8eb9580), TOBN(0x5ea886da, 0x8d5bca81), - TOBN(0xe8530a01, 0x252a0b4d), TOBN(0x1bffb4fe, 0x35eaa0a1), - TOBN(0x2ad828b1, 0xd8e99563), TOBN(0x7de96ef5, 0x95f9cd87), - TOBN(0x4abb2d0c, 0xd77d970c), TOBN(0x03cfb933, 0xd33ef9cb), - TOBN(0xb0547c01, 0x8b211fe9), TOBN(0x2fe64809, 0xa56ed1c6), - TOBN(0xcb7d5624, 0xc2ac98cc), TOBN(0x2a1372c0, 0x1a393e33), - TOBN(0xc8d1ec1c, 0x29660521), TOBN(0xf3d31b04, 0xb37ac3e9), - TOBN(0xa29ae9df, 0x5ece6e7c), TOBN(0x0603ac8f, 0x0facfb55), - TOBN(0xcfe85b7a, 0xdda233a5), TOBN(0xe618919f, 0xbd75f0b8), - TOBN(0xf555a3d2, 0x99bf1603), TOBN(0x1f43afc9, 0xf184255a), - TOBN(0xdcdaf341, 0x319a3e02), TOBN(0xd3b117ef, 0x03903a39), - TOBN(0xe095da13, 0x65d1d131), TOBN(0x86f16367, 0xc37ad03e), - TOBN(0x5f37389e, 0x462cd8dd), TOBN(0xc103fa04, 0xd67a60e6), - TOBN(0x57c34344, 0xf4b478f0), TOBN(0xce91edd8, 0xe117c98d), - TOBN(0x001777b0, 0x231fc12e), TOBN(0x11ae47f2, 0xb207bccb), - TOBN(0xd983cf8d, 0x20f8a242), TOBN(0x7aff5b1d, 0xf22e1ad8), - TOBN(0x68fd11d0, 0x7fc4feb3), TOBN(0x5d53ae90, 0xb0f1c3e1), - TOBN(0x50fb7905, 0xec041803), TOBN(0x85e3c977, 0x14404888), - TOBN(0x0e67faed, 0xac628d8f), TOBN(0x2e865150, 0x6668532c), - TOBN(0x15acaaa4, 0x6a67a6b0), TOBN(0xf4cdee25, 0xb25cec41), - TOBN(0x49ee565a, 0xe4c6701e), TOBN(0x2a04ca66, 0xfc7d63d8), - TOBN(0xeb105018, 0xef0543fb), TOBN(0xf709a4f5, 0xd1b0d81d), - TOBN(0x5b906ee6, 0x2915d333), TOBN(0xf4a87412, 0x96f1f0ab), - TOBN(0xb6b82fa7, 0x4d82f4c2), TOBN(0x90725a60, 0x6804efb3), - TOBN(0xbc82ec46, 0xadc3425e), TOBN(0xb7b80581, 0x2787843e), - TOBN(0xdf46d91c, 0xdd1fc74c), TOBN(0xdc1c62cb, 0xe783a6c4), - TOBN(0x59d1b9f3, 0x1a04cbba), TOBN(0xd87f6f72, 0x95e40764), - TOBN(0x02b4cfc1, 0x317f4a76), TOBN(0x8d2703eb, 0x91036bce), - TOBN(0x98206cc6, 0xa5e72a56), TOBN(0x57be9ed1, 0xcf53fb0f), - TOBN(0x09374571, 0xef0b17ac), TOBN(0x74b2655e, 0xd9181b38), - TOBN(0xc8f80ea8, 0x89935d0e), TOBN(0xc0d9e942, 0x91529936), - TOBN(0x19686041, 0x1e84e0e5), TOBN(0xa5db84d3, 0xaea34c93), - TOBN(0xf9d5bb19, 0x7073a732), TOBN(0xb8d2fe56, 0x6bcfd7c0), - TOBN(0x45775f36, 0xf3eb82fa), TOBN(0x8cb20ccc, 0xfdff8b58), - TOBN(0x1659b65f, 0x8374c110), TOBN(0xb8b4a422, 0x330c789a), - TOBN(0x75e3c3ea, 0x6fe8208b), TOBN(0xbd74b9e4, 0x286e78fe), - TOBN(0x0be2e81b, 0xd7d93a1a), TOBN(0x7ed06e27, 0xdd0a5aae), - TOBN(0x721f5a58, 0x6be8b800), TOBN(0x428299d1, 0xd846db28), - TOBN(0x95cb8e6b, 0x5be88ed3), TOBN(0xc3186b23, 0x1c034e11), - TOBN(0xa6312c9e, 0x8977d99b), TOBN(0xbe944331, 0x83f531e7), - TOBN(0x8232c0c2, 0x18d3b1d4), TOBN(0x617aae8b, 0xe1247b73), - TOBN(0x40153fc4, 0x282aec3b), TOBN(0xc6063d2f, 0xf7b8f823), - TOBN(0x68f10e58, 0x3304f94c), TOBN(0x31efae74, 0xee676346), - TOBN(0xbadb6c6d, 0x40a9b97c), TOBN(0x14702c63, 0x4f666256), - TOBN(0xdeb954f1, 0x5184b2e3), TOBN(0x5184a526, 0x94b6ca40), - TOBN(0xfff05337, 0x003c32ea), TOBN(0x5aa374dd, 0x205974c7), - TOBN(0x9a763854, 0x4b0dd71a), TOBN(0x459cd27f, 0xdeb947ec), - TOBN(0xa6e28161, 0x459c2b92), TOBN(0x2f020fa8, 0x75ee8ef5), - TOBN(0xb132ec2d, 0x30b06310), TOBN(0xc3e15899, 0xbc6a4530), - TOBN(0xdc5f53fe, 0xaa3f451a), TOBN(0x3a3c7f23, 0xc2d9acac), - TOBN(0x2ec2f892, 0x6b27e58b), TOBN(0x68466ee7, 0xd742799f), - TOBN(0x98324dd4, 0x1fa26613), TOBN(0xa2dc6dab, 0xbdc29d63), - TOBN(0xf9675faa, 0xd712d657), TOBN(0x813994be, 0x21fd8d15), - TOBN(0x5ccbb722, 0xfd4f7553), TOBN(0x5135ff8b, 0xf3a36b20), - TOBN(0x44be28af, 0x69559df5), TOBN(0x40b65bed, 0x9d41bf30), - TOBN(0xd98bf2a4, 0x3734e520), TOBN(0x5e3abbe3, 0x209bdcba), - TOBN(0x77c76553, 0xbc945b35), TOBN(0x5331c093, 0xc6ef14aa), - TOBN(0x518ffe29, 0x76b60c80), TOBN(0x2285593b, 0x7ace16f8), - TOBN(0xab1f64cc, 0xbe2b9784), TOBN(0xe8f2c0d9, 0xab2421b6), - TOBN(0x617d7174, 0xc1df065c), TOBN(0xafeeb5ab, 0x5f6578fa), - TOBN(0x16ff1329, 0x263b54a8), TOBN(0x45c55808, 0xc990dce3), - TOBN(0x42eab6c0, 0xecc8c177), TOBN(0x799ea9b5, 0x5982ecaa), - TOBN(0xf65da244, 0xb607ef8e), TOBN(0x8ab226ce, 0x32a3fc2c), - TOBN(0x745741e5, 0x7ea973dc), TOBN(0x5c00ca70, 0x20888f2e), - TOBN(0x7cdce3cf, 0x45fd9cf1), TOBN(0x8a741ef1, 0x5507f872), - TOBN(0x47c51c2f, 0x196b4cec), TOBN(0x70d08e43, 0xc97ea618), - TOBN(0x930da15c, 0x15b18a2b), TOBN(0x33b6c678, 0x2f610514), - TOBN(0xc662e4f8, 0x07ac9794), TOBN(0x1eccf050, 0xba06cb79), - TOBN(0x1ff08623, 0xe7d954e5), TOBN(0x6ef2c5fb, 0x24cf71c3), - TOBN(0xb2c063d2, 0x67978453), TOBN(0xa0cf3796, 0x1d654af8), - TOBN(0x7cb242ea, 0x7ebdaa37), TOBN(0x206e0b10, 0xb86747e0), - TOBN(0x481dae5f, 0xd5ecfefc), TOBN(0x07084fd8, 0xc2bff8fc), - TOBN(0x8040a01a, 0xea324596), TOBN(0x4c646980, 0xd4de4036), - TOBN(0x9eb8ab4e, 0xd65abfc3), TOBN(0xe01cb91f, 0x13541ec7), - TOBN(0x8f029adb, 0xfd695012), TOBN(0x9ae28483, 0x3c7569ec), - TOBN(0xa5614c9e, 0xa66d80a1), TOBN(0x680a3e44, 0x75f5f911), - TOBN(0x0c07b14d, 0xceba4fc1), TOBN(0x891c285b, 0xa13071c1), - TOBN(0xcac67ceb, 0x799ece3c), TOBN(0x29b910a9, 0x41e07e27), - TOBN(0x66bdb409, 0xf2e43123), TOBN(0x06f8b137, 0x7ac9ecbe), - TOBN(0x5981fafd, 0x38547090), TOBN(0x19ab8b9f, 0x85e3415d), - TOBN(0xfc28c194, 0xc7e31b27), TOBN(0x843be0aa, 0x6fbcbb42), - TOBN(0xf3b1ed43, 0xa6db836c), TOBN(0x2a1330e4, 0x01a45c05), - TOBN(0x4f19f3c5, 0x95c1a377), TOBN(0xa85f39d0, 0x44b5ee33), - TOBN(0x3da18e6d, 0x4ae52834), TOBN(0x5a403b39, 0x7423dcb0), - TOBN(0xbb555e0a, 0xf2374aef), TOBN(0x2ad599c4, 0x1e8ca111), - TOBN(0x1b3a2fb9, 0x014b3bf8), TOBN(0x73092684, 0xf66d5007), - TOBN(0x079f1426, 0xc4340102), TOBN(0x1827cf81, 0x8fddf4de), - TOBN(0xc83605f6, 0xf10ff927), TOBN(0xd3871451, 0x23739fc6), - TOBN(0x6d163450, 0xcac1c2cc), TOBN(0x6b521296, 0xa2ec1ac5), - TOBN(0x0606c4f9, 0x6e3cb4a5), TOBN(0xe47d3f41, 0x778abff7), - TOBN(0x425a8d5e, 0xbe8e3a45), TOBN(0x53ea9e97, 0xa6102160), - TOBN(0x477a106e, 0x39cbb688), TOBN(0x532401d2, 0xf3386d32), - TOBN(0x8e564f64, 0xb1b9b421), TOBN(0xca9b8388, 0x81dad33f), - TOBN(0xb1422b4e, 0x2093913e), TOBN(0x533d2f92, 0x69bc8112), - TOBN(0x3fa017be, 0xebe7b2c7), TOBN(0xb2767c4a, 0xcaf197c6), - TOBN(0xc925ff87, 0xaedbae9f), TOBN(0x7daf0eb9, 0x36880a54), - TOBN(0x9284ddf5, 0x9c4d0e71), TOBN(0x1581cf93, 0x316f8cf5), - TOBN(0x3eeca887, 0x3ac1f452), TOBN(0xb417fce9, 0xfb6aeffe), - TOBN(0xa5918046, 0xeefb8dc3), TOBN(0x73d318ac, 0x02209400), - TOBN(0xe800400f, 0x728693e5), TOBN(0xe87d814b, 0x339927ed), - TOBN(0x93e94d3b, 0x57ea9910), TOBN(0xff8a35b6, 0x2245fb69), - TOBN(0x043853d7, 0x7f200d34), TOBN(0x470f1e68, 0x0f653ce1), - TOBN(0x81ac05bd, 0x59a06379), TOBN(0xa14052c2, 0x03930c29), - TOBN(0x6b72fab5, 0x26bc2797), TOBN(0x13670d16, 0x99f16771), - TOBN(0x00170052, 0x1e3e48d1), TOBN(0x978fe401, 0xb7adf678), - TOBN(0x55ecfb92, 0xd41c5dd4), TOBN(0x5ff8e247, 0xc7b27da5), - TOBN(0xe7518272, 0x013fb606), TOBN(0x5768d7e5, 0x2f547a3c), - TOBN(0xbb24eaa3, 0x60017a5f), TOBN(0x6b18e6e4, 0x9c64ce9b), - TOBN(0xc225c655, 0x103dde07), TOBN(0xfc3672ae, 0x7592f7ea), - TOBN(0x9606ad77, 0xd06283a1), TOBN(0x542fc650, 0xe4d59d99), - TOBN(0xabb57c49, 0x2a40e7c2), TOBN(0xac948f13, 0xa8db9f55), - TOBN(0x6d4c9682, 0xb04465c3), TOBN(0xe3d062fa, 0x6468bd15), - TOBN(0xa51729ac, 0x5f318d7e), TOBN(0x1fc87df6, 0x9eb6fc95), - TOBN(0x63d146a8, 0x0591f652), TOBN(0xa861b8f7, 0x589621aa), - TOBN(0x59f5f15a, 0xce31348c), TOBN(0x8f663391, 0x440da6da), - TOBN(0xcfa778ac, 0xb591ffa3), TOBN(0x027ca9c5, 0x4cdfebce), - TOBN(0xbe8e05a5, 0x444ea6b3), TOBN(0x8aab4e69, 0xa78d8254), - TOBN(0x2437f04f, 0xb474d6b8), TOBN(0x6597ffd4, 0x045b3855), - TOBN(0xbb0aea4e, 0xca47ecaa), TOBN(0x568aae83, 0x85c7ebfc), - TOBN(0x0e966e64, 0xc73b2383), TOBN(0x49eb3447, 0xd17d8762), - TOBN(0xde107821, 0x8da05dab), TOBN(0x443d8baa, 0x016b7236), - TOBN(0x163b63a5, 0xea7610d6), TOBN(0xe47e4185, 0xce1ca979), - TOBN(0xae648b65, 0x80baa132), TOBN(0xebf53de2, 0x0e0d5b64), - TOBN(0x8d3bfcb4, 0xd3c8c1ca), TOBN(0x0d914ef3, 0x5d04b309), - TOBN(0x55ef6415, 0x3de7d395), TOBN(0xbde1666f, 0x26b850e8), - TOBN(0xdbe1ca6e, 0xd449ab19), TOBN(0x8902b322, 0xe89a2672), - TOBN(0xb1674b7e, 0xdacb7a53), TOBN(0x8e9faf6e, 0xf52523ff), - TOBN(0x6ba535da, 0x9a85788b), TOBN(0xd21f03ae, 0xbd0626d4), - TOBN(0x099f8c47, 0xe873dc64), TOBN(0xcda8564d, 0x018ec97e), - TOBN(0x3e8d7a5c, 0xde92c68c), TOBN(0x78e035a1, 0x73323cc4), - TOBN(0x3ef26275, 0xf880ff7c), TOBN(0xa4ee3dff, 0x273eedaa), - TOBN(0x58823507, 0xaf4e18f8), TOBN(0x967ec9b5, 0x0672f328), - TOBN(0x9ded19d9, 0x559d3186), TOBN(0x5e2ab3de, 0x6cdce39c), - TOBN(0xabad6e4d, 0x11c226df), TOBN(0xf9783f43, 0x87723014), - TOBN(0x9a49a0cf, 0x1a885719), TOBN(0xfc0c1a5a, 0x90da9dbf), - TOBN(0x8bbaec49, 0x571d92ac), TOBN(0x569e85fe, 0x4692517f), - TOBN(0x8333b014, 0xa14ea4af), TOBN(0x32f2a62f, 0x12e5c5ad), - TOBN(0x98c2ce3a, 0x06d89b85), TOBN(0xb90741aa, 0x2ff77a08), - TOBN(0x2530defc, 0x01f795a2), TOBN(0xd6e5ba0b, 0x84b3c199), - TOBN(0x7d8e8451, 0x12e4c936), TOBN(0xae419f7d, 0xbd0be17b), - TOBN(0xa583fc8c, 0x22262bc9), TOBN(0x6b842ac7, 0x91bfe2bd), - TOBN(0x33cef4e9, 0x440d6827), TOBN(0x5f69f4de, 0xef81fb14), - TOBN(0xf16cf6f6, 0x234fbb92), TOBN(0x76ae3fc3, 0xd9e7e158), - TOBN(0x4e89f6c2, 0xe9740b33), TOBN(0x677bc85d, 0x4962d6a1), - TOBN(0x6c6d8a7f, 0x68d10d15), TOBN(0x5f9a7224, 0x0257b1cd), - TOBN(0x7096b916, 0x4ad85961), TOBN(0x5f8c47f7, 0xe657ab4a), - TOBN(0xde57d7d0, 0xf7461d7e), TOBN(0x7eb6094d, 0x80ce5ee2), - TOBN(0x0b1e1dfd, 0x34190547), TOBN(0x8a394f43, 0xf05dd150), - TOBN(0x0a9eb24d, 0x97df44e6), TOBN(0x78ca06bf, 0x87675719), - TOBN(0x6f0b3462, 0x6ffeec22), TOBN(0x9d91bcea, 0x36cdd8fb), - TOBN(0xac83363c, 0xa105be47), TOBN(0x81ba76c1, 0x069710e3), - TOBN(0x3d1b24cb, 0x28c682c6), TOBN(0x27f25228, 0x8612575b), - TOBN(0xb587c779, 0xe8e66e98), TOBN(0x7b0c03e9, 0x405eb1fe), - TOBN(0xfdf0d030, 0x15b548e7), TOBN(0xa8be76e0, 0x38b36af7), - TOBN(0x4cdab04a, 0x4f310c40), TOBN(0x6287223e, 0xf47ecaec), - TOBN(0x678e6055, 0x8b399320), TOBN(0x61fe3fa6, 0xc01e4646), - TOBN(0xc482866b, 0x03261a5e), TOBN(0xdfcf45b8, 0x5c2f244a), - TOBN(0x8fab9a51, 0x2f684b43), TOBN(0xf796c654, 0xc7220a66), - TOBN(0x1d90707e, 0xf5afa58f), TOBN(0x2c421d97, 0x4fdbe0de), - TOBN(0xc4f4cda3, 0xaf2ebc2f), TOBN(0xa0af843d, 0xcb4efe24), - TOBN(0x53b857c1, 0x9ccd10b1), TOBN(0xddc9d1eb, 0x914d3e04), - TOBN(0x7bdec8bb, 0x62771deb), TOBN(0x829277aa, 0x91c5aa81), - TOBN(0x7af18dd6, 0x832391ae), TOBN(0x1740f316, 0xc71a84ca)}, - {TOBN(0x8928e99a, 0xeeaf8c49), TOBN(0xee7aa73d, 0x6e24d728), - TOBN(0x4c5007c2, 0xe72b156c), TOBN(0x5fcf57c5, 0xed408a1d), - TOBN(0x9f719e39, 0xb6057604), TOBN(0x7d343c01, 0xc2868bbf), - TOBN(0x2cca254b, 0x7e103e2d), TOBN(0xe6eb38a9, 0xf131bea2), - TOBN(0xb33e624f, 0x8be762b4), TOBN(0x2a9ee4d1, 0x058e3413), - TOBN(0x968e6369, 0x67d805fa), TOBN(0x9848949b, 0x7db8bfd7), - TOBN(0x5308d7e5, 0xd23a8417), TOBN(0x892f3b1d, 0xf3e29da5), - TOBN(0xc95c139e, 0x3dee471f), TOBN(0x8631594d, 0xd757e089), - TOBN(0xe0c82a3c, 0xde918dcc), TOBN(0x2e7b5994, 0x26fdcf4b), - TOBN(0x82c50249, 0x32cb1b2d), TOBN(0xea613a9d, 0x7657ae07), - TOBN(0xc2eb5f6c, 0xf1fdc9f7), TOBN(0xb6eae8b8, 0x879fe682), - TOBN(0x253dfee0, 0x591cbc7f), TOBN(0x000da713, 0x3e1290e6), - TOBN(0x1083e2ea, 0x1f095615), TOBN(0x0a28ad77, 0x14e68c33), - TOBN(0x6bfc0252, 0x3d8818be), TOBN(0xb585113a, 0xf35850cd), - TOBN(0x7d935f0b, 0x30df8aa1), TOBN(0xaddda07c, 0x4ab7e3ac), - TOBN(0x92c34299, 0x552f00cb), TOBN(0xc33ed1de, 0x2909df6c), - TOBN(0x22c2195d, 0x80e87766), TOBN(0x9e99e6d8, 0x9ddf4ac0), - TOBN(0x09642e4e, 0x65e74934), TOBN(0x2610ffa2, 0xff1ff241), - TOBN(0x4d1d47d4, 0x751c8159), TOBN(0x697b4985, 0xaf3a9363), - TOBN(0x0318ca46, 0x87477c33), TOBN(0xa90cb565, 0x9441eff3), - TOBN(0x58bb3848, 0x36f024cb), TOBN(0x85be1f77, 0x36016168), - TOBN(0x6c59587c, 0xdc7e07f1), TOBN(0x191be071, 0xaf1d8f02), - TOBN(0xbf169fa5, 0xcca5e55c), TOBN(0x3864ba3c, 0xf7d04eac), - TOBN(0x915e367f, 0x8d7d05db), TOBN(0xb48a876d, 0xa6549e5d), - TOBN(0xef89c656, 0x580e40a2), TOBN(0xf194ed8c, 0x728068bc), - TOBN(0x74528045, 0xa47990c9), TOBN(0xf53fc7d7, 0x5e1a4649), - TOBN(0xbec5ae9b, 0x78593e7d), TOBN(0x2cac4ee3, 0x41db65d7), - TOBN(0xa8c1eb24, 0x04a3d39b), TOBN(0x53b7d634, 0x03f8f3ef), - TOBN(0x2dc40d48, 0x3e07113c), TOBN(0x6e4a5d39, 0x7d8b63ae), - TOBN(0x5582a94b, 0x79684c2b), TOBN(0x932b33d4, 0x622da26c), - TOBN(0xf534f651, 0x0dbbf08d), TOBN(0x211d07c9, 0x64c23a52), - TOBN(0x0eeece0f, 0xee5bdc9b), TOBN(0xdf178168, 0xf7015558), - TOBN(0xd4294635, 0x0a712229), TOBN(0x93cbe448, 0x09273f8c), - TOBN(0x00b095ef, 0x8f13bc83), TOBN(0xbb741972, 0x8798978c), - TOBN(0x9d7309a2, 0x56dbe6e7), TOBN(0xe578ec56, 0x5a5d39ec), - TOBN(0x3961151b, 0x851f9a31), TOBN(0x2da7715d, 0xe5709eb4), - TOBN(0x867f3017, 0x53dfabf0), TOBN(0x728d2078, 0xb8e39259), - TOBN(0x5c75a0cd, 0x815d9958), TOBN(0xf84867a6, 0x16603be1), - TOBN(0xc865b13d, 0x70e35b1c), TOBN(0x02414468, 0x19b03e2c), - TOBN(0xe46041da, 0xac1f3121), TOBN(0x7c9017ad, 0x6f028a7c), - TOBN(0xabc96de9, 0x0a482873), TOBN(0x4265d6b1, 0xb77e54d4), - TOBN(0x68c38e79, 0xa57d88e7), TOBN(0xd461d766, 0x9ce82de3), - TOBN(0x817a9ec5, 0x64a7e489), TOBN(0xcc5675cd, 0xa0def5f2), - TOBN(0x9a00e785, 0x985d494e), TOBN(0xc626833f, 0x1b03514a), - TOBN(0xabe7905a, 0x83cdd60e), TOBN(0x50602fb5, 0xa1170184), - TOBN(0x689886cd, 0xb023642a), TOBN(0xd568d090, 0xa6e1fb00), - TOBN(0x5b1922c7, 0x0259217f), TOBN(0x93831cd9, 0xc43141e4), - TOBN(0xdfca3587, 0x0c95f86e), TOBN(0xdec2057a, 0x568ae828), - TOBN(0xc44ea599, 0xf98a759a), TOBN(0x55a0a7a2, 0xf7c23c1d), - TOBN(0xd5ffb6e6, 0x94c4f687), TOBN(0x3563cce2, 0x12848478), - TOBN(0x812b3517, 0xe7b1fbe1), TOBN(0x8a7dc979, 0x4f7338e0), - TOBN(0x211ecee9, 0x52d048db), TOBN(0x2eea4056, 0xc86ea3b8), - TOBN(0xd8cb68a7, 0xba772b34), TOBN(0xe16ed341, 0x5f4e2541), - TOBN(0x9b32f6a6, 0x0fec14db), TOBN(0xeee376f7, 0x391698be), - TOBN(0xe9a7aa17, 0x83674c02), TOBN(0x65832f97, 0x5843022a), - TOBN(0x29f3a8da, 0x5ba4990f), TOBN(0x79a59c3a, 0xfb8e3216), - TOBN(0x9cdc4d2e, 0xbd19bb16), TOBN(0xc6c7cfd0, 0xb3262d86), - TOBN(0xd4ce14d0, 0x969c0b47), TOBN(0x1fa352b7, 0x13e56128), - TOBN(0x383d55b8, 0x973db6d3), TOBN(0x71836850, 0xe8e5b7bf), - TOBN(0xc7714596, 0xe6bb571f), TOBN(0x259df31f, 0x2d5b2dd2), - TOBN(0x568f8925, 0x913cc16d), TOBN(0x18bc5b6d, 0xe1a26f5a), - TOBN(0xdfa413be, 0xf5f499ae), TOBN(0xf8835dec, 0xc3f0ae84), - TOBN(0xb6e60bd8, 0x65a40ab0), TOBN(0x65596439, 0x194b377e), - TOBN(0xbcd85625, 0x92084a69), TOBN(0x5ce433b9, 0x4f23ede0), - TOBN(0xe8e8f04f, 0x6ad65143), TOBN(0x11511827, 0xd6e14af6), - TOBN(0x3d390a10, 0x8295c0c7), TOBN(0x71e29ee4, 0x621eba16), - TOBN(0xa588fc09, 0x63717b46), TOBN(0x02be02fe, 0xe06ad4a2), - TOBN(0x931558c6, 0x04c22b22), TOBN(0xbb4d4bd6, 0x12f3c849), - TOBN(0x54a4f496, 0x20efd662), TOBN(0x92ba6d20, 0xc5952d14), - TOBN(0x2db8ea1e, 0xcc9784c2), TOBN(0x81cc10ca, 0x4b353644), - TOBN(0x40b570ad, 0x4b4d7f6c), TOBN(0x5c9f1d96, 0x84a1dcd2), - TOBN(0x01379f81, 0x3147e797), TOBN(0xe5c6097b, 0x2bd499f5), - TOBN(0x40dcafa6, 0x328e5e20), TOBN(0xf7b5244a, 0x54815550), - TOBN(0xb9a4f118, 0x47bfc978), TOBN(0x0ea0e79f, 0xd25825b1), - TOBN(0xa50f96eb, 0x646c7ecf), TOBN(0xeb811493, 0x446dea9d), - TOBN(0x2af04677, 0xdfabcf69), TOBN(0xbe3a068f, 0xc713f6e8), - TOBN(0x860d523d, 0x42e06189), TOBN(0xbf077941, 0x4e3aff13), - TOBN(0x0b616dca, 0xc1b20650), TOBN(0xe66dd6d1, 0x2131300d), - TOBN(0xd4a0fd67, 0xff99abde), TOBN(0xc9903550, 0xc7aac50d), - TOBN(0x022ecf8b, 0x7c46b2d7), TOBN(0x3333b1e8, 0x3abf92af), - TOBN(0x11cc113c, 0x6c491c14), TOBN(0x05976688, 0x80dd3f88), - TOBN(0xf5b4d9e7, 0x29d932ed), TOBN(0xe982aad8, 0xa2c38b6d), - TOBN(0x6f925347, 0x8be0dcf0), TOBN(0x700080ae, 0x65ca53f2), - TOBN(0xd8131156, 0x443ca77f), TOBN(0xe92d6942, 0xec51f984), - TOBN(0xd2a08af8, 0x85dfe9ae), TOBN(0xd825d9a5, 0x4d2a86ca), - TOBN(0x2c53988d, 0x39dff020), TOBN(0xf38b135a, 0x430cdc40), - TOBN(0x0c918ae0, 0x62a7150b), TOBN(0xf31fd8de, 0x0c340e9b), - TOBN(0xafa0e7ae, 0x4dbbf02e), TOBN(0x5847fb2a, 0x5eba6239), - TOBN(0x6b1647dc, 0xdccbac8b), TOBN(0xb642aa78, 0x06f485c8), - TOBN(0x873f3765, 0x7038ecdf), TOBN(0x2ce5e865, 0xfa49d3fe), - TOBN(0xea223788, 0xc98c4400), TOBN(0x8104a8cd, 0xf1fa5279), - TOBN(0xbcf7cc7a, 0x06becfd7), TOBN(0x49424316, 0xc8f974ae), - TOBN(0xc0da65e7, 0x84d6365d), TOBN(0xbcb7443f, 0x8f759fb8), - TOBN(0x35c712b1, 0x7ae81930), TOBN(0x80428dff, 0x4c6e08ab), - TOBN(0xf19dafef, 0xa4faf843), TOBN(0xced8538d, 0xffa9855f), - TOBN(0x20ac409c, 0xbe3ac7ce), TOBN(0x358c1fb6, 0x882da71e), - TOBN(0xafa9c0e5, 0xfd349961), TOBN(0x2b2cfa51, 0x8421c2fc), - TOBN(0x2a80db17, 0xf3a28d38), TOBN(0xa8aba539, 0x5d138e7e), - TOBN(0x52012d1d, 0x6e96eb8d), TOBN(0x65d8dea0, 0xcbaf9622), - TOBN(0x57735447, 0xb264f56c), TOBN(0xbeebef3f, 0x1b6c8da2), - TOBN(0xfc346d98, 0xce785254), TOBN(0xd50e8d72, 0xbb64a161), - TOBN(0xc03567c7, 0x49794add), TOBN(0x15a76065, 0x752c7ef6), - TOBN(0x59f3a222, 0x961f23d6), TOBN(0x378e4438, 0x73ecc0b0), - TOBN(0xc74be434, 0x5a82fde4), TOBN(0xae509af2, 0xd8b9cf34), - TOBN(0x4a61ee46, 0x577f44a1), TOBN(0xe09b748c, 0xb611deeb), - TOBN(0xc0481b2c, 0xf5f7b884), TOBN(0x35626678, 0x61acfa6b), - TOBN(0x37f4c518, 0xbf8d21e6), TOBN(0x22d96531, 0xb205a76d), - TOBN(0x37fb85e1, 0x954073c0), TOBN(0xbceafe4f, 0x65b3a567), - TOBN(0xefecdef7, 0xbe42a582), TOBN(0xd3fc6080, 0x65046be6), - TOBN(0xc9af13c8, 0x09e8dba9), TOBN(0x1e6c9847, 0x641491ff), - TOBN(0x3b574925, 0xd30c31f7), TOBN(0xb7eb72ba, 0xac2a2122), - TOBN(0x776a0dac, 0xef0859e7), TOBN(0x06fec314, 0x21900942), - TOBN(0x2464bc10, 0xf8c22049), TOBN(0x9bfbcce7, 0x875ebf69), - TOBN(0xd7a88e2a, 0x4336326b), TOBN(0xda05261c, 0x5bc2acfa), - TOBN(0xc29f5bdc, 0xeba7efc8), TOBN(0x471237ca, 0x25dbbf2e), - TOBN(0xa72773f2, 0x2975f127), TOBN(0xdc744e8e, 0x04d0b326), - TOBN(0x38a7ed16, 0xa56edb73), TOBN(0x64357e37, 0x2c007e70), - TOBN(0xa167d15b, 0x5080b400), TOBN(0x07b41164, 0x23de4be1), - TOBN(0xb2d91e32, 0x74c89883), TOBN(0x3c162821, 0x2882e7ed), - TOBN(0xad6b36ba, 0x7503e482), TOBN(0x48434e8e, 0x0ea34331), - TOBN(0x79f4f24f, 0x2c7ae0b9), TOBN(0xc46fbf81, 0x1939b44a), - TOBN(0x76fefae8, 0x56595eb1), TOBN(0x417b66ab, 0xcd5f29c7), - TOBN(0x5f2332b2, 0xc5ceec20), TOBN(0xd69661ff, 0xe1a1cae2), - TOBN(0x5ede7e52, 0x9b0286e6), TOBN(0x9d062529, 0xe276b993), - TOBN(0x324794b0, 0x7e50122b), TOBN(0xdd744f8b, 0x4af07ca5), - TOBN(0x30a12f08, 0xd63fc97b), TOBN(0x39650f1a, 0x76626d9d), - TOBN(0x101b47f7, 0x1fa38477), TOBN(0x3d815f19, 0xd4dc124f), - TOBN(0x1569ae95, 0xb26eb58a), TOBN(0xc3cde188, 0x95fb1887), - TOBN(0x54e9f37b, 0xf9539a48), TOBN(0xb0100e06, 0x7408c1a5), - TOBN(0x821d9811, 0xea580cbb), TOBN(0x8af52d35, 0x86e50c56), - TOBN(0xdfbd9d47, 0xdbbf698b), TOBN(0x2961a1ea, 0x03dc1c73), - TOBN(0x203d38f8, 0xe76a5df8), TOBN(0x08a53a68, 0x6def707a), - TOBN(0x26eefb48, 0x1bee45d4), TOBN(0xb3cee346, 0x3c688036), - TOBN(0x463c5315, 0xc42f2469), TOBN(0x19d84d2e, 0x81378162), - TOBN(0x22d7c3c5, 0x1c4d349f), TOBN(0x65965844, 0x163d59c5), - TOBN(0xcf198c56, 0xb8abceae), TOBN(0x6fb1fb1b, 0x628559d5), - TOBN(0x8bbffd06, 0x07bf8fe3), TOBN(0x46259c58, 0x3467734b), - TOBN(0xd8953cea, 0x35f7f0d3), TOBN(0x1f0bece2, 0xd65b0ff1), - TOBN(0xf7d5b4b3, 0xf3c72914), TOBN(0x29e8ea95, 0x3cb53389), - TOBN(0x4a365626, 0x836b6d46), TOBN(0xe849f910, 0xea174fde), - TOBN(0x7ec62fbb, 0xf4737f21), TOBN(0xd8dba5ab, 0x6209f5ac), - TOBN(0x24b5d7a9, 0xa5f9adbe), TOBN(0x707d28f7, 0xa61dc768), - TOBN(0x7711460b, 0xcaa999ea), TOBN(0xba7b174d, 0x1c92e4cc), - TOBN(0x3c4bab66, 0x18d4bf2d), TOBN(0xb8f0c980, 0xeb8bd279), - TOBN(0x024bea9a, 0x324b4737), TOBN(0xfba9e423, 0x32a83bca), - TOBN(0x6e635643, 0xa232dced), TOBN(0x99619367, 0x2571c8ba), - TOBN(0xe8c9f357, 0x54b7032b), TOBN(0xf936b3ba, 0x2442d54a), - TOBN(0x2263f0f0, 0x8290c65a), TOBN(0x48989780, 0xee2c7fdb), - TOBN(0xadc5d55a, 0x13d4f95e), TOBN(0x737cff85, 0xad9b8500), - TOBN(0x271c557b, 0x8a73f43d), TOBN(0xbed617a4, 0xe18bc476), - TOBN(0x66245401, 0x7dfd8ab2), TOBN(0xae7b89ae, 0x3a2870aa), - TOBN(0x1b555f53, 0x23a7e545), TOBN(0x6791e247, 0xbe057e4c), - TOBN(0x860136ad, 0x324fa34d), TOBN(0xea111447, 0x4cbeae28), - TOBN(0x023a4270, 0xbedd3299), TOBN(0x3d5c3a7f, 0xc1c35c34), - TOBN(0xb0f6db67, 0x8d0412d2), TOBN(0xd92625e2, 0xfcdc6b9a), - TOBN(0x92ae5ccc, 0x4e28a982), TOBN(0xea251c36, 0x47a3ce7e), - TOBN(0x9d658932, 0x790691bf), TOBN(0xed610589, 0x06b736ae), - TOBN(0x712c2f04, 0xc0d63b6e), TOBN(0x5cf06fd5, 0xc63d488f), - TOBN(0x97363fac, 0xd9588e41), TOBN(0x1f9bf762, 0x2b93257e), - TOBN(0xa9d1ffc4, 0x667acace), TOBN(0x1cf4a1aa, 0x0a061ecf), - TOBN(0x40e48a49, 0xdc1818d0), TOBN(0x0643ff39, 0xa3621ab0), - TOBN(0x5768640c, 0xe39ef639), TOBN(0x1fc099ea, 0x04d86854), - TOBN(0x9130b9c3, 0xeccd28fd), TOBN(0xd743cbd2, 0x7eec54ab), - TOBN(0x052b146f, 0xe5b475b6), TOBN(0x058d9a82, 0x900a7d1f), - TOBN(0x65e02292, 0x91262b72), TOBN(0x96f924f9, 0xbb0edf03), - TOBN(0x5cfa59c8, 0xfe206842), TOBN(0xf6037004, 0x5eafa720), - TOBN(0x5f30699e, 0x18d7dd96), TOBN(0x381e8782, 0xcbab2495), - TOBN(0x91669b46, 0xdd8be949), TOBN(0xb40606f5, 0x26aae8ef), - TOBN(0x2812b839, 0xfc6751a4), TOBN(0x16196214, 0xfba800ef), - TOBN(0x4398d5ca, 0x4c1a2875), TOBN(0x720c00ee, 0x653d8349), - TOBN(0xc2699eb0, 0xd820007c), TOBN(0x880ee660, 0xa39b5825), - TOBN(0x70694694, 0x471f6984), TOBN(0xf7d16ea8, 0xe3dda99a), - TOBN(0x28d675b2, 0xc0519a23), TOBN(0x9ebf94fe, 0x4f6952e3), - TOBN(0xf28bb767, 0xa2294a8a), TOBN(0x85512b4d, 0xfe0af3f5), - TOBN(0x18958ba8, 0x99b16a0d), TOBN(0x95c2430c, 0xba7548a7), - TOBN(0xb30d1b10, 0xa16be615), TOBN(0xe3ebbb97, 0x85bfb74c), - TOBN(0xa3273cfe, 0x18549fdb), TOBN(0xf6e200bf, 0x4fcdb792), - TOBN(0x54a76e18, 0x83aba56c), TOBN(0x73ec66f6, 0x89ef6aa2), - TOBN(0x8d17add7, 0xd1b9a305), TOBN(0xa959c5b9, 0xb7ae1b9d), - TOBN(0x88643522, 0x6bcc094a), TOBN(0xcc5616c4, 0xd7d429b9), - TOBN(0xa6dada01, 0xe6a33f7c), TOBN(0xc6217a07, 0x9d4e70ad), - TOBN(0xd619a818, 0x09c15b7c), TOBN(0xea06b329, 0x0e80c854), - TOBN(0x174811ce, 0xa5f5e7b9), TOBN(0x66dfc310, 0x787c65f4), - TOBN(0x4ea7bd69, 0x3316ab54), TOBN(0xc12c4acb, 0x1dcc0f70), - TOBN(0xe4308d1a, 0x1e407dd9), TOBN(0xe8a3587c, 0x91afa997), - TOBN(0xea296c12, 0xab77b7a5), TOBN(0xb5ad49e4, 0x673c0d52), - TOBN(0x40f9b2b2, 0x7006085a), TOBN(0xa88ff340, 0x87bf6ec2), - TOBN(0x978603b1, 0x4e3066a6), TOBN(0xb3f99fc2, 0xb5e486e2), - TOBN(0x07b53f5e, 0xb2e63645), TOBN(0xbe57e547, 0x84c84232), - TOBN(0xd779c216, 0x7214d5cf), TOBN(0x617969cd, 0x029a3aca), - TOBN(0xd17668cd, 0x8a7017a0), TOBN(0x77b4d19a, 0xbe9b7ee8), - TOBN(0x58fd0e93, 0x9c161776), TOBN(0xa8c4f4ef, 0xd5968a72), - TOBN(0x296071cc, 0x67b3de77), TOBN(0xae3c0b8e, 0x634f7905), - TOBN(0x67e440c2, 0x8a7100c9), TOBN(0xbb8c3c1b, 0xeb4b9b42), - TOBN(0x6d71e8ea, 0xc51b3583), TOBN(0x7591f5af, 0x9525e642), - TOBN(0xf73a2f7b, 0x13f509f3), TOBN(0x618487aa, 0x5619ac9b), - TOBN(0x3a72e5f7, 0x9d61718a), TOBN(0x00413bcc, 0x7592d28c), - TOBN(0x7d9b11d3, 0x963c35cf), TOBN(0x77623bcf, 0xb90a46ed), - TOBN(0xdeef273b, 0xdcdd2a50), TOBN(0x4a741f9b, 0x0601846e), - TOBN(0x33b89e51, 0x0ec6e929), TOBN(0xcb02319f, 0x8b7f22cd), - TOBN(0xbbe1500d, 0x084bae24), TOBN(0x2f0ae8d7, 0x343d2693), - TOBN(0xacffb5f2, 0x7cdef811), TOBN(0xaa0c030a, 0x263fb94f), - TOBN(0x6eef0d61, 0xa0f442de), TOBN(0xf92e1817, 0x27b139d3), - TOBN(0x1ae6deb7, 0x0ad8bc28), TOBN(0xa89e38dc, 0xc0514130), - TOBN(0x81eeb865, 0xd2fdca23), TOBN(0x5a15ee08, 0xcc8ef895), - TOBN(0x768fa10a, 0x01905614), TOBN(0xeff5b8ef, 0x880ee19b), - TOBN(0xf0c0cabb, 0xcb1c8a0e), TOBN(0x2e1ee9cd, 0xb8c838f9), - TOBN(0x0587d8b8, 0x8a4a14c0), TOBN(0xf6f27896, 0x2ff698e5), - TOBN(0xed38ef1c, 0x89ee6256), TOBN(0xf44ee1fe, 0x6b353b45), - TOBN(0x9115c0c7, 0x70e903b3), TOBN(0xc78ec0a1, 0x818f31df), - TOBN(0x6c003324, 0xb7dccbc6), TOBN(0xd96dd1f3, 0x163bbc25), - TOBN(0x33aa82dd, 0x5cedd805), TOBN(0x123aae4f, 0x7f7eb2f1), - TOBN(0x1723fcf5, 0xa26262cd), TOBN(0x1f7f4d5d, 0x0060ebd5), - TOBN(0xf19c5c01, 0xb2eaa3af), TOBN(0x2ccb9b14, 0x9790accf), - TOBN(0x1f9c1cad, 0x52324aa6), TOBN(0x63200526, 0x7247df54), - TOBN(0x5732fe42, 0xbac96f82), TOBN(0x52fe771f, 0x01a1c384), - TOBN(0x546ca13d, 0xb1001684), TOBN(0xb56b4eee, 0xa1709f75), - TOBN(0x266545a9, 0xd5db8672), TOBN(0xed971c90, 0x1e8f3cfb), - TOBN(0x4e7d8691, 0xe3a07b29), TOBN(0x7570d9ec, 0xe4b696b9), - TOBN(0xdc5fa067, 0x7bc7e9ae), TOBN(0x68b44caf, 0xc82c4844), - TOBN(0x519d34b3, 0xbf44da80), TOBN(0x283834f9, 0x5ab32e66), - TOBN(0x6e608797, 0x6278a000), TOBN(0x1e62960e, 0x627312f6), - TOBN(0x9b87b27b, 0xe6901c55), TOBN(0x80e78538, 0x24fdbc1f), - TOBN(0xbbbc0951, 0x2facc27d), TOBN(0x06394239, 0xac143b5a), - TOBN(0x35bb4a40, 0x376c1944), TOBN(0x7cb62694, 0x63da1511), - TOBN(0xafd29161, 0xb7148a3b), TOBN(0xa6f9d9ed, 0x4e2ea2ee), - TOBN(0x15dc2ca2, 0x880dd212), TOBN(0x903c3813, 0xa61139a9), - TOBN(0x2aa7b46d, 0x6c0f8785), TOBN(0x36ce2871, 0x901c60ff), - TOBN(0xc683b028, 0xe10d9c12), TOBN(0x7573baa2, 0x032f33d3), - TOBN(0x87a9b1f6, 0x67a31b58), TOBN(0xfd3ed11a, 0xf4ffae12), - TOBN(0x83dcaa9a, 0x0cb2748e), TOBN(0x8239f018, 0x5d6fdf16), - TOBN(0xba67b49c, 0x72753941), TOBN(0x2beec455, 0xc321cb36), - TOBN(0x88015606, 0x3f8b84ce), TOBN(0x76417083, 0x8d38c86f), - TOBN(0x054f1ca7, 0x598953dd), TOBN(0xc939e110, 0x4e8e7429), - TOBN(0x9b1ac2b3, 0x5a914f2f), TOBN(0x39e35ed3, 0xe74b8f9c), - TOBN(0xd0debdb2, 0x781b2fb0), TOBN(0x1585638f, 0x2d997ba2), - TOBN(0x9c4b646e, 0x9e2fce99), TOBN(0x68a21081, 0x1e80857f), - TOBN(0x06d54e44, 0x3643b52a), TOBN(0xde8d6d63, 0x0d8eb843), - TOBN(0x70321563, 0x42146a0a), TOBN(0x8ba826f2, 0x5eaa3622), - TOBN(0x227a58bd, 0x86138787), TOBN(0x43b6c03c, 0x10281d37), - TOBN(0x6326afbb, 0xb54dde39), TOBN(0x744e5e8a, 0xdb6f2d5f), - TOBN(0x48b2a99a, 0xcff158e1), TOBN(0xa93c8fa0, 0xef87918f), - TOBN(0x2182f956, 0xde058c5c), TOBN(0x216235d2, 0x936f9e7a), - TOBN(0xace0c0db, 0xd2e31e67), TOBN(0xc96449bf, 0xf23ac3e7), - TOBN(0x7e9a2874, 0x170693bd), TOBN(0xa28e14fd, 0xa45e6335), - TOBN(0x5757f6b3, 0x56427344), TOBN(0x822e4556, 0xacf8edf9), - TOBN(0x2b7a6ee2, 0xe6a285cd), TOBN(0x5866f211, 0xa9df3af0), - TOBN(0x40dde2dd, 0xf845b844), TOBN(0x986c3726, 0x110e5e49), - TOBN(0x73680c2a, 0xf7172277), TOBN(0x57b94f0f, 0x0cccb244), - TOBN(0xbdff7267, 0x2d438ca7), TOBN(0xbad1ce11, 0xcf4663fd), - TOBN(0x9813ed9d, 0xd8f71cae), TOBN(0xf43272a6, 0x961fdaa6), - TOBN(0xbeff0119, 0xbd6d1637), TOBN(0xfebc4f91, 0x30361978), - TOBN(0x02b37a95, 0x2f41deff), TOBN(0x0e44a59a, 0xe63b89b7), - TOBN(0x673257dc, 0x143ff951), TOBN(0x19c02205, 0xd752baf4), - TOBN(0x46c23069, 0xc4b7d692), TOBN(0x2e6392c3, 0xfd1502ac), - TOBN(0x6057b1a2, 0x1b220846), TOBN(0xe51ff946, 0x0c1b5b63)}, - {TOBN(0x6e85cb51, 0x566c5c43), TOBN(0xcff9c919, 0x3597f046), - TOBN(0x9354e90c, 0x4994d94a), TOBN(0xe0a39332, 0x2147927d), - TOBN(0x8427fac1, 0x0dc1eb2b), TOBN(0x88cfd8c2, 0x2ff319fa), - TOBN(0xe2d4e684, 0x01965274), TOBN(0xfa2e067d, 0x67aaa746), - TOBN(0xb6d92a7f, 0x3e5f9f11), TOBN(0x9afe153a, 0xd6cb3b8e), - TOBN(0x4d1a6dd7, 0xddf800bd), TOBN(0xf6c13cc0, 0xcaf17e19), - TOBN(0x15f6c58e, 0x325fc3ee), TOBN(0x71095400, 0xa31dc3b2), - TOBN(0x168e7c07, 0xafa3d3e7), TOBN(0x3f8417a1, 0x94c7ae2d), - TOBN(0xec234772, 0x813b230d), TOBN(0x634d0f5f, 0x17344427), - TOBN(0x11548ab1, 0xd77fc56a), TOBN(0x7fab1750, 0xce06af77), - TOBN(0xb62c10a7, 0x4f7c4f83), TOBN(0xa7d2edc4, 0x220a67d9), - TOBN(0x1c404170, 0x921209a0), TOBN(0x0b9815a0, 0xface59f0), - TOBN(0x2842589b, 0x319540c3), TOBN(0x18490f59, 0xa283d6f8), - TOBN(0xa2731f84, 0xdaae9fcb), TOBN(0x3db6d960, 0xc3683ba0), - TOBN(0xc85c63bb, 0x14611069), TOBN(0xb19436af, 0x0788bf05), - TOBN(0x905459df, 0x347460d2), TOBN(0x73f6e094, 0xe11a7db1), - TOBN(0xdc7f938e, 0xb6357f37), TOBN(0xc5d00f79, 0x2bd8aa62), - TOBN(0xc878dcb9, 0x2ca979fc), TOBN(0x37e83ed9, 0xeb023a99), - TOBN(0x6b23e273, 0x1560bf3d), TOBN(0x1086e459, 0x1d0fae61), - TOBN(0x78248316, 0x9a9414bd), TOBN(0x1b956bc0, 0xf0ea9ea1), - TOBN(0x7b85bb91, 0xc31b9c38), TOBN(0x0c5aa90b, 0x48ef57b5), - TOBN(0xdedeb169, 0xaf3bab6f), TOBN(0xe610ad73, 0x2d373685), - TOBN(0xf13870df, 0x02ba8e15), TOBN(0x0337edb6, 0x8ca7f771), - TOBN(0xe4acf747, 0xb62c036c), TOBN(0xd921d576, 0xb6b94e81), - TOBN(0xdbc86439, 0x2c422f7a), TOBN(0xfb635362, 0xed348898), - TOBN(0x83084668, 0xc45bfcd1), TOBN(0xc357c9e3, 0x2b315e11), - TOBN(0xb173b540, 0x5b2e5b8c), TOBN(0x7e946931, 0xe102b9a4), - TOBN(0x17c890eb, 0x7b0fb199), TOBN(0xec225a83, 0xd61b662b), - TOBN(0xf306a3c8, 0xee3c76cb), TOBN(0x3cf11623, 0xd32a1f6e), - TOBN(0xe6d5ab64, 0x6863e956), TOBN(0x3b8a4cbe, 0x5c005c26), - TOBN(0xdcd529a5, 0x9ce6bb27), TOBN(0xc4afaa52, 0x04d4b16f), - TOBN(0xb0624a26, 0x7923798d), TOBN(0x85e56df6, 0x6b307fab), - TOBN(0x0281893c, 0x2bf29698), TOBN(0x91fc19a4, 0xd7ce7603), - TOBN(0x75a5dca3, 0xad9a558f), TOBN(0x40ceb3fa, 0x4d50bf77), - TOBN(0x1baf6060, 0xbc9ba369), TOBN(0x927e1037, 0x597888c2), - TOBN(0xd936bf19, 0x86a34c07), TOBN(0xd4cf10c1, 0xc34ae980), - TOBN(0x3a3e5334, 0x859dd614), TOBN(0x9c475b5b, 0x18d0c8ee), - TOBN(0x63080d1f, 0x07cd51d5), TOBN(0xc9c0d0a6, 0xb88b4326), - TOBN(0x1ac98691, 0xc234296f), TOBN(0x2a0a83a4, 0x94887fb6), - TOBN(0x56511427, 0x0cea9cf2), TOBN(0x5230a6e8, 0xa24802f5), - TOBN(0xf7a2bf0f, 0x72e3d5c1), TOBN(0x37717446, 0x4f21439e), - TOBN(0xfedcbf25, 0x9ce30334), TOBN(0xe0030a78, 0x7ce202f9), - TOBN(0x6f2d9ebf, 0x1202e9ca), TOBN(0xe79dde6c, 0x75e6e591), - TOBN(0xf52072af, 0xf1dac4f8), TOBN(0x6c8d087e, 0xbb9b404d), - TOBN(0xad0fc73d, 0xbce913af), TOBN(0x909e587b, 0x458a07cb), - TOBN(0x1300da84, 0xd4f00c8a), TOBN(0x425cd048, 0xb54466ac), - TOBN(0xb59cb9be, 0x90e9d8bf), TOBN(0x991616db, 0x3e431b0e), - TOBN(0xd3aa117a, 0x531aecff), TOBN(0x91af92d3, 0x59f4dc3b), - TOBN(0x9b1ec292, 0xe93fda29), TOBN(0x76bb6c17, 0xe97d91bc), - TOBN(0x7509d95f, 0xaface1e6), TOBN(0x3653fe47, 0xbe855ae3), - TOBN(0x73180b28, 0x0f680e75), TOBN(0x75eefd1b, 0xeeb6c26c), - TOBN(0xa4cdf29f, 0xb66d4236), TOBN(0x2d70a997, 0x6b5821d8), - TOBN(0x7a3ee207, 0x20445c36), TOBN(0x71d1ac82, 0x59877174), - TOBN(0x0fc539f7, 0x949f73e9), TOBN(0xd05cf3d7, 0x982e3081), - TOBN(0x8758e20b, 0x7b1c7129), TOBN(0xffadcc20, 0x569e61f2), - TOBN(0xb05d3a2f, 0x59544c2d), TOBN(0xbe16f5c1, 0x9fff5e53), - TOBN(0x73cf65b8, 0xaad58135), TOBN(0x622c2119, 0x037aa5be), - TOBN(0x79373b3f, 0x646fd6a0), TOBN(0x0e029db5, 0x0d3978cf), - TOBN(0x8bdfc437, 0x94fba037), TOBN(0xaefbd687, 0x620797a6), - TOBN(0x3fa5382b, 0xbd30d38e), TOBN(0x7627cfbf, 0x585d7464), - TOBN(0xb2330fef, 0x4e4ca463), TOBN(0xbcef7287, 0x3566cc63), - TOBN(0xd161d2ca, 0xcf780900), TOBN(0x135dc539, 0x5b54827d), - TOBN(0x638f052e, 0x27bf1bc6), TOBN(0x10a224f0, 0x07dfa06c), - TOBN(0xe973586d, 0x6d3321da), TOBN(0x8b0c5738, 0x26152c8f), - TOBN(0x07ef4f2a, 0x34606074), TOBN(0x80fe7fe8, 0xa0f7047a), - TOBN(0x3d1a8152, 0xe1a0e306), TOBN(0x32cf43d8, 0x88da5222), - TOBN(0xbf89a95f, 0x5f02ffe6), TOBN(0x3d9eb9a4, 0x806ad3ea), - TOBN(0x012c17bb, 0x79c8e55e), TOBN(0xfdcd1a74, 0x99c81dac), - TOBN(0x7043178b, 0xb9556098), TOBN(0x4090a1df, 0x801c3886), - TOBN(0x759800ff, 0x9b67b912), TOBN(0x3e5c0304, 0x232620c8), - TOBN(0x4b9d3c4b, 0x70dceeca), TOBN(0xbb2d3c15, 0x181f648e), - TOBN(0xf981d837, 0x6e33345c), TOBN(0xb626289b, 0x0cf2297a), - TOBN(0x766ac659, 0x8baebdcf), TOBN(0x1a28ae09, 0x75df01e5), - TOBN(0xb71283da, 0x375876d8), TOBN(0x4865a96d, 0x607b9800), - TOBN(0x25dd1bcd, 0x237936b2), TOBN(0x332f4f4b, 0x60417494), - TOBN(0xd0923d68, 0x370a2147), TOBN(0x497f5dfb, 0xdc842203), - TOBN(0x9dc74cbd, 0x32be5e0f), TOBN(0x7475bcb7, 0x17a01375), - TOBN(0x438477c9, 0x50d872b1), TOBN(0xcec67879, 0xffe1d63d), - TOBN(0x9b006014, 0xd8578c70), TOBN(0xc9ad99a8, 0x78bb6b8b), - TOBN(0x6799008e, 0x11fb3806), TOBN(0xcfe81435, 0xcd44cab3), - TOBN(0xa2ee1582, 0x2f4fb344), TOBN(0xb8823450, 0x483fa6eb), - TOBN(0x622d323d, 0x652c7749), TOBN(0xd8474a98, 0xbeb0a15b), - TOBN(0xe43c154d, 0x5d1c00d0), TOBN(0x7fd581d9, 0x0e3e7aac), - TOBN(0x2b44c619, 0x2525ddf8), TOBN(0x67a033eb, 0xb8ae9739), - TOBN(0x113ffec1, 0x9ef2d2e4), TOBN(0x1bf6767e, 0xd5a0ea7f), - TOBN(0x57fff75e, 0x03714c0a), TOBN(0xa23c422e, 0x0a23e9ee), - TOBN(0xdd5f6b2d, 0x540f83af), TOBN(0xc2c2c27e, 0x55ea46a7), - TOBN(0xeb6b4246, 0x672a1208), TOBN(0xd13599f7, 0xae634f7a), - TOBN(0xcf914b5c, 0xd7b32c6e), TOBN(0x61a5a640, 0xeaf61814), - TOBN(0x8dc3df8b, 0x208a1bbb), TOBN(0xef627fd6, 0xb6d79aa5), - TOBN(0x44232ffc, 0xc4c86bc8), TOBN(0xe6f9231b, 0x061539fe), - TOBN(0x1d04f25a, 0x958b9533), TOBN(0x180cf934, 0x49e8c885), - TOBN(0x89689595, 0x9884aaf7), TOBN(0xb1959be3, 0x07b348a6), - TOBN(0x96250e57, 0x3c147c87), TOBN(0xae0efb3a, 0xdd0c61f8), - TOBN(0xed00745e, 0xca8c325e), TOBN(0x3c911696, 0xecff3f70), - TOBN(0x73acbc65, 0x319ad41d), TOBN(0x7b01a020, 0xf0b1c7ef), - TOBN(0xea32b293, 0x63a1483f), TOBN(0x89eabe71, 0x7a248f96), - TOBN(0x9c6231d3, 0x343157e5), TOBN(0x93a375e5, 0xdf3c546d), - TOBN(0xe76e9343, 0x6a2afe69), TOBN(0xc4f89100, 0xe166c88e), - TOBN(0x248efd0d, 0x4f872093), TOBN(0xae0eb3ea, 0x8fe0ea61), - TOBN(0xaf89790d, 0x9d79046e), TOBN(0x4d650f2d, 0x6cee0976), - TOBN(0xa3935d9a, 0x43071eca), TOBN(0x66fcd2c9, 0x283b0bfe), - TOBN(0x0e665eb5, 0x696605f1), TOBN(0xe77e5d07, 0xa54cd38d), - TOBN(0x90ee050a, 0x43d950cf), TOBN(0x86ddebda, 0xd32e69b5), - TOBN(0x6ad94a3d, 0xfddf7415), TOBN(0xf7fa1309, 0x3f6e8d5a), - TOBN(0xc4831d1d, 0xe9957f75), TOBN(0x7de28501, 0xd5817447), - TOBN(0x6f1d7078, 0x9e2aeb6b), TOBN(0xba2b9ff4, 0xf67a53c2), - TOBN(0x36963767, 0xdf9defc3), TOBN(0x479deed3, 0x0d38022c), - TOBN(0xd2edb89b, 0x3a8631e8), TOBN(0x8de855de, 0x7a213746), - TOBN(0xb2056cb7, 0xb00c5f11), TOBN(0xdeaefbd0, 0x2c9b85e4), - TOBN(0x03f39a8d, 0xd150892d), TOBN(0x37b84686, 0x218b7985), - TOBN(0x36296dd8, 0xb7375f1a), TOBN(0x472cd4b1, 0xb78e898e), - TOBN(0x15dff651, 0xe9f05de9), TOBN(0xd4045069, 0x2ce98ba9), - TOBN(0x8466a7ae, 0x9b38024c), TOBN(0xb910e700, 0xe5a6b5ef), - TOBN(0xae1c56ea, 0xb3aa8f0d), TOBN(0xbab2a507, 0x7eee74a6), - TOBN(0x0dca11e2, 0x4b4c4620), TOBN(0xfd896e2e, 0x4c47d1f4), - TOBN(0xeb45ae53, 0x308fbd93), TOBN(0x46cd5a2e, 0x02c36fda), - TOBN(0x6a3d4e90, 0xbaa48385), TOBN(0xdd55e62e, 0x9dbe9960), - TOBN(0xa1406aa0, 0x2a81ede7), TOBN(0x6860dd14, 0xf9274ea7), - TOBN(0xcfdcb0c2, 0x80414f86), TOBN(0xff410b10, 0x22f94327), - TOBN(0x5a33cc38, 0x49ad467b), TOBN(0xefb48b6c, 0x0a7335f1), - TOBN(0x14fb54a4, 0xb153a360), TOBN(0x604aa9d2, 0xb52469cc), - TOBN(0x5e9dc486, 0x754e48e9), TOBN(0x693cb455, 0x37471e8e), - TOBN(0xfb2fd7cd, 0x8d3b37b6), TOBN(0x63345e16, 0xcf09ff07), - TOBN(0x9910ba6b, 0x23a5d896), TOBN(0x1fe19e35, 0x7fe4364e), - TOBN(0x6e1da8c3, 0x9a33c677), TOBN(0x15b4488b, 0x29fd9fd0), - TOBN(0x1f439254, 0x1a1f22bf), TOBN(0x920a8a70, 0xab8163e8), - TOBN(0x3fd1b249, 0x07e5658e), TOBN(0xf2c4f79c, 0xb6ec839b), - TOBN(0x1abbc3d0, 0x4aa38d1b), TOBN(0x3b0db35c, 0xb5d9510e), - TOBN(0x1754ac78, 0x3e60dec0), TOBN(0x53272fd7, 0xea099b33), - TOBN(0x5fb0494f, 0x07a8e107), TOBN(0x4a89e137, 0x6a8191fa), - TOBN(0xa113b7f6, 0x3c4ad544), TOBN(0x88a2e909, 0x6cb9897b), - TOBN(0x17d55de3, 0xb44a3f84), TOBN(0xacb2f344, 0x17c6c690), - TOBN(0x32088168, 0x10232390), TOBN(0xf2e8a61f, 0x6c733bf7), - TOBN(0xa774aab6, 0x9c2d7652), TOBN(0xfb5307e3, 0xed95c5bc), - TOBN(0xa05c73c2, 0x4981f110), TOBN(0x1baae31c, 0xa39458c9), - TOBN(0x1def185b, 0xcbea62e7), TOBN(0xe8ac9eae, 0xeaf63059), - TOBN(0x098a8cfd, 0x9921851c), TOBN(0xd959c3f1, 0x3abe2f5b), - TOBN(0xa4f19525, 0x20e40ae5), TOBN(0x320789e3, 0x07a24aa1), - TOBN(0x259e6927, 0x7392b2bc), TOBN(0x58f6c667, 0x1918668b), - TOBN(0xce1db2bb, 0xc55d2d8b), TOBN(0x41d58bb7, 0xf4f6ca56), - TOBN(0x7650b680, 0x8f877614), TOBN(0x905e16ba, 0xf4c349ed), - TOBN(0xed415140, 0xf661acac), TOBN(0x3b8784f0, 0xcb2270af), - TOBN(0x3bc280ac, 0x8a402cba), TOBN(0xd53f7146, 0x0937921a), - TOBN(0xc03c8ee5, 0xe5681e83), TOBN(0x62126105, 0xf6ac9e4a), - TOBN(0x9503a53f, 0x936b1a38), TOBN(0x3d45e2d4, 0x782fecbd), - TOBN(0x69a5c439, 0x76e8ae98), TOBN(0xb53b2eeb, 0xbfb4b00e), - TOBN(0xf1674712, 0x72386c89), TOBN(0x30ca34a2, 0x4268bce4), - TOBN(0x7f1ed86c, 0x78341730), TOBN(0x8ef5beb8, 0xb525e248), - TOBN(0xbbc489fd, 0xb74fbf38), TOBN(0x38a92a0e, 0x91a0b382), - TOBN(0x7a77ba3f, 0x22433ccf), TOBN(0xde8362d6, 0xa29f05a9), - TOBN(0x7f6a30ea, 0x61189afc), TOBN(0x693b5505, 0x59ef114f), - TOBN(0x50266bc0, 0xcd1797a1), TOBN(0xea17b47e, 0xf4b7af2d), - TOBN(0xd6c4025c, 0x3df9483e), TOBN(0x8cbb9d9f, 0xa37b18c9), - TOBN(0x91cbfd9c, 0x4d8424cf), TOBN(0xdb7048f1, 0xab1c3506), - TOBN(0x9eaf641f, 0x028206a3), TOBN(0xf986f3f9, 0x25bdf6ce), - TOBN(0x262143b5, 0x224c08dc), TOBN(0x2bbb09b4, 0x81b50c91), - TOBN(0xc16ed709, 0xaca8c84f), TOBN(0xa6210d9d, 0xb2850ca8), - TOBN(0x6d8df67a, 0x09cb54d6), TOBN(0x91eef6e0, 0x500919a4), - TOBN(0x90f61381, 0x0f132857), TOBN(0x9acede47, 0xf8d5028b), - TOBN(0x844d1b71, 0x90b771c3), TOBN(0x563b71e4, 0xba6426be), - TOBN(0x2efa2e83, 0xbdb802ff), TOBN(0x3410cbab, 0xab5b4a41), - TOBN(0x555b2d26, 0x30da84dd), TOBN(0xd0711ae9, 0xee1cc29a), - TOBN(0xcf3e8c60, 0x2f547792), TOBN(0x03d7d5de, 0xdc678b35), - TOBN(0x071a2fa8, 0xced806b8), TOBN(0x222e6134, 0x697f1478), - TOBN(0xdc16fd5d, 0xabfcdbbf), TOBN(0x44912ebf, 0x121b53b8), - TOBN(0xac943674, 0x2496c27c), TOBN(0x8ea3176c, 0x1ffc26b0), - TOBN(0xb6e224ac, 0x13debf2c), TOBN(0x524cc235, 0xf372a832), - TOBN(0xd706e1d8, 0x9f6f1b18), TOBN(0x2552f005, 0x44cce35b), - TOBN(0x8c8326c2, 0xa88e31fc), TOBN(0xb5468b2c, 0xf9552047), - TOBN(0xce683e88, 0x3ff90f2b), TOBN(0x77947bdf, 0x2f0a5423), - TOBN(0xd0a1b28b, 0xed56e328), TOBN(0xaee35253, 0xc20134ac), - TOBN(0x7e98367d, 0x3567962f), TOBN(0x379ed61f, 0x8188bffb), - TOBN(0x73bba348, 0xfaf130a1), TOBN(0x6c1f75e1, 0x904ed734), - TOBN(0x18956642, 0x3b4a79fc), TOBN(0xf20bc83d, 0x54ef4493), - TOBN(0x836d425d, 0x9111eca1), TOBN(0xe5b5c318, 0x009a8dcf), - TOBN(0x3360b25d, 0x13221bc5), TOBN(0x707baad2, 0x6b3eeaf7), - TOBN(0xd7279ed8, 0x743a95a1), TOBN(0x7450a875, 0x969e809f), - TOBN(0x32b6bd53, 0xe5d0338f), TOBN(0x1e77f7af, 0x2b883bbc), - TOBN(0x90da12cc, 0x1063ecd0), TOBN(0xe2697b58, 0xc315be47), - TOBN(0x2771a5bd, 0xda85d534), TOBN(0x53e78c1f, 0xff980eea), - TOBN(0xadf1cf84, 0x900385e7), TOBN(0x7d3b14f6, 0xc9387b62), - TOBN(0x170e74b0, 0xcb8f2bd2), TOBN(0x2d50b486, 0x827fa993), - TOBN(0xcdbe8c9a, 0xf6f32bab), TOBN(0x55e906b0, 0xc3b93ab8), - TOBN(0x747f22fc, 0x8fe280d1), TOBN(0xcd8e0de5, 0xb2e114ab), - TOBN(0x5ab7dbeb, 0xe10b68b0), TOBN(0x9dc63a9c, 0xa480d4b2), - TOBN(0x78d4bc3b, 0x4be1495f), TOBN(0x25eb3db8, 0x9359122d), - TOBN(0x3f8ac05b, 0x0809cbdc), TOBN(0xbf4187bb, 0xd37c702f), - TOBN(0x84cea069, 0x1416a6a5), TOBN(0x8f860c79, 0x43ef881c), - TOBN(0x41311f8a, 0x38038a5d), TOBN(0xe78c2ec0, 0xfc612067), - TOBN(0x494d2e81, 0x5ad73581), TOBN(0xb4cc9e00, 0x59604097), - TOBN(0xff558aec, 0xf3612cba), TOBN(0x35beef7a, 0x9e36c39e), - TOBN(0x1845c7cf, 0xdbcf41b9), TOBN(0x5703662a, 0xaea997c0), - TOBN(0x8b925afe, 0xe402f6d8), TOBN(0xd0a1b1ae, 0x4dd72162), - TOBN(0x9f47b375, 0x03c41c4b), TOBN(0xa023829b, 0x0391d042), - TOBN(0x5f5045c3, 0x503b8b0a), TOBN(0x123c2688, 0x98c010e5), - TOBN(0x324ec0cc, 0x36ba06ee), TOBN(0xface3115, 0x3dd2cc0c), - TOBN(0xb364f3be, 0xf333e91f), TOBN(0xef8aff73, 0x28e832b0), - TOBN(0x1e9bad04, 0x2d05841b), TOBN(0x42f0e3df, 0x356a21e2), - TOBN(0xa3270bcb, 0x4add627e), TOBN(0xb09a8158, 0xd322e711), - TOBN(0x86e326a1, 0x0fee104a), TOBN(0xad7788f8, 0x3703f65d), - TOBN(0x7e765430, 0x47bc4833), TOBN(0x6cee582b, 0x2b9b893a), - TOBN(0x9cd2a167, 0xe8f55a7b), TOBN(0xefbee3c6, 0xd9e4190d), - TOBN(0x33ee7185, 0xd40c2e9d), TOBN(0x844cc9c5, 0xa380b548), - TOBN(0x323f8ecd, 0x66926e04), TOBN(0x0001e38f, 0x8110c1ba), - TOBN(0x8dbcac12, 0xfc6a7f07), TOBN(0xd65e1d58, 0x0cec0827), - TOBN(0xd2cd4141, 0xbe76ca2d), TOBN(0x7895cf5c, 0xe892f33a), - TOBN(0x956d230d, 0x367139d2), TOBN(0xa91abd3e, 0xd012c4c1), - TOBN(0x34fa4883, 0x87eb36bf), TOBN(0xc5f07102, 0x914b8fb4), - TOBN(0x90f0e579, 0xadb9c95f), TOBN(0xfe6ea8cb, 0x28888195), - TOBN(0x7b9b5065, 0xedfa9284), TOBN(0x6c510bd2, 0x2b8c8d65), - TOBN(0xd7b8ebef, 0xcbe8aafd), TOBN(0xedb3af98, 0x96b1da07), - TOBN(0x28ff779d, 0x6295d426), TOBN(0x0c4f6ac7, 0x3fa3ad7b), - TOBN(0xec44d054, 0x8b8e2604), TOBN(0x9b32a66d, 0x8b0050e1), - TOBN(0x1f943366, 0xf0476ce2), TOBN(0x7554d953, 0xa602c7b4), - TOBN(0xbe35aca6, 0x524f2809), TOBN(0xb6881229, 0xfd4edbea), - TOBN(0xe8cd0c8f, 0x508efb63), TOBN(0x9eb5b5c8, 0x6abcefc7), - TOBN(0xf5621f5f, 0xb441ab4f), TOBN(0x79e6c046, 0xb76a2b22), - TOBN(0x74a4792c, 0xe37a1f69), TOBN(0xcbd252cb, 0x03542b60), - TOBN(0x785f65d5, 0xb3c20bd3), TOBN(0x8dea6143, 0x4fabc60c), - TOBN(0x45e21446, 0xde673629), TOBN(0x57f7aa1e, 0x703c2d21), - TOBN(0xa0e99b7f, 0x98c868c7), TOBN(0x4e42f66d, 0x8b641676), - TOBN(0x602884dc, 0x91077896), TOBN(0xa0d690cf, 0xc2c9885b), - TOBN(0xfeb4da33, 0x3b9a5187), TOBN(0x5f789598, 0x153c87ee), - TOBN(0x2192dd47, 0x52b16dba), TOBN(0xdeefc0e6, 0x3524c1b1), - TOBN(0x465ea76e, 0xe4383693), TOBN(0x79401711, 0x361b8d98), - TOBN(0xa5f9ace9, 0xf21a15cb), TOBN(0x73d26163, 0xefee9aeb), - TOBN(0xcca844b3, 0xe677016c), TOBN(0x6c122b07, 0x57eaee06), - TOBN(0xb782dce7, 0x15f09690), TOBN(0x508b9b12, 0x2dfc0fc9), - TOBN(0x9015ab4b, 0x65d89fc6), TOBN(0x5e79dab7, 0xd6d5bb0f), - TOBN(0x64f021f0, 0x6c775aa2), TOBN(0xdf09d8cc, 0x37c7eca1), - TOBN(0x9a761367, 0xef2fa506), TOBN(0xed4ca476, 0x5b81eec6), - TOBN(0x262ede36, 0x10bbb8b5), TOBN(0x0737ce83, 0x0641ada3), - TOBN(0x4c94288a, 0xe9831ccc), TOBN(0x487fc1ce, 0x8065e635), - TOBN(0xb13d7ab3, 0xb8bb3659), TOBN(0xdea5df3e, 0x855e4120), - TOBN(0xb9a18573, 0x85eb0244), TOBN(0x1a1b8ea3, 0xa7cfe0a3), - TOBN(0x3b837119, 0x67b0867c), TOBN(0x8d5e0d08, 0x9d364520), - TOBN(0x52dccc1e, 0xd930f0e3), TOBN(0xefbbcec7, 0xbf20bbaf), - TOBN(0x99cffcab, 0x0263ad10), TOBN(0xd8199e6d, 0xfcd18f8a), - TOBN(0x64e2773f, 0xe9f10617), TOBN(0x0079e8e1, 0x08704848), - TOBN(0x1169989f, 0x8a342283), TOBN(0x8097799c, 0xa83012e6), - TOBN(0xece966cb, 0x8a6a9001), TOBN(0x93b3afef, 0x072ac7fc), - TOBN(0xe6893a2a, 0x2db3d5ba), TOBN(0x263dc462, 0x89bf4fdc), - TOBN(0x8852dfc9, 0xe0396673), TOBN(0x7ac70895, 0x3af362b6), - TOBN(0xbb9cce4d, 0x5c2f342b), TOBN(0xbf80907a, 0xb52d7aae), - TOBN(0x97f3d3cd, 0x2161bcd0), TOBN(0xb25b0834, 0x0962744d), - TOBN(0xc5b18ea5, 0x6c3a1dda), TOBN(0xfe4ec7eb, 0x06c92317), - TOBN(0xb787b890, 0xad1c4afe), TOBN(0xdccd9a92, 0x0ede801a), - TOBN(0x9ac6ddda, 0xdb58da1f), TOBN(0x22bbc12f, 0xb8cae6ee), - TOBN(0xc6f8bced, 0x815c4a43), TOBN(0x8105a92c, 0xf96480c7), - TOBN(0x0dc3dbf3, 0x7a859d51), TOBN(0xe3ec7ce6, 0x3041196b), - TOBN(0xd9f64b25, 0x0d1067c9), TOBN(0xf2321321, 0x3d1f8dd8), - TOBN(0x8b5c619c, 0x76497ee8), TOBN(0x5d2b0ac6, 0xc717370e), - TOBN(0x98204cb6, 0x4fcf68e1), TOBN(0x0bdec211, 0x62bc6792), - TOBN(0x6973ccef, 0xa63b1011), TOBN(0xf9e3fa97, 0xe0de1ac5), - TOBN(0x5efb693e, 0x3d0e0c8b), TOBN(0x037248e9, 0xd2d4fcb4)}, - {TOBN(0x80802dc9, 0x1ec34f9e), TOBN(0xd8772d35, 0x33810603), - TOBN(0x3f06d66c, 0x530cb4f3), TOBN(0x7be5ed0d, 0xc475c129), - TOBN(0xcb9e3c19, 0x31e82b10), TOBN(0xc63d2857, 0xc9ff6b4c), - TOBN(0xb92118c6, 0x92a1b45e), TOBN(0x0aec4414, 0x7285bbca), - TOBN(0xfc189ae7, 0x1e29a3ef), TOBN(0xcbe906f0, 0x4c93302e), - TOBN(0xd0107914, 0xceaae10e), TOBN(0xb7a23f34, 0xb68e19f8), - TOBN(0xe9d875c2, 0xefd2119d), TOBN(0x03198c6e, 0xfcadc9c8), - TOBN(0x65591bf6, 0x4da17113), TOBN(0x3cf0bbf8, 0x3d443038), - TOBN(0xae485bb7, 0x2b724759), TOBN(0x945353e1, 0xb2d4c63a), - TOBN(0x82159d07, 0xde7d6f2c), TOBN(0x389caef3, 0x4ec5b109), - TOBN(0x4a8ebb53, 0xdb65ef14), TOBN(0x2dc2cb7e, 0xdd99de43), - TOBN(0x816fa3ed, 0x83f2405f), TOBN(0x73429bb9, 0xc14208a3), - TOBN(0xb618d590, 0xb01e6e27), TOBN(0x047e2ccd, 0xe180b2dc), - TOBN(0xd1b299b5, 0x04aea4a9), TOBN(0x412c9e1e, 0x9fa403a4), - TOBN(0x88d28a36, 0x79407552), TOBN(0x49c50136, 0xf332b8e3), - TOBN(0x3a1b6fcc, 0xe668de19), TOBN(0x178851bc, 0x75122b97), - TOBN(0xb1e13752, 0xfb85fa4c), TOBN(0xd61257ce, 0x383c8ce9), - TOBN(0xd43da670, 0xd2f74dae), TOBN(0xa35aa23f, 0xbf846bbb), - TOBN(0x5e74235d, 0x4421fc83), TOBN(0xf6df8ee0, 0xc363473b), - TOBN(0x34d7f52a, 0x3c4aa158), TOBN(0x50d05aab, 0x9bc6d22e), - TOBN(0x8c56e735, 0xa64785f4), TOBN(0xbc56637b, 0x5f29cd07), - TOBN(0x53b2bb80, 0x3ee35067), TOBN(0x50235a0f, 0xdc919270), - TOBN(0x191ab6d8, 0xf2c4aa65), TOBN(0xc3475831, 0x8396023b), - TOBN(0x80400ba5, 0xf0f805ba), TOBN(0x8881065b, 0x5ec0f80f), - TOBN(0xc370e522, 0xcc1b5e83), TOBN(0xde2d4ad1, 0x860b8bfb), - TOBN(0xad364df0, 0x67b256df), TOBN(0x8f12502e, 0xe0138997), - TOBN(0x503fa0dc, 0x7783920a), TOBN(0xe80014ad, 0xc0bc866a), - TOBN(0x3f89b744, 0xd3064ba6), TOBN(0x03511dcd, 0xcba5dba5), - TOBN(0x197dd46d, 0x95a7b1a2), TOBN(0x9c4e7ad6, 0x3c6341fb), - TOBN(0x426eca29, 0x484c2ece), TOBN(0x9211e489, 0xde7f4f8a), - TOBN(0x14997f6e, 0xc78ef1f4), TOBN(0x2b2c0910, 0x06574586), - TOBN(0x17286a6e, 0x1c3eede8), TOBN(0x25f92e47, 0x0f60e018), - TOBN(0x805c5646, 0x31890a36), TOBN(0x703ef600, 0x57feea5b), - TOBN(0x389f747c, 0xaf3c3030), TOBN(0xe0e5daeb, 0x54dd3739), - TOBN(0xfe24a4c3, 0xc9c9f155), TOBN(0x7e4bf176, 0xb5393962), - TOBN(0x37183de2, 0xaf20bf29), TOBN(0x4a1bd7b5, 0xf95a8c3b), - TOBN(0xa83b9699, 0x46191d3d), TOBN(0x281fc8dd, 0x7b87f257), - TOBN(0xb18e2c13, 0x54107588), TOBN(0x6372def7, 0x9b2bafe8), - TOBN(0xdaf4bb48, 0x0d8972ca), TOBN(0x3f2dd4b7, 0x56167a3f), - TOBN(0x1eace32d, 0x84310cf4), TOBN(0xe3bcefaf, 0xe42700aa), - TOBN(0x5fe5691e, 0xd785e73d), TOBN(0xa5db5ab6, 0x2ea60467), - TOBN(0x02e23d41, 0xdfc6514a), TOBN(0x35e8048e, 0xe03c3665), - TOBN(0x3f8b118f, 0x1adaa0f8), TOBN(0x28ec3b45, 0x84ce1a5a), - TOBN(0xe8cacc6e, 0x2c6646b8), TOBN(0x1343d185, 0xdbd0e40f), - TOBN(0xe5d7f844, 0xcaaa358c), TOBN(0x1a1db7e4, 0x9924182a), - TOBN(0xd64cd42d, 0x9c875d9a), TOBN(0xb37b515f, 0x042eeec8), - TOBN(0x4d4dd409, 0x7b165fbe), TOBN(0xfc322ed9, 0xe206eff3), - TOBN(0x7dee4102, 0x59b7e17e), TOBN(0x55a481c0, 0x8236ca00), - TOBN(0x8c885312, 0xc23fc975), TOBN(0x15715806, 0x05d6297b), - TOBN(0xa078868e, 0xf78edd39), TOBN(0x956b31e0, 0x03c45e52), - TOBN(0x470275d5, 0xff7b33a6), TOBN(0xc8d5dc3a, 0x0c7e673f), - TOBN(0x419227b4, 0x7e2f2598), TOBN(0x8b37b634, 0x4c14a975), - TOBN(0xd0667ed6, 0x8b11888c), TOBN(0x5e0e8c3e, 0x803e25dc), - TOBN(0x34e5d0dc, 0xb987a24a), TOBN(0x9f40ac3b, 0xae920323), - TOBN(0x5463de95, 0x34e0f63a), TOBN(0xa128bf92, 0x6b6328f9), - TOBN(0x491ccd7c, 0xda64f1b7), TOBN(0x7ef1ec27, 0xc47bde35), - TOBN(0xa857240f, 0xa36a2737), TOBN(0x35dc1366, 0x63621bc1), - TOBN(0x7a3a6453, 0xd4fb6897), TOBN(0x80f1a439, 0xc929319d), - TOBN(0xfc18274b, 0xf8cb0ba0), TOBN(0xb0b53766, 0x8078c5eb), - TOBN(0xfb0d4924, 0x1e01d0ef), TOBN(0x50d7c67d, 0x372ab09c), - TOBN(0xb4e370af, 0x3aeac968), TOBN(0xe4f7fee9, 0xc4b63266), - TOBN(0xb4acd4c2, 0xe3ac5664), TOBN(0xf8910bd2, 0xceb38cbf), - TOBN(0x1c3ae50c, 0xc9c0726e), TOBN(0x15309569, 0xd97b40bf), - TOBN(0x70884b7f, 0xfd5a5a1b), TOBN(0x3890896a, 0xef8314cd), - TOBN(0x58e1515c, 0xa5618c93), TOBN(0xe665432b, 0x77d942d1), - TOBN(0xb32181bf, 0xb6f767a8), TOBN(0x753794e8, 0x3a604110), - TOBN(0x09afeb7c, 0xe8c0dbcc), TOBN(0x31e02613, 0x598673a3), - TOBN(0x5d98e557, 0x7d46db00), TOBN(0xfc21fb8c, 0x9d985b28), - TOBN(0xc9040116, 0xb0843e0b), TOBN(0x53b1b3a8, 0x69b04531), - TOBN(0xdd1649f0, 0x85d7d830), TOBN(0xbb3bcc87, 0xcb7427e8), - TOBN(0x77261100, 0xc93dce83), TOBN(0x7e79da61, 0xa1922a2a), - TOBN(0x587a2b02, 0xf3149ce8), TOBN(0x147e1384, 0xde92ec83), - TOBN(0x484c83d3, 0xaf077f30), TOBN(0xea78f844, 0x0658b53a), - TOBN(0x912076c2, 0x027aec53), TOBN(0xf34714e3, 0x93c8177d), - TOBN(0x37ef5d15, 0xc2376c84), TOBN(0x8315b659, 0x3d1aa783), - TOBN(0x3a75c484, 0xef852a90), TOBN(0x0ba0c58a, 0x16086bd4), - TOBN(0x29688d7a, 0x529a6d48), TOBN(0x9c7f250d, 0xc2f19203), - TOBN(0x123042fb, 0x682e2df9), TOBN(0x2b7587e7, 0xad8121bc), - TOBN(0x30fc0233, 0xe0182a65), TOBN(0xb82ecf87, 0xe3e1128a), - TOBN(0x71682861, 0x93fb098f), TOBN(0x043e21ae, 0x85e9e6a7), - TOBN(0xab5b49d6, 0x66c834ea), TOBN(0x3be43e18, 0x47414287), - TOBN(0xf40fb859, 0x219a2a47), TOBN(0x0e6559e9, 0xcc58df3c), - TOBN(0xfe1dfe8e, 0x0c6615b4), TOBN(0x14abc8fd, 0x56459d70), - TOBN(0x7be0fa8e, 0x05de0386), TOBN(0x8e63ef68, 0xe9035c7c), - TOBN(0x116401b4, 0x53b31e91), TOBN(0x0cba7ad4, 0x4436b4d8), - TOBN(0x9151f9a0, 0x107afd66), TOBN(0xafaca8d0, 0x1f0ee4c4), - TOBN(0x75fe5c1d, 0x9ee9761c), TOBN(0x3497a16b, 0xf0c0588f), - TOBN(0x3ee2bebd, 0x0304804c), TOBN(0xa8fb9a60, 0xc2c990b9), - TOBN(0xd14d32fe, 0x39251114), TOBN(0x36bf25bc, 0xcac73366), - TOBN(0xc9562c66, 0xdba7495c), TOBN(0x324d301b, 0x46ad348b), - TOBN(0x9f46620c, 0xd670407e), TOBN(0x0ea8d4f1, 0xe3733a01), - TOBN(0xd396d532, 0xb0c324e0), TOBN(0x5b211a0e, 0x03c317cd), - TOBN(0x090d7d20, 0x5ffe7b37), TOBN(0x3b7f3efb, 0x1747d2da), - TOBN(0xa2cb525f, 0xb54fc519), TOBN(0x6e220932, 0xf66a971e), - TOBN(0xddc160df, 0xb486d440), TOBN(0x7fcfec46, 0x3fe13465), - TOBN(0x83da7e4e, 0x76e4c151), TOBN(0xd6fa48a1, 0xd8d302b5), - TOBN(0xc6304f26, 0x5872cd88), TOBN(0x806c1d3c, 0x278b90a1), - TOBN(0x3553e725, 0xcaf0bc1c), TOBN(0xff59e603, 0xbb9d8d5c), - TOBN(0xa4550f32, 0x7a0b85dd), TOBN(0xdec5720a, 0x93ecc217), - TOBN(0x0b88b741, 0x69d62213), TOBN(0x7212f245, 0x5b365955), - TOBN(0x20764111, 0xb5cae787), TOBN(0x13cb7f58, 0x1dfd3124), - TOBN(0x2dca77da, 0x1175aefb), TOBN(0xeb75466b, 0xffaae775), - TOBN(0x74d76f3b, 0xdb6cff32), TOBN(0x7440f37a, 0x61fcda9a), - TOBN(0x1bb3ac92, 0xb525028b), TOBN(0x20fbf8f7, 0xa1975f29), - TOBN(0x982692e1, 0xdf83097f), TOBN(0x28738f6c, 0x554b0800), - TOBN(0xdc703717, 0xa2ce2f2f), TOBN(0x7913b93c, 0x40814194), - TOBN(0x04924593, 0x1fe89636), TOBN(0x7b98443f, 0xf78834a6), - TOBN(0x11c6ab01, 0x5114a5a1), TOBN(0x60deb383, 0xffba5f4c), - TOBN(0x4caa54c6, 0x01a982e6), TOBN(0x1dd35e11, 0x3491cd26), - TOBN(0x973c315f, 0x7cbd6b05), TOBN(0xcab00775, 0x52494724), - TOBN(0x04659b1f, 0x6565e15a), TOBN(0xbf30f529, 0x8c8fb026), - TOBN(0xfc21641b, 0xa8a0de37), TOBN(0xe9c7a366, 0xfa5e5114), - TOBN(0xdb849ca5, 0x52f03ad8), TOBN(0xc7e8dbe9, 0x024e35c0), - TOBN(0xa1a2bbac, 0xcfc3c789), TOBN(0xbf733e7d, 0x9c26f262), - TOBN(0x882ffbf5, 0xb8444823), TOBN(0xb7224e88, 0x6bf8483b), - TOBN(0x53023b8b, 0x65bef640), TOBN(0xaabfec91, 0xd4d5f8cd), - TOBN(0xa40e1510, 0x079ea1bd), TOBN(0x1ad9addc, 0xd05d5d26), - TOBN(0xdb3f2eab, 0x13e68d4f), TOBN(0x1cff1ae2, 0x640f803f), - TOBN(0xe0e7b749, 0xd4cee117), TOBN(0x8e9f275b, 0x4036d909), - TOBN(0xce34e31d, 0x8f4d4c38), TOBN(0x22b37f69, 0xd75130fc), - TOBN(0x83e0f1fd, 0xb4014604), TOBN(0xa8ce9919, 0x89415078), - TOBN(0x82375b75, 0x41792efe), TOBN(0x4f59bf5c, 0x97d4515b), - TOBN(0xac4f324f, 0x923a277d), TOBN(0xd9bc9b7d, 0x650f3406), - TOBN(0xc6fa87d1, 0x8a39bc51), TOBN(0x82588530, 0x5ccc108f), - TOBN(0x5ced3c9f, 0x82e4c634), TOBN(0x8efb8314, 0x3a4464f8), - TOBN(0xe706381b, 0x7a1dca25), TOBN(0x6cd15a3c, 0x5a2a412b), - TOBN(0x9347a8fd, 0xbfcd8fb5), TOBN(0x31db2eef, 0x6e54cd22), - TOBN(0xc4aeb11e, 0xf8d8932f), TOBN(0x11e7c1ed, 0x344411af), - TOBN(0x2653050c, 0xdc9a151e), TOBN(0x9edbfc08, 0x3bb0a859), - TOBN(0x926c81c7, 0xfd5691e7), TOBN(0x9c1b2342, 0x6f39019a), - TOBN(0x64a81c8b, 0x7f8474b9), TOBN(0x90657c07, 0x01761819), - TOBN(0x390b3331, 0x55e0375a), TOBN(0xc676c626, 0xb6ebc47d), - TOBN(0x51623247, 0xb7d6dee8), TOBN(0x0948d927, 0x79659313), - TOBN(0x99700161, 0xe9ab35ed), TOBN(0x06cc32b4, 0x8ddde408), - TOBN(0x6f2fd664, 0x061ef338), TOBN(0x1606fa02, 0xc202e9ed), - TOBN(0x55388bc1, 0x929ba99b), TOBN(0xc4428c5e, 0x1e81df69), - TOBN(0xce2028ae, 0xf91b0b2a), TOBN(0xce870a23, 0xf03dfd3f), - TOBN(0x66ec2c87, 0x0affe8ed), TOBN(0xb205fb46, 0x284d0c00), - TOBN(0xbf5dffe7, 0x44cefa48), TOBN(0xb6fc37a8, 0xa19876d7), - TOBN(0xbecfa84c, 0x08b72863), TOBN(0xd7205ff5, 0x2576374f), - TOBN(0x80330d32, 0x8887de41), TOBN(0x5de0df0c, 0x869ea534), - TOBN(0x13f42753, 0x3c56ea17), TOBN(0xeb1f6069, 0x452b1a78), - TOBN(0x50474396, 0xe30ea15c), TOBN(0x575816a1, 0xc1494125), - TOBN(0xbe1ce55b, 0xfe6bb38f), TOBN(0xb901a948, 0x96ae30f7), - TOBN(0xe5af0f08, 0xd8fc3548), TOBN(0x5010b5d0, 0xd73bfd08), - TOBN(0x993d2880, 0x53fe655a), TOBN(0x99f2630b, 0x1c1309fd), - TOBN(0xd8677baf, 0xb4e3b76f), TOBN(0x14e51ddc, 0xb840784b), - TOBN(0x326c750c, 0xbf0092ce), TOBN(0xc83d306b, 0xf528320f), - TOBN(0xc4456715, 0x77d4715c), TOBN(0xd30019f9, 0x6b703235), - TOBN(0x207ccb2e, 0xd669e986), TOBN(0x57c824af, 0xf6dbfc28), - TOBN(0xf0eb532f, 0xd8f92a23), TOBN(0x4a557fd4, 0x9bb98fd2), - TOBN(0xa57acea7, 0xc1e6199a), TOBN(0x0c663820, 0x8b94b1ed), - TOBN(0x9b42be8f, 0xf83a9266), TOBN(0xc7741c97, 0x0101bd45), - TOBN(0x95770c11, 0x07bd9ceb), TOBN(0x1f50250a, 0x8b2e0744), - TOBN(0xf762eec8, 0x1477b654), TOBN(0xc65b900e, 0x15efe59a), - TOBN(0x88c96148, 0x9546a897), TOBN(0x7e8025b3, 0xc30b4d7c), - TOBN(0xae4065ef, 0x12045cf9), TOBN(0x6fcb2caf, 0x9ccce8bd), - TOBN(0x1fa0ba4e, 0xf2cf6525), TOBN(0xf683125d, 0xcb72c312), - TOBN(0xa01da4ea, 0xe312410e), TOBN(0x67e28677, 0x6cd8e830), - TOBN(0xabd95752, 0x98fb3f07), TOBN(0x05f11e11, 0xeef649a5), - TOBN(0xba47faef, 0x9d3472c2), TOBN(0x3adff697, 0xc77d1345), - TOBN(0x4761fa04, 0xdd15afee), TOBN(0x64f1f61a, 0xb9e69462), - TOBN(0xfa691fab, 0x9bfb9093), TOBN(0x3df8ae8f, 0xa1133dfe), - TOBN(0xcd5f8967, 0x58cc710d), TOBN(0xfbb88d50, 0x16c7fe79), - TOBN(0x8e011b4c, 0xe88c50d1), TOBN(0x7532e807, 0xa8771c4f), - TOBN(0x64c78a48, 0xe2278ee4), TOBN(0x0b283e83, 0x3845072a), - TOBN(0x98a6f291, 0x49e69274), TOBN(0xb96e9668, 0x1868b21c), - TOBN(0x38f0adc2, 0xb1a8908e), TOBN(0x90afcff7, 0x1feb829d), - TOBN(0x9915a383, 0x210b0856), TOBN(0xa5a80602, 0xdef04889), - TOBN(0x800e9af9, 0x7c64d509), TOBN(0x81382d0b, 0xb8996f6f), - TOBN(0x490eba53, 0x81927e27), TOBN(0x46c63b32, 0x4af50182), - TOBN(0x784c5fd9, 0xd3ad62ce), TOBN(0xe4fa1870, 0xf8ae8736), - TOBN(0x4ec9d0bc, 0xd7466b25), TOBN(0x84ddbe1a, 0xdb235c65), - TOBN(0x5e2645ee, 0x163c1688), TOBN(0x570bd00e, 0x00eba747), - TOBN(0xfa51b629, 0x128bfa0f), TOBN(0x92fce1bd, 0x6c1d3b68), - TOBN(0x3e7361dc, 0xb66778b1), TOBN(0x9c7d249d, 0x5561d2bb), - TOBN(0xa40b28bf, 0x0bbc6229), TOBN(0x1c83c05e, 0xdfd91497), - TOBN(0x5f9f5154, 0xf083df05), TOBN(0xbac38b3c, 0xeee66c9d), - TOBN(0xf71db7e3, 0xec0dfcfd), TOBN(0xf2ecda8e, 0x8b0a8416), - TOBN(0x52fddd86, 0x7812aa66), TOBN(0x2896ef10, 0x4e6f4272), - TOBN(0xff27186a, 0x0fe9a745), TOBN(0x08249fcd, 0x49ca70db), - TOBN(0x7425a2e6, 0x441cac49), TOBN(0xf4a0885a, 0xece5ff57), - TOBN(0x6e2cb731, 0x7d7ead58), TOBN(0xf96cf7d6, 0x1898d104), - TOBN(0xafe67c9d, 0x4f2c9a89), TOBN(0x89895a50, 0x1c7bf5bc), - TOBN(0xdc7cb8e5, 0x573cecfa), TOBN(0x66497eae, 0xd15f03e6), - TOBN(0x6bc0de69, 0x3f084420), TOBN(0x323b9b36, 0xacd532b0), - TOBN(0xcfed390a, 0x0115a3c1), TOBN(0x9414c40b, 0x2d65ca0e), - TOBN(0x641406bd, 0x2f530c78), TOBN(0x29369a44, 0x833438f2), - TOBN(0x996884f5, 0x903fa271), TOBN(0xe6da0fd2, 0xb9da921e), - TOBN(0xa6f2f269, 0x5db01e54), TOBN(0x1ee3e9bd, 0x6876214e), - TOBN(0xa26e181c, 0xe27a9497), TOBN(0x36d254e4, 0x8e215e04), - TOBN(0x42f32a6c, 0x252cabca), TOBN(0x99481487, 0x80b57614), - TOBN(0x4c4dfe69, 0x40d9cae1), TOBN(0x05869580, 0x11a10f09), - TOBN(0xca287b57, 0x3491b64b), TOBN(0x77862d5d, 0x3fd4a53b), - TOBN(0xbf94856e, 0x50349126), TOBN(0x2be30bd1, 0x71c5268f), - TOBN(0x10393f19, 0xcbb650a6), TOBN(0x639531fe, 0x778cf9fd), - TOBN(0x02556a11, 0xb2935359), TOBN(0xda38aa96, 0xaf8c126e), - TOBN(0x47dbe6c2, 0x0960167f), TOBN(0x37bbabb6, 0x501901cd), - TOBN(0xb6e979e0, 0x2c947778), TOBN(0xd69a5175, 0x7a1a1dc6), - TOBN(0xc3ed5095, 0x9d9faf0c), TOBN(0x4dd9c096, 0x1d5fa5f0), - TOBN(0xa0c4304d, 0x64f16ea8), TOBN(0x8b1cac16, 0x7e718623), - TOBN(0x0b576546, 0x7c67f03e), TOBN(0x559cf5ad, 0xcbd88c01), - TOBN(0x074877bb, 0x0e2af19a), TOBN(0x1f717ec1, 0xa1228c92), - TOBN(0x70bcb800, 0x326e8920), TOBN(0xec6e2c5c, 0x4f312804), - TOBN(0x426aea7d, 0x3fca4752), TOBN(0xf12c0949, 0x2211f62a), - TOBN(0x24beecd8, 0x7be7b6b5), TOBN(0xb77eaf4c, 0x36d7a27d), - TOBN(0x154c2781, 0xfda78fd3), TOBN(0x848a83b0, 0x264eeabe), - TOBN(0x81287ef0, 0x4ffe2bc4), TOBN(0x7b6d88c6, 0xb6b6fc2a), - TOBN(0x805fb947, 0xce417d99), TOBN(0x4b93dcc3, 0x8b916cc4), - TOBN(0x72e65bb3, 0x21273323), TOBN(0xbcc1badd, 0x6ea9886e), - TOBN(0x0e223011, 0x4bc5ee85), TOBN(0xa561be74, 0xc18ee1e4), - TOBN(0x762fd2d4, 0xa6bcf1f1), TOBN(0x50e6a5a4, 0x95231489), - TOBN(0xca96001f, 0xa00b500b), TOBN(0x5c098cfc, 0x5d7dcdf5), - TOBN(0xa64e2d2e, 0x8c446a85), TOBN(0xbae9bcf1, 0x971f3c62), - TOBN(0x4ec22683, 0x8435a2c5), TOBN(0x8ceaed6c, 0x4bad4643), - TOBN(0xe9f8fb47, 0xccccf4e3), TOBN(0xbd4f3fa4, 0x1ce3b21e), - TOBN(0xd79fb110, 0xa3db3292), TOBN(0xe28a37da, 0xb536c66a), - TOBN(0x279ce87b, 0x8e49e6a9), TOBN(0x70ccfe8d, 0xfdcec8e3), - TOBN(0x2193e4e0, 0x3ba464b2), TOBN(0x0f39d60e, 0xaca9a398), - TOBN(0x7d7932af, 0xf82c12ab), TOBN(0xd8ff50ed, 0x91e7e0f7), - TOBN(0xea961058, 0xfa28a7e0), TOBN(0xc726cf25, 0x0bf5ec74), - TOBN(0xe74d55c8, 0xdb229666), TOBN(0x0bd9abbf, 0xa57f5799), - TOBN(0x7479ef07, 0x4dfc47b3), TOBN(0xd9c65fc3, 0x0c52f91d), - TOBN(0x8e0283fe, 0x36a8bde2), TOBN(0xa32a8b5e, 0x7d4b7280), - TOBN(0x6a677c61, 0x12e83233), TOBN(0x0fbb3512, 0xdcc9bf28), - TOBN(0x562e8ea5, 0x0d780f61), TOBN(0x0db8b22b, 0x1dc4e89c), - TOBN(0x0a6fd1fb, 0x89be0144), TOBN(0x8c77d246, 0xca57113b), - TOBN(0x4639075d, 0xff09c91c), TOBN(0x5b47b17f, 0x5060824c), - TOBN(0x58aea2b0, 0x16287b52), TOBN(0xa1343520, 0xd0cd8eb0), - TOBN(0x6148b4d0, 0xc5d58573), TOBN(0xdd2b6170, 0x291c68ae), - TOBN(0xa61b3929, 0x1da3b3b7), TOBN(0x5f946d79, 0x08c4ac10), - TOBN(0x4105d4a5, 0x7217d583), TOBN(0x5061da3d, 0x25e6de5e), - TOBN(0x3113940d, 0xec1b4991), TOBN(0xf12195e1, 0x36f485ae), - TOBN(0xa7507fb2, 0x731a2ee0), TOBN(0x95057a8e, 0x6e9e196e), - TOBN(0xa3c2c911, 0x2e130136), TOBN(0x97dfbb36, 0x33c60d15), - TOBN(0xcaf3c581, 0xb300ee2b), TOBN(0x77f25d90, 0xf4bac8b8), - TOBN(0xdb1c4f98, 0x6d840cd6), TOBN(0x471d62c0, 0xe634288c), - TOBN(0x8ec2f85e, 0xcec8a161), TOBN(0x41f37cbc, 0xfa6f4ae2), - TOBN(0x6793a20f, 0x4b709985), TOBN(0x7a7bd33b, 0xefa8985b), - TOBN(0x2c6a3fbd, 0x938e6446), TOBN(0x19042619, 0x2a8d47c1), - TOBN(0x16848667, 0xcc36975f), TOBN(0x02acf168, 0x9d5f1dfb), - TOBN(0x62d41ad4, 0x613baa94), TOBN(0xb56fbb92, 0x9f684670), - TOBN(0xce610d0d, 0xe9e40569), TOBN(0x7b99c65f, 0x35489fef), - TOBN(0x0c88ad1b, 0x3df18b97), TOBN(0x81b7d9be, 0x5d0e9edb), - TOBN(0xd85218c0, 0xc716cc0a), TOBN(0xf4b5ff90, 0x85691c49), - TOBN(0xa4fd666b, 0xce356ac6), TOBN(0x17c72895, 0x4b327a7a), - TOBN(0xf93d5085, 0xda6be7de), TOBN(0xff71530e, 0x3301d34e), - TOBN(0x4cd96442, 0xd8f448e8), TOBN(0x9283d331, 0x2ed18ffa), - TOBN(0x4d33dd99, 0x2a849870), TOBN(0xa716964b, 0x41576335), - TOBN(0xff5e3a9b, 0x179be0e5), TOBN(0x5b9d6b1b, 0x83b13632), - TOBN(0x3b8bd7d4, 0xa52f313b), TOBN(0xc9dd95a0, 0x637a4660), - TOBN(0x30035962, 0x0b3e218f), TOBN(0xce1481a3, 0xc7b28a3c), - TOBN(0xab41b43a, 0x43228d83), TOBN(0x24ae1c30, 0x4ad63f99), - TOBN(0x8e525f1a, 0x46a51229), TOBN(0x14af860f, 0xcd26d2b4), - TOBN(0xd6baef61, 0x3f714aa1), TOBN(0xf51865ad, 0xeb78795e), - TOBN(0xd3e21fce, 0xe6a9d694), TOBN(0x82ceb1dd, 0x8a37b527)}}; +static const alignas(4096) PRECOMP256_ROW ecp_nistz256_precomputed[37] = { + {{{TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), + TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6)}, + {TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), + TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85)}}, + {{TOBN(0x850046d4, 0x10ddd64d), TOBN(0xaa6ae3c1, 0xa433827d), + TOBN(0x73220503, 0x8d1490d9), TOBN(0xf6bb32e4, 0x3dcf3a3b)}, + {TOBN(0x2f3648d3, 0x61bee1a5), TOBN(0x152cd7cb, 0xeb236ff8), + TOBN(0x19a8fb0e, 0x92042dbe), TOBN(0x78c57751, 0x0a5b8a3b)}}, + {{TOBN(0xffac3f90, 0x4eebc127), TOBN(0xb027f84a, 0x087d81fb), + TOBN(0x66ad77dd, 0x87cbbc98), TOBN(0x26936a3f, 0xb6ff747e)}, + {TOBN(0xb04c5c1f, 0xc983a7eb), TOBN(0x583e47ad, 0x0861fe1a), + TOBN(0x78820831, 0x1a2ee98e), TOBN(0xd5f06a29, 0xe587cc07)}}, + {{TOBN(0x74b0b50d, 0x46918dcc), TOBN(0x4650a6ed, 0xc623c173), + TOBN(0x0cdaacac, 0xe8100af2), TOBN(0x577362f5, 0x41b0176b)}, + {TOBN(0x2d96f24c, 0xe4cbaba6), TOBN(0x17628471, 0xfad6f447), + TOBN(0x6b6c36de, 0xe5ddd22e), TOBN(0x84b14c39, 0x4c5ab863)}}, + {{TOBN(0xbe1b8aae, 0xc45c61f5), TOBN(0x90ec649a, 0x94b9537d), + TOBN(0x941cb5aa, 0xd076c20c), TOBN(0xc9079605, 0x890523c8)}, + {TOBN(0xeb309b4a, 0xe7ba4f10), TOBN(0x73c568ef, 0xe5eb882b), + TOBN(0x3540a987, 0x7e7a1f68), TOBN(0x73a076bb, 0x2dd1e916)}}, + {{TOBN(0x40394737, 0x3e77664a), TOBN(0x55ae744f, 0x346cee3e), + TOBN(0xd50a961a, 0x5b17a3ad), TOBN(0x13074b59, 0x54213673)}, + {TOBN(0x93d36220, 0xd377e44b), TOBN(0x299c2b53, 0xadff14b5), + TOBN(0xf424d44c, 0xef639f11), TOBN(0xa4c9916d, 0x4a07f75f)}}, + {{TOBN(0x0746354e, 0xa0173b4f), TOBN(0x2bd20213, 0xd23c00f7), + TOBN(0xf43eaab5, 0x0c23bb08), TOBN(0x13ba5119, 0xc3123e03)}, + {TOBN(0x2847d030, 0x3f5b9d4d), TOBN(0x6742f2f2, 0x5da67bdd), + TOBN(0xef933bdc, 0x77c94195), TOBN(0xeaedd915, 0x6e240867)}}, + {{TOBN(0x27f14cd1, 0x9499a78f), TOBN(0x462ab5c5, 0x6f9b3455), + TOBN(0x8f90f02a, 0xf02cfc6b), TOBN(0xb763891e, 0xb265230d)}, + {TOBN(0xf59da3a9, 0x532d4977), TOBN(0x21e3327d, 0xcf9eba15), + TOBN(0x123c7b84, 0xbe60bbf0), TOBN(0x56ec12f2, 0x7706df76)}}, + {{TOBN(0x75c96e8f, 0x264e20e8), TOBN(0xabe6bfed, 0x59a7a841), + TOBN(0x2cc09c04, 0x44c8eb00), TOBN(0xe05b3080, 0xf0c4e16b)}, + {TOBN(0x1eb7777a, 0xa45f3314), TOBN(0x56af7bed, 0xce5d45e3), + TOBN(0x2b6e019a, 0x88b12f1a), TOBN(0x086659cd, 0xfd835f9b)}}, + {{TOBN(0x2c18dbd1, 0x9dc21ec8), TOBN(0x98f9868a, 0x0fcf8139), + TOBN(0x737d2cd6, 0x48250b49), TOBN(0xcc61c947, 0x24b3428f)}, + {TOBN(0x0c2b4078, 0x80dd9e76), TOBN(0xc43a8991, 0x383fbe08), + TOBN(0x5f7d2d65, 0x779be5d2), TOBN(0x78719a54, 0xeb3b4ab5)}}, + {{TOBN(0xea7d260a, 0x6245e404), TOBN(0x9de40795, 0x6e7fdfe0), + TOBN(0x1ff3a415, 0x8dac1ab5), TOBN(0x3e7090f1, 0x649c9073)}, + {TOBN(0x1a768561, 0x2b944e88), TOBN(0x250f939e, 0xe57f61c8), + TOBN(0x0c0daa89, 0x1ead643d), TOBN(0x68930023, 0xe125b88e)}}, + {{TOBN(0x04b71aa7, 0xd2697768), TOBN(0xabdedef5, 0xca345a33), + TOBN(0x2409d29d, 0xee37385e), TOBN(0x4ee1df77, 0xcb83e156)}, + {TOBN(0x0cac12d9, 0x1cbb5b43), TOBN(0x170ed2f6, 0xca895637), + TOBN(0x28228cfa, 0x8ade6d66), TOBN(0x7ff57c95, 0x53238aca)}}, + {{TOBN(0xccc42563, 0x4b2ed709), TOBN(0x0e356769, 0x856fd30d), + TOBN(0xbcbcd43f, 0x559e9811), TOBN(0x738477ac, 0x5395b759)}, + {TOBN(0x35752b90, 0xc00ee17f), TOBN(0x68748390, 0x742ed2e3), + TOBN(0x7cd06422, 0xbd1f5bc1), TOBN(0xfbc08769, 0xc9e7b797)}}, + {{TOBN(0xa242a35b, 0xb0cf664a), TOBN(0x126e48f7, 0x7f9707e3), + TOBN(0x1717bf54, 0xc6832660), TOBN(0xfaae7332, 0xfd12c72e)}, + {TOBN(0x27b52db7, 0x995d586b), TOBN(0xbe29569e, 0x832237c2), + TOBN(0xe8e4193e, 0x2a65e7db), TOBN(0x152706dc, 0x2eaa1bbb)}}, + {{TOBN(0x72bcd8b7, 0xbc60055b), TOBN(0x03cc23ee, 0x56e27e4b), + TOBN(0xee337424, 0xe4819370), TOBN(0xe2aa0e43, 0x0ad3da09)}, + {TOBN(0x40b8524f, 0x6383c45d), TOBN(0xd7663554, 0x42a41b25), + TOBN(0x64efa6de, 0x778a4797), TOBN(0x2042170a, 0x7079adf4)}}, + {{TOBN(0x808b0b65, 0x0bc6fb80), TOBN(0x5882e075, 0x3ffe2e6b), + TOBN(0xd5ef2f7c, 0x2c83f549), TOBN(0x54d63c80, 0x9103b723)}, + {TOBN(0xf2f11bd6, 0x52a23f9b), TOBN(0x3670c319, 0x4b0b6587), + TOBN(0x55c4623b, 0xb1580e9e), TOBN(0x64edf7b2, 0x01efe220)}}, + {{TOBN(0x97091dcb, 0xd53c5c9d), TOBN(0xf17624b6, 0xac0a177b), + TOBN(0xb0f13975, 0x2cfe2dff), TOBN(0xc1a35c0a, 0x6c7a574e)}, + {TOBN(0x227d3146, 0x93e79987), TOBN(0x0575bf30, 0xe89cb80e), + TOBN(0x2f4e247f, 0x0d1883bb), TOBN(0xebd51226, 0x3274c3d0)}}, + {{TOBN(0x5f3e51c8, 0x56ada97a), TOBN(0x4afc964d, 0x8f8b403e), + TOBN(0xa6f247ab, 0x412e2979), TOBN(0x675abd1b, 0x6f80ebda)}, + {TOBN(0x66a2bd72, 0x5e485a1d), TOBN(0x4b2a5caf, 0x8f4f0b3c), + TOBN(0x2626927f, 0x1b847bba), TOBN(0x6c6fc7d9, 0x0502394d)}}, + {{TOBN(0xfea912ba, 0xa5659ae8), TOBN(0x68363aba, 0x25e1a16e), + TOBN(0xb8842277, 0x752c41ac), TOBN(0xfe545c28, 0x2897c3fc)}, + {TOBN(0x2d36e9e7, 0xdc4c696b), TOBN(0x5806244a, 0xfba977c5), + TOBN(0x85665e9b, 0xe39508c1), TOBN(0xf720ee25, 0x6d12597b)}}, + {{TOBN(0x8a979129, 0xd2337a31), TOBN(0x5916868f, 0x0f862bdc), + TOBN(0x048099d9, 0x5dd283ba), TOBN(0xe2d1eeb6, 0xfe5bfb4e)}, + {TOBN(0x82ef1c41, 0x7884005d), TOBN(0xa2d4ec17, 0xffffcbae), + TOBN(0x9161c53f, 0x8aa95e66), TOBN(0x5ee104e1, 0xc5fee0d0)}}, + {{TOBN(0x562e4cec, 0xc135b208), TOBN(0x74e1b265, 0x4783f47d), + TOBN(0x6d2a506c, 0x5a3f3b30), TOBN(0xecead9f4, 0xc16762fc)}, + {TOBN(0xf29dd4b2, 0xe286e5b9), TOBN(0x1b0fadc0, 0x83bb3c61), + TOBN(0x7a75023e, 0x7fac29a4), TOBN(0xc086d5f1, 0xc9477fa3)}}, + {{TOBN(0x0fc61135, 0x2f6f3076), TOBN(0xc99ffa23, 0xe3912a9a), + TOBN(0x6a0b0685, 0xd2f8ba3d), TOBN(0xfdc777e8, 0xe93358a4)}, + {TOBN(0x94a787bb, 0x35415f04), TOBN(0x640c2d6a, 0x4d23fea4), + TOBN(0x9de917da, 0x153a35b5), TOBN(0x793e8d07, 0x5d5cd074)}}, + {{TOBN(0xf4f87653, 0x2de45068), TOBN(0x37c7a7e8, 0x9e2e1f6e), + TOBN(0xd0825fa2, 0xa3584069), TOBN(0xaf2cea7c, 0x1727bf42)}, + {TOBN(0x0360a4fb, 0x9e4785a9), TOBN(0xe5fda49c, 0x27299f4a), + TOBN(0x48068e13, 0x71ac2f71), TOBN(0x83d0687b, 0x9077666f)}}, + {{TOBN(0x6d3883b2, 0x15d02819), TOBN(0x6d0d7550, 0x40dd9a35), + TOBN(0x61d7cbf9, 0x1d2b469f), TOBN(0xf97b232f, 0x2efc3115)}, + {TOBN(0xa551d750, 0xb24bcbc7), TOBN(0x11ea4949, 0x88a1e356), + TOBN(0x7669f031, 0x93cb7501), TOBN(0x595dc55e, 0xca737b8a)}}, + {{TOBN(0xa4a319ac, 0xd837879f), TOBN(0x6fc1b49e, 0xed6b67b0), + TOBN(0xe3959933, 0x32f1f3af), TOBN(0x966742eb, 0x65432a2e)}, + {TOBN(0x4b8dc9fe, 0xb4966228), TOBN(0x96cc6312, 0x43f43950), + TOBN(0x12068859, 0xc9b731ee), TOBN(0x7b948dc3, 0x56f79968)}}, + {{TOBN(0x61e4ad32, 0xed1f8008), TOBN(0xe6c9267a, 0xd8b17538), + TOBN(0x1ac7c5eb, 0x857ff6fb), TOBN(0x994baaa8, 0x55f2fb10)}, + {TOBN(0x84cf14e1, 0x1d248018), TOBN(0x5a39898b, 0x628ac508), + TOBN(0x14fde97b, 0x5fa944f5), TOBN(0xed178030, 0xd12e5ac7)}}, + {{TOBN(0x042c2af4, 0x97e2feb4), TOBN(0xd36a42d7, 0xaebf7313), + TOBN(0x49d2c9eb, 0x084ffdd7), TOBN(0x9f8aa54b, 0x2ef7c76a)}, + {TOBN(0x9200b7ba, 0x09895e70), TOBN(0x3bd0c66f, 0xddb7fb58), + TOBN(0x2d97d108, 0x78eb4cbb), TOBN(0x2d431068, 0xd84bde31)}}, + {{TOBN(0x4b523eb7, 0x172ccd1f), TOBN(0x7323cb28, 0x30a6a892), + TOBN(0x97082ec0, 0xcfe153eb), TOBN(0xe97f6b6a, 0xf2aadb97)}, + {TOBN(0x1d3d393e, 0xd1a83da1), TOBN(0xa6a7f9c7, 0x804b2a68), + TOBN(0x4a688b48, 0x2d0cb71e), TOBN(0xa9b4cc5f, 0x40585278)}}, + {{TOBN(0x5e5db46a, 0xcb66e132), TOBN(0xf1be963a, 0x0d925880), + TOBN(0x944a7027, 0x0317b9e2), TOBN(0xe266f959, 0x48603d48)}, + {TOBN(0x98db6673, 0x5c208899), TOBN(0x90472447, 0xa2fb18a3), + TOBN(0x8a966939, 0x777c619f), TOBN(0x3798142a, 0x2a3be21b)}}, + {{TOBN(0xb4241cb1, 0x3298b343), TOBN(0xa3a14e49, 0xb44f65a1), + TOBN(0xc5f4d6cd, 0x3ac77acd), TOBN(0xd0288cb5, 0x52b6fc3c)}, + {TOBN(0xd5cc8c2f, 0x1c040abc), TOBN(0xb675511e, 0x06bf9b4a), + TOBN(0xd667da37, 0x9b3aa441), TOBN(0x460d45ce, 0x51601f72)}}, + {{TOBN(0xe2f73c69, 0x6755ff89), TOBN(0xdd3cf7e7, 0x473017e6), + TOBN(0x8ef5689d, 0x3cf7600d), TOBN(0x948dc4f8, 0xb1fc87b4)}, + {TOBN(0xd9e9fe81, 0x4ea53299), TOBN(0x2d921ca2, 0x98eb6028), + TOBN(0xfaecedfd, 0x0c9803fc), TOBN(0xf38ae891, 0x4d7b4745)}}, + {{TOBN(0xd8c5fccf, 0xc5e3a3d8), TOBN(0xbefd904c, 0x4079dfbf), + TOBN(0xbc6d6a58, 0xfead0197), TOBN(0x39227077, 0x695532a4)}, + {TOBN(0x09e23e6d, 0xdbef42f5), TOBN(0x7e449b64, 0x480a9908), + TOBN(0x7b969c1a, 0xad9a2e40), TOBN(0x6231d792, 0x9591c2a4)}}, + {{TOBN(0x87151456, 0x0f664534), TOBN(0x85ceae7c, 0x4b68f103), + TOBN(0xac09c4ae, 0x65578ab9), TOBN(0x33ec6868, 0xf044b10c)}, + {TOBN(0x6ac4832b, 0x3a8ec1f1), TOBN(0x5509d128, 0x5847d5ef), + TOBN(0xf909604f, 0x763f1574), TOBN(0xb16c4303, 0xc32f63c4)}}, + {{TOBN(0xb6ab2014, 0x7ca23cd3), TOBN(0xcaa7a5c6, 0xa391849d), + TOBN(0x5b0673a3, 0x75678d94), TOBN(0xc982ddd4, 0xdd303e64)}, + {TOBN(0xfd7b000b, 0x5db6f971), TOBN(0xbba2cb1f, 0x6f876f92), + TOBN(0xc77332a3, 0x3c569426), TOBN(0xa159100c, 0x570d74f8)}}, + {{TOBN(0xfd16847f, 0xdec67ef5), TOBN(0x742ee464, 0x233e76b7), + TOBN(0x0b8e4134, 0xefc2b4c8), TOBN(0xca640b86, 0x42a3e521)}, + {TOBN(0x653a0190, 0x8ceb6aa9), TOBN(0x313c300c, 0x547852d5), + TOBN(0x24e4ab12, 0x6b237af7), TOBN(0x2ba90162, 0x8bb47af8)}}, + {{TOBN(0x3d5e58d6, 0xa8219bb7), TOBN(0xc691d0bd, 0x1b06c57f), + TOBN(0x0ae4cb10, 0xd257576e), TOBN(0x3569656c, 0xd54a3dc3)}, + {TOBN(0xe5ebaebd, 0x94cda03a), TOBN(0x934e82d3, 0x162bfe13), + TOBN(0x450ac0ba, 0xe251a0c6), TOBN(0x480b9e11, 0xdd6da526)}}, + {{TOBN(0x00467bc5, 0x8cce08b5), TOBN(0xb636458c, 0x7f178d55), + TOBN(0xc5748bae, 0xa677d806), TOBN(0x2763a387, 0xdfa394eb)}, + {TOBN(0xa12b448a, 0x7d3cebb6), TOBN(0xe7adda3e, 0x6f20d850), + TOBN(0xf63ebce5, 0x1558462c), TOBN(0x58b36143, 0x620088a8)}}, + {{TOBN(0x8a2cc3ca, 0x4d63c0ee), TOBN(0x51233117, 0x0fe948ce), + TOBN(0x7463fd85, 0x222ef33b), TOBN(0xadf0c7dc, 0x7c603d6c)}, + {TOBN(0x0ec32d3b, 0xfe7765e5), TOBN(0xccaab359, 0xbf380409), + TOBN(0xbdaa84d6, 0x8e59319c), TOBN(0xd9a4c280, 0x9c80c34d)}}, + {{TOBN(0xa9d89488, 0xa059c142), TOBN(0x6f5ae714, 0xff0b9346), + TOBN(0x068f237d, 0x16fb3664), TOBN(0x5853e4c4, 0x363186ac)}, + {TOBN(0xe2d87d23, 0x63c52f98), TOBN(0x2ec4a766, 0x81828876), + TOBN(0x47b864fa, 0xe14e7b1c), TOBN(0x0c0bc0e5, 0x69192408)}}, + {{TOBN(0xe4d7681d, 0xb82e9f3e), TOBN(0x83200f0b, 0xdf25e13c), + TOBN(0x8909984c, 0x66f27280), TOBN(0x462d7b00, 0x75f73227)}, + {TOBN(0xd90ba188, 0xf2651798), TOBN(0x74c6e18c, 0x36ab1c34), + TOBN(0xab256ea3, 0x5ef54359), TOBN(0x03466612, 0xd1aa702f)}}, + {{TOBN(0x624d6049, 0x2ed22e91), TOBN(0x6fdfe0b5, 0x6f072822), + TOBN(0xeeca1115, 0x39ce2271), TOBN(0x98100a4f, 0xdb01614f)}, + {TOBN(0xb6b0daa2, 0xa35c628f), TOBN(0xb6f94d2e, 0xc87e9a47), + TOBN(0xc6773259, 0x1d57d9ce), TOBN(0xf70bfeec, 0x03884a7b)}}, + {{TOBN(0x5fb35ccf, 0xed2bad01), TOBN(0xa155cbe3, 0x1da6a5c7), + TOBN(0xc2e2594c, 0x30a92f8f), TOBN(0x649c89ce, 0x5bfafe43)}, + {TOBN(0xd158667d, 0xe9ff257a), TOBN(0x9b359611, 0xf32c50ae), + TOBN(0x4b00b20b, 0x906014cf), TOBN(0xf3a8cfe3, 0x89bc7d3d)}}, + {{TOBN(0x4ff23ffd, 0x248a7d06), TOBN(0x80c5bfb4, 0x878873fa), + TOBN(0xb7d9ad90, 0x05745981), TOBN(0x179c85db, 0x3db01994)}, + {TOBN(0xba41b062, 0x61a6966c), TOBN(0x4d82d052, 0xeadce5a8), + TOBN(0x9e91cd3b, 0xa5e6a318), TOBN(0x47795f4f, 0x95b2dda0)}}, + {{TOBN(0xecfd7c1f, 0xd55a897c), TOBN(0x009194ab, 0xb29110fb), + TOBN(0x5f0e2046, 0xe381d3b0), TOBN(0x5f3425f6, 0xa98dd291)}, + {TOBN(0xbfa06687, 0x730d50da), TOBN(0x0423446c, 0x4b083b7f), + TOBN(0x397a247d, 0xd69d3417), TOBN(0xeb629f90, 0x387ba42a)}}, + {{TOBN(0x1ee426cc, 0xd5cd79bf), TOBN(0x0032940b, 0x946c6e18), + TOBN(0x1b1e8ae0, 0x57477f58), TOBN(0xe94f7d34, 0x6d823278)}, + {TOBN(0xc747cb96, 0x782ba21a), TOBN(0xc5254469, 0xf72b33a5), + TOBN(0x772ef6de, 0xc7f80c81), TOBN(0xd73acbfe, 0x2cd9e6b5)}}, + {{TOBN(0x4075b5b1, 0x49ee90d9), TOBN(0x785c339a, 0xa06e9eba), + TOBN(0xa1030d5b, 0xabf825e0), TOBN(0xcec684c3, 0xa42931dc)}, + {TOBN(0x42ab62c9, 0xc1586e63), TOBN(0x45431d66, 0x5ab43f2b), + TOBN(0x57c8b2c0, 0x55f7835d), TOBN(0x033da338, 0xc1b7f865)}}, + {{TOBN(0x283c7513, 0xcaa76097), TOBN(0x0a624fa9, 0x36c83906), + TOBN(0x6b20afec, 0x715af2c7), TOBN(0x4b969974, 0xeba78bfd)}, + {TOBN(0x220755cc, 0xd921d60e), TOBN(0x9b944e10, 0x7baeca13), + TOBN(0x04819d51, 0x5ded93d4), TOBN(0x9bbff86e, 0x6dddfd27)}}, + {{TOBN(0x6b344130, 0x77adc612), TOBN(0xa7496529, 0xbbd803a0), + TOBN(0x1a1baaa7, 0x6d8805bd), TOBN(0xc8403902, 0x470343ad)}, + {TOBN(0x39f59f66, 0x175adff1), TOBN(0x0b26d7fb, 0xb7d8c5b7), + TOBN(0xa875f5ce, 0x529d75e3), TOBN(0x85efc7e9, 0x41325cc2)}}, + {{TOBN(0x21950b42, 0x1ff6acd3), TOBN(0xffe70484, 0x53dc6909), + TOBN(0xff4cd0b2, 0x28766127), TOBN(0xabdbe608, 0x4fb7db2b)}, + {TOBN(0x837c9228, 0x5e1109e8), TOBN(0x26147d27, 0xf4645b5a), + TOBN(0x4d78f592, 0xf7818ed8), TOBN(0xd394077e, 0xf247fa36)}}, + {{TOBN(0x0fb9c2d0, 0x488c171a), TOBN(0xa78bfbaa, 0x13685278), + TOBN(0xedfbe268, 0xd5b1fa6a), TOBN(0x0dceb8db, 0x2b7eaba7)}, + {TOBN(0xbf9e8089, 0x9ae2b710), TOBN(0xefde7ae6, 0xa4449c96), + TOBN(0x43b7716b, 0xcc143a46), TOBN(0xd7d34194, 0xc3628c13)}}, + {{TOBN(0x508cec1c, 0x3b3f64c9), TOBN(0xe20bc0ba, 0x1e5edf3f), + TOBN(0xda1deb85, 0x2f4318d4), TOBN(0xd20ebe0d, 0x5c3fa443)}, + {TOBN(0x370b4ea7, 0x73241ea3), TOBN(0x61f1511c, 0x5e1a5f65), + TOBN(0x99a5e23d, 0x82681c62), TOBN(0xd731e383, 0xa2f54c2d)}}, + {{TOBN(0x2692f36e, 0x83445904), TOBN(0x2e0ec469, 0xaf45f9c0), + TOBN(0x905a3201, 0xc67528b7), TOBN(0x88f77f34, 0xd0e5e542)}, + {TOBN(0xf67a8d29, 0x5864687c), TOBN(0x23b92eae, 0x22df3562), + TOBN(0x5c27014b, 0x9bbec39e), TOBN(0x7ef2f226, 0x9c0f0f8d)}}, + {{TOBN(0x97359638, 0x546c4d8d), TOBN(0x5f9c3fc4, 0x92f24679), + TOBN(0x912e8bed, 0xa8c8acd9), TOBN(0xec3a318d, 0x306634b0)}, + {TOBN(0x80167f41, 0xc31cb264), TOBN(0x3db82f6f, 0x522113f2), + TOBN(0xb155bcd2, 0xdcafe197), TOBN(0xfba1da59, 0x43465283)}}, + {{TOBN(0xa0425b8e, 0xb212cf53), TOBN(0x4f2e512e, 0xf8557c5f), + TOBN(0xc1286ff9, 0x25c4d56c), TOBN(0xbb8a0fea, 0xee26c851)}, + {TOBN(0xc28f70d2, 0xe7d6107e), TOBN(0x7ee0c444, 0xe76265aa), + TOBN(0x3df277a4, 0x1d1936b1), TOBN(0x1a556e3f, 0xea9595eb)}}, + {{TOBN(0x258bbbf9, 0xe7305683), TOBN(0x31eea5bf, 0x07ef5be6), + TOBN(0x0deb0e4a, 0x46c814c1), TOBN(0x5cee8449, 0xa7b730dd)}, + {TOBN(0xeab495c5, 0xa0182bde), TOBN(0xee759f87, 0x9e27a6b4), + TOBN(0xc2cf6a68, 0x80e518ca), TOBN(0x25e8013f, 0xf14cf3f4)}}, + {{TOBN(0x8fc44140, 0x7e8d7a14), TOBN(0xbb1ff3ca, 0x9556f36a), + TOBN(0x6a844385, 0x14600044), TOBN(0xba3f0c4a, 0x7451ae63)}, + {TOBN(0xdfcac25b, 0x1f9af32a), TOBN(0x01e0db86, 0xb1f2214b), + TOBN(0x4e9a5bc2, 0xa4b596ac), TOBN(0x83927681, 0x026c2c08)}}, + {{TOBN(0x3ec832e7, 0x7acaca28), TOBN(0x1bfeea57, 0xc7385b29), + TOBN(0x068212e3, 0xfd1eaf38), TOBN(0xc1329830, 0x6acf8ccc)}, + {TOBN(0xb909f2db, 0x2aac9e59), TOBN(0x5748060d, 0xb661782a), + TOBN(0xc5ab2632, 0xc79b7a01), TOBN(0xda44c6c6, 0x00017626)}}, + {{TOBN(0xf26c00e8, 0xa7ea82f0), TOBN(0x99cac80d, 0xe4299aaf), + TOBN(0xd66fe3b6, 0x7ed78be1), TOBN(0x305f725f, 0x648d02cd)}, + {TOBN(0x33ed1bc4, 0x623fb21b), TOBN(0xfa70533e, 0x7a6319ad), + TOBN(0x17ab562d, 0xbe5ffb3e), TOBN(0x06374994, 0x56674741)}}, + {{TOBN(0x69d44ed6, 0x5c46aa8e), TOBN(0x2100d5d3, 0xa8d063d1), + TOBN(0xcb9727ea, 0xa2d17c36), TOBN(0x4c2bab1b, 0x8add53b7)}, + {TOBN(0xa084e90c, 0x15426704), TOBN(0x778afcd3, 0xa837ebea), + TOBN(0x6651f701, 0x7ce477f8), TOBN(0xa0624998, 0x46fb7a8b)}}, + {{TOBN(0xdc1e6828, 0xed8a6e19), TOBN(0x33fc2336, 0x4189d9c7), + TOBN(0x026f8fe2, 0x671c39bc), TOBN(0xd40c4ccd, 0xbc6f9915)}, + {TOBN(0xafa135bb, 0xf80e75ca), TOBN(0x12c651a0, 0x22adff2c), + TOBN(0xc40a04bd, 0x4f51ad96), TOBN(0x04820109, 0xbbe4e832)}}, + {{TOBN(0x3667eb1a, 0x7f4c04cc), TOBN(0x59556621, 0xa9404f84), + TOBN(0x71cdf653, 0x7eceb50a), TOBN(0x994a44a6, 0x9b8335fa)}, + {TOBN(0xd7faf819, 0xdbeb9b69), TOBN(0x473c5680, 0xeed4350d), + TOBN(0xb6658466, 0xda44bba2), TOBN(0x0d1bc780, 0x872bdbf3)}}, + {{TOBN(0xe535f175, 0xa1962f91), TOBN(0x6ed7e061, 0xed58f5a7), + TOBN(0x177aa4c0, 0x2089a233), TOBN(0x0dbcb03a, 0xe539b413)}, + {TOBN(0xe3dc424e, 0xbb32e38e), TOBN(0x6472e5ef, 0x6806701e), + TOBN(0xdd47ff98, 0x814be9ee), TOBN(0x6b60cfff, 0x35ace009)}}, + {{TOBN(0xb8d3d931, 0x9ff91fe5), TOBN(0x039c4800, 0xf0518eed), + TOBN(0x95c37632, 0x9182cb26), TOBN(0x0763a434, 0x82fc568d)}, + {TOBN(0x707c04d5, 0x383e76ba), TOBN(0xac98b930, 0x824e8197), + TOBN(0x92bf7c8f, 0x91230de0), TOBN(0x90876a01, 0x40959b70)}}, + {{TOBN(0xdb6d96f3, 0x05968b80), TOBN(0x380a0913, 0x089f73b9), + TOBN(0x7da70b83, 0xc2c61e01), TOBN(0x95fb8394, 0x569b38c7)}, + {TOBN(0x9a3c6512, 0x80edfe2f), TOBN(0x8f726bb9, 0x8faeaf82), + TOBN(0x8010a4a0, 0x78424bf8), TOBN(0x29672044, 0x0e844970)}}}, + {{{TOBN(0x63c5cb81, 0x7a2ad62a), TOBN(0x7ef2b6b9, 0xac62ff54), + TOBN(0x3749bba4, 0xb3ad9db5), TOBN(0xad311f2c, 0x46d5a617)}, + {TOBN(0xb77a8087, 0xc2ff3b6d), TOBN(0xb46feaf3, 0x367834ff), + TOBN(0xf8aa266d, 0x75d6b138), TOBN(0xfa38d320, 0xec008188)}}, + {{TOBN(0x486d8ffa, 0x696946fc), TOBN(0x50fbc6d8, 0xb9cba56d), + TOBN(0x7e3d423e, 0x90f35a15), TOBN(0x7c3da195, 0xc0dd962c)}, + {TOBN(0xe673fdb0, 0x3cfd5d8b), TOBN(0x0704b7c2, 0x889dfca5), + TOBN(0xf6ce581f, 0xf52305aa), TOBN(0x399d49eb, 0x914d5e53)}}, + {{TOBN(0x380a496d, 0x6ec293cd), TOBN(0x733dbda7, 0x8e7051f5), + TOBN(0x037e388d, 0xb849140a), TOBN(0xee4b32b0, 0x5946dbf6)}, + {TOBN(0xb1c4fda9, 0xcae368d1), TOBN(0x5001a7b0, 0xfdb0b2f3), + TOBN(0x6df59374, 0x2e3ac46e), TOBN(0x4af675f2, 0x39b3e656)}}, + {{TOBN(0x44e38110, 0x39949296), TOBN(0x5b63827b, 0x361db1b5), + TOBN(0x3e5323ed, 0x206eaff5), TOBN(0x942370d2, 0xc21f4290)}, + {TOBN(0xf2caaf2e, 0xe0d985a1), TOBN(0x192cc64b, 0x7239846d), + TOBN(0x7c0b8f47, 0xae6312f8), TOBN(0x7dc61f91, 0x96620108)}}, + {{TOBN(0xb830fb5b, 0xc2da7de9), TOBN(0xd0e643df, 0x0ff8d3be), + TOBN(0x31ee77ba, 0x188a9641), TOBN(0x4e8aa3aa, 0xbcf6d502)}, + {TOBN(0xf9fb6532, 0x9a49110f), TOBN(0xd18317f6, 0x2dd6b220), + TOBN(0x7e3ced41, 0x52c3ea5a), TOBN(0x0d296a14, 0x7d579c4a)}}, + {{TOBN(0x35d6a53e, 0xed4c3717), TOBN(0x9f8240cf, 0x3d0ed2a3), + TOBN(0x8c0d4d05, 0xe5543aa5), TOBN(0x45d5bbfb, 0xdd33b4b4)}, + {TOBN(0xfa04cc73, 0x137fd28e), TOBN(0x862ac6ef, 0xc73b3ffd), + TOBN(0x403ff9f5, 0x31f51ef2), TOBN(0x34d5e0fc, 0xbc73f5a2)}}, + {{TOBN(0xf2526820, 0x08913f4f), TOBN(0xea20ed61, 0xeac93d95), + TOBN(0x51ed38b4, 0x6ca6b26c), TOBN(0x8662dcbc, 0xea4327b0)}, + {TOBN(0x6daf295c, 0x725d2aaa), TOBN(0xbad2752f, 0x8e52dcda), + TOBN(0x2210e721, 0x0b17dacc), TOBN(0xa37f7912, 0xd51e8232)}}, + {{TOBN(0x4f7081e1, 0x44cc3add), TOBN(0xd5ffa1d6, 0x87be82cf), + TOBN(0x89890b6c, 0x0edd6472), TOBN(0xada26e1a, 0x3ed17863)}, + {TOBN(0x276f2715, 0x63483caa), TOBN(0xe6924cd9, 0x2f6077fd), + TOBN(0x05a7fe98, 0x0a466e3c), TOBN(0xf1c794b0, 0xb1902d1f)}}, + {{TOBN(0xe5213688, 0x82a8042c), TOBN(0xd931cfaf, 0xcd278298), + TOBN(0x069a0ae0, 0xf597a740), TOBN(0x0adbb3f3, 0xeb59107c)}, + {TOBN(0x983e951e, 0x5eaa8eb8), TOBN(0xe663a8b5, 0x11b48e78), + TOBN(0x1631cc0d, 0x8a03f2c5), TOBN(0x7577c11e, 0x11e271e2)}}, + {{TOBN(0x33b2385c, 0x08369a90), TOBN(0x2990c59b, 0x190eb4f8), + TOBN(0x819a6145, 0xc68eac80), TOBN(0x7a786d62, 0x2ec4a014)}, + {TOBN(0x33faadbe, 0x20ac3a8d), TOBN(0x31a21781, 0x5aba2d30), + TOBN(0x209d2742, 0xdba4f565), TOBN(0xdb2ce9e3, 0x55aa0fbb)}}, + {{TOBN(0x8cef334b, 0x168984df), TOBN(0xe81dce17, 0x33879638), + TOBN(0xf6e6949c, 0x263720f0), TOBN(0x5c56feaf, 0xf593cbec)}, + {TOBN(0x8bff5601, 0xfde58c84), TOBN(0x74e24117, 0x2eccb314), + TOBN(0xbcf01b61, 0x4c9a8a78), TOBN(0xa233e35e, 0x544c9868)}}, + {{TOBN(0xb3156bf3, 0x8bd7aff1), TOBN(0x1b5ee4cb, 0x1d81b146), + TOBN(0x7ba1ac41, 0xd628a915), TOBN(0x8f3a8f9c, 0xfd89699e)}, + {TOBN(0x7329b9c9, 0xa0748be7), TOBN(0x1d391c95, 0xa92e621f), + TOBN(0xe51e6b21, 0x4d10a837), TOBN(0xd255f53a, 0x4947b435)}}, + {{TOBN(0x07669e04, 0xf1788ee3), TOBN(0xc14f27af, 0xa86938a2), + TOBN(0x8b47a334, 0xe93a01c0), TOBN(0xff627438, 0xd9366808)}, + {TOBN(0x7a0985d8, 0xca2a5965), TOBN(0x3d9a5542, 0xd6e9b9b3), + TOBN(0xc23eb80b, 0x4cf972e8), TOBN(0x5c1c33bb, 0x4fdf72fd)}}, + {{TOBN(0x0c4a58d4, 0x74a86108), TOBN(0xf8048a8f, 0xee4c5d90), + TOBN(0xe3c7c924, 0xe86d4c80), TOBN(0x28c889de, 0x056a1e60)}, + {TOBN(0x57e2662e, 0xb214a040), TOBN(0xe8c48e98, 0x37e10347), + TOBN(0x87742862, 0x80ac748a), TOBN(0xf1c24022, 0x186b06f2)}}, + {{TOBN(0xac2dd4c3, 0x5f74040a), TOBN(0x409aeb71, 0xfceac957), + TOBN(0x4fbad782, 0x55c4ec23), TOBN(0xb359ed61, 0x8a7b76ec)}, + {TOBN(0x12744926, 0xed6f4a60), TOBN(0xe21e8d7f, 0x4b912de3), + TOBN(0xe2575a59, 0xfc705a59), TOBN(0x72f1d4de, 0xed2dbc0e)}}, + {{TOBN(0x3d2b24b9, 0xeb7926b8), TOBN(0xbff88cb3, 0xcdbe5509), + TOBN(0xd0f399af, 0xe4dd640b), TOBN(0x3c5fe130, 0x2f76ed45)}, + {TOBN(0x6f3562f4, 0x3764fb3d), TOBN(0x7b5af318, 0x3151b62d), + TOBN(0xd5bd0bc7, 0xd79ce5f3), TOBN(0xfdaf6b20, 0xec66890f)}}, + {{TOBN(0x735c67ec, 0x6063540c), TOBN(0x50b259c2, 0xe5f9cb8f), + TOBN(0xb8734f9a, 0x3f99c6ab), TOBN(0xf8cc13d5, 0xa3a7bc85)}, + {TOBN(0x80c1b305, 0xc5217659), TOBN(0xfe5364d4, 0x4ec12a54), + TOBN(0xbd87045e, 0x681345fe), TOBN(0x7f8efeb1, 0x582f897f)}}, + {{TOBN(0xe8cbf1e5, 0xd5923359), TOBN(0xdb0cea9d, 0x539b9fb0), + TOBN(0x0c5b34cf, 0x49859b98), TOBN(0x5e583c56, 0xa4403cc6)}, + {TOBN(0x11fc1a2d, 0xd48185b7), TOBN(0xc93fbc7e, 0x6e521787), + TOBN(0x47e7a058, 0x05105b8b), TOBN(0x7b4d4d58, 0xdb8260c8)}}, + {{TOBN(0xe33930b0, 0x46eb842a), TOBN(0x8e844a9a, 0x7bdae56d), + TOBN(0x34ef3a9e, 0x13f7fdfc), TOBN(0xb3768f82, 0x636ca176)}, + {TOBN(0x2821f4e0, 0x4e09e61c), TOBN(0x414dc3a1, 0xa0c7cddc), + TOBN(0xd5379437, 0x54945fcd), TOBN(0x151b6eef, 0xb3555ff1)}}, + {{TOBN(0xb31bd613, 0x6339c083), TOBN(0x39ff8155, 0xdfb64701), + TOBN(0x7c3388d2, 0xe29604ab), TOBN(0x1e19084b, 0xa6b10442)}, + {TOBN(0x17cf54c0, 0xeccd47ef), TOBN(0x89693385, 0x4a5dfb30), + TOBN(0x69d023fb, 0x47daf9f6), TOBN(0x9222840b, 0x7d91d959)}}, + {{TOBN(0x439108f5, 0x803bac62), TOBN(0x0b7dd91d, 0x379bd45f), + TOBN(0xd651e827, 0xca63c581), TOBN(0x5c5d75f6, 0x509c104f)}, + {TOBN(0x7d5fc738, 0x1f2dc308), TOBN(0x20faa7bf, 0xd98454be), + TOBN(0x95374bee, 0xa517b031), TOBN(0xf036b9b1, 0x642692ac)}}, + {{TOBN(0xc5106109, 0x39842194), TOBN(0xb7e2353e, 0x49d05295), + TOBN(0xfc8c1d5c, 0xefb42ee0), TOBN(0xe04884eb, 0x08ce811c)}, + {TOBN(0xf1f75d81, 0x7419f40e), TOBN(0x5b0ac162, 0xa995c241), + TOBN(0x120921bb, 0xc4c55646), TOBN(0x713520c2, 0x8d33cf97)}}, + {{TOBN(0xb4a65a5c, 0xe98c5100), TOBN(0x6cec871d, 0x2ddd0f5a), + TOBN(0x251f0b7f, 0x9ba2e78b), TOBN(0x224a8434, 0xce3a2a5f)}, + {TOBN(0x26827f61, 0x25f5c46f), TOBN(0x6a22bedc, 0x48545ec0), + TOBN(0x25ae5fa0, 0xb1bb5cdc), TOBN(0xd693682f, 0xfcb9b98f)}}, + {{TOBN(0x32027fe8, 0x91e5d7d3), TOBN(0xf14b7d17, 0x73a07678), + TOBN(0xf88497b3, 0xc0dfdd61), TOBN(0xf7c2eec0, 0x2a8c4f48)}, + {TOBN(0xaa5573f4, 0x3756e621), TOBN(0xc013a240, 0x1825b948), + TOBN(0x1c03b345, 0x63878572), TOBN(0xa0472bea, 0x653a4184)}}, + {{TOBN(0xf4222e27, 0x0ac69a80), TOBN(0x34096d25, 0xf51e54f6), + TOBN(0x00a648cb, 0x8fffa591), TOBN(0x4e87acdc, 0x69b6527f)}, + {TOBN(0x0575e037, 0xe285ccb4), TOBN(0x188089e4, 0x50ddcf52), + TOBN(0xaa96c9a8, 0x870ff719), TOBN(0x74a56cd8, 0x1fc7e369)}}, + {{TOBN(0x41d04ee2, 0x1726931a), TOBN(0x0bbbb2c8, 0x3660ecfd), + TOBN(0xa6ef6de5, 0x24818e18), TOBN(0xe421cc51, 0xe7d57887)}, + {TOBN(0xf127d208, 0xbea87be6), TOBN(0x16a475d3, 0xb1cdd682), + TOBN(0x9db1b684, 0x439b63f7), TOBN(0x5359b3db, 0xf0f113b6)}}, + {{TOBN(0xdfccf1de, 0x8bf06e31), TOBN(0x1fdf8f44, 0xdd383901), + TOBN(0x10775cad, 0x5017e7d2), TOBN(0xdfc3a597, 0x58d11eef)}, + {TOBN(0x6ec9c8a0, 0xb1ecff10), TOBN(0xee6ed6cc, 0x28400549), + TOBN(0xb5ad7bae, 0x1b4f8d73), TOBN(0x61b4f11d, 0xe00aaab9)}}, + {{TOBN(0x7b32d69b, 0xd4eff2d7), TOBN(0x88ae6771, 0x4288b60f), + TOBN(0x159461b4, 0x37a1e723), TOBN(0x1f3d4789, 0x570aae8c)}, + {TOBN(0x869118c0, 0x7f9871da), TOBN(0x35fbda78, 0xf635e278), + TOBN(0x738f3641, 0xe1541dac), TOBN(0x6794b13a, 0xc0dae45f)}}, + {{TOBN(0x065064ac, 0x09cc0917), TOBN(0x27c53729, 0xc68540fd), + TOBN(0x0d2d4c8e, 0xef227671), TOBN(0xd23a9f80, 0xa1785a04)}, + {TOBN(0x98c59528, 0x52650359), TOBN(0xfa09ad01, 0x74a1acad), + TOBN(0x082d5a29, 0x0b55bf5c), TOBN(0xa40f1c67, 0x419b8084)}}, + {{TOBN(0x3a5c752e, 0xdcc18770), TOBN(0x4baf1f2f, 0x8825c3a5), + TOBN(0xebd63f74, 0x21b153ed), TOBN(0xa2383e47, 0xb2f64723)}, + {TOBN(0xe7bf620a, 0x2646d19a), TOBN(0x56cb44ec, 0x03c83ffd), + TOBN(0xaf7267c9, 0x4f6be9f1), TOBN(0x8b2dfd7b, 0xc06bb5e9)}}, + {{TOBN(0xb87072f2, 0xa672c5c7), TOBN(0xeacb11c8, 0x0d53c5e2), + TOBN(0x22dac29d, 0xff435932), TOBN(0x37bdb99d, 0x4408693c)}, + {TOBN(0xf6e62fb6, 0x2899c20f), TOBN(0x3535d512, 0x447ece24), + TOBN(0xfbdc6b88, 0xff577ce3), TOBN(0x726693bd, 0x190575f2)}}, + {{TOBN(0x6772b0e5, 0xab4b35a2), TOBN(0x1d8b6001, 0xf5eeaacf), + TOBN(0x728f7ce4, 0x795b9580), TOBN(0x4a20ed2a, 0x41fb81da)}, + {TOBN(0x9f685cd4, 0x4fec01e6), TOBN(0x3ed7ddcc, 0xa7ff50ad), + TOBN(0x460fd264, 0x0c2d97fd), TOBN(0x3a241426, 0xeb82f4f9)}}, + {{TOBN(0x17d1df2c, 0x6a8ea820), TOBN(0xb2b50d3b, 0xf22cc254), + TOBN(0x03856cba, 0xb7291426), TOBN(0x87fd26ae, 0x04f5ee39)}, + {TOBN(0x9cb696cc, 0x02bee4ba), TOBN(0x53121804, 0x06820fd6), + TOBN(0xa5dfc269, 0x0212e985), TOBN(0x666f7ffa, 0x160f9a09)}}, + {{TOBN(0xc503cd33, 0xbccd9617), TOBN(0x365dede4, 0xba7730a3), + TOBN(0x798c6355, 0x5ddb0786), TOBN(0xa6c3200e, 0xfc9cd3bc)}, + {TOBN(0x060ffb2c, 0xe5e35efd), TOBN(0x99a4e25b, 0x5555a1c1), + TOBN(0x11d95375, 0xf70b3751), TOBN(0x0a57354a, 0x160e1bf6)}}, + {{TOBN(0xecb3ae4b, 0xf8e4b065), TOBN(0x07a834c4, 0x2e53022b), + TOBN(0x1cd300b3, 0x8692ed96), TOBN(0x16a6f792, 0x61ee14ec)}, + {TOBN(0x8f1063c6, 0x6a8649ed), TOBN(0xfbcdfcfe, 0x869f3e14), + TOBN(0x2cfb97c1, 0x00a7b3ec), TOBN(0xcea49b3c, 0x7130c2f1)}}, + {{TOBN(0x462d044f, 0xe9d96488), TOBN(0x4b53d52e, 0x8182a0c1), + TOBN(0x84b6ddd3, 0x0391e9e9), TOBN(0x80ab7b48, 0xb1741a09)}, + {TOBN(0xec0e15d4, 0x27d3317f), TOBN(0x8dfc1ddb, 0x1a64671e), + TOBN(0x93cc5d5f, 0xd49c5b92), TOBN(0xc995d53d, 0x3674a331)}}, + {{TOBN(0x302e41ec, 0x090090ae), TOBN(0x2278a0cc, 0xedb06830), + TOBN(0x1d025932, 0xfbc99690), TOBN(0x0c32fbd2, 0xb80d68da)}, + {TOBN(0xd79146da, 0xf341a6c1), TOBN(0xae0ba139, 0x1bef68a0), + TOBN(0xc6b8a563, 0x8d774b3a), TOBN(0x1cf307bd, 0x880ba4d7)}}, + {{TOBN(0xc033bdc7, 0x19803511), TOBN(0xa9f97b3b, 0x8888c3be), + TOBN(0x3d68aebc, 0x85c6d05e), TOBN(0xc3b88a9d, 0x193919eb)}, + {TOBN(0x2d300748, 0xc48b0ee3), TOBN(0x7506bc7c, 0x07a746c1), + TOBN(0xfc48437c, 0x6e6d57f3), TOBN(0x5bd71587, 0xcfeaa91a)}}, + {{TOBN(0xa4ed0408, 0xc1bc5225), TOBN(0xd0b946db, 0x2719226d), + TOBN(0x109ecd62, 0x758d2d43), TOBN(0x75c8485a, 0x2751759b)}, + {TOBN(0xb0b75f49, 0x9ce4177a), TOBN(0x4fa61a1e, 0x79c10c3d), + TOBN(0xc062d300, 0xa167fcd7), TOBN(0x4df3874c, 0x750f0fa8)}}, + {{TOBN(0x29ae2cf9, 0x83dfedc9), TOBN(0xf8437134, 0x8d87631a), + TOBN(0xaf571711, 0x7429c8d2), TOBN(0x18d15867, 0x146d9272)}, + {TOBN(0x83053ecf, 0x69769bb7), TOBN(0xc55eb856, 0xc479ab82), + TOBN(0x5ef7791c, 0x21b0f4b2), TOBN(0xaa5956ba, 0x3d491525)}}, + {{TOBN(0x407a96c2, 0x9fe20eba), TOBN(0xf27168bb, 0xe52a5ad3), + TOBN(0x43b60ab3, 0xbf1d9d89), TOBN(0xe45c51ef, 0x710e727a)}, + {TOBN(0xdfca5276, 0x099b4221), TOBN(0x8dc6407c, 0x2557a159), + TOBN(0x0ead8335, 0x91035895), TOBN(0x0a9db957, 0x9c55dc32)}}, + {{TOBN(0xe40736d3, 0xdf61bc76), TOBN(0x13a619c0, 0x3f778cdb), + TOBN(0x6dd921a4, 0xc56ea28f), TOBN(0x76a52433, 0x2fa647b4)}, + {TOBN(0x23591891, 0xac5bdc5d), TOBN(0xff4a1a72, 0xbac7dc01), + TOBN(0x9905e261, 0x62df8453), TOBN(0x3ac045df, 0xe63b265f)}}, + {{TOBN(0x8a3f341b, 0xad53dba7), TOBN(0x8ec269cc, 0x837b625a), + TOBN(0xd71a2782, 0x3ae31189), TOBN(0x8fb4f9a3, 0x55e96120)}, + {TOBN(0x804af823, 0xff9875cf), TOBN(0x23224f57, 0x5d442a9b), + TOBN(0x1c4d3b9e, 0xecc62679), TOBN(0x91da22fb, 0xa0e7ddb1)}}, + {{TOBN(0xa370324d, 0x6c04a661), TOBN(0x9710d3b6, 0x5e376d17), + TOBN(0xed8c98f0, 0x3044e357), TOBN(0xc364ebbe, 0x6422701c)}, + {TOBN(0x347f5d51, 0x7733d61c), TOBN(0xd55644b9, 0xcea826c3), + TOBN(0x80c6e0ad, 0x55a25548), TOBN(0x0aa7641d, 0x844220a7)}}, + {{TOBN(0x1438ec81, 0x31810660), TOBN(0x9dfa6507, 0xde4b4043), + TOBN(0x10b515d8, 0xcc3e0273), TOBN(0x1b6066dd, 0x28d8cfb2)}, + {TOBN(0xd3b04591, 0x9c9efebd), TOBN(0x425d4bdf, 0xa21c1ff4), + TOBN(0x5fe5af19, 0xd57607d3), TOBN(0xbbf773f7, 0x54481084)}}, + {{TOBN(0x8435bd69, 0x94b03ed1), TOBN(0xd9ad1de3, 0x634cc546), + TOBN(0x2cf423fc, 0x00e420ca), TOBN(0xeed26d80, 0xa03096dd)}, + {TOBN(0xd7f60be7, 0xa4db09d2), TOBN(0xf47f569d, 0x960622f7), + TOBN(0xe5925fd7, 0x7296c729), TOBN(0xeff2db26, 0x26ca2715)}}, + {{TOBN(0xa6fcd014, 0xb913e759), TOBN(0x53da4786, 0x8ff4de93), + TOBN(0x14616d79, 0xc32068e1), TOBN(0xb187d664, 0xccdf352e)}, + {TOBN(0xf7afb650, 0x1dc90b59), TOBN(0x8170e943, 0x7daa1b26), + TOBN(0xc8e3bdd8, 0x700c0a84), TOBN(0x6e8d345f, 0x6482bdfa)}}, + {{TOBN(0x84cfbfa1, 0xc5c5ea50), TOBN(0xd3baf14c, 0x67960681), + TOBN(0x26398403, 0x0dd50942), TOBN(0xe4b7839c, 0x4716a663)}, + {TOBN(0xd5f1f794, 0xe7de6dc0), TOBN(0x5cd0f4d4, 0x622aa7ce), + TOBN(0x5295f3f1, 0x59acfeec), TOBN(0x8d933552, 0x953e0607)}}, + {{TOBN(0xc7db8ec5, 0x776c5722), TOBN(0xdc467e62, 0x2b5f290c), + TOBN(0xd4297e70, 0x4ff425a9), TOBN(0x4be924c1, 0x0cf7bb72)}, + {TOBN(0x0d5dc5ae, 0xa1892131), TOBN(0x8bf8a8e3, 0xa705c992), + TOBN(0x73a0b064, 0x7a305ac5), TOBN(0x00c9ca4e, 0x9a8c77a8)}}, + {{TOBN(0x5dfee80f, 0x83774bdd), TOBN(0x63131602, 0x85734485), + TOBN(0xa1b524ae, 0x914a69a9), TOBN(0xebc2ffaf, 0xd4e300d7)}, + {TOBN(0x52c93db7, 0x7cfa46a5), TOBN(0x71e6161f, 0x21653b50), + TOBN(0x3574fc57, 0xa4bc580a), TOBN(0xc09015dd, 0xe1bc1253)}}, + {{TOBN(0x4b7b47b2, 0xd174d7aa), TOBN(0x4072d8e8, 0xf3a15d04), + TOBN(0xeeb7d47f, 0xd6fa07ed), TOBN(0x6f2b9ff9, 0xedbdafb1)}, + {TOBN(0x18c51615, 0x3760fe8a), TOBN(0x7a96e6bf, 0xf06c6c13), + TOBN(0x4d7a0410, 0x0ea2d071), TOBN(0xa1914e9b, 0x0be2a5ce)}}, + {{TOBN(0x5726e357, 0xd8a3c5cf), TOBN(0x1197ecc3, 0x2abb2b13), + TOBN(0x6c0d7f7f, 0x31ae88dd), TOBN(0x15b20d1a, 0xfdbb3efe)}, + {TOBN(0xcd06aa26, 0x70584039), TOBN(0x2277c969, 0xa7dc9747), + TOBN(0xbca69587, 0x7855d815), TOBN(0x899ea238, 0x5188b32a)}}, + {{TOBN(0x37d9228b, 0x760c1c9d), TOBN(0xc7efbb11, 0x9b5c18da), + TOBN(0x7f0d1bc8, 0x19f6dbc5), TOBN(0x4875384b, 0x07e6905b)}, + {TOBN(0xc7c50baa, 0x3ba8cd86), TOBN(0xb0ce40fb, 0xc2905de0), + TOBN(0x70840673, 0x7a231952), TOBN(0xa912a262, 0xcf43de26)}}, + {{TOBN(0x9c38ddcc, 0xeb5b76c1), TOBN(0x746f5285, 0x26fc0ab4), + TOBN(0x52a63a50, 0xd62c269f), TOBN(0x60049c55, 0x99458621)}, + {TOBN(0xe7f48f82, 0x3c2f7c9e), TOBN(0x6bd99043, 0x917d5cf3), + TOBN(0xeb1317a8, 0x8701f469), TOBN(0xbd3fe2ed, 0x9a449fe0)}}, + {{TOBN(0x421e79ca, 0x12ef3d36), TOBN(0x9ee3c36c, 0x3e7ea5de), + TOBN(0xe48198b5, 0xcdff36f7), TOBN(0xaff4f967, 0xc6b82228)}, + {TOBN(0x15e19dd0, 0xc47adb7e), TOBN(0x45699b23, 0x032e7dfa), + TOBN(0x40680c8b, 0x1fae026a), TOBN(0x5a347a48, 0x550dbf4d)}}, + {{TOBN(0xe652533b, 0x3cef0d7d), TOBN(0xd94f7b18, 0x2bbb4381), + TOBN(0x838752be, 0x0e80f500), TOBN(0x8e6e2488, 0x9e9c9bfb)}, + {TOBN(0xc9751697, 0x16caca6a), TOBN(0x866c49d8, 0x38531ad9), + TOBN(0xc917e239, 0x7151ade1), TOBN(0x2d016ec1, 0x6037c407)}}, + {{TOBN(0xa407ccc9, 0x00eac3f9), TOBN(0x835f6280, 0xe2ed4748), + TOBN(0xcc54c347, 0x1cc98e0d), TOBN(0x0e969937, 0xdcb572eb)}, + {TOBN(0x1b16c8e8, 0x8f30c9cb), TOBN(0xa606ae75, 0x373c4661), + TOBN(0x47aa689b, 0x35502cab), TOBN(0xf89014ae, 0x4d9bb64f)}}, + {{TOBN(0x202f6a9c, 0x31c71f7b), TOBN(0x01f95aa3, 0x296ffe5c), + TOBN(0x5fc06014, 0x53cec3a3), TOBN(0xeb991237, 0x5f498a45)}, + {TOBN(0xae9a935e, 0x5d91ba87), TOBN(0xc6ac6281, 0x0b564a19), + TOBN(0x8a8fe81c, 0x3bd44e69), TOBN(0x7c8b467f, 0x9dd11d45)}}, + {{TOBN(0xf772251f, 0xea5b8e69), TOBN(0xaeecb3bd, 0xc5b75fbc), + TOBN(0x1aca3331, 0x887ff0e5), TOBN(0xbe5d49ff, 0x19f0a131)}, + {TOBN(0x582c13aa, 0xe5c8646f), TOBN(0xdbaa12e8, 0x20e19980), + TOBN(0x8f40f31a, 0xf7abbd94), TOBN(0x1f13f5a8, 0x1dfc7663)}}, + {{TOBN(0x5d81f1ee, 0xaceb4fc0), TOBN(0x36256002, 0x5e6f0f42), + TOBN(0x4b67d6d7, 0x751370c8), TOBN(0x2608b698, 0x03e80589)}, + {TOBN(0xcfc0d2fc, 0x05268301), TOBN(0xa6943d39, 0x40309212), + TOBN(0x192a90c2, 0x1fd0e1c2), TOBN(0xb209f113, 0x37f1dc76)}}, + {{TOBN(0xefcc5e06, 0x97bf1298), TOBN(0xcbdb6730, 0x219d639e), + TOBN(0xd009c116, 0xb81e8c6f), TOBN(0xa3ffdde3, 0x1a7ce2e5)}, + {TOBN(0xc53fbaaa, 0xa914d3ba), TOBN(0x836d500f, 0x88df85ee), + TOBN(0xd98dc71b, 0x66ee0751), TOBN(0x5a3d7005, 0x714516fd)}}, + {{TOBN(0x21d3634d, 0x39eedbba), TOBN(0x35cd2e68, 0x0455a46d), + TOBN(0xc8cafe65, 0xf9d7eb0c), TOBN(0xbda3ce9e, 0x00cefb3e)}, + {TOBN(0xddc17a60, 0x2c9cf7a4), TOBN(0x01572ee4, 0x7bcb8773), + TOBN(0xa92b2b01, 0x8c7548df), TOBN(0x732fd309, 0xa84600e3)}}, + {{TOBN(0xe22109c7, 0x16543a40), TOBN(0x9acafd36, 0xfede3c6c), + TOBN(0xfb206852, 0x6824e614), TOBN(0x2a4544a9, 0xda25dca0)}, + {TOBN(0x25985262, 0x91d60b06), TOBN(0x281b7be9, 0x28753545), + TOBN(0xec667b1a, 0x90f13b27), TOBN(0x33a83aff, 0x940e2eb4)}}, + {{TOBN(0x80009862, 0xd5d721d5), TOBN(0x0c3357a3, 0x5bd3a182), + TOBN(0x27f3a83b, 0x7aa2cda4), TOBN(0xb58ae74e, 0xf6f83085)}, + {TOBN(0x2a911a81, 0x2e6dad6b), TOBN(0xde286051, 0xf43d6c5b), + TOBN(0x4bdccc41, 0xf996c4d8), TOBN(0xe7312ec0, 0x0ae1e24e)}}}, + {{{TOBN(0xf8d112e7, 0x6e6485b3), TOBN(0x4d3e24db, 0x771c52f8), + TOBN(0x48e3ee41, 0x684a2f6d), TOBN(0x7161957d, 0x21d95551)}, + {TOBN(0x19631283, 0xcdb12a6c), TOBN(0xbf3fa882, 0x2e50e164), + TOBN(0xf6254b63, 0x3166cc73), TOBN(0x3aefa7ae, 0xaee8cc38)}}, + {{TOBN(0x79b0fe62, 0x3b36f9fd), TOBN(0x26543b23, 0xfde19fc0), + TOBN(0x136e64a0, 0x958482ef), TOBN(0x23f63771, 0x9b095825)}, + {TOBN(0x14cfd596, 0xb6a1142e), TOBN(0x5ea6aac6, 0x335aac0b), + TOBN(0x86a0e8bd, 0xf3081dd5), TOBN(0x5fb89d79, 0x003dc12a)}}, + {{TOBN(0xf615c33a, 0xf72e34d4), TOBN(0x0bd9ea40, 0x110eec35), + TOBN(0x1c12bc5b, 0xc1dea34e), TOBN(0x686584c9, 0x49ae4699)}, + {TOBN(0x13ad95d3, 0x8c97b942), TOBN(0x4609561a, 0x4e5c7562), + TOBN(0x9e94a4ae, 0xf2737f89), TOBN(0xf57594c6, 0x371c78b6)}}, + {{TOBN(0x0f0165fc, 0xe3779ee3), TOBN(0xe00e7f9d, 0xbd495d9e), + TOBN(0x1fa4efa2, 0x20284e7a), TOBN(0x4564bade, 0x47ac6219)}, + {TOBN(0x90e6312a, 0xc4708e8e), TOBN(0x4f5725fb, 0xa71e9adf), + TOBN(0xe95f55ae, 0x3d684b9f), TOBN(0x47f7ccb1, 0x1e94b415)}}, + {{TOBN(0x7322851b, 0x8d946581), TOBN(0xf0d13133, 0xbdf4a012), + TOBN(0xa3510f69, 0x6584dae0), TOBN(0x03a7c171, 0x3c9f6c6d)}, + {TOBN(0x5be97f38, 0xe475381a), TOBN(0xca1ba422, 0x85823334), + TOBN(0xf83cc5c7, 0x0be17dda), TOBN(0x158b1494, 0x0b918c0f)}}, + {{TOBN(0xda3a77e5, 0x522e6b69), TOBN(0x69c908c3, 0xbbcd6c18), + TOBN(0x1f1b9e48, 0xd924fd56), TOBN(0x37c64e36, 0xaa4bb3f7)}, + {TOBN(0x5a4fdbdf, 0xee478d7d), TOBN(0xba75c8bc, 0x0193f7a0), + TOBN(0x84bc1e84, 0x56cd16df), TOBN(0x1fb08f08, 0x46fad151)}}, + {{TOBN(0x8a7cabf9, 0x842e9f30), TOBN(0xa331d4bf, 0x5eab83af), + TOBN(0xd272cfba, 0x017f2a6a), TOBN(0x27560abc, 0x83aba0e3)}, + {TOBN(0x94b83387, 0x0e3a6b75), TOBN(0x25c6aea2, 0x6b9f50f5), + TOBN(0x803d691d, 0xb5fdf6d0), TOBN(0x03b77509, 0xe6333514)}}, + {{TOBN(0x36178903, 0x61a341c1), TOBN(0x3604dc60, 0x0cfd6142), + TOBN(0x022295eb, 0x8533316c), TOBN(0x3dbde4ac, 0x44af2922)}, + {TOBN(0x898afc5d, 0x1c7eef69), TOBN(0x58896805, 0xd14f4fa1), + TOBN(0x05002160, 0x203c21ca), TOBN(0x6f0d1f30, 0x40ef730b)}}, + {{TOBN(0x8e8c44d4, 0x196224f8), TOBN(0x75a4ab95, 0x374d079d), + TOBN(0x79085ecc, 0x7d48f123), TOBN(0x56f04d31, 0x1bf65ad8)}, + {TOBN(0xe220bf1c, 0xbda602b2), TOBN(0x73ee1742, 0xf9612c69), + TOBN(0x76008fc8, 0x084fd06b), TOBN(0x4000ef9f, 0xf11380d1)}}, + {{TOBN(0x48201b4b, 0x12cfe297), TOBN(0x3eee129c, 0x292f74e5), + TOBN(0xe1fe114e, 0xc9e874e8), TOBN(0x899b055c, 0x92c5fc41)}, + {TOBN(0x4e477a64, 0x3a39c8cf), TOBN(0x82f09efe, 0x78963cc9), + TOBN(0x6fd3fd8f, 0xd333f863), TOBN(0x85132b2a, 0xdc949c63)}}, + {{TOBN(0x7e06a3ab, 0x516eb17b), TOBN(0x73bec06f, 0xd2c7372b), + TOBN(0xe4f74f55, 0xba896da6), TOBN(0xbb4afef8, 0x8e9eb40f)}, + {TOBN(0x2d75bec8, 0xe61d66b0), TOBN(0x02bda4b4, 0xef29300b), + TOBN(0x8bbaa8de, 0x026baa5a), TOBN(0xff54befd, 0xa07f4440)}}, + {{TOBN(0xbd9b8b1d, 0xbe7a2af3), TOBN(0xec51caa9, 0x4fb74a72), + TOBN(0xb9937a4b, 0x63879697), TOBN(0x7c9a9d20, 0xec2687d5)}, + {TOBN(0x1773e44f, 0x6ef5f014), TOBN(0x8abcf412, 0xe90c6900), + TOBN(0x387bd022, 0x8142161e), TOBN(0x50393755, 0xfcb6ff2a)}}, + {{TOBN(0x9813fd56, 0xed6def63), TOBN(0x53cf6482, 0x7d53106c), + TOBN(0x991a35bd, 0x431f7ac1), TOBN(0xf1e274dd, 0x63e65faf)}, + {TOBN(0xf63ffa3c, 0x44cc7880), TOBN(0x411a426b, 0x7c256981), + TOBN(0xb698b9fd, 0x93a420e0), TOBN(0x89fdddc0, 0xae53f8fe)}}, + {{TOBN(0x766e0722, 0x32398baa), TOBN(0x205fee42, 0x5cfca031), + TOBN(0xa49f5341, 0x7a029cf2), TOBN(0xa88c68b8, 0x4023890d)}, + {TOBN(0xbc275041, 0x7337aaa8), TOBN(0x9ed364ad, 0x0eb384f4), + TOBN(0xe0816f85, 0x29aba92f), TOBN(0x2e9e1941, 0x04e38a88)}}, + {{TOBN(0x57eef44a, 0x3dafd2d5), TOBN(0x35d1fae5, 0x97ed98d8), + TOBN(0x50628c09, 0x2307f9b1), TOBN(0x09d84aae, 0xd6cba5c6)}, + {TOBN(0x67071bc7, 0x88aaa691), TOBN(0x2dea57a9, 0xafe6cb03), + TOBN(0xdfe11bb4, 0x3d78ac01), TOBN(0x7286418c, 0x7fd7aa51)}}, + {{TOBN(0xfabf7709, 0x77f7195a), TOBN(0x8ec86167, 0xadeb838f), + TOBN(0xea1285a8, 0xbb4f012d), TOBN(0xd6883503, 0x9a3eab3f)}, + {TOBN(0xee5d24f8, 0x309004c2), TOBN(0xa96e4b76, 0x13ffe95e), + TOBN(0x0cdffe12, 0xbd223ea4), TOBN(0x8f5c2ee5, 0xb6739a53)}}, + {{TOBN(0x5cb4aaa5, 0xdd968198), TOBN(0xfa131c52, 0x72413a6c), + TOBN(0x53d46a90, 0x9536d903), TOBN(0xb270f0d3, 0x48606d8e)}, + {TOBN(0x518c7564, 0xa053a3bc), TOBN(0x088254b7, 0x1a86caef), + TOBN(0xb3ba8cb4, 0x0ab5efd0), TOBN(0x5c59900e, 0x4605945d)}}, + {{TOBN(0xecace1dd, 0xa1887395), TOBN(0x40960f36, 0x932a65de), + TOBN(0x9611ff5c, 0x3aa95529), TOBN(0xc58215b0, 0x7c1e5a36)}, + {TOBN(0xd48c9b58, 0xf0e1a524), TOBN(0xb406856b, 0xf590dfb8), + TOBN(0xc7605e04, 0x9cd95662), TOBN(0x0dd036ee, 0xa33ecf82)}}, + {{TOBN(0xa50171ac, 0xc33156b3), TOBN(0xf09d24ea, 0x4a80172e), + TOBN(0x4e1f72c6, 0x76dc8eef), TOBN(0xe60caadc, 0x5e3d44ee)}, + {TOBN(0x006ef8a6, 0x979b1d8f), TOBN(0x60908a1c, 0x97788d26), + TOBN(0x6e08f95b, 0x266feec0), TOBN(0x618427c2, 0x22e8c94e)}}, + {{TOBN(0x3d613339, 0x59145a65), TOBN(0xcd9bc368, 0xfa406337), + TOBN(0x82d11be3, 0x2d8a52a0), TOBN(0xf6877b27, 0x97a1c590)}, + {TOBN(0x837a819b, 0xf5cbdb25), TOBN(0x2a4fd1d8, 0xde090249), + TOBN(0x622a7de7, 0x74990e5f), TOBN(0x840fa5a0, 0x7945511b)}}, + {{TOBN(0x30b974be, 0x6558842d), TOBN(0x70df8c64, 0x17f3d0a6), + TOBN(0x7c803520, 0x7542e46d), TOBN(0x7251fe7f, 0xe4ecc823)}, + {TOBN(0xe59134cb, 0x5e9aac9a), TOBN(0x11bb0934, 0xf0045d71), + TOBN(0x53e5d9b5, 0xdbcb1d4e), TOBN(0x8d97a905, 0x92defc91)}}, + {{TOBN(0xfe289327, 0x7946d3f9), TOBN(0xe132bd24, 0x07472273), + TOBN(0xeeeb510c, 0x1eb6ae86), TOBN(0x777708c5, 0xf0595067)}, + {TOBN(0x18e2c8cd, 0x1297029e), TOBN(0x2c61095c, 0xbbf9305e), + TOBN(0xe466c258, 0x6b85d6d9), TOBN(0x8ac06c36, 0xda1ea530)}}, + {{TOBN(0xa365dc39, 0xa1304668), TOBN(0xe4a9c885, 0x07f89606), + TOBN(0x65a4898f, 0xacc7228d), TOBN(0x3e2347ff, 0x84ca8303)}, + {TOBN(0xa5f6fb77, 0xea7d23a3), TOBN(0x2fac257d, 0x672a71cd), + TOBN(0x6908bef8, 0x7e6a44d3), TOBN(0x8ff87566, 0x891d3d7a)}}, + {{TOBN(0xe58e90b3, 0x6b0cf82e), TOBN(0x6438d246, 0x2615b5e7), + TOBN(0x07b1f8fc, 0x669c145a), TOBN(0xb0d8b2da, 0x36f1e1cb)}, + {TOBN(0x54d5dadb, 0xd9184c4d), TOBN(0x3dbb18d5, 0xf93d9976), + TOBN(0x0a3e0f56, 0xd1147d47), TOBN(0x2afa8c8d, 0xa0a48609)}}, + {{TOBN(0x275353e8, 0xbc36742c), TOBN(0x898f427e, 0xeea0ed90), + TOBN(0x26f4947e, 0x3e477b00), TOBN(0x8ad8848a, 0x308741e3)}, + {TOBN(0x6c703c38, 0xd74a2a46), TOBN(0x5e3e05a9, 0x9ba17ba2), + TOBN(0xc1fa6f66, 0x4ab9a9e4), TOBN(0x474a2d9a, 0x3841d6ec)}}, + {{TOBN(0x871239ad, 0x653ae326), TOBN(0x14bcf72a, 0xa74cbb43), + TOBN(0x8737650e, 0x20d4c083), TOBN(0x3df86536, 0x110ed4af)}, + {TOBN(0xd2d86fe7, 0xb53ca555), TOBN(0x688cb00d, 0xabd5d538), + TOBN(0xcf81bda3, 0x1ad38468), TOBN(0x7ccfe3cc, 0xf01167b6)}}, + {{TOBN(0xcf4f47e0, 0x6c4c1fe6), TOBN(0x557e1f1a, 0x298bbb79), + TOBN(0xf93b974f, 0x30d45a14), TOBN(0x174a1d2d, 0x0baf97c4)}, + {TOBN(0x7a003b30, 0xc51fbf53), TOBN(0xd8940991, 0xee68b225), + TOBN(0x5b0aa7b7, 0x1c0f4173), TOBN(0x975797c9, 0xa20a7153)}}, + {{TOBN(0x26e08c07, 0xe3533d77), TOBN(0xd7222e6a, 0x2e341c99), + TOBN(0x9d60ec3d, 0x8d2dc4ed), TOBN(0xbdfe0d8f, 0x7c476cf8)}, + {TOBN(0x1fe59ab6, 0x1d056605), TOBN(0xa9ea9df6, 0x86a8551f), + TOBN(0x8489941e, 0x47fb8d8c), TOBN(0xfeb874eb, 0x4a7f1b10)}}, + {{TOBN(0xfe5fea86, 0x7ee0d98f), TOBN(0x201ad34b, 0xdbf61864), + TOBN(0x45d8fe47, 0x37c031d4), TOBN(0xd5f49fae, 0x795f0822)}, + {TOBN(0xdb0fb291, 0xc7f4a40c), TOBN(0x2e69d9c1, 0x730ddd92), + TOBN(0x754e1054, 0x49d76987), TOBN(0x8a24911d, 0x7662db87)}}, + {{TOBN(0x61fc1810, 0x60a71676), TOBN(0xe852d1a8, 0xf66a8ad1), + TOBN(0x172bbd65, 0x6417231e), TOBN(0x0d6de7bd, 0x3babb11f)}, + {TOBN(0x6fde6f88, 0xc8e347f8), TOBN(0x1c587547, 0x9bd99cc3), + TOBN(0x78e54ed0, 0x34076950), TOBN(0x97f0f334, 0x796e83ba)}}, + {{TOBN(0xe4dbe1ce, 0x4924867a), TOBN(0xbd5f51b0, 0x60b84917), + TOBN(0x37530040, 0x3cb09a79), TOBN(0xdb3fe0f8, 0xff1743d8)}, + {TOBN(0xed7894d8, 0x556fa9db), TOBN(0xfa262169, 0x23412fbf), + TOBN(0x563be0db, 0xba7b9291), TOBN(0x6ca8b8c0, 0x0c9fb234)}}, + {{TOBN(0xed406aa9, 0xbd763802), TOBN(0xc21486a0, 0x65303da1), + TOBN(0x61ae291e, 0xc7e62ec4), TOBN(0x622a0492, 0xdf99333e)}, + {TOBN(0x7fd80c9d, 0xbb7a8ee0), TOBN(0xdc2ed3bc, 0x6c01aedb), + TOBN(0x35c35a12, 0x08be74ec), TOBN(0xd540cb1a, 0x469f671f)}}, + {{TOBN(0xd16ced4e, 0xcf84f6c7), TOBN(0x8561fb9c, 0x2d090f43), + TOBN(0x7e693d79, 0x6f239db4), TOBN(0xa736f928, 0x77bd0d94)}, + {TOBN(0x07b4d929, 0x2c1950ee), TOBN(0xda177543, 0x56dc11b3), + TOBN(0xa5dfbbaa, 0x7a6a878e), TOBN(0x1c70cb29, 0x4decb08a)}}, + {{TOBN(0xfba28c8b, 0x6f0f7c50), TOBN(0xa8eba2b8, 0x854dcc6d), + TOBN(0x5ff8e89a, 0x36b78642), TOBN(0x070c1c8e, 0xf6873adf)}, + {TOBN(0xbbd3c371, 0x6484d2e4), TOBN(0xfb78318f, 0x0d414129), + TOBN(0x2621a39c, 0x6ad93b0b), TOBN(0x979d74c2, 0xa9e917f7)}}, + {{TOBN(0xfc195647, 0x61fb0428), TOBN(0x4d78954a, 0xbee624d4), + TOBN(0xb94896e0, 0xb8ae86fd), TOBN(0x6667ac0c, 0xc91c8b13)}, + {TOBN(0x9f180512, 0x43bcf832), TOBN(0xfbadf8b7, 0xa0010137), + TOBN(0xc69b4089, 0xb3ba8aa7), TOBN(0xfac4bacd, 0xe687ce85)}}, + {{TOBN(0x9164088d, 0x977eab40), TOBN(0x51f4c5b6, 0x2760b390), + TOBN(0xd238238f, 0x340dd553), TOBN(0x358566c3, 0xdb1d31c9)}, + {TOBN(0x3a5ad69e, 0x5068f5ff), TOBN(0xf31435fc, 0xdaff6b06), + TOBN(0xae549a5b, 0xd6debff0), TOBN(0x59e5f0b7, 0x75e01331)}}, + {{TOBN(0x5d492fb8, 0x98559acf), TOBN(0x96018c2e, 0x4db79b50), + TOBN(0x55f4a48f, 0x609f66aa), TOBN(0x1943b3af, 0x4900a14f)}, + {TOBN(0xc22496df, 0x15a40d39), TOBN(0xb2a44684, 0x4c20f7c5), + TOBN(0x76a35afa, 0x3b98404c), TOBN(0xbec75725, 0xff5d1b77)}}, + {{TOBN(0xb67aa163, 0xbea06444), TOBN(0x27e95bb2, 0xf724b6f2), + TOBN(0x3c20e3e9, 0xd238c8ab), TOBN(0x1213754e, 0xddd6ae17)}, + {TOBN(0x8c431020, 0x716e0f74), TOBN(0x6679c82e, 0xffc095c2), + TOBN(0x2eb3adf4, 0xd0ac2932), TOBN(0x2cc970d3, 0x01bb7a76)}}, + {{TOBN(0x70c71f2f, 0x740f0e66), TOBN(0x545c616b, 0x2b6b23cc), + TOBN(0x4528cfcb, 0xb40a8bd7), TOBN(0xff839633, 0x2ab27722)}, + {TOBN(0x049127d9, 0x025ac99a), TOBN(0xd314d4a0, 0x2b63e33b), + TOBN(0xc8c310e7, 0x28d84519), TOBN(0x0fcb8983, 0xb3bc84ba)}}, + {{TOBN(0x2cc52261, 0x38634818), TOBN(0x501814f4, 0xb44c2e0b), + TOBN(0xf7e181aa, 0x54dfdba3), TOBN(0xcfd58ff0, 0xe759718c)}, + {TOBN(0xf90cdb14, 0xd3b507a8), TOBN(0x57bd478e, 0xc50bdad8), + TOBN(0x29c197e2, 0x50e5f9aa), TOBN(0x4db6eef8, 0xe40bc855)}}, + {{TOBN(0x2cc8f21a, 0xd1fc0654), TOBN(0xc71cc963, 0x81269d73), + TOBN(0xecfbb204, 0x077f49f9), TOBN(0xdde92571, 0xca56b793)}, + {TOBN(0x9abed6a3, 0xf97ad8f7), TOBN(0xe6c19d3f, 0x924de3bd), + TOBN(0x8dce92f4, 0xa140a800), TOBN(0x85f44d1e, 0x1337af07)}}, + {{TOBN(0x5953c08b, 0x09d64c52), TOBN(0xa1b5e49f, 0xf5df9749), + TOBN(0x336a8fb8, 0x52735f7d), TOBN(0xb332b6db, 0x9add676b)}, + {TOBN(0x558b88a0, 0xb4511aa4), TOBN(0x09788752, 0xdbd5cc55), + TOBN(0x16b43b9c, 0xd8cd52bd), TOBN(0x7f0bc5a0, 0xc2a2696b)}}, + {{TOBN(0x146e12d4, 0xc11f61ef), TOBN(0x9ce10754, 0x3a83e79e), + TOBN(0x08ec73d9, 0x6cbfca15), TOBN(0x09ff29ad, 0x5b49653f)}, + {TOBN(0xe31b72bd, 0xe7da946e), TOBN(0xebf9eb3b, 0xee80a4f2), + TOBN(0xd1aabd08, 0x17598ce4), TOBN(0x18b5fef4, 0x53f37e80)}}, + {{TOBN(0xd5d5cdd3, 0x5958cd79), TOBN(0x3580a1b5, 0x1d373114), + TOBN(0xa36e4c91, 0xfa935726), TOBN(0xa38c534d, 0xef20d760)}, + {TOBN(0x7088e40a, 0x2ff5845b), TOBN(0xe5bb40bd, 0xbd78177f), + TOBN(0x4f06a7a8, 0x857f9920), TOBN(0xe3cc3e50, 0xe968f05d)}}, + {{TOBN(0x1d68b7fe, 0xe5682d26), TOBN(0x5206f76f, 0xaec7f87c), + TOBN(0x41110530, 0x041951ab), TOBN(0x58ec52c1, 0xd4b5a71a)}, + {TOBN(0xf3488f99, 0x0f75cf9a), TOBN(0xf411951f, 0xba82d0d5), + TOBN(0x27ee75be, 0x618895ab), TOBN(0xeae060d4, 0x6d8aab14)}}, + {{TOBN(0x9ae1df73, 0x7fb54dc2), TOBN(0x1f3e391b, 0x25963649), + TOBN(0x242ec32a, 0xfe055081), TOBN(0x5bd450ef, 0x8491c9bd)}, + {TOBN(0x367efc67, 0x981eb389), TOBN(0xed7e1928, 0x3a0550d5), + TOBN(0x362e776b, 0xab3ce75c), TOBN(0xe890e308, 0x1f24c523)}}, + {{TOBN(0xb961b682, 0xfeccef76), TOBN(0x8b8e11f5, 0x8bba6d92), + TOBN(0x8f2ccc4c, 0x2b2375c4), TOBN(0x0d7f7a52, 0xe2f86cfa)}, + {TOBN(0xfd94d30a, 0x9efe5633), TOBN(0x2d8d246b, 0x5451f934), + TOBN(0x2234c6e3, 0x244e6a00), TOBN(0xde2b5b0d, 0xddec8c50)}}, + {{TOBN(0x2ce53c5a, 0xbf776f5b), TOBN(0x6f724071, 0x60357b05), + TOBN(0xb2593717, 0x71bf3f7a), TOBN(0x87d2501c, 0x440c4a9f)}, + {TOBN(0x440552e1, 0x87b05340), TOBN(0xb7bf7cc8, 0x21624c32), + TOBN(0x4155a6ce, 0x22facddb), TOBN(0x5a4228cb, 0x889837ef)}}, + {{TOBN(0xef87d6d6, 0xfd4fd671), TOBN(0xa233687e, 0xc2daa10e), + TOBN(0x75622244, 0x03c0eb96), TOBN(0x7632d184, 0x8bf19be6)}, + {TOBN(0x05d0f8e9, 0x40735ff4), TOBN(0x3a3e6e13, 0xc00931f1), + TOBN(0x31ccde6a, 0xdafe3f18), TOBN(0xf381366a, 0xcfe51207)}}, + {{TOBN(0x24c222a9, 0x60167d92), TOBN(0x62f9d6f8, 0x7529f18c), + TOBN(0x412397c0, 0x0353b114), TOBN(0x334d89dc, 0xef808043)}, + {TOBN(0xd9ec63ba, 0x2a4383ce), TOBN(0xcec8e937, 0x5cf92ba0), + TOBN(0xfb8b4288, 0xc8be74c0), TOBN(0x67d6912f, 0x105d4391)}}, + {{TOBN(0x7b996c46, 0x1b913149), TOBN(0x36aae2ef, 0x3a4e02da), + TOBN(0xb68aa003, 0x972de594), TOBN(0x284ec70d, 0x4ec6d545)}, + {TOBN(0xf3d2b2d0, 0x61391d54), TOBN(0x69c5d5d6, 0xfe114e92), + TOBN(0xbe0f00b5, 0xb4482dff), TOBN(0xe1596fa5, 0xf5bf33c5)}}, + {{TOBN(0x10595b56, 0x96a71cba), TOBN(0x944938b2, 0xfdcadeb7), + TOBN(0xa282da4c, 0xfccd8471), TOBN(0x98ec05f3, 0x0d37bfe1)}, + {TOBN(0xe171ce1b, 0x0698304a), TOBN(0x2d691444, 0x21bdf79b), + TOBN(0xd0cd3b74, 0x1b21dec1), TOBN(0x712ecd8b, 0x16a15f71)}}, + {{TOBN(0x8d4c00a7, 0x00fd56e1), TOBN(0x02ec9692, 0xf9527c18), + TOBN(0x21c44937, 0x4a3e42e1), TOBN(0x9176fbab, 0x1392ae0a)}, + {TOBN(0x8726f1ba, 0x44b7b618), TOBN(0xb4d7aae9, 0xf1de491c), + TOBN(0xf91df7b9, 0x07b582c0), TOBN(0x7e116c30, 0xef60aa3a)}}, + {{TOBN(0x99270f81, 0x466265d7), TOBN(0xb15b6fe2, 0x4df7adf0), + TOBN(0xfe33b2d3, 0xf9738f7f), TOBN(0x48553ab9, 0xd6d70f95)}, + {TOBN(0x2cc72ac8, 0xc21e94db), TOBN(0x795ac38d, 0xbdc0bbee), + TOBN(0x0a1be449, 0x2e40478f), TOBN(0x81bd3394, 0x052bde55)}}, + {{TOBN(0x63c8dbe9, 0x56b3c4f2), TOBN(0x017a99cf, 0x904177cc), + TOBN(0x947bbddb, 0x4d010fc1), TOBN(0xacf9b00b, 0xbb2c9b21)}, + {TOBN(0x2970bc8d, 0x47173611), TOBN(0x1a4cbe08, 0xac7d756f), + TOBN(0x06d9f4aa, 0x67d541a2), TOBN(0xa3e8b689, 0x59c2cf44)}}, + {{TOBN(0xaad066da, 0x4d88f1dd), TOBN(0xc604f165, 0x7ad35dea), + TOBN(0x7edc0720, 0x4478ca67), TOBN(0xa10dfae0, 0xba02ce06)}, + {TOBN(0xeceb1c76, 0xaf36f4e4), TOBN(0x994b2292, 0xaf3f8f48), + TOBN(0xbf9ed77b, 0x77c8a68c), TOBN(0x74f544ea, 0x51744c9d)}}, + {{TOBN(0x82d05bb9, 0x8113a757), TOBN(0x4ef2d2b4, 0x8a9885e4), + TOBN(0x1e332be5, 0x1aa7865f), TOBN(0x22b76b18, 0x290d1a52)}, + {TOBN(0x308a2310, 0x44351683), TOBN(0x9d861896, 0xa3f22840), + TOBN(0x5959ddcd, 0x841ed947), TOBN(0x0def0c94, 0x154b73bf)}}, + {{TOBN(0xf0105417, 0x4c7c15e0), TOBN(0x539bfb02, 0x3a277c32), + TOBN(0xe699268e, 0xf9dccf5f), TOBN(0x9f5796a5, 0x0247a3bd)}, + {TOBN(0x8b839de8, 0x4f157269), TOBN(0xc825c1e5, 0x7a30196b), + TOBN(0x6ef0aabc, 0xdc8a5a91), TOBN(0xf4a8ce6c, 0x498b7fe6)}}, + {{TOBN(0x1cce35a7, 0x70cbac78), TOBN(0x83488e9b, 0xf6b23958), + TOBN(0x0341a070, 0xd76cb011), TOBN(0xda6c9d06, 0xae1b2658)}, + {TOBN(0xb701fb30, 0xdd648c52), TOBN(0x994ca02c, 0x52fb9fd1), + TOBN(0x06933117, 0x6f563086), TOBN(0x3d2b8100, 0x17856bab)}}, + {{TOBN(0xe89f48c8, 0x5963a46e), TOBN(0x658ab875, 0xa99e61c7), + TOBN(0x6e296f87, 0x4b8517b4), TOBN(0x36c4fcdc, 0xfc1bc656)}, + {TOBN(0xde5227a1, 0xa3906def), TOBN(0x9fe95f57, 0x62418945), + TOBN(0x20c91e81, 0xfdd96cde), TOBN(0x5adbe47e, 0xda4480de)}}, + {{TOBN(0xa009370f, 0x396de2b6), TOBN(0x98583d4b, 0xf0ecc7bd), + TOBN(0xf44f6b57, 0xe51d0672), TOBN(0x03d6b078, 0x556b1984)}, + {TOBN(0x27dbdd93, 0xb0b64912), TOBN(0x9b3a3434, 0x15687b09), + TOBN(0x0dba6461, 0x51ec20a9), TOBN(0xec93db7f, 0xff28187c)}}, + {{TOBN(0x00ff8c24, 0x66e48bdd), TOBN(0x2514f2f9, 0x11ccd78e), + TOBN(0xeba11f4f, 0xe1250603), TOBN(0x8a22cd41, 0x243fa156)}, + {TOBN(0xa4e58df4, 0xb283e4c6), TOBN(0x78c29859, 0x8b39783f), + TOBN(0x5235aee2, 0xa5259809), TOBN(0xc16284b5, 0x0e0227dd)}}, + {{TOBN(0xa5f57916, 0x1338830d), TOBN(0x6d4b8a6b, 0xd2123fca), + TOBN(0x236ea68a, 0xf9c546f8), TOBN(0xc1d36873, 0xfa608d36)}, + {TOBN(0xcd76e495, 0x8d436d13), TOBN(0xd4d9c221, 0x8fb080af), + TOBN(0x665c1728, 0xe8ad3fb5), TOBN(0xcf1ebe4d, 0xb3d572e0)}}, + {{TOBN(0xa7a8746a, 0x584c5e20), TOBN(0x267e4ea1, 0xb9dc7035), + TOBN(0x593a15cf, 0xb9548c9b), TOBN(0x5e6e2135, 0x4bd012f3)}, + {TOBN(0xdf31cc6a, 0x8c8f936e), TOBN(0x8af84d04, 0xb5c241dc), + TOBN(0x63990a6f, 0x345efb86), TOBN(0x6fef4e61, 0xb9b962cb)}}}, + {{{TOBN(0xf6368f09, 0x25722608), TOBN(0x131260db, 0x131cf5c6), + TOBN(0x40eb353b, 0xfab4f7ac), TOBN(0x85c78880, 0x37eee829)}, + {TOBN(0x4c1581ff, 0xc3bdf24e), TOBN(0x5bff75cb, 0xf5c3c5a8), + TOBN(0x35e8c83f, 0xa14e6f40), TOBN(0xb81d1c0f, 0x0295e0ca)}}, + {{TOBN(0xfcde7cc8, 0xf43a730f), TOBN(0xe89b6f3c, 0x33ab590e), + TOBN(0xc823f529, 0xad03240b), TOBN(0x82b79afe, 0x98bea5db)}, + {TOBN(0x568f2856, 0x962fe5de), TOBN(0x0c590adb, 0x60c591f3), + TOBN(0x1fc74a14, 0x4a28a858), TOBN(0x3b662498, 0xb3203f4c)}}, + {{TOBN(0x91e3cf0d, 0x6c39765a), TOBN(0xa2db3acd, 0xac3cca0b), + TOBN(0x288f2f08, 0xcb953b50), TOBN(0x2414582c, 0xcf43cf1a)}, + {TOBN(0x8dec8bbc, 0x60eee9a8), TOBN(0x54c79f02, 0x729aa042), + TOBN(0xd81cd5ec, 0x6532f5d5), TOBN(0xa672303a, 0xcf82e15f)}}, + {{TOBN(0x376aafa8, 0x719c0563), TOBN(0xcd8ad2dc, 0xbc5fc79f), + TOBN(0x303fdb9f, 0xcb750cd3), TOBN(0x14ff052f, 0x4418b08e)}, + {TOBN(0xf75084cf, 0x3e2d6520), TOBN(0x7ebdf0f8, 0x144ed509), + TOBN(0xf43bf0f2, 0xd3f25b98), TOBN(0x86ad71cf, 0xa354d837)}}, + {{TOBN(0xb827fe92, 0x26f43572), TOBN(0xdfd3ab5b, 0x5d824758), + TOBN(0x315dd23a, 0x539094c1), TOBN(0x85c0e37a, 0x66623d68)}, + {TOBN(0x575c7972, 0x7be19ae0), TOBN(0x616a3396, 0xdf0d36b5), + TOBN(0xa1ebb3c8, 0x26b1ff7e), TOBN(0x635b9485, 0x140ad453)}}, + {{TOBN(0x92bf3cda, 0xda430c0b), TOBN(0x4702850e, 0x3a96dac6), + TOBN(0xc91cf0a5, 0x15ac326a), TOBN(0x95de4f49, 0xab8c25e4)}, + {TOBN(0xb01bad09, 0xe265c17c), TOBN(0x24e45464, 0x087b3881), + TOBN(0xd43e583c, 0xe1fac5ca), TOBN(0xe17cb318, 0x6ead97a6)}}, + {{TOBN(0x6cc39243, 0x74dcec46), TOBN(0x33cfc02d, 0x54c2b73f), + TOBN(0x82917844, 0xf26cd99c), TOBN(0x8819dd95, 0xd1773f89)}, + {TOBN(0x09572aa6, 0x0871f427), TOBN(0x8e0cf365, 0xf6f01c34), + TOBN(0x7fa52988, 0xbff1f5af), TOBN(0x4eb357ea, 0xe75e8e50)}}, + {{TOBN(0xd9d0c8c4, 0x868af75d), TOBN(0xd7325cff, 0x45c8c7ea), + TOBN(0xab471996, 0xcc81ecb0), TOBN(0xff5d55f3, 0x611824ed)}, + {TOBN(0xbe314541, 0x1977a0ee), TOBN(0x5085c4c5, 0x722038c6), + TOBN(0x2d5335bf, 0xf94bb495), TOBN(0x894ad8a6, 0xc8e2a082)}}, + {{TOBN(0x5c3e2341, 0xada35438), TOBN(0xf4a9fc89, 0x049b8c4e), + TOBN(0xbeeb355a, 0x9f17cf34), TOBN(0x3f311e0e, 0x6c91fe10)}, + {TOBN(0xc2d20038, 0x92ab9891), TOBN(0x257bdcc1, 0x3e8ce9a9), + TOBN(0x1b2d9789, 0x88c53bee), TOBN(0x927ce89a, 0xcdba143a)}}, + {{TOBN(0xb0a32cca, 0x523db280), TOBN(0x5c889f8a, 0x50d43783), + TOBN(0x503e04b3, 0x4897d16f), TOBN(0x8cdb6e78, 0x08f5f2e8)}, + {TOBN(0x6ab91cf0, 0x179c8e74), TOBN(0xd8874e52, 0x48211d60), + TOBN(0xf948d4d5, 0xea851200), TOBN(0x4076d41e, 0xe6f9840a)}}, + {{TOBN(0xc20e263c, 0x47b517ea), TOBN(0x79a448fd, 0x30685e5e), + TOBN(0xe55f6f78, 0xf90631a0), TOBN(0x88a790b1, 0xa79e6346)}, + {TOBN(0x62160c7d, 0x80969fe8), TOBN(0x54f92fd4, 0x41491bb9), + TOBN(0xa6645c23, 0x5c957526), TOBN(0xf44cc5ae, 0xbea3ce7b)}}, + {{TOBN(0xf7628327, 0x8b1e68b7), TOBN(0xc731ad7a, 0x303f29d3), + TOBN(0xfe5a9ca9, 0x57d03ecb), TOBN(0x96c0d50c, 0x41bc97a7)}, + {TOBN(0xc4669fe7, 0x9b4f7f24), TOBN(0xfdd781d8, 0x3d9967ef), + TOBN(0x7892c7c3, 0x5d2c208d), TOBN(0x8bf64f7c, 0xae545cb3)}}, + {{TOBN(0xc01f862c, 0x467be912), TOBN(0xf4c85ee9, 0xc73d30cc), + TOBN(0x1fa6f4be, 0x6ab83ec7), TOBN(0xa07a3c1c, 0x4e3e3cf9)}, + {TOBN(0x87f8ef45, 0x0c00beb3), TOBN(0x30e2c2b3, 0x000d4c3e), + TOBN(0x1aa00b94, 0xfe08bf5b), TOBN(0x32c133aa, 0x9224ef52)}}, + {{TOBN(0x38df16bb, 0x32e5685d), TOBN(0x68a9e069, 0x58e6f544), + TOBN(0x495aaff7, 0xcdc5ebc6), TOBN(0xf894a645, 0x378b135f)}, + {TOBN(0xf316350a, 0x09e27ecf), TOBN(0xeced201e, 0x58f7179d), + TOBN(0x2eec273c, 0xe97861ba), TOBN(0x47ec2cae, 0xd693be2e)}}, + {{TOBN(0xfa4c97c4, 0xf68367ce), TOBN(0xe4f47d0b, 0xbe5a5755), + TOBN(0x17de815d, 0xb298a979), TOBN(0xd7eca659, 0xc177dc7d)}, + {TOBN(0x20fdbb71, 0x49ded0a3), TOBN(0x4cb2aad4, 0xfb34d3c5), + TOBN(0x2cf31d28, 0x60858a33), TOBN(0x3b6873ef, 0xa24aa40f)}}, + {{TOBN(0x540234b2, 0x2c11bb37), TOBN(0x2d0366dd, 0xed4c74a3), + TOBN(0xf9a968da, 0xeec5f25d), TOBN(0x36601068, 0x67b63142)}, + {TOBN(0x07cd6d2c, 0x68d7b6d4), TOBN(0xa8f74f09, 0x0c842942), + TOBN(0xe2751404, 0x7768b1ee), TOBN(0x4b5f7e89, 0xfe62aee4)}}, + {{TOBN(0xc6a77177, 0x89070d26), TOBN(0xa1f28e4e, 0xdd1c8bc7), + TOBN(0xea5f4f06, 0x469e1f17), TOBN(0x78fc242a, 0xfbdb78e0)}, + {TOBN(0xc9c7c592, 0x8b0588f1), TOBN(0xb6b7a0fd, 0x1535921e), + TOBN(0xcc5bdb91, 0xbde5ae35), TOBN(0xb42c485e, 0x12ff1864)}}, + {{TOBN(0xa1113e13, 0xdbab98aa), TOBN(0xde9d469b, 0xa17b1024), + TOBN(0x23f48b37, 0xc0462d3a), TOBN(0x3752e537, 0x7c5c078d)}, + {TOBN(0xe3a86add, 0x15544eb9), TOBN(0xf013aea7, 0x80fba279), + TOBN(0x8b5bb76c, 0xf22001b5), TOBN(0xe617ba14, 0xf02891ab)}}, + {{TOBN(0xd39182a6, 0x936219d3), TOBN(0x5ce1f194, 0xae51cb19), + TOBN(0xc78f8598, 0xbf07a74c), TOBN(0x6d7158f2, 0x22cbf1bc)}, + {TOBN(0x3b846b21, 0xe300ce18), TOBN(0x35fba630, 0x2d11275d), + TOBN(0x5fe25c36, 0xa0239b9b), TOBN(0xd8beb35d, 0xdf05d940)}}, + {{TOBN(0x4db02bb0, 0x1f7e320d), TOBN(0x0641c364, 0x6da320ea), + TOBN(0x6d95fa5d, 0x821389a3), TOBN(0x92699748, 0x8fcd8e3d)}, + {TOBN(0x316fef17, 0xceb6c143), TOBN(0x67fcb841, 0xd933762b), + TOBN(0xbb837e35, 0x118b17f8), TOBN(0x4b92552f, 0x9fd24821)}}, + {{TOBN(0xae6bc70e, 0x46aca793), TOBN(0x1cf0b0e4, 0xe579311b), + TOBN(0x8dc631be, 0x5802f716), TOBN(0x099bdc6f, 0xbddbee4d)}, + {TOBN(0xcc352bb2, 0x0caf8b05), TOBN(0xf74d505a, 0x72d63df2), + TOBN(0xb9876d4b, 0x91c4f408), TOBN(0x1ce18473, 0x9e229b2d)}}, + {{TOBN(0x49507597, 0x83abdb4a), TOBN(0x850fbcb6, 0xdee84b18), + TOBN(0x6325236e, 0x609e67dc), TOBN(0x04d831d9, 0x9336c6d8)}, + {TOBN(0x8deaae3b, 0xfa12d45d), TOBN(0xe425f8ce, 0x4746e246), + TOBN(0x8004c175, 0x24f5f31e), TOBN(0xaca16d8f, 0xad62c3b7)}}, + {{TOBN(0x0dc15a6a, 0x9152f934), TOBN(0xf1235e5d, 0xed0e12c1), + TOBN(0xc33c06ec, 0xda477dac), TOBN(0x76be8732, 0xb2ea0006)}, + {TOBN(0xcf3f7831, 0x0c0cd313), TOBN(0x3c524553, 0xa614260d), + TOBN(0x31a756f8, 0xcab22d15), TOBN(0x03ee10d1, 0x77827a20)}}, + {{TOBN(0xd1e059b2, 0x1994ef20), TOBN(0x2a653b69, 0x638ae318), + TOBN(0x70d5eb58, 0x2f699010), TOBN(0x279739f7, 0x09f5f84a)}, + {TOBN(0x5da4663c, 0x8b799336), TOBN(0xfdfdf14d, 0x203c37eb), + TOBN(0x32d8a9dc, 0xa1dbfb2d), TOBN(0xab40cff0, 0x77d48f9b)}}, + {{TOBN(0xc018b383, 0xd20b42d5), TOBN(0xf9a810ef, 0x9f78845f), + TOBN(0x40af3753, 0xbdba9df0), TOBN(0xb90bdcfc, 0x131dfdf9)}, + {TOBN(0x18720591, 0xf01ab782), TOBN(0xc823f211, 0x6af12a88), + TOBN(0xa51b80f3, 0x0dc14401), TOBN(0xde248f77, 0xfb2dfbe3)}}, + {{TOBN(0xef5a44e5, 0x0cafe751), TOBN(0x73997c9c, 0xd4dcd221), + TOBN(0x32fd86d1, 0xde854024), TOBN(0xd5b53adc, 0xa09b84bb)}, + {TOBN(0x008d7a11, 0xdcedd8d1), TOBN(0x406bd1c8, 0x74b32c84), + TOBN(0x5d4472ff, 0x05dde8b1), TOBN(0x2e25f2cd, 0xfce2b32f)}}, + {{TOBN(0xbec0dd5e, 0x29dfc254), TOBN(0x4455fcf6, 0x2b98b267), + TOBN(0x0b4d43a5, 0xc72df2ad), TOBN(0xea70e6be, 0x48a75397)}, + {TOBN(0x2aad6169, 0x5820f3bf), TOBN(0xf410d2dd, 0x9e37f68f), + TOBN(0x70fb7dba, 0x7be5ac83), TOBN(0x636bb645, 0x36ec3eec)}}, + {{TOBN(0x27104ea3, 0x9754e21c), TOBN(0xbc87a3e6, 0x8d63c373), + TOBN(0x483351d7, 0x4109db9a), TOBN(0x0fa724e3, 0x60134da7)}, + {TOBN(0x9ff44c29, 0xb0720b16), TOBN(0x2dd0cf13, 0x06aceead), + TOBN(0x5942758c, 0xe26929a6), TOBN(0x96c5db92, 0xb766a92b)}}, + {{TOBN(0xcec7d4c0, 0x5f18395e), TOBN(0xd3f22744, 0x1f80d032), + TOBN(0x7a68b37a, 0xcb86075b), TOBN(0x074764dd, 0xafef92db)}, + {TOBN(0xded1e950, 0x7bc7f389), TOBN(0xc580c850, 0xb9756460), + TOBN(0xaeeec2a4, 0x7da48157), TOBN(0x3f0b4e7f, 0x82c587b3)}}, + {{TOBN(0x231c6de8, 0xa9f19c53), TOBN(0x5717bd73, 0x6974e34e), + TOBN(0xd9e1d216, 0xf1508fa9), TOBN(0x9f112361, 0xdadaa124)}, + {TOBN(0x80145e31, 0x823b7348), TOBN(0x4dd8f0d5, 0xac634069), + TOBN(0xe3d82fc7, 0x2297c258), TOBN(0x276fcfee, 0x9cee7431)}}, + {{TOBN(0x8eb61b5e, 0x2bc0aea9), TOBN(0x4f668fd5, 0xde329431), + TOBN(0x03a32ab1, 0x38e4b87e), TOBN(0xe1374517, 0x73d0ef0b)}, + {TOBN(0x1a46f7e6, 0x853ac983), TOBN(0xc3bdf42e, 0x68e78a57), + TOBN(0xacf20785, 0x2ea96dd1), TOBN(0xa10649b9, 0xf1638460)}}, + {{TOBN(0xf2369f0b, 0x879fbbed), TOBN(0x0ff0ae86, 0xda9d1869), + TOBN(0x5251d759, 0x56766f45), TOBN(0x4984d8c0, 0x2be8d0fc)}, + {TOBN(0x7ecc95a6, 0xd21008f0), TOBN(0x29bd54a0, 0x3a1a1c49), + TOBN(0xab9828c5, 0xd26c50f3), TOBN(0x32c0087c, 0x51d0d251)}}, + {{TOBN(0x9bac3ce6, 0x0c1cdb26), TOBN(0xcd94d947, 0x557ca205), + TOBN(0x1b1bd598, 0x9db1fdcd), TOBN(0x0eda0108, 0xa3d8b149)}, + {TOBN(0x95066610, 0x56152fcc), TOBN(0xc2f037e6, 0xe7192b33), + TOBN(0xdeffb41a, 0xc92e05a4), TOBN(0x1105f6c2, 0xc2f6c62e)}}, + {{TOBN(0x68e73500, 0x8733913c), TOBN(0xcce86163, 0x3f3adc40), + TOBN(0xf407a942, 0x38a278e9), TOBN(0xd13c1b9d, 0x2ab21292)}, + {TOBN(0x93ed7ec7, 0x1c74cf5c), TOBN(0x8887dc48, 0xf1a4c1b4), + TOBN(0x3830ff30, 0x4b3a11f1), TOBN(0x358c5a3c, 0x58937cb6)}}, + {{TOBN(0x027dc404, 0x89022829), TOBN(0x40e93977, 0x3b798f79), + TOBN(0x90ad3337, 0x38be6ead), TOBN(0x9c23f6bc, 0xf34c0a5d)}, + {TOBN(0xd1711a35, 0xfbffd8bb), TOBN(0x60fcfb49, 0x1949d3dd), + TOBN(0x09c8ef4b, 0x7825d93a), TOBN(0x24233cff, 0xa0a8c968)}}, + {{TOBN(0x67ade46c, 0xe6d982af), TOBN(0xebb6bf3e, 0xe7544d7c), + TOBN(0xd6b9ba76, 0x3d8bd087), TOBN(0x46fe382d, 0x4dc61280)}, + {TOBN(0xbd39a7e8, 0xb5bdbd75), TOBN(0xab381331, 0xb8f228fe), + TOBN(0x0709a77c, 0xce1c4300), TOBN(0x6a247e56, 0xf337ceac)}}, + {{TOBN(0x8f34f21b, 0x636288be), TOBN(0x9dfdca74, 0xc8a7c305), + TOBN(0x6decfd1b, 0xea919e04), TOBN(0xcdf2688d, 0x8e1991f8)}, + {TOBN(0xe607df44, 0xd0f8a67e), TOBN(0xd985df4b, 0x0b58d010), + TOBN(0x57f834c5, 0x0c24f8f4), TOBN(0xe976ef56, 0xa0bf01ae)}}, + {{TOBN(0x536395ac, 0xa1c32373), TOBN(0x351027aa, 0x734c0a13), + TOBN(0xd2f1b5d6, 0x5e6bd5bc), TOBN(0x2b539e24, 0x223debed)}, + {TOBN(0xd4994cec, 0x0eaa1d71), TOBN(0x2a83381d, 0x661dcf65), + TOBN(0x5f1aed2f, 0x7b54c740), TOBN(0x0bea3fa5, 0xd6dda5ee)}}, + {{TOBN(0x9d4fb684, 0x36cc6134), TOBN(0x8eb9bbf3, 0xc0a443dd), + TOBN(0xfc500e2e, 0x383b7d2a), TOBN(0x7aad621c, 0x5b775257)}, + {TOBN(0x69284d74, 0x0a8f7cc0), TOBN(0xe820c2ce, 0x07562d65), + TOBN(0xbf9531b9, 0x499758ee), TOBN(0x73e95ca5, 0x6ee0cc2d)}}, + {{TOBN(0xf61790ab, 0xfbaf50a5), TOBN(0xdf55e76b, 0x684e0750), + TOBN(0xec516da7, 0xf176b005), TOBN(0x575553bb, 0x7a2dddc7)}, + {TOBN(0x37c87ca3, 0x553afa73), TOBN(0x315f3ffc, 0x4d55c251), + TOBN(0xe846442a, 0xaf3e5d35), TOBN(0x61b91149, 0x6495ff28)}}, + {{TOBN(0x23cc95d3, 0xfa326dc3), TOBN(0x1df4da1f, 0x18fc2cea), + TOBN(0x24bf9adc, 0xd0a37d59), TOBN(0xb6710053, 0x320d6e1e)}, + {TOBN(0x96f9667e, 0x618344d1), TOBN(0xcc7ce042, 0xa06445af), + TOBN(0xa02d8514, 0xd68dbc3a), TOBN(0x4ea109e4, 0x280b5a5b)}}, + {{TOBN(0x5741a7ac, 0xb40961bf), TOBN(0x4ada5937, 0x6aa56bfa), + TOBN(0x7feb9145, 0x02b765d1), TOBN(0x561e97be, 0xe6ad1582)}, + {TOBN(0xbbc4a5b6, 0xda3982f5), TOBN(0x0c2659ed, 0xb546f468), + TOBN(0xb8e7e6aa, 0x59612d20), TOBN(0xd83dfe20, 0xac19e8e0)}}, + {{TOBN(0x8530c45f, 0xb835398c), TOBN(0x6106a8bf, 0xb38a41c2), + TOBN(0x21e8f9a6, 0x35f5dcdb), TOBN(0x39707137, 0xcae498ed)}, + {TOBN(0x70c23834, 0xd8249f00), TOBN(0x9f14b58f, 0xab2537a0), + TOBN(0xd043c365, 0x5f61c0c2), TOBN(0xdc5926d6, 0x09a194a7)}}, + {{TOBN(0xddec0339, 0x8e77738a), TOBN(0xd07a63ef, 0xfba46426), + TOBN(0x2e58e79c, 0xee7f6e86), TOBN(0xe59b0459, 0xff32d241)}, + {TOBN(0xc5ec84e5, 0x20fa0338), TOBN(0x97939ac8, 0xeaff5ace), + TOBN(0x0310a4e3, 0xb4a38313), TOBN(0x9115fba2, 0x8f9d9885)}}, + {{TOBN(0x8dd710c2, 0x5fadf8c3), TOBN(0x66be38a2, 0xce19c0e2), + TOBN(0xd42a279c, 0x4cfe5022), TOBN(0x597bb530, 0x0e24e1b8)}, + {TOBN(0x3cde86b7, 0xc153ca7f), TOBN(0xa8d30fb3, 0x707d63bd), + TOBN(0xac905f92, 0xbd60d21e), TOBN(0x98e7ffb6, 0x7b9a54ab)}}, + {{TOBN(0xd7147df8, 0xe9726a30), TOBN(0xb5e216ff, 0xafce3533), + TOBN(0xb550b799, 0x2ff1ec40), TOBN(0x6b613b87, 0xa1e953fd)}, + {TOBN(0x87b88dba, 0x792d5610), TOBN(0x2ee1270a, 0xa190fbe1), + TOBN(0x02f4e2dc, 0x2ef581da), TOBN(0x016530e4, 0xeff82a95)}}, + {{TOBN(0xcbb93dfd, 0x8fd6ee89), TOBN(0x16d3d986, 0x46848fff), + TOBN(0x600eff24, 0x1da47adf), TOBN(0x1b9754a0, 0x0ad47a71)}, + {TOBN(0x8f9266df, 0x70c33b98), TOBN(0xaadc87ae, 0xdf34186e), + TOBN(0x0d2ce8e1, 0x4ad24132), TOBN(0x8a47cbfc, 0x19946eba)}}, + {{TOBN(0x47feeb66, 0x62b5f3af), TOBN(0xcefab561, 0x0abb3734), + TOBN(0x449de60e, 0x19f35cb1), TOBN(0x39f8db14, 0x157f0eb9)}, + {TOBN(0xffaecc5b, 0x3c61bfd6), TOBN(0xa5a4d41d, 0x41216703), + TOBN(0x7f8fabed, 0x224e1cc2), TOBN(0x0d5a8186, 0x871ad953)}}, + {{TOBN(0xf10774f7, 0xd22da9a9), TOBN(0x45b8a678, 0xcc8a9b0d), + TOBN(0xd9c2e722, 0xbdc32cff), TOBN(0xbf71b5f5, 0x337202a5)}, + {TOBN(0x95c57f2f, 0x69fc4db9), TOBN(0xb6dad34c, 0x765d01e1), + TOBN(0x7e0bd13f, 0xcb904635), TOBN(0x61751253, 0x763a588c)}}, + {{TOBN(0xd85c2997, 0x81af2c2d), TOBN(0xc0f7d9c4, 0x81b9d7da), + TOBN(0x838a34ae, 0x08533e8d), TOBN(0x15c4cb08, 0x311d8311)}, + {TOBN(0x97f83285, 0x8e121e14), TOBN(0xeea7dc1e, 0x85000a5f), + TOBN(0x0c6059b6, 0x5d256274), TOBN(0xec9beace, 0xb95075c0)}}, + {{TOBN(0x173daad7, 0x1df97828), TOBN(0xbf851cb5, 0xa8937877), + TOBN(0xb083c594, 0x01646f3c), TOBN(0x3bad30cf, 0x50c6d352)}, + {TOBN(0xfeb2b202, 0x496bbcea), TOBN(0x3cf9fd4f, 0x18a1e8ba), + TOBN(0xd26de7ff, 0x1c066029), TOBN(0x39c81e9e, 0x4e9ed4f8)}}, + {{TOBN(0xd8be0cb9, 0x7b390d35), TOBN(0x01df2bbd, 0x964aab27), + TOBN(0x3e8c1a65, 0xc3ef64f8), TOBN(0x567291d1, 0x716ed1dd)}, + {TOBN(0x95499c6c, 0x5f5406d3), TOBN(0x71fdda39, 0x5ba8e23f), + TOBN(0xcfeb320e, 0xd5096ece), TOBN(0xbe7ba92b, 0xca66dd16)}}, + {{TOBN(0x4608d36b, 0xc6fb5a7d), TOBN(0xe3eea15a, 0x6d2dd0e0), + TOBN(0x75b0a3eb, 0x8f97a36a), TOBN(0xf59814cc, 0x1c83de1e)}, + {TOBN(0x56c9c5b0, 0x1c33c23f), TOBN(0xa96c1da4, 0x6faa4136), + TOBN(0x46bf2074, 0xde316551), TOBN(0x3b866e7b, 0x1f756c8f)}}, + {{TOBN(0x727727d8, 0x1495ed6b), TOBN(0xb2394243, 0xb682dce7), + TOBN(0x8ab8454e, 0x758610f3), TOBN(0xc243ce84, 0x857d72a4)}, + {TOBN(0x7b320d71, 0xdbbf370f), TOBN(0xff9afa37, 0x78e0f7ca), + TOBN(0x0119d1e0, 0xea7b523f), TOBN(0xb997f8cb, 0x058c7d42)}}, + {{TOBN(0x285bcd2a, 0x37bbb184), TOBN(0x51dcec49, 0xa45d1fa6), + TOBN(0x6ade3b64, 0xe29634cb), TOBN(0x080c94a7, 0x26b86ef1)}, + {TOBN(0xba583db1, 0x2283fbe3), TOBN(0x902bddc8, 0x5a9315ed), + TOBN(0x07c1ccb3, 0x86964bec), TOBN(0x78f4eacf, 0xb6258301)}}, + {{TOBN(0x4bdf3a49, 0x56f90823), TOBN(0xba0f5080, 0x741d777b), + TOBN(0x091d71c3, 0xf38bf760), TOBN(0x9633d50f, 0x9b625b02)}, + {TOBN(0x03ecb743, 0xb8c9de61), TOBN(0xb4751254, 0x5de74720), + TOBN(0x9f9defc9, 0x74ce1cb2), TOBN(0x774a4f6a, 0x00bd32ef)}}, + {{TOBN(0xaca385f7, 0x73848f22), TOBN(0x53dad716, 0xf3f8558e), + TOBN(0xab7b34b0, 0x93c471f9), TOBN(0xf530e069, 0x19644bc7)}, + {TOBN(0x3d9fb1ff, 0xdd59d31a), TOBN(0x4382e0df, 0x08daa795), + TOBN(0x165c6f4b, 0xd5cc88d7), TOBN(0xeaa392d5, 0x4a18c900)}}, + {{TOBN(0x94203c67, 0x648024ee), TOBN(0x188763f2, 0x8c2fabcd), + TOBN(0xa80f87ac, 0xbbaec835), TOBN(0x632c96e0, 0xf29d8d54)}, + {TOBN(0x29b0a60e, 0x4c00a95e), TOBN(0x2ef17f40, 0xe011e9fa), + TOBN(0xf6c0e1d1, 0x15b77223), TOBN(0xaaec2c62, 0x14b04e32)}}, + {{TOBN(0xd35688d8, 0x3d84e58c), TOBN(0x2af5094c, 0x958571db), + TOBN(0x4fff7e19, 0x760682a6), TOBN(0x4cb27077, 0xe39a407c)}, + {TOBN(0x0f59c547, 0x4ff0e321), TOBN(0x169f34a6, 0x1b34c8ff), + TOBN(0x2bff1096, 0x52bc1ba7), TOBN(0xa25423b7, 0x83583544)}}, + {{TOBN(0x5d55d5d5, 0x0ac8b782), TOBN(0xff6622ec, 0x2db3c892), + TOBN(0x48fce741, 0x6b8bb642), TOBN(0x31d6998c, 0x69d7e3dc)}, + {TOBN(0xdbaf8004, 0xcadcaed0), TOBN(0x801b0142, 0xd81d053c), + TOBN(0x94b189fc, 0x59630ec6), TOBN(0x120e9934, 0xaf762c8e)}}, + {{TOBN(0x53a29aa4, 0xfdc6a404), TOBN(0x19d8e01e, 0xa1909948), + TOBN(0x3cfcabf1, 0xd7e89681), TOBN(0x3321a50d, 0x4e132d37)}, + {TOBN(0xd0496863, 0xe9a86111), TOBN(0x8c0cde61, 0x06a3bc65), + TOBN(0xaf866c49, 0xfc9f8eef), TOBN(0x2066350e, 0xff7f5141)}}, + {{TOBN(0x4f8a4689, 0xe56ddfbd), TOBN(0xea1b0c07, 0xfe32983a), + TOBN(0x2b317462, 0x873cb8cb), TOBN(0x658deddc, 0x2d93229f)}, + {TOBN(0x65efaf4d, 0x0f64ef58), TOBN(0xfe43287d, 0x730cc7a8), + TOBN(0xaebc0c72, 0x3d047d70), TOBN(0x92efa539, 0xd92d26c9)}}, + {{TOBN(0x06e78457, 0x94b56526), TOBN(0x415cb80f, 0x0961002d), + TOBN(0x89e5c565, 0x76dcb10f), TOBN(0x8bbb6982, 0xff9259fe)}, + {TOBN(0x4fe8795b, 0x9abc2668), TOBN(0xb5d4f534, 0x1e678fb1), + TOBN(0x6601f3be, 0x7b7da2b9), TOBN(0x98da59e2, 0xa13d6805)}}, + {{TOBN(0x190d8ea6, 0x01799a52), TOBN(0xa20cec41, 0xb86d2952), + TOBN(0x3062ffb2, 0x7fff2a7c), TOBN(0x741b32e5, 0x79f19d37)}, + {TOBN(0xf80d8181, 0x4eb57d47), TOBN(0x7a2d0ed4, 0x16aef06b), + TOBN(0x09735fb0, 0x1cecb588), TOBN(0x1641caaa, 0xc6061f5b)}}}, + {{{TOBN(0x7f99824f, 0x20151427), TOBN(0x206828b6, 0x92430206), + TOBN(0xaa9097d7, 0xe1112357), TOBN(0xacf9a2f2, 0x09e414ec)}, + {TOBN(0xdbdac9da, 0x27915356), TOBN(0x7e0734b7, 0x001efee3), + TOBN(0x54fab5bb, 0xd2b288e2), TOBN(0x4c630fc4, 0xf62dd09c)}}, + {{TOBN(0x8537107a, 0x1ac2703b), TOBN(0xb49258d8, 0x6bc857b5), + TOBN(0x57df14de, 0xbcdaccd1), TOBN(0x24ab68d7, 0xc4ae8529)}, + {TOBN(0x7ed8b5d4, 0x734e59d0), TOBN(0x5f8740c8, 0xc495cc80), + TOBN(0x84aedd5a, 0x291db9b3), TOBN(0x80b360f8, 0x4fb995be)}}, + {{TOBN(0xae915f5d, 0x5fa067d1), TOBN(0x4134b57f, 0x9668960c), + TOBN(0xbd3656d6, 0xa48edaac), TOBN(0xdac1e3e4, 0xfc1d7436)}, + {TOBN(0x674ff869, 0xd81fbb26), TOBN(0x449ed3ec, 0xb26c33d4), + TOBN(0x85138705, 0xd94203e8), TOBN(0xccde538b, 0xbeeb6f4a)}}, + {{TOBN(0x55d5c68d, 0xa61a76fa), TOBN(0x598b441d, 0xca1554dc), + TOBN(0xd39923b9, 0x773b279c), TOBN(0x33331d3c, 0x36bf9efc)}, + {TOBN(0x2d4c848e, 0x298de399), TOBN(0xcfdb8e77, 0xa1a27f56), + TOBN(0x94c855ea, 0x57b8ab70), TOBN(0xdcdb9dae, 0x6f7879ba)}}, + {{TOBN(0x7bdff8c2, 0x019f2a59), TOBN(0xb3ce5bb3, 0xcb4fbc74), + TOBN(0xea907f68, 0x8a9173dd), TOBN(0x6cd3d0d3, 0x95a75439)}, + {TOBN(0x92ecc4d6, 0xefed021c), TOBN(0x09a9f9b0, 0x6a77339a), + TOBN(0x87ca6b15, 0x7188c64a), TOBN(0x10c29968, 0x44899158)}}, + {{TOBN(0x5859a229, 0xed6e82ef), TOBN(0x16f338e3, 0x65ebaf4e), + TOBN(0x0cd31387, 0x5ead67ae), TOBN(0x1c73d228, 0x54ef0bb4)}, + {TOBN(0x4cb55131, 0x74a5c8c7), TOBN(0x01cd2970, 0x7f69ad6a), + TOBN(0xa04d00dd, 0xe966f87e), TOBN(0xd96fe447, 0x0b7b0321)}}, + {{TOBN(0x342ac06e, 0x88fbd381), TOBN(0x02cd4a84, 0x5c35a493), + TOBN(0xe8fa89de, 0x54f1bbcd), TOBN(0x341d6367, 0x2575ed4c)}, + {TOBN(0xebe357fb, 0xd238202b), TOBN(0x600b4d1a, 0xa984ead9), + TOBN(0xc35c9f44, 0x52436ea0), TOBN(0x96fe0a39, 0xa370751b)}}, + {{TOBN(0x4c4f0736, 0x7f636a38), TOBN(0x9f943fb7, 0x0e76d5cb), + TOBN(0xb03510ba, 0xa8b68b8b), TOBN(0xc246780a, 0x9ed07a1f)}, + {TOBN(0x3c051415, 0x6d549fc2), TOBN(0xc2953f31, 0x607781ca), + TOBN(0x955e2c69, 0xd8d95413), TOBN(0xb300fadc, 0x7bd282e3)}}, + {{TOBN(0x81fe7b50, 0x87e9189f), TOBN(0xdb17375c, 0xf42dda27), + TOBN(0x22f7d896, 0xcf0a5904), TOBN(0xa0e57c5a, 0xebe348e6)}, + {TOBN(0xa61011d3, 0xf40e3c80), TOBN(0xb1189321, 0x8db705c5), + TOBN(0x4ed9309e, 0x50fedec3), TOBN(0xdcf14a10, 0x4d6d5c1d)}}, + {{TOBN(0x056c265b, 0x55691342), TOBN(0xe8e08504, 0x91049dc7), + TOBN(0x131329f5, 0xc9bae20a), TOBN(0x96c8b3e8, 0xd9dccdb4)}, + {TOBN(0x8c5ff838, 0xfb4ee6b4), TOBN(0xfc5a9aeb, 0x41e8ccf0), + TOBN(0x7417b764, 0xfae050c6), TOBN(0x0953c3d7, 0x00452080)}}, + {{TOBN(0x21372682, 0x38dfe7e8), TOBN(0xea417e15, 0x2bb79d4b), + TOBN(0x59641f1c, 0x76e7cf2d), TOBN(0x271e3059, 0xea0bcfcc)}, + {TOBN(0x624c7dfd, 0x7253ecbd), TOBN(0x2f552e25, 0x4fca6186), + TOBN(0xcbf84ecd, 0x4d866e9c), TOBN(0x73967709, 0xf68d4610)}}, + {{TOBN(0xa14b1163, 0xc27901b4), TOBN(0xfd9236e0, 0x899b8bf3), + TOBN(0x42b091ec, 0xcbc6da0a), TOBN(0xbb1dac6f, 0x5ad1d297)}, + {TOBN(0x80e61d53, 0xa91cf76e), TOBN(0x4110a412, 0xd31f1ee7), + TOBN(0x2d87c3ba, 0x13efcf77), TOBN(0x1f374bb4, 0xdf450d76)}}, + {{TOBN(0x5e78e2f2, 0x0d188dab), TOBN(0xe3968ed0, 0xf4b885ef), + TOBN(0x46c0568e, 0x7314570f), TOBN(0x31616338, 0x01170521)}, + {TOBN(0x18e1e7e2, 0x4f0c8afe), TOBN(0x4caa75ff, 0xdeea78da), + TOBN(0x82db67f2, 0x7c5d8a51), TOBN(0x36a44d86, 0x6f505370)}}, + {{TOBN(0xd72c5bda, 0x0333974f), TOBN(0x5db516ae, 0x27a70146), + TOBN(0x34705281, 0x210ef921), TOBN(0xbff17a8f, 0x0c9c38e5)}, + {TOBN(0x78f4814e, 0x12476da1), TOBN(0xc1e16613, 0x33c16980), + TOBN(0x9e5b386f, 0x424d4bca), TOBN(0x4c274e87, 0xc85740de)}}, + {{TOBN(0xb6a9b88d, 0x6c2f5226), TOBN(0x14d1b944, 0x550d7ca8), + TOBN(0x580c85fc, 0x1fc41709), TOBN(0xc1da368b, 0x54c6d519)}, + {TOBN(0x2b0785ce, 0xd5113cf7), TOBN(0x0670f633, 0x5a34708f), + TOBN(0x46e23767, 0x15cc3f88), TOBN(0x1b480cfa, 0x50c72c8f)}}, + {{TOBN(0x20288602, 0x4147519a), TOBN(0xd0981eac, 0x26b372f0), + TOBN(0xa9d4a7ca, 0xa785ebc8), TOBN(0xd953c50d, 0xdbdf58e9)}, + {TOBN(0x9d6361cc, 0xfd590f8f), TOBN(0x72e9626b, 0x44e6c917), + TOBN(0x7fd96110, 0x22eb64cf), TOBN(0x863ebb7e, 0x9eb288f3)}}, + {{TOBN(0x6e6ab761, 0x6aca8ee7), TOBN(0x97d10b39, 0xd7b40358), + TOBN(0x1687d377, 0x1e5feb0d), TOBN(0xc83e50e4, 0x8265a27a)}, + {TOBN(0x8f75a9fe, 0xc954b313), TOBN(0xcc2e8f47, 0x310d1f61), + TOBN(0xf5ba81c5, 0x6557d0e0), TOBN(0x25f9680c, 0x3eaf6207)}}, + {{TOBN(0xf95c6609, 0x4354080b), TOBN(0x5225bfa5, 0x7bf2fe1c), + TOBN(0xc5c004e2, 0x5c7d98fa), TOBN(0x3561bf1c, 0x019aaf60)}, + {TOBN(0x5e6f9f17, 0xba151474), TOBN(0xdec2f934, 0xb04f6eca), + TOBN(0x64e368a1, 0x269acb1e), TOBN(0x1332d9e4, 0x0cdda493)}}, + {{TOBN(0x60d6cf69, 0xdf23de05), TOBN(0x66d17da2, 0x009339a0), + TOBN(0x9fcac985, 0x0a693923), TOBN(0xbcf057fc, 0xed7c6a6d)}, + {TOBN(0xc3c5c8c5, 0xf0b5662c), TOBN(0x25318dd8, 0xdcba4f24), + TOBN(0x60e8cb75, 0x082b69ff), TOBN(0x7c23b3ee, 0x1e728c01)}}, + {{TOBN(0x15e10a0a, 0x097e4403), TOBN(0xcb3d0a86, 0x19854665), + TOBN(0x88d8e211, 0xd67d4826), TOBN(0xb39af66e, 0x0b9d2839)}, + {TOBN(0xa5f94588, 0xbd475ca8), TOBN(0xe06b7966, 0xc077b80b), + TOBN(0xfedb1485, 0xda27c26c), TOBN(0xd290d33a, 0xfe0fd5e0)}}, + {{TOBN(0xa40bcc47, 0xf34fb0fa), TOBN(0xb4760cc8, 0x1fb1ab09), + TOBN(0x8fca0993, 0xa273bfe3), TOBN(0x13e4fe07, 0xf70b213c)}, + {TOBN(0x3bcdb992, 0xfdb05163), TOBN(0x8c484b11, 0x0c2b19b6), + TOBN(0x1acb815f, 0xaaf2e3e2), TOBN(0xc6905935, 0xb89ff1b4)}}, + {{TOBN(0xb2ad6f9d, 0x586e74e1), TOBN(0x488883ad, 0x67b80484), + TOBN(0x758aa2c7, 0x369c3ddb), TOBN(0x8ab74e69, 0x9f9afd31)}, + {TOBN(0x10fc2d28, 0x5e21beb1), TOBN(0x3484518a, 0x318c42f9), + TOBN(0x377427dc, 0x53cf40c3), TOBN(0x9de0781a, 0x391bc1d9)}}, + {{TOBN(0x8faee858, 0x693807e1), TOBN(0xa3865327, 0x4e81ccc7), + TOBN(0x02c30ff2, 0x6f835b84), TOBN(0xb604437b, 0x0d3d38d4)}, + {TOBN(0xb3fc8a98, 0x5ca1823d), TOBN(0xb82f7ec9, 0x03be0324), + TOBN(0xee36d761, 0xcf684a33), TOBN(0x5a01df0e, 0x9f29bf7d)}}, + {{TOBN(0x686202f3, 0x1306583d), TOBN(0x05b10da0, 0x437c622e), + TOBN(0xbf9aaa0f, 0x076a7bc8), TOBN(0x25e94efb, 0x8f8f4e43)}, + {TOBN(0x8a35c9b7, 0xfa3dc26d), TOBN(0xe0e5fb93, 0x96ff03c5), + TOBN(0xa77e3843, 0xebc394ce), TOBN(0xcede6595, 0x8361de60)}}, + {{TOBN(0xd27c22f6, 0xa1993545), TOBN(0xab01cc36, 0x24d671ba), + TOBN(0x63fa2877, 0xa169c28e), TOBN(0x925ef904, 0x2eb08376)}, + {TOBN(0x3b2fa3cf, 0x53aa0b32), TOBN(0xb27beb5b, 0x71c49d7a), + TOBN(0xb60e1834, 0xd105e27f), TOBN(0xd6089788, 0x4f68570d)}}, + {{TOBN(0x23094ce0, 0xd6fbc2ac), TOBN(0x738037a1, 0x815ff551), + TOBN(0xda73b1bb, 0x6bef119c), TOBN(0xdcf6c430, 0xeef506ba)}, + {TOBN(0x00e4fe7b, 0xe3ef104a), TOBN(0xebdd9a2c, 0x0a065628), + TOBN(0x853a81c3, 0x8792043e), TOBN(0x22ad6ece, 0xb3b59108)}}, + {{TOBN(0x9fb813c0, 0x39cd297d), TOBN(0x8ec7e16e, 0x05bda5d9), + TOBN(0x2834797c, 0x0d104b96), TOBN(0xcc11a2e7, 0x7c511510)}, + {TOBN(0x96ca5a53, 0x96ee6380), TOBN(0x054c8655, 0xcea38742), + TOBN(0xb5946852, 0xd54dfa7d), TOBN(0x97c422e7, 0x1f4ab207)}}, + {{TOBN(0xbf907509, 0x0c22b540), TOBN(0x2cde42aa, 0xb7c267d4), + TOBN(0xba18f9ed, 0x5ab0d693), TOBN(0x3ba62aa6, 0x6e4660d9)}, + {TOBN(0xb24bf97b, 0xab9ea96a), TOBN(0x5d039642, 0xe3b60e32), + TOBN(0x4e6a4506, 0x7c4d9bd5), TOBN(0x666c5b9e, 0x7ed4a6a4)}}, + {{TOBN(0xfa3fdcd9, 0x8edbd7cc), TOBN(0x4660bb87, 0xc6ccd753), + TOBN(0x9ae90820, 0x21e6b64f), TOBN(0x8a56a713, 0xb36bfb3f)}, + {TOBN(0xabfce096, 0x5726d47f), TOBN(0x9eed01b2, 0x0b1a9a7f), + TOBN(0x30e9cad4, 0x4eb74a37), TOBN(0x7b2524cc, 0x53e9666d)}}, + {{TOBN(0x6a29683b, 0x8f4b002f), TOBN(0xc2200d7a, 0x41f4fc20), + TOBN(0xcf3af47a, 0x3a338acc), TOBN(0x6539a4fb, 0xe7128975)}, + {TOBN(0xcec31c14, 0xc33c7fcf), TOBN(0x7eb6799b, 0xc7be322b), + TOBN(0x119ef4e9, 0x6646f623), TOBN(0x7b7a26a5, 0x54d7299b)}}, + {{TOBN(0xcb37f08d, 0x403f46f2), TOBN(0x94b8fc43, 0x1a0ec0c7), + TOBN(0xbb8514e3, 0xc332142f), TOBN(0xf3ed2c33, 0xe80d2a7a)}, + {TOBN(0x8d2080af, 0xb639126c), TOBN(0xf7b6be60, 0xe3553ade), + TOBN(0x3950aa9f, 0x1c7e2b09), TOBN(0x847ff958, 0x6410f02b)}}, + {{TOBN(0x877b7cf5, 0x678a31b0), TOBN(0xd50301ae, 0x3998b620), + TOBN(0x734257c5, 0xc00fb396), TOBN(0xf9fb18a0, 0x04e672a6)}, + {TOBN(0xff8bd8eb, 0xe8758851), TOBN(0x1e64e4c6, 0x5d99ba44), + TOBN(0x4b8eaedf, 0x7dfd93b7), TOBN(0xba2f2a98, 0x04e76b8c)}}, + {{TOBN(0x7d790cba, 0xe8053433), TOBN(0xc8e725a0, 0x3d2c9585), + TOBN(0x58c5c476, 0xcdd8f5ed), TOBN(0xd106b952, 0xefa9fe1d)}, + {TOBN(0x3c5c775b, 0x0eff13a9), TOBN(0x242442ba, 0xe057b930), + TOBN(0xe9f458d4, 0xc9b70cbd), TOBN(0x69b71448, 0xa3cdb89a)}}, + {{TOBN(0x41ee46f6, 0x0e2ed742), TOBN(0x573f1045, 0x40067493), + TOBN(0xb1e154ff, 0x9d54c304), TOBN(0x2ad0436a, 0x8d3a7502)}, + {TOBN(0xee4aaa2d, 0x431a8121), TOBN(0xcd38b3ab, 0x886f11ed), + TOBN(0x57d49ea6, 0x034a0eb7), TOBN(0xd2b773bd, 0xf7e85e58)}}, + {{TOBN(0x4a559ac4, 0x9b5c1f14), TOBN(0xc444be1a, 0x3e54df2b), + TOBN(0x13aad704, 0xeda41891), TOBN(0xcd927bec, 0x5eb5c788)}, + {TOBN(0xeb3c8516, 0xe48c8a34), TOBN(0x1b7ac812, 0x4b546669), + TOBN(0x1815f896, 0x594df8ec), TOBN(0x87c6a79c, 0x79227865)}}, + {{TOBN(0xae02a2f0, 0x9b56ddbd), TOBN(0x1339b5ac, 0x8a2f1cf3), + TOBN(0xf2b569c7, 0x839dff0d), TOBN(0xb0b9e864, 0xfee9a43d)}, + {TOBN(0x4ff8ca41, 0x77bb064e), TOBN(0x145a2812, 0xfd249f63), + TOBN(0x3ab7beac, 0xf86f689a), TOBN(0x9bafec27, 0x01d35f5e)}}, + {{TOBN(0x28054c65, 0x4265aa91), TOBN(0xa4b18304, 0x035efe42), + TOBN(0x6887b0e6, 0x9639dec7), TOBN(0xf4b8f6ad, 0x3d52aea5)}, + {TOBN(0xfb9293cc, 0x971a8a13), TOBN(0x3f159e5d, 0x4c934d07), + TOBN(0x2c50e9b1, 0x09acbc29), TOBN(0x08eb65e6, 0x7154d129)}}, + {{TOBN(0x4feff589, 0x30b75c3e), TOBN(0x0bb82fe2, 0x94491c93), + TOBN(0xd8ac377a, 0x89af62bb), TOBN(0xd7b51490, 0x9685e49f)}, + {TOBN(0xabca9a7b, 0x04497f19), TOBN(0x1b35ed0a, 0x1a7ad13f), + TOBN(0x6b601e21, 0x3ec86ed6), TOBN(0xda91fcb9, 0xce0c76f1)}}, + {{TOBN(0x9e28507b, 0xd7ab27e1), TOBN(0x7c19a555, 0x63945b7b), + TOBN(0x6b43f0a1, 0xaafc9827), TOBN(0x443b4fbd, 0x3aa55b91)}, + {TOBN(0x962b2e65, 0x6962c88f), TOBN(0x139da8d4, 0xce0db0ca), + TOBN(0xb93f05dd, 0x1b8d6c4f), TOBN(0x779cdff7, 0x180b9824)}}, + {{TOBN(0xbba23fdd, 0xae57c7b7), TOBN(0x345342f2, 0x1b932522), + TOBN(0xfd9c80fe, 0x556d4aa3), TOBN(0xa03907ba, 0x6525bb61)}, + {TOBN(0x38b010e1, 0xff218933), TOBN(0xc066b654, 0xaa52117b), + TOBN(0x8e141920, 0x94f2e6ea), TOBN(0x66a27dca, 0x0d32f2b2)}}, + {{TOBN(0x69c7f993, 0x048b3717), TOBN(0xbf5a989a, 0xb178ae1c), + TOBN(0x49fa9058, 0x564f1d6b), TOBN(0x27ec6e15, 0xd31fde4e)}, + {TOBN(0x4cce0373, 0x7276e7fc), TOBN(0x64086d79, 0x89d6bf02), + TOBN(0x5a72f046, 0x4ccdd979), TOBN(0x909c3566, 0x47775631)}}, + {{TOBN(0x1c07bc6b, 0x75dd7125), TOBN(0xb4c6bc97, 0x87a0428d), + TOBN(0x507ece52, 0xfdeb6b9d), TOBN(0xfca56512, 0xb2c95432)}, + {TOBN(0x15d97181, 0xd0e8bd06), TOBN(0x384dd317, 0xc6bb46ea), + TOBN(0x5441ea20, 0x3952b624), TOBN(0xbcf70dee, 0x4e7dc2fb)}}, + {{TOBN(0x372b016e, 0x6628e8c3), TOBN(0x07a0d667, 0xb60a7522), + TOBN(0xcf05751b, 0x0a344ee2), TOBN(0x0ec09a48, 0x118bdeec)}, + {TOBN(0x6e4b3d4e, 0xd83dce46), TOBN(0x43a6316d, 0x99d2fc6e), + TOBN(0xa99d8989, 0x56cf044c), TOBN(0x7c7f4454, 0xae3e5fb7)}}, + {{TOBN(0xb2e6b121, 0xfbabbe92), TOBN(0x281850fb, 0xe1330076), + TOBN(0x093581ec, 0x97890015), TOBN(0x69b1dded, 0x75ff77f5)}, + {TOBN(0x7cf0b18f, 0xab105105), TOBN(0x953ced31, 0xa89ccfef), + TOBN(0x3151f85f, 0xeb914009), TOBN(0x3c9f1b87, 0x88ed48ad)}}, + {{TOBN(0xc9aba1a1, 0x4a7eadcb), TOBN(0x928e7501, 0x522e71cf), + TOBN(0xeaede727, 0x3a2e4f83), TOBN(0x467e10d1, 0x1ce3bbd3)}, + {TOBN(0xf3442ac3, 0xb955dcf0), TOBN(0xba96307d, 0xd3d5e527), + TOBN(0xf763a10e, 0xfd77f474), TOBN(0x5d744bd0, 0x6a6e1ff0)}}, + {{TOBN(0xd287282a, 0xa777899e), TOBN(0xe20eda8f, 0xd03f3cde), + TOBN(0x6a7e75bb, 0x50b07d31), TOBN(0x0b7e2a94, 0x6f379de4)}, + {TOBN(0x31cb64ad, 0x19f593cf), TOBN(0x7b1a9e4f, 0x1e76ef1d), + TOBN(0xe18c9c9d, 0xb62d609c), TOBN(0x439bad6d, 0xe779a650)}}, + {{TOBN(0x219d9066, 0xe032f144), TOBN(0x1db632b8, 0xe8b2ec6a), + TOBN(0xff0d0fd4, 0xfda12f78), TOBN(0x56fb4c2d, 0x2a25d265)}, + {TOBN(0x5f4e2ee1, 0x255a03f1), TOBN(0x61cd6af2, 0xe96af176), + TOBN(0xe0317ba8, 0xd068bc97), TOBN(0x927d6bab, 0x264b988e)}}, + {{TOBN(0xa18f07e0, 0xe90fb21e), TOBN(0x00fd2b80, 0xbba7fca1), + TOBN(0x20387f27, 0x95cd67b5), TOBN(0x5b89a4e7, 0xd39707f7)}, + {TOBN(0x8f83ad3f, 0x894407ce), TOBN(0xa0025b94, 0x6c226132), + TOBN(0xc79563c7, 0xf906c13b), TOBN(0x5f548f31, 0x4e7bb025)}}, + {{TOBN(0x2b4c6b8f, 0xeac6d113), TOBN(0xa67e3f9c, 0x0e813c76), + TOBN(0x3982717c, 0x3fe1f4b9), TOBN(0x58865819, 0x26d8050e)}, + {TOBN(0x99f3640c, 0xf7f06f20), TOBN(0xdc610216, 0x2a66ebc2), + TOBN(0x52f2c175, 0x767a1e08), TOBN(0x05660e1a, 0x5999871b)}}, + {{TOBN(0x6b0f1762, 0x6d3c4693), TOBN(0xf0e7d627, 0x37ed7bea), + TOBN(0xc51758c7, 0xb75b226d), TOBN(0x40a88628, 0x1f91613b)}, + {TOBN(0x889dbaa7, 0xbbb38ce0), TOBN(0xe0404b65, 0xbddcad81), + TOBN(0xfebccd3a, 0x8bc9671f), TOBN(0xfbf9a357, 0xee1f5375)}}, + {{TOBN(0x5dc169b0, 0x28f33398), TOBN(0xb07ec11d, 0x72e90f65), + TOBN(0xae7f3b4a, 0xfaab1eb1), TOBN(0xd970195e, 0x5f17538a)}, + {TOBN(0x52b05cbe, 0x0181e640), TOBN(0xf5debd62, 0x2643313d), + TOBN(0x76148154, 0x5df31f82), TOBN(0x23e03b33, 0x3a9e13c5)}}, + {{TOBN(0xff758949, 0x4fde0c1f), TOBN(0xbf8a1abe, 0xe5b6ec20), + TOBN(0x702278fb, 0x87e1db6c), TOBN(0xc447ad7a, 0x35ed658f)}, + {TOBN(0x48d4aa38, 0x03d0ccf2), TOBN(0x80acb338, 0x819a7c03), + TOBN(0x9bc7c89e, 0x6e17cecc), TOBN(0x46736b8b, 0x03be1d82)}}, + {{TOBN(0xd65d7b60, 0xc0432f96), TOBN(0xddebe7a3, 0xdeb5442f), + TOBN(0x79a25307, 0x7dff69a2), TOBN(0x37a56d94, 0x02cf3122)}, + {TOBN(0x8bab8aed, 0xf2350d0a), TOBN(0x13c3f276, 0x037b0d9a), + TOBN(0xc664957c, 0x44c65cae), TOBN(0x88b44089, 0xc2e71a88)}}, + {{TOBN(0xdb88e5a3, 0x5cb02664), TOBN(0x5d4c0bf1, 0x8686c72e), + TOBN(0xea3d9b62, 0xa682d53e), TOBN(0x9b605ef4, 0x0b2ad431)}, + {TOBN(0x71bac202, 0xc69645d0), TOBN(0xa115f03a, 0x6a1b66e7), + TOBN(0xfe2c563a, 0x158f4dc4), TOBN(0xf715b3a0, 0x4d12a78c)}}, + {{TOBN(0x8f7f0a48, 0xd413213a), TOBN(0x2035806d, 0xc04becdb), + TOBN(0xecd34a99, 0x5d8587f5), TOBN(0x4d8c3079, 0x9f6d3a71)}, + {TOBN(0x1b2a2a67, 0x8d95a8f6), TOBN(0xc58c9d7d, 0xf2110d0d), + TOBN(0xdeee81d5, 0xcf8fba3f), TOBN(0xa42be3c0, 0x0c7cdf68)}}, + {{TOBN(0x2126f742, 0xd43b5eaa), TOBN(0x054a0766, 0xdfa59b85), + TOBN(0x9d0d5e36, 0x126bfd45), TOBN(0xa1f8fbd7, 0x384f8a8f)}, + {TOBN(0x317680f5, 0xd563fccc), TOBN(0x48ca5055, 0xf280a928), + TOBN(0xe00b81b2, 0x27b578cf), TOBN(0x10aad918, 0x2994a514)}}, + {{TOBN(0xd9e07b62, 0xb7bdc953), TOBN(0x9f0f6ff2, 0x5bc086dd), + TOBN(0x09d1ccff, 0x655eee77), TOBN(0x45475f79, 0x5bef7df1)}, + {TOBN(0x3faa28fa, 0x86f702cc), TOBN(0x92e60905, 0x0f021f07), + TOBN(0xe9e62968, 0x7f8fa8c6), TOBN(0xbd71419a, 0xf036ea2c)}}, + {{TOBN(0x171ee1cc, 0x6028da9a), TOBN(0x5352fe1a, 0xc251f573), + TOBN(0xf8ff236e, 0x3fa997f4), TOBN(0xd831b6c9, 0xa5749d5f)}, + {TOBN(0x7c872e1d, 0xe350e2c2), TOBN(0xc56240d9, 0x1e0ce403), + TOBN(0xf9deb077, 0x6974f5cb), TOBN(0x7d50ba87, 0x961c3728)}}, + {{TOBN(0xd6f89426, 0x5a3a2518), TOBN(0xcf817799, 0xc6303d43), + TOBN(0x510a0471, 0x619e5696), TOBN(0xab049ff6, 0x3a5e307b)}, + {TOBN(0xe4cdf9b0, 0xfeb13ec7), TOBN(0xd5e97117, 0x9d8ff90c), + TOBN(0xf6f64d06, 0x9afa96af), TOBN(0x00d0bf5e, 0x9d2012a2)}}, + {{TOBN(0xe63f301f, 0x358bcdc0), TOBN(0x07689e99, 0x0a9d47f8), + TOBN(0x1f689e2f, 0x4f43d43a), TOBN(0x4d542a16, 0x90920904)}, + {TOBN(0xaea293d5, 0x9ca0a707), TOBN(0xd061fe45, 0x8ac68065), + TOBN(0x1033bf1b, 0x0090008c), TOBN(0x29749558, 0xc08a6db6)}}, + {{TOBN(0x74b5fc59, 0xc1d5d034), TOBN(0xf712e9f6, 0x67e215e0), + TOBN(0xfd520cbd, 0x860200e6), TOBN(0x0229acb4, 0x3ea22588)}, + {TOBN(0x9cd1e14c, 0xfff0c82e), TOBN(0x87684b62, 0x59c69e73), + TOBN(0xda85e61c, 0x96ccb989), TOBN(0x2d5dbb02, 0xa3d06493)}}, + {{TOBN(0xf22ad33a, 0xe86b173c), TOBN(0xe8e41ea5, 0xa79ff0e3), + TOBN(0x01d2d725, 0xdd0d0c10), TOBN(0x31f39088, 0x032d28f9)}, + {TOBN(0x7b3f71e1, 0x7829839e), TOBN(0x0cf691b4, 0x4502ae58), + TOBN(0xef658dbd, 0xbefc6115), TOBN(0xa5cd6ee5, 0xb3ab5314)}}, + {{TOBN(0x206c8d7b, 0x5f1d2347), TOBN(0x794645ba, 0x4cc2253a), + TOBN(0xd517d8ff, 0x58389e08), TOBN(0x4fa20dee, 0x9f847288)}, + {TOBN(0xeba072d8, 0xd797770a), TOBN(0x7360c91d, 0xbf429e26), + TOBN(0x7200a3b3, 0x80af8279), TOBN(0x6a1c9150, 0x82dadce3)}}, + {{TOBN(0x0ee6d3a7, 0xc35d8794), TOBN(0x042e6558, 0x0356bae5), + TOBN(0x9f59698d, 0x643322fd), TOBN(0x9379ae15, 0x50a61967)}, + {TOBN(0x64b9ae62, 0xfcc9981e), TOBN(0xaed3d631, 0x6d2934c6), + TOBN(0x2454b302, 0x5e4e65eb), TOBN(0xab09f647, 0xf9950428)}}}, + {{{TOBN(0xb2083a12, 0x22248acc), TOBN(0x1f6ec0ef, 0x3264e366), + TOBN(0x5659b704, 0x5afdee28), TOBN(0x7a823a40, 0xe6430bb5)}, + {TOBN(0x24592a04, 0xe1900a79), TOBN(0xcde09d4a, 0xc9ee6576), + TOBN(0x52b6463f, 0x4b5ea54a), TOBN(0x1efe9ed3, 0xd3ca65a7)}}, + {{TOBN(0xe27a6dbe, 0x305406dd), TOBN(0x8eb7dc7f, 0xdd5d1957), + TOBN(0xf54a6876, 0x387d4d8f), TOBN(0x9c479409, 0xc7762de4)}, + {TOBN(0xbe4d5b5d, 0x99b30778), TOBN(0x25380c56, 0x6e793682), + TOBN(0x602d37f3, 0xdac740e3), TOBN(0x140deabe, 0x1566e4ae)}}, + {{TOBN(0x4481d067, 0xafd32acf), TOBN(0xd8f0fcca, 0xe1f71ccf), + TOBN(0xd208dd0c, 0xb596f2da), TOBN(0xd049d730, 0x9aad93f9)}, + {TOBN(0xc79f263d, 0x42ab580e), TOBN(0x09411bb1, 0x23f707b4), + TOBN(0x8cfde1ff, 0x835e0eda), TOBN(0x72707490, 0x90f03402)}}, + {{TOBN(0xeaee6126, 0xc49a861e), TOBN(0x024f3b65, 0xe14f0d06), + TOBN(0x51a3f1e8, 0xc69bfc17), TOBN(0xc3c3a8e9, 0xa7686381)}, + {TOBN(0x3400752c, 0xb103d4c8), TOBN(0x02bc4613, 0x9218b36b), + TOBN(0xc67f75eb, 0x7651504a), TOBN(0xd6848b56, 0xd02aebfa)}}, + {{TOBN(0xbd9802e6, 0xc30fa92b), TOBN(0x5a70d96d, 0x9a552784), + TOBN(0x9085c4ea, 0x3f83169b), TOBN(0xfa9423bb, 0x06908228)}, + {TOBN(0x2ffebe12, 0xfe97a5b9), TOBN(0x85da6049, 0x71b99118), + TOBN(0x9cbc2f7f, 0x63178846), TOBN(0xfd96bc70, 0x9153218e)}}, + {{TOBN(0x958381db, 0x1782269b), TOBN(0xae34bf79, 0x2597e550), + TOBN(0xbb5c6064, 0x5f385153), TOBN(0x6f0e96af, 0xe3088048)}, + {TOBN(0xbf6a0215, 0x77884456), TOBN(0xb3b5688c, 0x69310ea7), + TOBN(0x17c94295, 0x04fad2de), TOBN(0xe020f0e5, 0x17896d4d)}}, + {{TOBN(0x730ba0ab, 0x0976505f), TOBN(0x567f6813, 0x095e2ec5), + TOBN(0x47062010, 0x6331ab71), TOBN(0x72cfa977, 0x41d22b9f)}, + {TOBN(0x33e55ead, 0x8a2373da), TOBN(0xa8d0d5f4, 0x7ba45a68), + TOBN(0xba1d8f9c, 0x03029d15), TOBN(0x8f34f1cc, 0xfc55b9f3)}}, + {{TOBN(0xcca4428d, 0xbbe5a1a9), TOBN(0x8187fd5f, 0x3126bd67), + TOBN(0x0036973a, 0x48105826), TOBN(0xa39b6663, 0xb8bd61a0)}, + {TOBN(0x6d42deef, 0x2d65a808), TOBN(0x4969044f, 0x94636b19), + TOBN(0xf611ee47, 0xdd5d564c), TOBN(0x7b2f3a49, 0xd2873077)}}, + {{TOBN(0x94157d45, 0x300eb294), TOBN(0x2b2a656e, 0x169c1494), + TOBN(0xc000dd76, 0xd3a47aa9), TOBN(0xa2864e4f, 0xa6243ea4)}, + {TOBN(0x82716c47, 0xdb89842e), TOBN(0x12dfd7d7, 0x61479fb7), + TOBN(0x3b9a2c56, 0xe0b2f6dc), TOBN(0x46be862a, 0xd7f85d67)}}, + {{TOBN(0x03b0d8dd, 0x0f82b214), TOBN(0x460c34f9, 0xf103cbc6), + TOBN(0xf32e5c03, 0x18d79e19), TOBN(0x8b8888ba, 0xa84117f8)}, + {TOBN(0x8f3c37dc, 0xc0722677), TOBN(0x10d21be9, 0x1c1c0f27), + TOBN(0xd47c8468, 0xe0f7a0c6), TOBN(0x9bf02213, 0xadecc0e0)}}, + {{TOBN(0x0baa7d12, 0x42b48b99), TOBN(0x1bcb665d, 0x48424096), + TOBN(0x8b847cd6, 0xebfb5cfb), TOBN(0x87c2ae56, 0x9ad4d10d)}, + {TOBN(0xf1cbb122, 0x0de36726), TOBN(0xe7043c68, 0x3fdfbd21), + TOBN(0x4bd0826a, 0x4e79d460), TOBN(0x11f5e598, 0x4bd1a2cb)}}, + {{TOBN(0x97554160, 0xb7fe7b6e), TOBN(0x7d16189a, 0x400a3fb2), + TOBN(0xd73e9bea, 0xe328ca1e), TOBN(0x0dd04b97, 0xe793d8cc)}, + {TOBN(0xa9c83c9b, 0x506db8cc), TOBN(0x5cd47aae, 0xcf38814c), + TOBN(0x26fc430d, 0xb64b45e6), TOBN(0x079b5499, 0xd818ea84)}}, + {{TOBN(0xebb01102, 0xc1c24a3b), TOBN(0xca24e568, 0x1c161c1a), + TOBN(0x103eea69, 0x36f00a4a), TOBN(0x9ad76ee8, 0x76176c7b)}, + {TOBN(0x97451fc2, 0x538e0ff7), TOBN(0x94f89809, 0x6604b3b0), + TOBN(0x6311436e, 0x3249cfd7), TOBN(0x27b4a7bd, 0x41224f69)}}, + {{TOBN(0x03b5d21a, 0xe0ac2941), TOBN(0x279b0254, 0xc2d31937), + TOBN(0x3307c052, 0xcac992d0), TOBN(0x6aa7cb92, 0xefa8b1f3)}, + {TOBN(0x5a182580, 0x0d37c7a5), TOBN(0x13380c37, 0x342d5422), + TOBN(0x92ac2d66, 0xd5d2ef92), TOBN(0x035a70c9, 0x030c63c6)}}, + {{TOBN(0xc16025dd, 0x4ce4f152), TOBN(0x1f419a71, 0xf9df7c06), + TOBN(0x6d5b2214, 0x91e4bb14), TOBN(0xfc43c6cc, 0x839fb4ce)}, + {TOBN(0x49f06591, 0x925d6b2d), TOBN(0x4b37d9d3, 0x62186598), + TOBN(0x8c54a971, 0xd01b1629), TOBN(0xe1a9c29f, 0x51d50e05)}}, + {{TOBN(0x5109b785, 0x71ba1861), TOBN(0x48b22d5c, 0xd0c8f93d), + TOBN(0xe8fa84a7, 0x8633bb93), TOBN(0x53fba6ba, 0x5aebbd08)}, + {TOBN(0x7ff27df3, 0xe5eea7d8), TOBN(0x521c8796, 0x68ca7158), + TOBN(0xb9d5133b, 0xce6f1a05), TOBN(0x2d50cd53, 0xfd0ebee4)}}, + {{TOBN(0xc82115d6, 0xc5a3ef16), TOBN(0x993eff9d, 0xba079221), + TOBN(0xe4da2c5e, 0x4b5da81c), TOBN(0x9a89dbdb, 0x8033fd85)}, + {TOBN(0x60819ebf, 0x2b892891), TOBN(0x53902b21, 0x5d14a4d5), + TOBN(0x6ac35051, 0xd7fda421), TOBN(0xcc6ab885, 0x61c83284)}}, + {{TOBN(0x14eba133, 0xf74cff17), TOBN(0x240aaa03, 0xecb813f2), + TOBN(0xcfbb6540, 0x6f665bee), TOBN(0x084b1fe4, 0xa425ad73)}, + {TOBN(0x009d5d16, 0xd081f6a6), TOBN(0x35304fe8, 0xeef82c90), + TOBN(0xf20346d5, 0xaa9eaa22), TOBN(0x0ada9f07, 0xac1c91e3)}}, + {{TOBN(0xa6e21678, 0x968a6144), TOBN(0x54c1f77c, 0x07b31a1e), + TOBN(0xd6bb787e, 0x5781fbe1), TOBN(0x61bd2ee0, 0xe31f1c4a)}, + {TOBN(0xf25aa1e9, 0x781105fc), TOBN(0x9cf2971f, 0x7b2f8e80), + TOBN(0x26d15412, 0xcdff919b), TOBN(0x01db4ebe, 0x34bc896e)}}, + {{TOBN(0x7d9b3e23, 0xb40df1cf), TOBN(0x59337373, 0x94e971b4), + TOBN(0xbf57bd14, 0x669cf921), TOBN(0x865daedf, 0x0c1a1064)}, + {TOBN(0x3eb70bd3, 0x83279125), TOBN(0xbc3d5b9f, 0x34ecdaab), + TOBN(0x91e3ed7e, 0x5f755caf), TOBN(0x49699f54, 0xd41e6f02)}}, + {{TOBN(0x185770e1, 0xd4a7a15b), TOBN(0x08f3587a, 0xeaac87e7), + TOBN(0x352018db, 0x473133ea), TOBN(0x674ce719, 0x04fd30fc)}, + {TOBN(0x7b8d9835, 0x088b3e0e), TOBN(0x7a0356a9, 0x5d0d47a1), + TOBN(0x9d9e7659, 0x6474a3c4), TOBN(0x61ea48a7, 0xff66966c)}}, + {{TOBN(0x30417758, 0x0f3e4834), TOBN(0xfdbb21c2, 0x17a9afcb), + TOBN(0x756fa17f, 0x2f9a67b3), TOBN(0x2a6b2421, 0xa245c1a8)}, + {TOBN(0x64be2794, 0x4af02291), TOBN(0xade465c6, 0x2a5804fe), + TOBN(0x8dffbd39, 0xa6f08fd7), TOBN(0xc4efa84c, 0xaa14403b)}}, + {{TOBN(0xa1b91b2a, 0x442b0f5c), TOBN(0xb748e317, 0xcf997736), + TOBN(0x8d1b62bf, 0xcee90e16), TOBN(0x907ae271, 0x0b2078c0)}, + {TOBN(0xdf31534b, 0x0c9bcddd), TOBN(0x043fb054, 0x39adce83), + TOBN(0x99031043, 0xd826846a), TOBN(0x61a9c0d6, 0xb144f393)}}, + {{TOBN(0xdab48046, 0x47718427), TOBN(0xdf17ff9b, 0x6e830f8b), + TOBN(0x408d7ee8, 0xe49a1347), TOBN(0x6ac71e23, 0x91c1d4ae)}, + {TOBN(0xc8cbb9fd, 0x1defd73c), TOBN(0x19840657, 0xbbbbfec5), + TOBN(0x39db1cb5, 0x9e7ef8ea), TOBN(0x78aa8296, 0x64105f30)}}, + {{TOBN(0xa3d9b7f0, 0xa3738c29), TOBN(0x0a2f235a, 0xbc3250a3), + TOBN(0x55e506f6, 0x445e4caf), TOBN(0x0974f73d, 0x33475f7a)}, + {TOBN(0xd37dbba3, 0x5ba2f5a8), TOBN(0x542c6e63, 0x6af40066), + TOBN(0x26d99b53, 0xc5d73e2c), TOBN(0x06060d7d, 0x6c3ca33e)}}, + {{TOBN(0xcdbef1c2, 0x065fef4a), TOBN(0x77e60f7d, 0xfd5b92e3), + TOBN(0xd7c549f0, 0x26708350), TOBN(0x201b3ad0, 0x34f121bf)}, + {TOBN(0x5fcac2a1, 0x0334fc14), TOBN(0x8a9a9e09, 0x344552f6), + TOBN(0x7dd8a1d3, 0x97653082), TOBN(0x5fc0738f, 0x79d4f289)}}, + {{TOBN(0x787d244d, 0x17d2d8c3), TOBN(0xeffc6345, 0x70830684), + TOBN(0x5ddb96dd, 0xe4f73ae5), TOBN(0x8efb14b1, 0x172549a5)}, + {TOBN(0x6eb73eee, 0x2245ae7a), TOBN(0xbca4061e, 0xea11f13e), + TOBN(0xb577421d, 0x30b01f5d), TOBN(0xaa688b24, 0x782e152c)}}, + {{TOBN(0x67608e71, 0xbd3502ba), TOBN(0x4ef41f24, 0xb4de75a0), + TOBN(0xb08dde5e, 0xfd6125e5), TOBN(0xde484825, 0xa409543f)}, + {TOBN(0x1f198d98, 0x65cc2295), TOBN(0x428a3771, 0x6e0edfa2), + TOBN(0x4f9697a2, 0xadf35fc7), TOBN(0x01a43c79, 0xf7cac3c7)}}, + {{TOBN(0xb05d7059, 0x0fd3659a), TOBN(0x8927f30c, 0xbb7f2d9a), + TOBN(0x4023d1ac, 0x8cf984d3), TOBN(0x32125ed3, 0x02897a45)}, + {TOBN(0xfb572dad, 0x3d414205), TOBN(0x73000ef2, 0xe3fa82a9), + TOBN(0x4c0868e9, 0xf10a5581), TOBN(0x5b61fc67, 0x6b0b3ca5)}}, + {{TOBN(0xc1258d5b, 0x7cae440c), TOBN(0x21c08b41, 0x402b7531), + TOBN(0xf61a8955, 0xde932321), TOBN(0x3568faf8, 0x2d1408af)}, + {TOBN(0x71b15e99, 0x9ecf965b), TOBN(0xf14ed248, 0xe917276f), + TOBN(0xc6f4caa1, 0x820cf9e2), TOBN(0x681b20b2, 0x18d83c7e)}}, + {{TOBN(0x6cde738d, 0xc6c01120), TOBN(0x71db0813, 0xae70e0db), + TOBN(0x95fc0644, 0x74afe18c), TOBN(0x34619053, 0x129e2be7)}, + {TOBN(0x80615cea, 0xdb2a3b15), TOBN(0x0a49a19e, 0xdb4c7073), + TOBN(0x0e1b84c8, 0x8fd2d367), TOBN(0xd74bf462, 0x033fb8aa)}}, + {{TOBN(0x889f6d65, 0x533ef217), TOBN(0x7158c7e4, 0xc3ca2e87), + TOBN(0xfb670dfb, 0xdc2b4167), TOBN(0x75910a01, 0x844c257f)}, + {TOBN(0xf336bf07, 0xcf88577d), TOBN(0x22245250, 0xe45e2ace), + TOBN(0x2ed92e8d, 0x7ca23d85), TOBN(0x29f8be4c, 0x2b812f58)}}, + {{TOBN(0xdd9ebaa7, 0x076fe12b), TOBN(0x3f2400cb, 0xae1537f9), + TOBN(0x1aa93528, 0x17bdfb46), TOBN(0xc0f98430, 0x67883b41)}, + {TOBN(0x5590ede1, 0x0170911d), TOBN(0x7562f5bb, 0x34d4b17f), + TOBN(0xe1fa1df2, 0x1826b8d2), TOBN(0xb40b796a, 0x6bd80d59)}}, + {{TOBN(0xd65bf197, 0x3467ba92), TOBN(0x8c9b46db, 0xf70954b0), + TOBN(0x97c8a0f3, 0x0e78f15d), TOBN(0xa8f3a69a, 0x85a4c961)}, + {TOBN(0x4242660f, 0x61e4ce9b), TOBN(0xbf06aab3, 0x6ea6790c), + TOBN(0xc6706f8e, 0xec986416), TOBN(0x9e56dec1, 0x9a9fc225)}}, + {{TOBN(0x527c46f4, 0x9a9898d9), TOBN(0xd799e77b, 0x5633cdef), + TOBN(0x24eacc16, 0x7d9e4297), TOBN(0xabb61cea, 0x6b1cb734)}, + {TOBN(0xbee2e8a7, 0xf778443c), TOBN(0x3bb42bf1, 0x29de2fe6), + TOBN(0xcbed86a1, 0x3003bb6f), TOBN(0xd3918e6c, 0xd781cdf6)}}, + {{TOBN(0x4bee3271, 0x9a5103f1), TOBN(0x5243efc6, 0xf50eac06), + TOBN(0xb8e122cb, 0x6adcc119), TOBN(0x1b7faa84, 0xc0b80a08)}, + {TOBN(0x32c3d1bd, 0x6dfcd08c), TOBN(0x129dec4e, 0x0be427de), + TOBN(0x98ab679c, 0x1d263c83), TOBN(0xafc83cb7, 0xcef64eff)}}, + {{TOBN(0x85eb6088, 0x2fa6be76), TOBN(0x892585fb, 0x1328cbfe), + TOBN(0xc154d3ed, 0xcf618dda), TOBN(0xc44f601b, 0x3abaf26e)}, + {TOBN(0x7bf57d0b, 0x2be1fdfd), TOBN(0xa833bd2d, 0x21137fee), + TOBN(0x9353af36, 0x2db591a8), TOBN(0xc76f26dc, 0x5562a056)}}, + {{TOBN(0x1d87e47d, 0x3fdf5a51), TOBN(0x7afb5f93, 0x55c9cab0), + TOBN(0x91bbf58f, 0x89e0586e), TOBN(0x7c72c018, 0x0d843709)}, + {TOBN(0xa9a5aafb, 0x99b5c3dc), TOBN(0xa48a0f1d, 0x3844aeb0), + TOBN(0x7178b7dd, 0xb667e482), TOBN(0x453985e9, 0x6e23a59a)}}, + {{TOBN(0x4a54c860, 0x01b25dd8), TOBN(0x0dd37f48, 0xfb897c8a), + TOBN(0x5f8aa610, 0x0ea90cd9), TOBN(0xc8892c68, 0x16d5830d)}, + {TOBN(0xeb4befc0, 0xef514ca5), TOBN(0x478eb679, 0xe72c9ee6), + TOBN(0x9bca20da, 0xdbc40d5f), TOBN(0xf015de21, 0xdde4f64a)}}, + {{TOBN(0xaa6a4de0, 0xeaf4b8a5), TOBN(0x68cfd9ca, 0x4bc60e32), + TOBN(0x668a4b01, 0x7fd15e70), TOBN(0xd9f0694a, 0xf27dc09d)}, + {TOBN(0xf6c3cad5, 0xba708bcd), TOBN(0x5cd2ba69, 0x5bb95c2a), + TOBN(0xaa28c1d3, 0x33c0a58f), TOBN(0x23e274e3, 0xabc77870)}}, + {{TOBN(0x44c3692d, 0xdfd20a4a), TOBN(0x091c5fd3, 0x81a66653), + TOBN(0x6c0bb691, 0x09a0757d), TOBN(0x9072e8b9, 0x667343ea)}, + {TOBN(0x31d40eb0, 0x80848bec), TOBN(0x95bd480a, 0x79fd36cc), + TOBN(0x01a77c61, 0x65ed43f5), TOBN(0xafccd127, 0x2e0d40bf)}}, + {{TOBN(0xeccfc82d, 0x1cc1884b), TOBN(0xc85ac201, 0x5d4753b4), + TOBN(0xc7a6caac, 0x658e099f), TOBN(0xcf46369e, 0x04b27390)}, + {TOBN(0xe2e7d049, 0x506467ea), TOBN(0x481b63a2, 0x37cdeccc), + TOBN(0x4029abd8, 0xed80143a), TOBN(0x28bfe3c7, 0xbcb00b88)}}, + {{TOBN(0x3bec1009, 0x0643d84a), TOBN(0x885f3668, 0xabd11041), + TOBN(0xdb02432c, 0xf83a34d6), TOBN(0x32f7b360, 0x719ceebe)}, + {TOBN(0xf06c7837, 0xdad1fe7a), TOBN(0x60a157a9, 0x5441a0b0), + TOBN(0x704970e9, 0xe2d47550), TOBN(0xcd2bd553, 0x271b9020)}}, + {{TOBN(0xff57f82f, 0x33e24a0b), TOBN(0x9cbee23f, 0xf2565079), + TOBN(0x16353427, 0xeb5f5825), TOBN(0x276feec4, 0xe948d662)}, + {TOBN(0xd1b62bc6, 0xda10032b), TOBN(0x718351dd, 0xf0e72a53), + TOBN(0x93452076, 0x2420e7ba), TOBN(0x96368fff, 0x3a00118d)}}, + {{TOBN(0x00ce2d26, 0x150a49e4), TOBN(0x0c28b636, 0x3f04706b), + TOBN(0xbad65a46, 0x58b196d0), TOBN(0x6c8455fc, 0xec9f8b7c)}, + {TOBN(0xe90c895f, 0x2d71867e), TOBN(0x5c0be31b, 0xedf9f38c), + TOBN(0x2a37a15e, 0xd8f6ec04), TOBN(0x239639e7, 0x8cd85251)}}, + {{TOBN(0xd8975315, 0x9c7c4c6b), TOBN(0x603aa3c0, 0xd7409af7), + TOBN(0xb8d53d0c, 0x007132fb), TOBN(0x68d12af7, 0xa6849238)}, + {TOBN(0xbe0607e7, 0xbf5d9279), TOBN(0x9aa50055, 0xaada74ce), + TOBN(0xe81079cb, 0xba7e8ccb), TOBN(0x610c71d1, 0xa5f4ff5e)}}, + {{TOBN(0x9e2ee1a7, 0x5aa07093), TOBN(0xca84004b, 0xa75da47c), + TOBN(0x074d3951, 0x3de75401), TOBN(0xf938f756, 0xbb311592)}, + {TOBN(0x96197618, 0x00a43421), TOBN(0x39a25362, 0x07bc78c8), + TOBN(0x278f710a, 0x0a171276), TOBN(0xb28446ea, 0x8d1a8f08)}}, + {{TOBN(0x184781bf, 0xe3b6a661), TOBN(0x7751cb1d, 0xe6d279f7), + TOBN(0xf8ff95d6, 0xc59eb662), TOBN(0x186d90b7, 0x58d3dea7)}, + {TOBN(0x0e4bb6c1, 0xdfb4f754), TOBN(0x5c5cf56b, 0x2b2801dc), + TOBN(0xc561e452, 0x1f54564d), TOBN(0xb4fb8c60, 0xf0dd7f13)}}, + {{TOBN(0xf8849630, 0x33ff98c7), TOBN(0x9619fffa, 0xcf17769c), + TOBN(0xf8090bf6, 0x1bfdd80a), TOBN(0x14d9a149, 0x422cfe63)}, + {TOBN(0xb354c360, 0x6f6df9ea), TOBN(0xdbcf770d, 0x218f17ea), + TOBN(0x207db7c8, 0x79eb3480), TOBN(0x213dbda8, 0x559b6a26)}}, + {{TOBN(0xac4c200b, 0x29fc81b3), TOBN(0xebc3e09f, 0x171d87c1), + TOBN(0x91799530, 0x1481aa9e), TOBN(0x051b92e1, 0x92e114fa)}, + {TOBN(0xdf8f92e9, 0xecb5537f), TOBN(0x44b1b2cc, 0x290c7483), + TOBN(0xa711455a, 0x2adeb016), TOBN(0x964b6856, 0x81a10c2c)}}, + {{TOBN(0x4f159d99, 0xcec03623), TOBN(0x05532225, 0xef3271ea), + TOBN(0xb231bea3, 0xc5ee4849), TOBN(0x57a54f50, 0x7094f103)}, + {TOBN(0x3e2d421d, 0x9598b352), TOBN(0xe865a49c, 0x67412ab4), + TOBN(0xd2998a25, 0x1cc3a912), TOBN(0x5d092808, 0x0c74d65d)}}, + {{TOBN(0x73f45908, 0x4088567a), TOBN(0xeb6b280e, 0x1f214a61), + TOBN(0x8c9adc34, 0xcaf0c13d), TOBN(0x39d12938, 0xf561fb80)}, + {TOBN(0xb2dc3a5e, 0xbc6edfb4), TOBN(0x7485b1b1, 0xfe4d210e), + TOBN(0x062e0400, 0xe186ae72), TOBN(0x91e32d5c, 0x6eeb3b88)}}, + {{TOBN(0x6df574d7, 0x4be59224), TOBN(0xebc88ccc, 0x716d55f3), + TOBN(0x26c2e6d0, 0xcad6ed33), TOBN(0xc6e21e7d, 0x0d3e8b10)}, + {TOBN(0x2cc5840e, 0x5bcc36bb), TOBN(0x9292445e, 0x7da74f69), + TOBN(0x8be8d321, 0x4e5193a8), TOBN(0x3ec23629, 0x8df06413)}}, + {{TOBN(0xc7e9ae85, 0xb134defa), TOBN(0x6073b1d0, 0x1bb2d475), + TOBN(0xb9ad615e, 0x2863c00d), TOBN(0x9e29493d, 0x525f4ac4)}, + {TOBN(0xc32b1dea, 0x4e9acf4f), TOBN(0x3e1f01c8, 0xa50db88d), + TOBN(0xb05d70ea, 0x04da916c), TOBN(0x714b0d0a, 0xd865803e)}}, + {{TOBN(0x4bd493fc, 0x9920cb5e), TOBN(0x5b44b1f7, 0x92c7a3ac), + TOBN(0xa2a77293, 0xbcec9235), TOBN(0x5ee06e87, 0xcd378553)}, + {TOBN(0xceff8173, 0xda621607), TOBN(0x2bb03e4c, 0x99f5d290), + TOBN(0x2945106a, 0xa6f734ac), TOBN(0xb5056604, 0xd25c4732)}}, + {{TOBN(0x5945920c, 0xe079afee), TOBN(0x686e17a0, 0x6789831f), + TOBN(0x5966bee8, 0xb74a5ae5), TOBN(0x38a673a2, 0x1e258d46)}, + {TOBN(0xbd1cc1f2, 0x83141c95), TOBN(0x3b2ecf4f, 0x0e96e486), + TOBN(0xcd3aa896, 0x74e5fc78), TOBN(0x415ec10c, 0x2482fa7a)}}, + {{TOBN(0x15234419, 0x80503380), TOBN(0x513d917a, 0xd314b392), + TOBN(0xb0b52f4e, 0x63caecae), TOBN(0x07bf22ad, 0x2dc7780b)}, + {TOBN(0xe761e8a1, 0xe4306839), TOBN(0x1b3be962, 0x5dd7feaa), + TOBN(0x4fe728de, 0x74c778f1), TOBN(0xf1fa0bda, 0x5e0070f6)}}, + {{TOBN(0x85205a31, 0x6ec3f510), TOBN(0x2c7e4a14, 0xd2980475), + TOBN(0xde3c19c0, 0x6f30ebfd), TOBN(0xdb1c1f38, 0xd4b7e644)}, + {TOBN(0xfe291a75, 0x5dce364a), TOBN(0xb7b22a3c, 0x058f5be3), + TOBN(0x2cd2c302, 0x37fea38c), TOBN(0x2930967a, 0x2e17be17)}}, + {{TOBN(0x87f009de, 0x0c061c65), TOBN(0xcb014aac, 0xedc6ed44), + TOBN(0x49bd1cb4, 0x3bafb1eb), TOBN(0x81bd8b5c, 0x282d3688)}, + {TOBN(0x1cdab87e, 0xf01a17af), TOBN(0x21f37ac4, 0xe710063b), + TOBN(0x5a6c5676, 0x42fc8193), TOBN(0xf4753e70, 0x56a6015c)}}, + {{TOBN(0x020f795e, 0xa15b0a44), TOBN(0x8f37c8d7, 0x8958a958), + TOBN(0x63b7e89b, 0xa4b675b5), TOBN(0xb4fb0c0c, 0x0fc31aea)}, + {TOBN(0xed95e639, 0xa7ff1f2e), TOBN(0x9880f5a3, 0x619614fb), + TOBN(0xdeb6ff02, 0x947151ab), TOBN(0x5bc5118c, 0xa868dcdb)}}, + {{TOBN(0xd8da2055, 0x4c20cea5), TOBN(0xcac2776e, 0x14c4d69a), + TOBN(0xcccb22c1, 0x622d599b), TOBN(0xa4ddb653, 0x68a9bb50)}, + {TOBN(0x2c4ff151, 0x1b4941b4), TOBN(0xe1ff19b4, 0x6efba588), + TOBN(0x35034363, 0xc48345e0), TOBN(0x45542e3d, 0x1e29dfc4)}}, + {{TOBN(0xf197cb91, 0x349f7aed), TOBN(0x3b2b5a00, 0x8fca8420), + TOBN(0x7c175ee8, 0x23aaf6d8), TOBN(0x54dcf421, 0x35af32b6)}, + {TOBN(0x0ba14307, 0x27d6561e), TOBN(0x879d5ee4, 0xd175b1e2), + TOBN(0xc7c43673, 0x99807db5), TOBN(0x77a54455, 0x9cd55bcd)}}, + {{TOBN(0xe6c2ff13, 0x0105c072), TOBN(0x18f7a99f, 0x8dda7da4), + TOBN(0x4c301820, 0x0e2d35c1), TOBN(0x06a53ca0, 0xd9cc6c82)}, + {TOBN(0xaa21cc1e, 0xf1aa1d9e), TOBN(0x32414334, 0x4a75b1e8), + TOBN(0x2a6d1328, 0x0ebe9fdc), TOBN(0x16bd173f, 0x98a4755a)}}, + {{TOBN(0xfbb9b245, 0x2133ffd9), TOBN(0x39a8b2f1, 0x830f1a20), + TOBN(0x484bc97d, 0xd5a1f52a), TOBN(0xd6aebf56, 0xa40eddf8)}, + {TOBN(0x32257acb, 0x76ccdac6), TOBN(0xaf4d36ec, 0x1586ff27), + TOBN(0x8eaa8863, 0xf8de7dd1), TOBN(0x0045d5cf, 0x88647c16)}}}, + {{{TOBN(0xa6f3d574, 0xc005979d), TOBN(0xc2072b42, 0x6a40e350), + TOBN(0xfca5c156, 0x8de2ecf9), TOBN(0xa8c8bf5b, 0xa515344e)}, + {TOBN(0x97aee555, 0x114df14a), TOBN(0xd4374a4d, 0xfdc5ec6b), + TOBN(0x754cc28f, 0x2ca85418), TOBN(0x71cb9e27, 0xd3c41f78)}}, + {{TOBN(0x89105079, 0x03605c39), TOBN(0xf0843d9e, 0xa142c96c), + TOBN(0xf3744934, 0x16923684), TOBN(0x732caa2f, 0xfa0a2893)}, + {TOBN(0xb2e8c270, 0x61160170), TOBN(0xc32788cc, 0x437fbaa3), + TOBN(0x39cd818e, 0xa6eda3ac), TOBN(0xe2e94239, 0x9e2b2e07)}}, + {{TOBN(0x6967d39b, 0x0260e52a), TOBN(0xd42585cc, 0x90653325), + TOBN(0x0d9bd605, 0x21ca7954), TOBN(0x4fa20877, 0x81ed57b3)}, + {TOBN(0x60c1eff8, 0xe34a0bbe), TOBN(0x56b0040c, 0x84f6ef64), + TOBN(0x28be2b24, 0xb1af8483), TOBN(0xb2278163, 0xf5531614)}}, + {{TOBN(0x8df27545, 0x5922ac1c), TOBN(0xa7b3ef5c, 0xa52b3f63), + TOBN(0x8e77b214, 0x71de57c4), TOBN(0x31682c10, 0x834c008b)}, + {TOBN(0xc76824f0, 0x4bd55d31), TOBN(0xb6d1c086, 0x17b61c71), + TOBN(0x31db0903, 0xc2a5089d), TOBN(0x9c092172, 0x184e5d3f)}}, + {{TOBN(0xdd7ced5b, 0xc00cc638), TOBN(0x1a2015eb, 0x61278fc2), + TOBN(0x2e8e5288, 0x6a37f8d6), TOBN(0xc457786f, 0xe79933ad)}, + {TOBN(0xb3fe4cce, 0x2c51211a), TOBN(0xad9b10b2, 0x24c20498), + TOBN(0x90d87a4f, 0xd28db5e5), TOBN(0x698cd105, 0x3aca2fc3)}}, + {{TOBN(0x4f112d07, 0xe91b536d), TOBN(0xceb982f2, 0x9eba09d6), + TOBN(0x3c157b2c, 0x197c396f), TOBN(0xe23c2d41, 0x7b66eb24)}, + {TOBN(0x480c57d9, 0x3f330d37), TOBN(0xb3a4c8a1, 0x79108deb), + TOBN(0x702388de, 0xcb199ce5), TOBN(0x0b019211, 0xb944a8d4)}}, + {{TOBN(0x24f2a692, 0x840bb336), TOBN(0x7c353bdc, 0xa669fa7b), + TOBN(0xda20d6fc, 0xdec9c300), TOBN(0x625fbe2f, 0xa13a4f17)}, + {TOBN(0xa2b1b61a, 0xdbc17328), TOBN(0x008965bf, 0xa9515621), + TOBN(0x49690939, 0xc620ff46), TOBN(0x182dd27d, 0x8717e91c)}}, + {{TOBN(0x5ace5035, 0xea6c3997), TOBN(0x54259aaa, 0xc2610bef), + TOBN(0xef18bb3f, 0x3c80dd39), TOBN(0x6910b95b, 0x5fc3fa39)}, + {TOBN(0xfce2f510, 0x43e09aee), TOBN(0xced56c9f, 0xa7675665), + TOBN(0x10e265ac, 0xd872db61), TOBN(0x6982812e, 0xae9fce69)}}, + {{TOBN(0x29be11c6, 0xce800998), TOBN(0x72bb1752, 0xb90360d9), + TOBN(0x2c193197, 0x5a4ad590), TOBN(0x2ba2f548, 0x9fc1dbc0)}, + {TOBN(0x7fe4eebb, 0xe490ebe0), TOBN(0x12a0a4cd, 0x7fae11c0), + TOBN(0x7197cf81, 0xe903ba37), TOBN(0xcf7d4aa8, 0xde1c6dd8)}}, + {{TOBN(0x92af6bf4, 0x3fd5684c), TOBN(0x2b26eecf, 0x80360aa1), + TOBN(0xbd960f30, 0x00546a82), TOBN(0x407b3c43, 0xf59ad8fe)}, + {TOBN(0x86cae5fe, 0x249c82ba), TOBN(0x9e0faec7, 0x2463744c), + TOBN(0x87f551e8, 0x94916272), TOBN(0x033f9344, 0x6ceb0615)}}, + {{TOBN(0x1e5eb0d1, 0x8be82e84), TOBN(0x89967f0e, 0x7a582fef), + TOBN(0xbcf687d5, 0xa6e921fa), TOBN(0xdfee4cf3, 0xd37a09ba)}, + {TOBN(0x94f06965, 0xb493c465), TOBN(0x638b9a1c, 0x7635c030), + TOBN(0x76667864, 0x66f05e9f), TOBN(0xccaf6808, 0xc04da725)}}, + {{TOBN(0xca2eb690, 0x768fccfc), TOBN(0xf402d37d, 0xb835b362), + TOBN(0x0efac0d0, 0xe2fdfcce), TOBN(0xefc9cdef, 0xb638d990)}, + {TOBN(0x2af12b72, 0xd1669a8b), TOBN(0x33c536bc, 0x5774ccbd), + TOBN(0x30b21909, 0xfb34870e), TOBN(0xc38fa2f7, 0x7df25aca)}}, + {{TOBN(0x74c5f02b, 0xbf81f3f5), TOBN(0x0525a5ae, 0xaf7e4581), + TOBN(0x88d2aaba, 0x433c54ae), TOBN(0xed9775db, 0x806a56c5)}, + {TOBN(0xd320738a, 0xc0edb37d), TOBN(0x25fdb6ee, 0x66cc1f51), + TOBN(0xac661d17, 0x10600d76), TOBN(0x931ec1f3, 0xbdd1ed76)}}, + {{TOBN(0x65c11d62, 0x19ee43f1), TOBN(0x5cd57c3e, 0x60829d97), + TOBN(0xd26c91a3, 0x984be6e8), TOBN(0xf08d9309, 0x8b0c53bd)}, + {TOBN(0x94bc9e5b, 0xc016e4ea), TOBN(0xd3916839, 0x11d43d2b), + TOBN(0x886c5ad7, 0x73701155), TOBN(0xe0377626, 0x20b00715)}}, + {{TOBN(0x7f01c9ec, 0xaa80ba59), TOBN(0x3083411a, 0x68538e51), + TOBN(0x970370f1, 0xe88128af), TOBN(0x625cc3db, 0x91dec14b)}, + {TOBN(0xfef9666c, 0x01ac3107), TOBN(0xb2a8d577, 0xd5057ac3), + TOBN(0xb0f26299, 0x92be5df7), TOBN(0xf579c8e5, 0x00353924)}}, + {{TOBN(0xb8fa3d93, 0x1341ed7a), TOBN(0x4223272c, 0xa7b59d49), + TOBN(0x3dcb1947, 0x83b8c4a4), TOBN(0x4e413c01, 0xed1302e4)}, + {TOBN(0x6d999127, 0xe17e44ce), TOBN(0xee86bf75, 0x33b3adfb), + TOBN(0xf6902fe6, 0x25aa96ca), TOBN(0xb73540e4, 0xe5aae47d)}}, + {{TOBN(0x32801d7b, 0x1b4a158c), TOBN(0xe571c99e, 0x27e2a369), + TOBN(0x40cb76c0, 0x10d9f197), TOBN(0xc308c289, 0x3167c0ae)}, + {TOBN(0xa6ef9dd3, 0xeb7958f2), TOBN(0xa7226dfc, 0x300879b1), + TOBN(0x6cd0b362, 0x7edf0636), TOBN(0x4efbce6c, 0x7bc37eed)}}, + {{TOBN(0x75f92a05, 0x8d699021), TOBN(0x586d4c79, 0x772566e3), + TOBN(0x378ca5f1, 0x761ad23a), TOBN(0x650d86fc, 0x1465a8ac)}, + {TOBN(0x7a4ed457, 0x842ba251), TOBN(0x6b65e3e6, 0x42234933), + TOBN(0xaf1543b7, 0x31aad657), TOBN(0xa4cefe98, 0xcbfec369)}}, + {{TOBN(0xb587da90, 0x9f47befb), TOBN(0x6562e9fb, 0x41312d13), + TOBN(0xa691ea59, 0xeff1cefe), TOBN(0xcc30477a, 0x05fc4cf6)}, + {TOBN(0xa1632461, 0x0b0ffd3d), TOBN(0xa1f16f3b, 0x5b355956), + TOBN(0x5b148d53, 0x4224ec24), TOBN(0xdc834e7b, 0xf977012a)}}, + {{TOBN(0x7bfc5e75, 0xb2c69dbc), TOBN(0x3aa77a29, 0x03c3da6c), + TOBN(0xde0df03c, 0xca910271), TOBN(0xcbd5ca4a, 0x7806dc55)}, + {TOBN(0xe1ca5807, 0x6db476cb), TOBN(0xfde15d62, 0x5f37a31e), + TOBN(0xf49af520, 0xf41af416), TOBN(0x96c5c5b1, 0x7d342db5)}}, + {{TOBN(0x155c43b7, 0xeb4ceb9b), TOBN(0x2e993010, 0x4e77371a), + TOBN(0x1d2987da, 0x675d43af), TOBN(0xef2bc1c0, 0x8599fd72)}, + {TOBN(0x96894b7b, 0x9342f6b2), TOBN(0x201eadf2, 0x7c8e71f0), + TOBN(0xf3479d9f, 0x4a1f3efc), TOBN(0xe0f8a742, 0x702a9704)}}, + {{TOBN(0xeafd44b6, 0xb3eba40c), TOBN(0xf9739f29, 0xc1c1e0d0), + TOBN(0x0091471a, 0x619d505e), TOBN(0xc15f9c96, 0x9d7c263e)}, + {TOBN(0x5be47285, 0x83afbe33), TOBN(0xa3b6d6af, 0x04f1e092), + TOBN(0xe76526b9, 0x751a9d11), TOBN(0x2ec5b26d, 0x9a4ae4d2)}}, + {{TOBN(0xeb66f4d9, 0x02f6fb8d), TOBN(0x4063c561, 0x96912164), + TOBN(0xeb7050c1, 0x80ef3000), TOBN(0x288d1c33, 0xeaa5b3f0)}, + {TOBN(0xe87c68d6, 0x07806fd8), TOBN(0xb2f7f9d5, 0x4bbbf50f), + TOBN(0x25972f3a, 0xac8d6627), TOBN(0xf8547774, 0x10e8c13b)}}, + {{TOBN(0xcc50ef6c, 0x872b4a60), TOBN(0xab2a34a4, 0x4613521b), + TOBN(0x39c5c190, 0x983e15d1), TOBN(0x61dde5df, 0x59905512)}, + {TOBN(0xe417f621, 0x9f2275f3), TOBN(0x0750c8b6, 0x451d894b), + TOBN(0x75b04ab9, 0x78b0bdaa), TOBN(0x3bfd9fd4, 0x458589bd)}}, + {{TOBN(0xf1013e30, 0xee9120b6), TOBN(0x2b51af93, 0x23a4743e), + TOBN(0xea96ffae, 0x48d14d9e), TOBN(0x71dc0dbe, 0x698a1d32)}, + {TOBN(0x914962d2, 0x0180cca4), TOBN(0x1ae60677, 0xc3568963), + TOBN(0x8cf227b1, 0x437bc444), TOBN(0xc650c83b, 0xc9962c7a)}}, + {{TOBN(0x23c2c7dd, 0xfe7ccfc4), TOBN(0xf925c89d, 0x1b929d48), + TOBN(0x4460f74b, 0x06783c33), TOBN(0xac2c8d49, 0xa590475a)}, + {TOBN(0xfb40b407, 0xb807bba0), TOBN(0x9d1e362d, 0x69ff8f3a), + TOBN(0xa33e9681, 0xcbef64a4), TOBN(0x67ece5fa, 0x332fb4b2)}}, + {{TOBN(0x6900a99b, 0x739f10e3), TOBN(0xc3341ca9, 0xff525925), + TOBN(0xee18a626, 0xa9e2d041), TOBN(0xa5a83685, 0x29580ddd)}, + {TOBN(0xf3470c81, 0x9d7de3cd), TOBN(0xedf02586, 0x2062cf9c), + TOBN(0xf43522fa, 0xc010edb0), TOBN(0x30314135, 0x13a4b1ae)}}, + {{TOBN(0xc792e02a, 0xdb22b94b), TOBN(0x993d8ae9, 0xa1eaa45b), + TOBN(0x8aad6cd3, 0xcd1e1c63), TOBN(0x89529ca7, 0xc5ce688a)}, + {TOBN(0x2ccee3aa, 0xe572a253), TOBN(0xe02b6438, 0x02a21efb), + TOBN(0xa7091b6e, 0xc9430358), TOBN(0x06d1b1fa, 0x9d7db504)}}, + {{TOBN(0x58846d32, 0xc4744733), TOBN(0x40517c71, 0x379f9e34), + TOBN(0x2f65655f, 0x130ef6ca), TOBN(0x526e4488, 0xf1f3503f)}, + {TOBN(0x8467bd17, 0x7ee4a976), TOBN(0x1d9dc913, 0x921363d1), + TOBN(0xd8d24c33, 0xb069e041), TOBN(0x5eb5da0a, 0x2cdf7f51)}}, + {{TOBN(0x1c0f3cb1, 0x197b994f), TOBN(0x3c95a6c5, 0x2843eae9), + TOBN(0x7766ffc9, 0xa6097ea5), TOBN(0x7bea4093, 0xd723b867)}, + {TOBN(0xb48e1f73, 0x4db378f9), TOBN(0x70025b00, 0xe37b77ac), + TOBN(0x943dc8e7, 0xaf24ad46), TOBN(0xb98a15ac, 0x16d00a85)}}, + {{TOBN(0x3adc38ba, 0x2743b004), TOBN(0xb1c7f4f7, 0x334415ee), + TOBN(0xea43df8f, 0x1e62d05a), TOBN(0x32618905, 0x9d76a3b6)}, + {TOBN(0x2fbd0bb5, 0xa23a0f46), TOBN(0x5bc971db, 0x6a01918c), + TOBN(0x7801d94a, 0xb4743f94), TOBN(0xb94df65e, 0x676ae22b)}}, + {{TOBN(0xaafcbfab, 0xaf95894c), TOBN(0x7b9bdc07, 0x276b2241), + TOBN(0xeaf98362, 0x5bdda48b), TOBN(0x5977faf2, 0xa3fcb4df)}, + {TOBN(0xbed042ef, 0x052c4b5b), TOBN(0x9fe87f71, 0x067591f0), + TOBN(0xc89c73ca, 0x22f24ec7), TOBN(0x7d37fa9e, 0xe64a9f1b)}}, + {{TOBN(0x2710841a, 0x15562627), TOBN(0x2c01a613, 0xc243b034), + TOBN(0x1d135c56, 0x2bc68609), TOBN(0xc2ca1715, 0x8b03f1f6)}, + {TOBN(0xc9966c2d, 0x3eb81d82), TOBN(0xc02abf4a, 0x8f6df13e), + TOBN(0x77b34bd7, 0x8f72b43b), TOBN(0xaff6218f, 0x360c82b0)}}, + {{TOBN(0x0aa5726c, 0x8d55b9d2), TOBN(0xdc0adbe9, 0x99e9bffb), + TOBN(0x9097549c, 0xefb9e72a), TOBN(0x16755712, 0x9dfb3111)}, + {TOBN(0xdd8bf984, 0xf26847f9), TOBN(0xbcb8e387, 0xdfb30cb7), + TOBN(0xc1fd32a7, 0x5171ef9c), TOBN(0x977f3fc7, 0x389b363f)}}, + {{TOBN(0x116eaf2b, 0xf4babda0), TOBN(0xfeab68bd, 0xf7113c8e), + TOBN(0xd1e3f064, 0xb7def526), TOBN(0x1ac30885, 0xe0b3fa02)}, + {TOBN(0x1c5a6e7b, 0x40142d9d), TOBN(0x839b5603, 0x30921c0b), + TOBN(0x48f301fa, 0x36a116a3), TOBN(0x380e1107, 0xcfd9ee6d)}}, + {{TOBN(0x7945ead8, 0x58854be1), TOBN(0x4111c12e, 0xcbd4d49d), + TOBN(0xece3b1ec, 0x3a29c2ef), TOBN(0x6356d404, 0x8d3616f5)}, + {TOBN(0x9f0d6a8f, 0x594d320e), TOBN(0x0989316d, 0xf651ccd2), + TOBN(0x6c32117a, 0x0f8fdde4), TOBN(0x9abe5cc5, 0xa26a9bbc)}}, + {{TOBN(0xcff560fb, 0x9723f671), TOBN(0x21b2a12d, 0x7f3d593c), + TOBN(0xe4cb18da, 0x24ba0696), TOBN(0x186e2220, 0xc3543384)}, + {TOBN(0x722f64e0, 0x88312c29), TOBN(0x94282a99, 0x17dc7752), + TOBN(0x62467bbf, 0x5a85ee89), TOBN(0xf435c650, 0xf10076a0)}}, + {{TOBN(0xc9ff1539, 0x43b3a50b), TOBN(0x7132130c, 0x1a53efbc), + TOBN(0x31bfe063, 0xf7b0c5b7), TOBN(0xb0179a7d, 0x4ea994cc)}, + {TOBN(0x12d064b3, 0xc85f455b), TOBN(0x47259328, 0x8f6e0062), + TOBN(0xf64e590b, 0xb875d6d9), TOBN(0x22dd6225, 0xad92bcc7)}}, + {{TOBN(0xb658038e, 0xb9c3bd6d), TOBN(0x00cdb0d6, 0xfbba27c8), + TOBN(0x0c681337, 0x1062c45d), TOBN(0xd8515b8c, 0x2d33407d)}, + {TOBN(0xcb8f699e, 0x8cbb5ecf), TOBN(0x8c4347f8, 0xc608d7d8), + TOBN(0x2c11850a, 0xbb3e00db), TOBN(0x20a8dafd, 0xecb49d19)}}, + {{TOBN(0xbd781480, 0x45ee2f40), TOBN(0x75e354af, 0x416b60cf), + TOBN(0xde0b58a1, 0x8d49a8c4), TOBN(0xe40e94e2, 0xfa359536)}, + {TOBN(0xbd4fa59f, 0x62accd76), TOBN(0x05cf466a, 0x8c762837), + TOBN(0xb5abda99, 0x448c277b), TOBN(0x5a9e01bf, 0x48b13740)}}, + {{TOBN(0x9d457798, 0x326aad8d), TOBN(0xbdef4954, 0xc396f7e7), + TOBN(0x6fb274a2, 0xc253e292), TOBN(0x2800bf0a, 0x1cfe53e7)}, + {TOBN(0x22426d31, 0x44438fd4), TOBN(0xef233923, 0x5e259f9a), + TOBN(0x4188503c, 0x03f66264), TOBN(0x9e5e7f13, 0x7f9fdfab)}}, + {{TOBN(0x565eb76c, 0x5fcc1aba), TOBN(0xea632548, 0x59b5bff8), + TOBN(0x5587c087, 0xaab6d3fa), TOBN(0x92b639ea, 0x6ce39c1b)}, + {TOBN(0x0706e782, 0x953b135c), TOBN(0x7308912e, 0x425268ef), + TOBN(0x599e92c7, 0x090e7469), TOBN(0x83b90f52, 0x9bc35e75)}}, + {{TOBN(0x4750b3d0, 0x244975b3), TOBN(0xf3a44358, 0x11965d72), + TOBN(0x179c6774, 0x9c8dc751), TOBN(0xff18cdfe, 0xd23d9ff0)}, + {TOBN(0xc4013833, 0x2028e247), TOBN(0x96e280e2, 0xf3bfbc79), + TOBN(0xf60417bd, 0xd0880a84), TOBN(0x263c9f3d, 0x2a568151)}}, + {{TOBN(0x36be15b3, 0x2d2ce811), TOBN(0x846dc0c2, 0xf8291d21), + TOBN(0x5cfa0ecb, 0x789fcfdb), TOBN(0x45a0beed, 0xd7535b9a)}, + {TOBN(0xec8e9f07, 0x96d69af1), TOBN(0x31a7c5b8, 0x599ab6dc), + TOBN(0xd36d45ef, 0xf9e2e09f), TOBN(0x3cf49ef1, 0xdcee954b)}}, + {{TOBN(0x6be34cf3, 0x086cff9b), TOBN(0x88dbd491, 0x39a3360f), + TOBN(0x1e96b8cc, 0x0dbfbd1d), TOBN(0xc1e5f7bf, 0xcb7e2552)}, + {TOBN(0x0547b214, 0x28819d98), TOBN(0xc770dd9c, 0x7aea9dcb), + TOBN(0xaef0d4c7, 0x041d68c8), TOBN(0xcc2b9818, 0x13cb9ba8)}}, + {{TOBN(0x7fc7bc76, 0xfe86c607), TOBN(0x6b7b9337, 0x502a9a95), + TOBN(0x1948dc27, 0xd14dab63), TOBN(0x249dd198, 0xdae047be)}, + {TOBN(0xe8356584, 0xa981a202), TOBN(0x3531dd18, 0x3a893387), + TOBN(0x1be11f90, 0xc85c7209), TOBN(0x93d2fe1e, 0xe2a52b5a)}}, + {{TOBN(0x8225bfe2, 0xec6d6b97), TOBN(0x9cf6d6f4, 0xbd0aa5de), + TOBN(0x911459cb, 0x54779f5f), TOBN(0x5649cddb, 0x86aeb1f3)}, + {TOBN(0x32133579, 0x3f26ce5a), TOBN(0xc289a102, 0x550f431e), + TOBN(0x559dcfda, 0x73b84c6f), TOBN(0x84973819, 0xee3ac4d7)}}, + {{TOBN(0xb51e55e6, 0xf2606a82), TOBN(0xe25f7061, 0x90f2fb57), + TOBN(0xacef6c2a, 0xb1a4e37c), TOBN(0x864e359d, 0x5dcf2706)}, + {TOBN(0x479e6b18, 0x7ce57316), TOBN(0x2cab2500, 0x3a96b23d), + TOBN(0xed489862, 0x8ef16df7), TOBN(0x2056538c, 0xef3758b5)}}, + {{TOBN(0xa7df865e, 0xf15d3101), TOBN(0x80c5533a, 0x61b553d7), + TOBN(0x366e1997, 0x4ed14294), TOBN(0x6620741f, 0xb3c0bcd6)}, + {TOBN(0x21d1d9c4, 0xedc45418), TOBN(0x005b859e, 0xc1cc4a9d), + TOBN(0xdf01f630, 0xa1c462f0), TOBN(0x15d06cf3, 0xf26820c7)}}, + {{TOBN(0x9f7f24ee, 0x3484be47), TOBN(0x2ff33e96, 0x4a0c902f), + TOBN(0x00bdf457, 0x5a0bc453), TOBN(0x2378dfaf, 0x1aa238db)}, + {TOBN(0x272420ec, 0x856720f2), TOBN(0x2ad9d95b, 0x96797291), + TOBN(0xd1242cc6, 0x768a1558), TOBN(0x2e287f8b, 0x5cc86aa8)}}, + {{TOBN(0x796873d0, 0x990cecaa), TOBN(0xade55f81, 0x675d4080), + TOBN(0x2645eea3, 0x21f0cd84), TOBN(0x7a1efa0f, 0xb4e17d02)}, + {TOBN(0xf6858420, 0x037cc061), TOBN(0x682e05f0, 0xd5d43e12), + TOBN(0x59c36994, 0x27218710), TOBN(0x85cbba4d, 0x3f7cd2fc)}}, + {{TOBN(0x726f9729, 0x7a3cd22a), TOBN(0x9f8cd5dc, 0x4a628397), + TOBN(0x17b93ab9, 0xc23165ed), TOBN(0xff5f5dbf, 0x122823d4)}, + {TOBN(0xc1e4e4b5, 0x654a446d), TOBN(0xd1a9496f, 0x677257ba), + TOBN(0x6387ba94, 0xde766a56), TOBN(0x23608bc8, 0x521ec74a)}}, + {{TOBN(0x16a522d7, 0x6688c4d4), TOBN(0x9d6b4282, 0x07373abd), + TOBN(0xa62f07ac, 0xb42efaa3), TOBN(0xf73e00f7, 0xe3b90180)}, + {TOBN(0x36175fec, 0x49421c3e), TOBN(0xc4e44f9b, 0x3dcf2678), + TOBN(0x76df436b, 0x7220f09f), TOBN(0x172755fb, 0x3aa8b6cf)}}, + {{TOBN(0xbab89d57, 0x446139cc), TOBN(0x0a0a6e02, 0x5fe0208f), + TOBN(0xcdbb63e2, 0x11e5d399), TOBN(0x33ecaa12, 0xa8977f0b)}, + {TOBN(0x59598b21, 0xf7c42664), TOBN(0xb3e91b32, 0xab65d08a), + TOBN(0x035822ee, 0xf4502526), TOBN(0x1dcf0176, 0x720a82a9)}}, + {{TOBN(0x50f8598f, 0x3d589e02), TOBN(0xdf0478ff, 0xb1d63d2c), + TOBN(0x8b8068bd, 0x1571cd07), TOBN(0x30c3aa4f, 0xd79670cd)}, + {TOBN(0x25e8fd4b, 0x941ade7f), TOBN(0x3d1debdc, 0x32790011), + TOBN(0x65b6dcbd, 0x3a3f9ff0), TOBN(0x282736a4, 0x793de69c)}}, + {{TOBN(0xef69a0c3, 0xd41d3bd3), TOBN(0xb533b8c9, 0x07a26bde), + TOBN(0xe2801d97, 0xdb2edf9f), TOBN(0xdc4a8269, 0xe1877af0)}, + {TOBN(0x6c1c5851, 0x3d590dbe), TOBN(0x84632f6b, 0xee4e9357), + TOBN(0xd36d36b7, 0x79b33374), TOBN(0xb46833e3, 0x9bbca2e6)}}, + {{TOBN(0x37893913, 0xf7fc0586), TOBN(0x385315f7, 0x66bf4719), + TOBN(0x72c56293, 0xb31855dc), TOBN(0xd1416d4e, 0x849061fe)}, + {TOBN(0xbeb3ab78, 0x51047213), TOBN(0x447f6e61, 0xf040c996), + TOBN(0xd06d310d, 0x638b1d0c), TOBN(0xe28a413f, 0xbad1522e)}}, + {{TOBN(0x685a76cb, 0x82003f86), TOBN(0x610d07f7, 0x0bcdbca3), + TOBN(0x6ff66021, 0x9ca4c455), TOBN(0x7df39b87, 0xcea10eec)}, + {TOBN(0xb9255f96, 0xe22db218), TOBN(0x8cc6d9eb, 0x08a34c44), + TOBN(0xcd4ffb86, 0x859f9276), TOBN(0x8fa15eb2, 0x50d07335)}}, + {{TOBN(0xdf553845, 0xcf2c24b5), TOBN(0x89f66a9f, 0x52f9c3ba), + TOBN(0x8f22b5b9, 0xe4a7ceb3), TOBN(0xaffef809, 0x0e134686)}, + {TOBN(0x3e53e1c6, 0x8eb8fac2), TOBN(0x93c1e4eb, 0x28aec98e), + TOBN(0xb6b91ec5, 0x32a43bcb), TOBN(0x2dbfa947, 0xb2d74a51)}}, + {{TOBN(0xe065d190, 0xca84bad7), TOBN(0xfb13919f, 0xad58e65c), + TOBN(0x3c41718b, 0xf1cb6e31), TOBN(0x688969f0, 0x06d05c3f)}, + {TOBN(0xd4f94ce7, 0x21264d45), TOBN(0xfdfb65e9, 0x7367532b), + TOBN(0x5b1be8b1, 0x0945a39d), TOBN(0x229f789c, 0x2b8baf3b)}}, + {{TOBN(0xd8f41f3e, 0x6f49f15d), TOBN(0x678ce828, 0x907f0792), + TOBN(0xc69ace82, 0xfca6e867), TOBN(0x106451ae, 0xd01dcc89)}, + {TOBN(0x1bb4f7f0, 0x19fc32d2), TOBN(0x64633dfc, 0xb00c52d2), + TOBN(0x8f13549a, 0xad9ea445), TOBN(0x99a3bf50, 0xfb323705)}}, + {{TOBN(0x0c9625a2, 0x534d4dbc), TOBN(0x45b8f1d1, 0xc2a2fea3), + TOBN(0x76ec21a1, 0xa530fc1a), TOBN(0x4bac9c2a, 0x9e5bd734)}, + {TOBN(0x5996d76a, 0x7b4e3587), TOBN(0x0045cdee, 0x1182d9e3), + TOBN(0x1aee24b9, 0x1207f13d), TOBN(0x66452e97, 0x97345a41)}}, + {{TOBN(0x16e5b054, 0x9f950cd0), TOBN(0x9cc72fb1, 0xd7fdd075), + TOBN(0x6edd61e7, 0x66249663), TOBN(0xde4caa4d, 0xf043cccb)}, + {TOBN(0x11b1f57a, 0x55c7ac17), TOBN(0x779cbd44, 0x1a85e24d), + TOBN(0x78030f86, 0xe46081e7), TOBN(0xfd4a6032, 0x8e20f643)}}, + {{TOBN(0xcc7a6488, 0x0a750c0f), TOBN(0x39bacfe3, 0x4e548e83), + TOBN(0x3d418c76, 0x0c110f05), TOBN(0x3e4daa4c, 0xb1f11588)}, + {TOBN(0x2733e7b5, 0x5ffc69ff), TOBN(0x46f147bc, 0x92053127), + TOBN(0x885b2434, 0xd722df94), TOBN(0x6a444f65, 0xe6fc6b7c)}}}, + {{{TOBN(0x7a1a465a, 0xc3f16ea8), TOBN(0x115a461d, 0xb2f1d11c), + TOBN(0x4767dd95, 0x6c68a172), TOBN(0x3392f2eb, 0xd13a4698)}, + {TOBN(0xc7a99ccd, 0xe526cdc7), TOBN(0x8e537fdc, 0x22292b81), + TOBN(0x76d8cf69, 0xa6d39198), TOBN(0xffc5ff43, 0x2446852d)}}, + {{TOBN(0x97b14f7e, 0xa90567e6), TOBN(0x513257b7, 0xb6ae5cb7), + TOBN(0x85454a3c, 0x9f10903d), TOBN(0xd8d2c9ad, 0x69bc3724)}, + {TOBN(0x38da9324, 0x6b29cb44), TOBN(0xb540a21d, 0x77c8cbac), + TOBN(0x9bbfe435, 0x01918e42), TOBN(0xfffa707a, 0x56c3614e)}}, + {{TOBN(0x0ce4e3f1, 0xd4e353b7), TOBN(0x062d8a14, 0xef46b0a0), + TOBN(0x6408d5ab, 0x574b73fd), TOBN(0xbc41d1c9, 0xd3273ffd)}, + {TOBN(0x3538e1e7, 0x6be77800), TOBN(0x71fe8b37, 0xc5655031), + TOBN(0x1cd91621, 0x6b9b331a), TOBN(0xad825d0b, 0xbb388f73)}}, + {{TOBN(0x56c2e05b, 0x1cb76219), TOBN(0x0ec0bf91, 0x71567e7e), + TOBN(0xe7076f86, 0x61c4c910), TOBN(0xd67b085b, 0xbabc04d9)}, + {TOBN(0x9fb90459, 0x5e93a96a), TOBN(0x7526c1ea, 0xfbdc249a), + TOBN(0x0d44d367, 0xecdd0bb7), TOBN(0x95399917, 0x9dc0d695)}}, + {{TOBN(0x61360ee9, 0x9e240d18), TOBN(0x057cdcac, 0xb4b94466), + TOBN(0xe7667cd1, 0x2fe5325c), TOBN(0x1fa297b5, 0x21974e3b)}, + {TOBN(0xfa4081e7, 0xdb083d76), TOBN(0x31993be6, 0xf206bd15), + TOBN(0x8949269b, 0x14c19f8c), TOBN(0x21468d72, 0xa9d92357)}}, + {{TOBN(0x2ccbc583, 0xa4c506ec), TOBN(0x957ed188, 0xd1acfe97), + TOBN(0x8baed833, 0x12f1aea2), TOBN(0xef2a6cb4, 0x8325362d)}, + {TOBN(0x130dde42, 0x8e195c43), TOBN(0xc842025a, 0x0e6050c6), + TOBN(0x2da972a7, 0x08686a5d), TOBN(0xb52999a1, 0xe508b4a8)}}, + {{TOBN(0xd9f090b9, 0x10a5a8bd), TOBN(0xca91d249, 0x096864da), + TOBN(0x8e6a93be, 0x3f67dbc1), TOBN(0xacae6fba, 0xf5f4764c)}, + {TOBN(0x1563c6e0, 0xd21411a0), TOBN(0x28fa787f, 0xda0a4ad8), + TOBN(0xd524491c, 0x908c8030), TOBN(0x1257ba0e, 0x4c795f07)}}, + {{TOBN(0x83f49167, 0xceca9754), TOBN(0x426d2cf6, 0x4b7939a0), + TOBN(0x2555e355, 0x723fd0bf), TOBN(0xa96e6d06, 0xc4f144e2)}, + {TOBN(0x4768a8dd, 0x87880e61), TOBN(0x15543815, 0xe508e4d5), + TOBN(0x09d7e772, 0xb1b65e15), TOBN(0x63439dd6, 0xac302fa0)}}, + {{TOBN(0xb93f802f, 0xc14e35c2), TOBN(0x71735b7c, 0x4341333c), + TOBN(0x03a25104, 0x16d4f362), TOBN(0x3f4d069b, 0xbf433c8e)}, + {TOBN(0x0d83ae01, 0xf78f5a7c), TOBN(0x50a8ffbe, 0x7c4eed07), + TOBN(0xc74f8906, 0x76e10f83), TOBN(0x7d080966, 0x9ddaf8e1)}}, + {{TOBN(0xb11df8e1, 0x698e04cc), TOBN(0x877be203, 0x169005c8), + TOBN(0x32749e8c, 0x4f3c6179), TOBN(0x2dbc9d0a, 0x7853fc05)}, + {TOBN(0x187d4f93, 0x9454d937), TOBN(0xe682ce9d, 0xb4800e1b), + TOBN(0xa9129ad8, 0x165e68e8), TOBN(0x0fe29735, 0xbe7f785b)}}, + {{TOBN(0x5303f40c, 0x5b9e02b7), TOBN(0xa37c9692, 0x35ee04e8), + TOBN(0x5f46cc20, 0x34d6632b), TOBN(0x55ef72b2, 0x96ac545b)}, + {TOBN(0xabec5c1f, 0x7b91b062), TOBN(0x0a79e1c7, 0xbb33e821), + TOBN(0xbb04b428, 0x3a9f4117), TOBN(0x0de1f28f, 0xfd2a475a)}}, + {{TOBN(0x31019ccf, 0x3a4434b4), TOBN(0xa3458111, 0x1a7954dc), + TOBN(0xa9dac80d, 0xe34972a7), TOBN(0xb043d054, 0x74f6b8dd)}, + {TOBN(0x021c319e, 0x11137b1a), TOBN(0x00a754ce, 0xed5cc03f), + TOBN(0x0aa2c794, 0xcbea5ad4), TOBN(0x093e67f4, 0x70c015b6)}}, + {{TOBN(0x72cdfee9, 0xc97e3f6b), TOBN(0xc10bcab4, 0xb6da7461), + TOBN(0x3b02d2fc, 0xb59806b9), TOBN(0x85185e89, 0xa1de6f47)}, + {TOBN(0x39e6931f, 0x0eb6c4d4), TOBN(0x4d4440bd, 0xd4fa5b04), + TOBN(0x5418786e, 0x34be7eb8), TOBN(0x6380e521, 0x9d7259bc)}}, + {{TOBN(0x20ac0351, 0xd598d710), TOBN(0x272c4166, 0xcb3a4da4), + TOBN(0xdb82fe1a, 0xca71de1f), TOBN(0x746e79f2, 0xd8f54b0f)}, + {TOBN(0x6e7fc736, 0x4b573e9b), TOBN(0x75d03f46, 0xfd4b5040), + TOBN(0x5c1cc36d, 0x0b98d87b), TOBN(0x513ba3f1, 0x1f472da1)}}, + {{TOBN(0x79d0af26, 0xabb177dd), TOBN(0xf82ab568, 0x7891d564), + TOBN(0x2b6768a9, 0x72232173), TOBN(0xefbb3bb0, 0x8c1f6619)}, + {TOBN(0xb29c11db, 0xa6d18358), TOBN(0x519e2797, 0xb0916d3a), + TOBN(0xd4dc18f0, 0x9188e290), TOBN(0x648e86e3, 0x98b0ca7f)}}, + {{TOBN(0x859d3145, 0x983c38b5), TOBN(0xb14f176c, 0x637abc8b), + TOBN(0x2793fb9d, 0xcaff7be6), TOBN(0xebe5a55f, 0x35a66a5a)}, + {TOBN(0x7cec1dcd, 0x9f87dc59), TOBN(0x7c595cd3, 0xfbdbf560), + TOBN(0x5b543b22, 0x26eb3257), TOBN(0x69080646, 0xc4c935fd)}}, + {{TOBN(0x7f2e4403, 0x81e9ede3), TOBN(0x243c3894, 0xcaf6df0a), + TOBN(0x7c605bb1, 0x1c073b11), TOBN(0xcd06a541, 0xba6a4a62)}, + {TOBN(0x29168949, 0x49d4e2e5), TOBN(0x33649d07, 0x4af66880), + TOBN(0xbfc0c885, 0xe9a85035), TOBN(0xb4e52113, 0xfc410f4b)}}, + {{TOBN(0xdca3b706, 0x78a6513b), TOBN(0x92ea4a2a, 0x9edb1943), + TOBN(0x02642216, 0xdb6e2dd8), TOBN(0x9b45d0b4, 0x9fd57894)}, + {TOBN(0x114e70db, 0xc69d11ae), TOBN(0x1477dd19, 0x4c57595f), + TOBN(0xbc2208b4, 0xec77c272), TOBN(0x95c5b4d7, 0xdb68f59c)}}, + {{TOBN(0xb8c4fc63, 0x42e532b7), TOBN(0x386ba422, 0x9ae35290), + TOBN(0xfb5dda42, 0xd201ecbc), TOBN(0x2353dc8b, 0xa0e38fd6)}, + {TOBN(0x9a0b85ea, 0x68f7e978), TOBN(0x96ec5682, 0x2ad6d11f), + TOBN(0x5e279d6c, 0xe5f6886d), TOBN(0xd3fe03cd, 0x3cb1914d)}}, + {{TOBN(0xfe541fa4, 0x7ea67c77), TOBN(0x952bd2af, 0xe3ea810c), + TOBN(0x791fef56, 0x8d01d374), TOBN(0xa3a1c621, 0x0f11336e)}, + {TOBN(0x5ad0d5a9, 0xc7ec6d79), TOBN(0xff7038af, 0x3225c342), + TOBN(0x003c6689, 0xbc69601b), TOBN(0x25059bc7, 0x45e8747d)}}, + {{TOBN(0xfa4965b2, 0xf2086fbf), TOBN(0xf6840ea6, 0x86916078), + TOBN(0xd7ac7620, 0x70081d6c), TOBN(0xe600da31, 0xb5328645)}, + {TOBN(0x01916f63, 0x529b8a80), TOBN(0xe80e4858, 0x2d7d6f3e), + TOBN(0x29eb0fe8, 0xd664ca7c), TOBN(0xf017637b, 0xe7b43b0c)}}, + {{TOBN(0x9a75c806, 0x76cb2566), TOBN(0x8f76acb1, 0xb24892d9), + TOBN(0x7ae7b9cc, 0x1f08fe45), TOBN(0x19ef7329, 0x6a4907d8)}, + {TOBN(0x2db4ab71, 0x5f228bf0), TOBN(0xf3cdea39, 0x817032d7), + TOBN(0x0b1f482e, 0xdcabe3c0), TOBN(0x3baf76b4, 0xbb86325c)}}, + {{TOBN(0xd49065e0, 0x10089465), TOBN(0x3bab5d29, 0x8e77c596), + TOBN(0x7636c3a6, 0x193dbd95), TOBN(0xdef5d294, 0xb246e499)}, + {TOBN(0xb22c58b9, 0x286b2475), TOBN(0xa0b93939, 0xcd80862b), + TOBN(0x3002c83a, 0xf0992388), TOBN(0x6de01f9b, 0xeacbe14c)}}, + {{TOBN(0x6aac688e, 0xadd70482), TOBN(0x708de92a, 0x7b4a4e8a), + TOBN(0x75b6dd73, 0x758a6eef), TOBN(0xea4bf352, 0x725b3c43)}, + {TOBN(0x10041f2c, 0x87912868), TOBN(0xb1b1be95, 0xef09297a), + TOBN(0x19ae23c5, 0xa9f3860a), TOBN(0xc4f0f839, 0x515dcf4b)}}, + {{TOBN(0x3c7ecca3, 0x97f6306a), TOBN(0x744c44ae, 0x68a3a4b0), + TOBN(0x69cd13a0, 0xb3a1d8a2), TOBN(0x7cad0a1e, 0x5256b578)}, + {TOBN(0xea653fcd, 0x33791d9e), TOBN(0x9cc2a05d, 0x74b2e05f), + TOBN(0x73b391dc, 0xfd7affa2), TOBN(0xddb7091e, 0xb6b05442)}}, + {{TOBN(0xc71e27bf, 0x8538a5c6), TOBN(0x195c63dd, 0x89abff17), + TOBN(0xfd315285, 0x1b71e3da), TOBN(0x9cbdfda7, 0xfa680fa0)}, + {TOBN(0x9db876ca, 0x849d7eab), TOBN(0xebe2764b, 0x3c273271), + TOBN(0x663357e3, 0xf208dcea), TOBN(0x8c5bd833, 0x565b1b70)}}, + {{TOBN(0xccc3b4f5, 0x9837fc0d), TOBN(0x9b641ba8, 0xa79cf00f), + TOBN(0x7428243d, 0xdfdf3990), TOBN(0x83a594c4, 0x020786b1)}, + {TOBN(0xb712451a, 0x526c4502), TOBN(0x9d39438e, 0x6adb3f93), + TOBN(0xfdb261e3, 0xe9ff0ccd), TOBN(0x80344e3c, 0xe07af4c3)}}, + {{TOBN(0x75900d7c, 0x2fa4f126), TOBN(0x08a3b865, 0x5c99a232), + TOBN(0x2478b6bf, 0xdb25e0c3), TOBN(0x482cc2c2, 0x71db2edf)}, + {TOBN(0x37df7e64, 0x5f321bb8), TOBN(0x8a93821b, 0x9a8005b4), + TOBN(0x3fa2f10c, 0xcc8c1958), TOBN(0x0d332218, 0x2c269d0a)}}, + {{TOBN(0x20ab8119, 0xe246b0e6), TOBN(0xb39781e4, 0xd349fd17), + TOBN(0xd293231e, 0xb31aa100), TOBN(0x4b779c97, 0xbb032168)}, + {TOBN(0x4b3f19e1, 0xc8470500), TOBN(0x45b7efe9, 0x0c4c869d), + TOBN(0xdb84f38a, 0xa1a6bbcc), TOBN(0x3b59cb15, 0xb2fddbc1)}}, + {{TOBN(0xba5514df, 0x3fd165e8), TOBN(0x499fd6a9, 0x061f8811), + TOBN(0x72cd1fe0, 0xbfef9f00), TOBN(0x120a4bb9, 0x79ad7e8a)}, + {TOBN(0xf2ffd095, 0x5f4a5ac5), TOBN(0xcfd174f1, 0x95a7a2f0), + TOBN(0xd42301ba, 0x9d17baf1), TOBN(0xd2fa487a, 0x77f22089)}}, + {{TOBN(0x9cb09efe, 0xb1dc77e1), TOBN(0xe9566939, 0x21c99682), + TOBN(0x8c546901, 0x6c6067bb), TOBN(0xfd378574, 0x61c24456)}, + {TOBN(0x2b6a6cbe, 0x81796b33), TOBN(0x62d550f6, 0x58e87f8b), + TOBN(0x1b763e1c, 0x7f1b01b4), TOBN(0x4b93cfea, 0x1b1b5e12)}}, + {{TOBN(0xb9345238, 0x1d531696), TOBN(0x57201c00, 0x88cdde69), + TOBN(0xdde92251, 0x9a86afc7), TOBN(0xe3043895, 0xbd35cea8)}, + {TOBN(0x7608c1e1, 0x8555970d), TOBN(0x8267dfa9, 0x2535935e), + TOBN(0xd4c60a57, 0x322ea38b), TOBN(0xe0bf7977, 0x804ef8b5)}}, + {{TOBN(0x1a0dab28, 0xc06fece4), TOBN(0xd405991e, 0x94e7b49d), + TOBN(0xc542b6d2, 0x706dab28), TOBN(0xcb228da3, 0xa91618fb)}, + {TOBN(0x224e4164, 0x107d1cea), TOBN(0xeb9fdab3, 0xd0f5d8f1), + TOBN(0xc02ba386, 0x0d6e41cd), TOBN(0x676a72c5, 0x9b1f7146)}}, + {{TOBN(0xffd6dd98, 0x4d6cb00b), TOBN(0xcef9c5ca, 0xde2e8d7c), + TOBN(0xa1bbf5d7, 0x641c7936), TOBN(0x1b95b230, 0xee8f772e)}, + {TOBN(0xf765a92e, 0xe8ac25b1), TOBN(0xceb04cfc, 0x3a18b7c6), + TOBN(0x27944cef, 0x0acc8966), TOBN(0xcbb3c957, 0x434c1004)}}, + {{TOBN(0x9c9971a1, 0xa43ff93c), TOBN(0x5bc2db17, 0xa1e358a9), + TOBN(0x45b4862e, 0xa8d9bc82), TOBN(0x70ebfbfb, 0x2201e052)}, + {TOBN(0xafdf64c7, 0x92871591), TOBN(0xea5bcae6, 0xb42d0219), + TOBN(0xde536c55, 0x2ad8f03c), TOBN(0xcd6c3f4d, 0xa76aa33c)}}, + {{TOBN(0xbeb5f623, 0x0bca6de3), TOBN(0xdd20dd99, 0xb1e706fd), + TOBN(0x90b3ff9d, 0xac9059d4), TOBN(0x2d7b2902, 0x7ccccc4e)}, + {TOBN(0x8a090a59, 0xce98840f), TOBN(0xa5d947e0, 0x8410680a), + TOBN(0x49ae346a, 0x923379a5), TOBN(0x7dbc84f9, 0xb28a3156)}}, + {{TOBN(0xfd40d916, 0x54a1aff2), TOBN(0xabf318ba, 0x3a78fb9b), + TOBN(0x50152ed8, 0x3029f95e), TOBN(0x9fc1dd77, 0xc58ad7fa)}, + {TOBN(0x5fa57915, 0x13595c17), TOBN(0xb9504668, 0x8f62b3a9), + TOBN(0x907b5b24, 0xff3055b0), TOBN(0x2e995e35, 0x9a84f125)}}, + {{TOBN(0x87dacf69, 0x7e9bbcfb), TOBN(0x95d0c1d6, 0xe86d96e3), + TOBN(0x65726e3c, 0x2d95a75c), TOBN(0x2c3c9001, 0xacd27f21)}, + {TOBN(0x1deab561, 0x6c973f57), TOBN(0x108b7e2c, 0xa5221643), + TOBN(0x5fee9859, 0xc4ef79d4), TOBN(0xbd62b88a, 0x40d4b8c6)}}, + {{TOBN(0xb4dd29c4, 0x197c75d6), TOBN(0x266a6df2, 0xb7076feb), + TOBN(0x9512d0ea, 0x4bf2df11), TOBN(0x1320c24f, 0x6b0cc9ec)}, + {TOBN(0x6bb1e0e1, 0x01a59596), TOBN(0x8317c5bb, 0xeff9aaac), + TOBN(0x65bb405e, 0x385aa6c9), TOBN(0x613439c1, 0x8f07988f)}}, + {{TOBN(0xd730049f, 0x16a66e91), TOBN(0xe97f2820, 0xfa1b0e0d), + TOBN(0x4131e003, 0x304c28ea), TOBN(0x820ab732, 0x526bac62)}, + {TOBN(0xb2ac9ef9, 0x28714423), TOBN(0x54ecfffa, 0xadb10cb2), + TOBN(0x8781476e, 0xf886a4cc), TOBN(0x4b2c87b5, 0xdb2f8d49)}}, + {{TOBN(0xe857cd20, 0x0a44295d), TOBN(0x707d7d21, 0x58c6b044), + TOBN(0xae8521f9, 0xf596757c), TOBN(0x87448f03, 0x67b2b714)}, + {TOBN(0x13a9bc45, 0x5ebcd58d), TOBN(0x79bcced9, 0x9122d3c1), + TOBN(0x3c644247, 0x9e076642), TOBN(0x0cf22778, 0x2df4767d)}}, + {{TOBN(0x5e61aee4, 0x71d444b6), TOBN(0x211236bf, 0xc5084a1d), + TOBN(0x7e15bc9a, 0x4fd3eaf6), TOBN(0x68df2c34, 0xab622bf5)}, + {TOBN(0x9e674f0f, 0x59bf4f36), TOBN(0xf883669b, 0xd7f34d73), + TOBN(0xc48ac1b8, 0x31497b1d), TOBN(0x323b925d, 0x5106703b)}}, + {{TOBN(0x22156f42, 0x74082008), TOBN(0xeffc521a, 0xc8482bcb), + TOBN(0x5c6831bf, 0x12173479), TOBN(0xcaa2528f, 0xc4739490)}, + {TOBN(0x84d2102a, 0x8f1b3c4d), TOBN(0xcf64dfc1, 0x2d9bec0d), + TOBN(0x433febad, 0x78a546ef), TOBN(0x1f621ec3, 0x7b73cef1)}}, + {{TOBN(0x6aecd627, 0x37338615), TOBN(0x162082ab, 0x01d8edf6), + TOBN(0x833a8119, 0x19e86b66), TOBN(0x6023a251, 0xd299b5db)}, + {TOBN(0xf5bb0c3a, 0xbbf04b89), TOBN(0x6735eb69, 0xae749a44), + TOBN(0xd0e058c5, 0x4713de3b), TOBN(0xfdf2593e, 0x2c3d4ccd)}}, + {{TOBN(0x1b8f414e, 0xfdd23667), TOBN(0xdd52aaca, 0xfa2015ee), + TOBN(0x3e31b517, 0xbd9625ff), TOBN(0x5ec9322d, 0x8db5918c)}, + {TOBN(0xbc73ac85, 0xa96f5294), TOBN(0x82aa5bf3, 0x61a0666a), + TOBN(0x49755810, 0xbf08ac42), TOBN(0xd21cdfd5, 0x891cedfc)}}, + {{TOBN(0x918cb57b, 0x67f8be10), TOBN(0x365d1a7c, 0x56ffa726), + TOBN(0x2435c504, 0x6532de93), TOBN(0xc0fc5e10, 0x2674cd02)}, + {TOBN(0x6e51fcf8, 0x9cbbb142), TOBN(0x1d436e5a, 0xafc50692), + TOBN(0x766bffff, 0x3fbcae22), TOBN(0x3148c2fd, 0xfd55d3b8)}}, + {{TOBN(0x52c7fdc9, 0x233222fa), TOBN(0x89ff1092, 0xe419fb6b), + TOBN(0x3cd6db99, 0x25254977), TOBN(0x2e85a161, 0x1cf12ca7)}, + {TOBN(0xadd2547c, 0xdc810bc9), TOBN(0xea3f458f, 0x9d257c22), + TOBN(0x642c1fbe, 0x27d6b19b), TOBN(0xed07e6b5, 0x140481a6)}}, + {{TOBN(0x6ada1d42, 0x86d2e0f8), TOBN(0xe5920122, 0x0e8a9fd5), + TOBN(0x02c936af, 0x708c1b49), TOBN(0x60f30fee, 0x2b4bfaff)}, + {TOBN(0x6637ad06, 0x858e6a61), TOBN(0xce4c7767, 0x3fd374d0), + TOBN(0x39d54b2d, 0x7188defb), TOBN(0xa8c9d250, 0xf56a6b66)}}, + {{TOBN(0x58fc0f5e, 0xb24fe1dc), TOBN(0x9eaf9dee, 0x6b73f24c), + TOBN(0xa90d588b, 0x33650705), TOBN(0xde5b62c5, 0xaf2ec729)}, + {TOBN(0x5c72cfae, 0xd3c2b36e), TOBN(0x868c19d5, 0x034435da), + TOBN(0x88605f93, 0xe17ee145), TOBN(0xaa60c4ee, 0x77a5d5b1)}}, + {{TOBN(0xbcf5bfd2, 0x3b60c472), TOBN(0xaf4ef13c, 0xeb1d3049), + TOBN(0x373f44fc, 0xe13895c9), TOBN(0xf29b382f, 0x0cbc9822)}, + {TOBN(0x1bfcb853, 0x73efaef6), TOBN(0xcf56ac9c, 0xa8c96f40), + TOBN(0xd7adf109, 0x7a191e24), TOBN(0x98035f44, 0xbf8a8dc2)}}, + {{TOBN(0xf40a71b9, 0x1e750c84), TOBN(0xc57f7b0c, 0x5dc6c469), + TOBN(0x49a0e79c, 0x6fbc19c1), TOBN(0x6b0f5889, 0xa48ebdb8)}, + {TOBN(0x5d3fd084, 0xa07c4e9f), TOBN(0xc3830111, 0xab27de14), + TOBN(0x0e4929fe, 0x33e08dcc), TOBN(0xf4a5ad24, 0x40bb73a3)}}, + {{TOBN(0xde86c2bf, 0x490f97ca), TOBN(0x288f09c6, 0x67a1ce18), + TOBN(0x364bb886, 0x1844478d), TOBN(0x7840fa42, 0xceedb040)}, + {TOBN(0x1269fdd2, 0x5a631b37), TOBN(0x94761f1e, 0xa47c8b7d), + TOBN(0xfc0c2e17, 0x481c6266), TOBN(0x85e16ea2, 0x3daa5fa7)}}, + {{TOBN(0xccd86033, 0x92491048), TOBN(0x0c2f6963, 0xf4d402d7), + TOBN(0x6336f7df, 0xdf6a865c), TOBN(0x0a2a463c, 0xb5c02a87)}, + {TOBN(0xb0e29be7, 0xbf2f12ee), TOBN(0xf0a22002, 0x66bad988), + TOBN(0x27f87e03, 0x9123c1d7), TOBN(0x21669c55, 0x328a8c98)}}, + {{TOBN(0x186b9803, 0x92f14529), TOBN(0xd3d056cc, 0x63954df3), + TOBN(0x2f03fd58, 0x175a46f6), TOBN(0x63e34ebe, 0x11558558)}, + {TOBN(0xe13fedee, 0x5b80cfa5), TOBN(0xe872a120, 0xd401dbd1), + TOBN(0x52657616, 0xe8a9d667), TOBN(0xbc8da4b6, 0xe08d6693)}}, + {{TOBN(0x370fb9bb, 0x1b703e75), TOBN(0x6773b186, 0xd4338363), + TOBN(0x18dad378, 0xecef7bff), TOBN(0xaac787ed, 0x995677da)}, + {TOBN(0x4801ea8b, 0x0437164b), TOBN(0xf430ad20, 0x73fe795e), + TOBN(0xb164154d, 0x8ee5eb73), TOBN(0x0884ecd8, 0x108f7c0e)}}, + {{TOBN(0x0e6ec096, 0x5f520698), TOBN(0x640631fe, 0x44f7b8d9), + TOBN(0x92fd34fc, 0xa35a68b9), TOBN(0x9c5a4b66, 0x4d40cf4e)}, + {TOBN(0x949454bf, 0x80b6783d), TOBN(0x80e701fe, 0x3a320a10), + TOBN(0x8d1a564a, 0x1a0a39b2), TOBN(0x1436d53d, 0x320587db)}}, + {{TOBN(0xf5096e6d, 0x6556c362), TOBN(0xbc23a3c0, 0xe2455d7e), + TOBN(0x3a7aee54, 0x807230f9), TOBN(0x9ba1cfa6, 0x22ae82fd)}, + {TOBN(0x833a057a, 0x99c5d706), TOBN(0x8be85f4b, 0x842315c9), + TOBN(0xd083179a, 0x66a72f12), TOBN(0x2fc77d5d, 0xcdcc73cd)}}, + {{TOBN(0x22b88a80, 0x5616ee30), TOBN(0xfb09548f, 0xe7ab1083), + TOBN(0x8ad6ab0d, 0x511270cd), TOBN(0x61f6c57a, 0x6924d9ab)}, + {TOBN(0xa0f7bf72, 0x90aecb08), TOBN(0x849f87c9, 0x0df784a4), + TOBN(0x27c79c15, 0xcfaf1d03), TOBN(0xbbf9f675, 0xc463face)}}, + {{TOBN(0x91502c65, 0x765ba543), TOBN(0x18ce3cac, 0x42ea60dd), + TOBN(0xe5cee6ac, 0x6e43ecb3), TOBN(0x63e4e910, 0x68f2aeeb)}, + {TOBN(0x26234fa3, 0xc85932ee), TOBN(0x96883e8b, 0x4c90c44d), + TOBN(0x29b9e738, 0xa18a50f6), TOBN(0xbfc62b2a, 0x3f0420df)}}, + {{TOBN(0xd22a7d90, 0x6d3e1fa9), TOBN(0x17115618, 0xfe05b8a3), + TOBN(0x2a0c9926, 0xbb2b9c01), TOBN(0xc739fcc6, 0xe07e76a2)}, + {TOBN(0x540e9157, 0x165e439a), TOBN(0x06353a62, 0x6a9063d8), + TOBN(0x84d95594, 0x61e927a3), TOBN(0x013b9b26, 0xe2e0be7f)}}, + {{TOBN(0x4feaec3b, 0x973497f1), TOBN(0x15c0f94e, 0x093ebc2d), + TOBN(0x6af5f227, 0x33af0583), TOBN(0x0c2af206, 0xc61f3340)}, + {TOBN(0xd25dbdf1, 0x4457397c), TOBN(0x2e8ed017, 0xcabcbae0), + TOBN(0xe3010938, 0xc2815306), TOBN(0xbaa99337, 0xe8c6cd68)}}, + {{TOBN(0x08513182, 0x3b0ec7de), TOBN(0x1e1b822b, 0x58df05df), + TOBN(0x5c14842f, 0xa5c3b683), TOBN(0x98fe977e, 0x3eba34ce)}, + {TOBN(0xfd2316c2, 0x0d5e8873), TOBN(0xe48d839a, 0xbd0d427d), + TOBN(0x495b2218, 0x623fc961), TOBN(0x24ee56e7, 0xb46fba5e)}}, + {{TOBN(0x9184a55b, 0x91e4de58), TOBN(0xa7488ca5, 0xdfdea288), + TOBN(0xa723862e, 0xa8dcc943), TOBN(0x92d762b2, 0x849dc0fc)}, + {TOBN(0x3c444a12, 0x091ff4a9), TOBN(0x581113fa, 0x0cada274), + TOBN(0xb9de0a45, 0x30d8eae2), TOBN(0x5e0fcd85, 0xdf6b41ea)}}, + {{TOBN(0x6233ea68, 0xc094dbb5), TOBN(0xb77d062e, 0xd968d410), + TOBN(0x3e719bbc, 0x58b3002d), TOBN(0x68e7dd3d, 0x3dc49d58)}, + {TOBN(0x8d825740, 0x013a5e58), TOBN(0x21311747, 0x3c9e3c1b), + TOBN(0x0cb0a2a7, 0x7c99b6ab), TOBN(0x5c48a3b3, 0xc2f888f2)}}}, + {{{TOBN(0xc7913e91, 0x991724f3), TOBN(0x5eda799c, 0x39cbd686), + TOBN(0xddb595c7, 0x63d4fc1e), TOBN(0x6b63b80b, 0xac4fed54)}, + {TOBN(0x6ea0fc69, 0x7e5fb516), TOBN(0x737708ba, 0xd0f1c964), + TOBN(0x9628745f, 0x11a92ca5), TOBN(0x61f37958, 0x9a86967a)}}, + {{TOBN(0x9af39b2c, 0xaa665072), TOBN(0x78322fa4, 0xefd324ef), + TOBN(0x3d153394, 0xc327bd31), TOBN(0x81d5f271, 0x3129dab0)}, + {TOBN(0xc72e0c42, 0xf48027f5), TOBN(0xaa40cdbc, 0x8536e717), + TOBN(0xf45a657a, 0x2d369d0f), TOBN(0xb03bbfc4, 0xea7f74e6)}}, + {{TOBN(0x46a8c418, 0x0d738ded), TOBN(0x6f1a5bb0, 0xe0de5729), + TOBN(0xf10230b9, 0x8ba81675), TOBN(0x32c6f30c, 0x112b33d4)}, + {TOBN(0x7559129d, 0xd8fffb62), TOBN(0x6a281b47, 0xb459bf05), + TOBN(0x77c1bd3a, 0xfa3b6776), TOBN(0x0709b380, 0x7829973a)}}, + {{TOBN(0x8c26b232, 0xa3326505), TOBN(0x38d69272, 0xee1d41bf), + TOBN(0x0459453e, 0xffe32afa), TOBN(0xce8143ad, 0x7cb3ea87)}, + {TOBN(0x932ec1fa, 0x7e6ab666), TOBN(0x6cd2d230, 0x22286264), + TOBN(0x459a46fe, 0x6736f8ed), TOBN(0x50bf0d00, 0x9eca85bb)}}, + {{TOBN(0x0b825852, 0x877a21ec), TOBN(0x300414a7, 0x0f537a94), + TOBN(0x3f1cba40, 0x21a9a6a2), TOBN(0x50824eee, 0x76943c00)}, + {TOBN(0xa0dbfcec, 0xf83cba5d), TOBN(0xf9538148, 0x93b4f3c0), + TOBN(0x61744162, 0x48f24dd7), TOBN(0x5322d64d, 0xe4fb09dd)}}, + {{TOBN(0x57447384, 0x3d9325f3), TOBN(0xa9bef2d0, 0xf371cb84), + TOBN(0x77d2188b, 0xa61e36c5), TOBN(0xbbd6a7d7, 0xc602df72)}, + {TOBN(0xba3aa902, 0x8f61bc0b), TOBN(0xf49085ed, 0x6ed0b6a1), + TOBN(0x8bc625d6, 0xae6e8298), TOBN(0x832b0b1d, 0xa2e9c01d)}}, + {{TOBN(0xa337c447, 0xf1f0ced1), TOBN(0x800cc793, 0x9492dd2b), + TOBN(0x4b93151d, 0xbea08efa), TOBN(0x820cf3f8, 0xde0a741e)}, + {TOBN(0xff1982dc, 0x1c0f7d13), TOBN(0xef921960, 0x84dde6ca), + TOBN(0x1ad7d972, 0x45f96ee3), TOBN(0x319c8dbe, 0x29dea0c7)}}, + {{TOBN(0xd3ea3871, 0x7b82b99b), TOBN(0x75922d4d, 0x470eb624), + TOBN(0x8f66ec54, 0x3b95d466), TOBN(0x66e673cc, 0xbee1e346)}, + {TOBN(0x6afe67c4, 0xb5f2b89a), TOBN(0x3de9c1e6, 0x290e5cd3), + TOBN(0x8c278bb6, 0x310a2ada), TOBN(0x420fa384, 0x0bdb323b)}}, + {{TOBN(0x0ae1d63b, 0x0eb919b0), TOBN(0xd74ee51d, 0xa74b9620), + TOBN(0x395458d0, 0xa674290c), TOBN(0x324c930f, 0x4620a510)}, + {TOBN(0x2d1f4d19, 0xfbac27d4), TOBN(0x4086e8ca, 0x9bedeeac), + TOBN(0x0cdd211b, 0x9b679ab8), TOBN(0x5970167d, 0x7090fec4)}}, + {{TOBN(0x3420f2c9, 0xfaf1fc63), TOBN(0x616d333a, 0x328c8bb4), + TOBN(0x7d65364c, 0x57f1fe4a), TOBN(0x9343e877, 0x55e5c73a)}, + {TOBN(0x5795176b, 0xe970e78c), TOBN(0xa36ccebf, 0x60533627), + TOBN(0xfc7c7380, 0x09cdfc1b), TOBN(0xb39a2afe, 0xb3fec326)}}, + {{TOBN(0xb7ff1ba1, 0x6224408a), TOBN(0xcc856e92, 0x247cfc5e), + TOBN(0x01f102e7, 0xc18bc493), TOBN(0x4613ab74, 0x2091c727)}, + {TOBN(0xaa25e89c, 0xc420bf2b), TOBN(0x00a53176, 0x90337ec2), + TOBN(0xd2be9f43, 0x7d025fc7), TOBN(0x3316fb85, 0x6e6fe3dc)}}, + {{TOBN(0x27520af5, 0x9ac50814), TOBN(0xfdf95e78, 0x9a8e4223), + TOBN(0xb7e7df2a, 0x56bec5a0), TOBN(0xf7022f7d, 0xdf159e5d)}, + {TOBN(0x93eeeab1, 0xcac1fe8f), TOBN(0x8040188c, 0x37451168), + TOBN(0x7ee8aa8a, 0xd967dce6), TOBN(0xfa0e79e7, 0x3abc9299)}}, + {{TOBN(0x67332cfc, 0x2064cfd1), TOBN(0x339c31de, 0xb0651934), + TOBN(0x719b28d5, 0x2a3bcbea), TOBN(0xee74c82b, 0x9d6ae5c6)}, + {TOBN(0x0927d05e, 0xbaf28ee6), TOBN(0x82cecf2c, 0x9d719028), + TOBN(0x0b0d353e, 0xddb30289), TOBN(0xfe4bb977, 0xfddb2e29)}}, + {{TOBN(0xbb5bb990, 0x640bfd9e), TOBN(0xd226e277, 0x82f62108), + TOBN(0x4bf00985, 0x02ffdd56), TOBN(0x7756758a, 0x2ca1b1b5)}, + {TOBN(0xc32b62a3, 0x5285fe91), TOBN(0xedbc546a, 0x8c9cd140), + TOBN(0x1e47a013, 0xaf5cb008), TOBN(0xbca7e720, 0x073ce8f2)}}, + {{TOBN(0xe10b2ab8, 0x17a91cae), TOBN(0xb89aab65, 0x08e27f63), + TOBN(0x7b3074a7, 0xdba3ddf9), TOBN(0x1c20ce09, 0x330c2972)}, + {TOBN(0x6b9917b4, 0x5fcf7e33), TOBN(0xe6793743, 0x945ceb42), + TOBN(0x18fc2215, 0x5c633d19), TOBN(0xad1adb3c, 0xc7485474)}}, + {{TOBN(0x646f9679, 0x6424c49b), TOBN(0xf888dfe8, 0x67c241c9), + TOBN(0xe12d4b93, 0x24f68b49), TOBN(0x9a6b62d8, 0xa571df20)}, + {TOBN(0x81b4b26d, 0x179483cb), TOBN(0x666f9632, 0x9511fae2), + TOBN(0xd281b3e4, 0xd53aa51f), TOBN(0x7f96a765, 0x7f3dbd16)}}, + {{TOBN(0xa7f8b5bf, 0x074a30ce), TOBN(0xd7f52107, 0x005a32e6), + TOBN(0x6f9e0907, 0x50237ed4), TOBN(0x2f21da47, 0x8096fa2b)}, + {TOBN(0xf3e19cb4, 0xeec863a0), TOBN(0xd18f77fd, 0x9527620a), + TOBN(0x9505c81c, 0x407c1cf8), TOBN(0x9998db4e, 0x1b6ec284)}}, + {{TOBN(0x7e3389e5, 0xc247d44d), TOBN(0x12507141, 0x3f4f3d80), + TOBN(0xd4ba0110, 0x4a78a6c7), TOBN(0x312874a0, 0x767720be)}, + {TOBN(0xded059a6, 0x75944370), TOBN(0xd6123d90, 0x3b2c0bdd), + TOBN(0xa56b717b, 0x51c108e3), TOBN(0x9bb7940e, 0x070623e9)}}, + {{TOBN(0x794e2d59, 0x84ac066c), TOBN(0xf5954a92, 0xe68c69a0), + TOBN(0x28c52458, 0x4fd99dcc), TOBN(0x60e639fc, 0xb1012517)}, + {TOBN(0xc2e60125, 0x7de79248), TOBN(0xe9ef6404, 0xf12fc6d7), + TOBN(0x4c4f2808, 0x2a3b5d32), TOBN(0x865ad32e, 0xc768eb8a)}}, + {{TOBN(0xac02331b, 0x13fb70b6), TOBN(0x037b44c1, 0x95599b27), + TOBN(0x1a860fc4, 0x60bd082c), TOBN(0xa2e25745, 0xc980cd01)}, + {TOBN(0xee3387a8, 0x1da0263e), TOBN(0x931bfb95, 0x2d10f3d6), + TOBN(0x5b687270, 0xa1f24a32), TOBN(0xf140e65d, 0xca494b86)}}, + {{TOBN(0x4f4ddf91, 0xb2f1ac7a), TOBN(0xf99eaabb, 0x760fee27), + TOBN(0x57f4008a, 0x49c228e5), TOBN(0x090be440, 0x1cf713bb)}, + {TOBN(0xac91fbe4, 0x5004f022), TOBN(0xd838c2c2, 0x569e1af6), + TOBN(0xd6c7d20b, 0x0f1daaa5), TOBN(0xaa063ac1, 0x1bbb02c0)}}, + {{TOBN(0x0938a422, 0x59558a78), TOBN(0x5343c669, 0x8435da2f), + TOBN(0x96f67b18, 0x034410dc), TOBN(0x7cc1e424, 0x84510804)}, + {TOBN(0x86a1543f, 0x16dfbb7d), TOBN(0x921fa942, 0x5b5bd592), + TOBN(0x9dcccb6e, 0xb33dd03c), TOBN(0x8581ddd9, 0xb843f51e)}}, + {{TOBN(0x54935fcb, 0x81d73c9e), TOBN(0x6d07e979, 0x0a5e97ab), + TOBN(0x4dc7b30a, 0xcf3a6bab), TOBN(0x147ab1f3, 0x170bee11)}, + {TOBN(0x0aaf8e3d, 0x9fafdee4), TOBN(0xfab3dbcb, 0x538a8b95), + TOBN(0x405df4b3, 0x6ef13871), TOBN(0xf1f4e9cb, 0x088d5a49)}}, + {{TOBN(0x9bcd24d3, 0x66b33f1d), TOBN(0x3b97b820, 0x5ce445c0), + TOBN(0xe2926549, 0xba93ff61), TOBN(0xd9c341ce, 0x4dafe616)}, + {TOBN(0xfb30a76e, 0x16efb6f3), TOBN(0xdf24b8ca, 0x605b953c), + TOBN(0x8bd52afe, 0xc2fffb9f), TOBN(0xbbac5ff7, 0xe19d0b96)}}, + {{TOBN(0x43c01b87, 0x459afccd), TOBN(0x6bd45143, 0xb7432652), + TOBN(0x84734530, 0x55b5d78e), TOBN(0x81088fdb, 0x1554ba7d)}, + {TOBN(0xada0a52c, 0x1e269375), TOBN(0xf9f037c4, 0x2dc5ec10), + TOBN(0xc0660607, 0x94bfbc11), TOBN(0xc0a630bb, 0xc9c40d2f)}}, + {{TOBN(0x5efc797e, 0xab64c31e), TOBN(0xffdb1dab, 0x74507144), + TOBN(0xf6124287, 0x1ca6790c), TOBN(0xe9609d81, 0xe69bf1bf)}, + {TOBN(0xdb898595, 0x00d24fc9), TOBN(0x9c750333, 0xe51fb417), + TOBN(0x51830a91, 0xfef7bbde), TOBN(0x0ce67dc8, 0x945f585c)}}, + {{TOBN(0x9a730ed4, 0x4763eb50), TOBN(0x24a0e221, 0xc1ab0d66), + TOBN(0x643b6393, 0x648748f3), TOBN(0x1982daa1, 0x6d3c6291)}, + {TOBN(0x6f00a9f7, 0x8bbc5549), TOBN(0x7a1783e1, 0x7f36384e), + TOBN(0xe8346323, 0xde977f50), TOBN(0x91ab688d, 0xb245502a)}}, + {{TOBN(0x331ab6b5, 0x6d0bdd66), TOBN(0x0a6ef32e, 0x64b71229), + TOBN(0x1028150e, 0xfe7c352f), TOBN(0x27e04350, 0xce7b39d3)}, + {TOBN(0x2a3c8acd, 0xc1070c82), TOBN(0xfb2034d3, 0x80c9feef), + TOBN(0x2d729621, 0x709f3729), TOBN(0x8df290bf, 0x62cb4549)}}, + {{TOBN(0x02f99f33, 0xfc2e4326), TOBN(0x3b30076d, 0x5eddf032), + TOBN(0xbb21f8cf, 0x0c652fb5), TOBN(0x314fb49e, 0xed91cf7b)}, + {TOBN(0xa013eca5, 0x2f700750), TOBN(0x2b9e3c23, 0x712a4575), + TOBN(0xe5355557, 0xaf30fbb0), TOBN(0x1ada3516, 0x7c77e771)}}, + {{TOBN(0x45f6ecb2, 0x7b135670), TOBN(0xe85d19df, 0x7cfc202e), + TOBN(0x0f1b50c7, 0x58d1be9f), TOBN(0x5ebf2c0a, 0xead2e344)}, + {TOBN(0x1531fe4e, 0xabc199c9), TOBN(0xc7032592, 0x56bab0ae), + TOBN(0x16ab2e48, 0x6c1fec54), TOBN(0x0f87fda8, 0x04280188)}}, + {{TOBN(0xdc9f46fc, 0x609e4a74), TOBN(0x2a44a143, 0xba667f91), + TOBN(0xbc3d8b95, 0xb4d83436), TOBN(0xa01e4bd0, 0xc7bd2958)}, + {TOBN(0x7b182932, 0x73483c90), TOBN(0xa79c6aa1, 0xa7c7b598), + TOBN(0xbf3983c6, 0xeaaac07e), TOBN(0x8f18181e, 0x96e0d4e6)}}, + {{TOBN(0x8553d37c, 0x051af62b), TOBN(0xe9a998eb, 0x0bf94496), + TOBN(0xe0844f9f, 0xb0d59aa1), TOBN(0x983fd558, 0xe6afb813)}, + {TOBN(0x9670c0ca, 0x65d69804), TOBN(0x732b22de, 0x6ea5ff2d), + TOBN(0xd7640ba9, 0x5fd8623b), TOBN(0x9f619163, 0xa6351782)}}, + {{TOBN(0x0bfc27ee, 0xacee5043), TOBN(0xae419e73, 0x2eb10f02), + TOBN(0x19c028d1, 0x8943fb05), TOBN(0x71f01cf7, 0xff13aa2a)}, + {TOBN(0x7790737e, 0x8887a132), TOBN(0x67513309, 0x66318410), + TOBN(0x9819e8a3, 0x7ddb795e), TOBN(0xfecb8ef5, 0xdad100b2)}}, + {{TOBN(0x59f74a22, 0x3021926a), TOBN(0xb7c28a49, 0x6f9b4c1c), + TOBN(0xed1a733f, 0x912ad0ab), TOBN(0x42a910af, 0x01a5659c)}, + {TOBN(0x3842c6e0, 0x7bd68cab), TOBN(0x2b57fa38, 0x76d70ac8), + TOBN(0x8a6707a8, 0x3c53aaeb), TOBN(0x62c1c510, 0x65b4db18)}}, + {{TOBN(0x8de2c1fb, 0xb2d09dc7), TOBN(0xc3dfed12, 0x266bd23b), + TOBN(0x927d039b, 0xd5b27db6), TOBN(0x2fb2f0f1, 0x103243da)}, + {TOBN(0xf855a07b, 0x80be7399), TOBN(0xed9327ce, 0x1f9f27a8), + TOBN(0xa0bd99c7, 0x729bdef7), TOBN(0x2b67125e, 0x28250d88)}}, + {{TOBN(0x784b26e8, 0x8670ced7), TOBN(0xe3dfe41f, 0xc31bd3b4), + TOBN(0x9e353a06, 0xbcc85cbc), TOBN(0x302e2909, 0x60178a9d)}, + {TOBN(0x860abf11, 0xa6eac16e), TOBN(0x76447000, 0xaa2b3aac), + TOBN(0x46ff9d19, 0x850afdab), TOBN(0x35bdd6a5, 0xfdb2d4c1)}}, + {{TOBN(0xe82594b0, 0x7e5c9ce9), TOBN(0x0f379e53, 0x20af346e), + TOBN(0x608b31e3, 0xbc65ad4a), TOBN(0x710c6b12, 0x267c4826)}, + {TOBN(0x51c966f9, 0x71954cf1), TOBN(0xb1cec793, 0x0d0aa215), + TOBN(0x1f155989, 0x86bd23a8), TOBN(0xae2ff99c, 0xf9452e86)}}, + {{TOBN(0xd8dd953c, 0x340ceaa2), TOBN(0x26355275, 0x2e2e9333), + TOBN(0x15d4e5f9, 0x8586f06d), TOBN(0xd6bf94a8, 0xf7cab546)}, + {TOBN(0x33c59a0a, 0xb76a9af0), TOBN(0x52740ab3, 0xba095af7), + TOBN(0xc444de8a, 0x24389ca0), TOBN(0xcc6f9863, 0x706da0cb)}}, + {{TOBN(0xb5a741a7, 0x6b2515cf), TOBN(0x71c41601, 0x9585c749), + TOBN(0x78350d4f, 0xe683de97), TOBN(0x31d61524, 0x63d0b5f5)}, + {TOBN(0x7a0cc5e1, 0xfbce090b), TOBN(0xaac927ed, 0xfbcb2a5b), + TOBN(0xe920de49, 0x20d84c35), TOBN(0x8c06a0b6, 0x22b4de26)}}, + {{TOBN(0xd34dd58b, 0xafe7ddf3), TOBN(0x55851fed, 0xc1e6e55b), + TOBN(0xd1395616, 0x960696e7), TOBN(0x940304b2, 0x5f22705f)}, + {TOBN(0x6f43f861, 0xb0a2a860), TOBN(0xcf121282, 0x0e7cc981), + TOBN(0x12186212, 0x0ab64a96), TOBN(0x09215b9a, 0xb789383c)}}, + {{TOBN(0x311eb305, 0x37387c09), TOBN(0xc5832fce, 0xf03ee760), + TOBN(0x30358f58, 0x32f7ea19), TOBN(0xe01d3c34, 0x91d53551)}, + {TOBN(0x1ca5ee41, 0xda48ea80), TOBN(0x34e71e8e, 0xcf4fa4c1), + TOBN(0x312abd25, 0x7af1e1c7), TOBN(0xe3afcdeb, 0x2153f4a5)}}, + {{TOBN(0x9d5c84d7, 0x00235e9a), TOBN(0x0308d3f4, 0x8c4c836f), + TOBN(0xc0a66b04, 0x89332de5), TOBN(0x610dd399, 0x89e566ef)}, + {TOBN(0xf8eea460, 0xd1ac1635), TOBN(0x84cbb3fb, 0x20a2c0df), + TOBN(0x40afb488, 0xe74a48c5), TOBN(0x29738198, 0xd326b150)}}, + {{TOBN(0x2a17747f, 0xa6d74081), TOBN(0x60ea4c05, 0x55a26214), + TOBN(0x53514bb4, 0x1f88c5fe), TOBN(0xedd64567, 0x7e83426c)}, + {TOBN(0xd5d6cbec, 0x96460b25), TOBN(0xa12fd0ce, 0x68dc115e), + TOBN(0xc5bc3ed2, 0x697840ea), TOBN(0x969876a8, 0xa6331e31)}}, + {{TOBN(0x60c36217, 0x472ff580), TOBN(0xf4229705, 0x4ad41393), + TOBN(0x4bd99ef0, 0xa03b8b92), TOBN(0x501c7317, 0xc144f4f6)}, + {TOBN(0x159009b3, 0x18464945), TOBN(0x6d5e594c, 0x74c5c6be), + TOBN(0x2d587011, 0x321a3660), TOBN(0xd1e184b1, 0x3898d022)}}, + {{TOBN(0x5ba04752, 0x4c6a7e04), TOBN(0x47fa1e2b, 0x45550b65), + TOBN(0x9419daf0, 0x48c0a9a5), TOBN(0x66362953, 0x7c243236)}, + {TOBN(0xcd0744b1, 0x5cb12a88), TOBN(0x561b6f9a, 0x2b646188), + TOBN(0x599415a5, 0x66c2c0c0), TOBN(0xbe3f0859, 0x0f83f09a)}}, + {{TOBN(0x9141c5be, 0xb92041b8), TOBN(0x01ae38c7, 0x26477d0d), + TOBN(0xca8b71f3, 0xd12c7a94), TOBN(0xfab5b31f, 0x765c70db)}, + {TOBN(0x76ae7492, 0x487443e9), TOBN(0x8595a310, 0x990d1349), + TOBN(0xf8dbeda8, 0x7d460a37), TOBN(0x7f7ad082, 0x1e45a38f)}}, + {{TOBN(0xed1d4db6, 0x1059705a), TOBN(0xa3dd492a, 0xe6b9c697), + TOBN(0x4b92ee3a, 0x6eb38bd5), TOBN(0xbab2609d, 0x67cc0bb7)}, + {TOBN(0x7fc4fe89, 0x6e70ee82), TOBN(0xeff2c56e, 0x13e6b7e3), + TOBN(0x9b18959e, 0x34d26fca), TOBN(0x2517ab66, 0x889d6b45)}}, + {{TOBN(0xf167b4e0, 0xbdefdd4f), TOBN(0x69958465, 0xf366e401), + TOBN(0x5aa368ab, 0xa73bbec0), TOBN(0x12148709, 0x7b240c21)}, + {TOBN(0x378c3233, 0x18969006), TOBN(0xcb4d73ce, 0xe1fe53d1), + TOBN(0x5f50a80e, 0x130c4361), TOBN(0xd67f5951, 0x7ef5212b)}}, + {{TOBN(0xf145e21e, 0x9e70c72e), TOBN(0xb2e52e29, 0x5566d2fb), + TOBN(0x44eaba4a, 0x032397f5), TOBN(0x5e56937b, 0x7e31a7de)}, + {TOBN(0x68dcf517, 0x456c61e1), TOBN(0xbc2e954a, 0xa8b0a388), + TOBN(0xe3552fa7, 0x60a8b755), TOBN(0x03442dae, 0x73ad0cde)}}, + {{TOBN(0x37ffe747, 0xceb26210), TOBN(0x983545e8, 0x787baef9), + TOBN(0x8b8c8535, 0x86a3de31), TOBN(0xc621dbcb, 0xfacd46db)}, + {TOBN(0x82e442e9, 0x59266fbb), TOBN(0xa3514c37, 0x339d471c), + TOBN(0x3a11b771, 0x62cdad96), TOBN(0xf0cb3b3c, 0xecf9bdf0)}}, + {{TOBN(0x3fcbdbce, 0x478e2135), TOBN(0x7547b5cf, 0xbda35342), + TOBN(0xa97e81f1, 0x8a677af6), TOBN(0xc8c2bf83, 0x28817987)}, + {TOBN(0xdf07eaaf, 0x45580985), TOBN(0xc68d1f05, 0xc93b45cb), + TOBN(0x106aa2fe, 0xc77b4cac), TOBN(0x4c1d8afc, 0x04a7ae86)}}, + {{TOBN(0xdb41c3fd, 0x9eb45ab2), TOBN(0x5b234b5b, 0xd4b22e74), + TOBN(0xda253dec, 0xf215958a), TOBN(0x67e0606e, 0xa04edfa0)}, + {TOBN(0xabbbf070, 0xef751b11), TOBN(0xf352f175, 0xf6f06dce), + TOBN(0xdfc4b6af, 0x6839f6b4), TOBN(0x53ddf9a8, 0x9959848e)}}, + {{TOBN(0xda49c379, 0xc21520b0), TOBN(0x90864ff0, 0xdbd5d1b6), + TOBN(0x2f055d23, 0x5f49c7f7), TOBN(0xe51e4e6a, 0xa796b2d8)}, + {TOBN(0xc361a67f, 0x5c9dc340), TOBN(0x5ad53c37, 0xbca7c620), + TOBN(0xda1d6588, 0x32c756d0), TOBN(0xad60d911, 0x8bb67e13)}}, + {{TOBN(0xd6c47bdf, 0x0eeec8c6), TOBN(0x4a27fec1, 0x078a1821), + TOBN(0x081f7415, 0xc3099524), TOBN(0x8effdf0b, 0x82cd8060)}, + {TOBN(0xdb70ec1c, 0x65842df8), TOBN(0x8821b358, 0xd319a901), + TOBN(0x72ee56ee, 0xde42b529), TOBN(0x5bb39592, 0x236e4286)}}, + {{TOBN(0xd1183316, 0xfd6f7140), TOBN(0xf9fadb5b, 0xbd8e81f7), + TOBN(0x701d5e0c, 0x5a02d962), TOBN(0xfdee4dbf, 0x1b601324)}, + {TOBN(0xbed17407, 0x35d7620e), TOBN(0x04e3c2c3, 0xf48c0012), + TOBN(0x9ee29da7, 0x3455449a), TOBN(0x562cdef4, 0x91a836c4)}}, + {{TOBN(0x8f682a5f, 0x47701097), TOBN(0x617125d8, 0xff88d0c2), + TOBN(0x948fda24, 0x57bb86dd), TOBN(0x348abb8f, 0x289f7286)}, + {TOBN(0xeb10eab5, 0x99d94bbd), TOBN(0xd51ba28e, 0x4684d160), + TOBN(0xabe0e51c, 0x30c8f41a), TOBN(0x66588b45, 0x13254f4a)}}, + {{TOBN(0x147ebf01, 0xfad097a5), TOBN(0x49883ea8, 0x610e815d), + TOBN(0xe44d60ba, 0x8a11de56), TOBN(0xa970de6e, 0x827a7a6d)}, + {TOBN(0x2be41424, 0x5e17fc19), TOBN(0xd833c657, 0x01214057), + TOBN(0x1375813b, 0x363e723f), TOBN(0x6820bb88, 0xe6a52e9b)}}, + {{TOBN(0x7e7f6970, 0xd875d56a), TOBN(0xd6a0a9ac, 0x51fbf6bf), + TOBN(0x54ba8790, 0xa3083c12), TOBN(0xebaeb23d, 0x6ae7eb64)}, + {TOBN(0xa8685c3a, 0xb99a907a), TOBN(0xf1e74550, 0x026bf40b), + TOBN(0x7b73a027, 0xc802cd9e), TOBN(0x9a8a927c, 0x4fef4635)}}, + {{TOBN(0xe1b6f60c, 0x08191224), TOBN(0xc4126ebb, 0xde4ec091), + TOBN(0xe1dff4dc, 0x4ae38d84), TOBN(0xde3f57db, 0x4f2ef985)}, + {TOBN(0x34964337, 0xd446a1dd), TOBN(0x7bf217a0, 0x859e77f6), + TOBN(0x8ff10527, 0x8e1d13f5), TOBN(0xa304ef03, 0x74eeae27)}}, + {{TOBN(0xfc6f5e47, 0xd19dfa5a), TOBN(0xdb007de3, 0x7fad982b), + TOBN(0x28205ad1, 0x613715f5), TOBN(0x251e6729, 0x7889529e)}, + {TOBN(0x72705184, 0x1ae98e78), TOBN(0xf818537d, 0x271cac32), + TOBN(0xc8a15b7e, 0xb7f410f5), TOBN(0xc474356f, 0x81f62393)}}, + {{TOBN(0x92dbdc5a, 0xc242316b), TOBN(0xabe060ac, 0xdbf4aff5), + TOBN(0x6e8c38fe, 0x909a8ec6), TOBN(0x43e514e5, 0x6116cb94)}, + {TOBN(0x2078fa38, 0x07d784f9), TOBN(0x1161a880, 0xf4b5b357), + TOBN(0x5283ce79, 0x13adea3d), TOBN(0x0756c3e6, 0xcc6a910b)}}, + {{TOBN(0x60bcfe01, 0xaaa79697), TOBN(0x04a73b29, 0x56391db1), + TOBN(0xdd8dad47, 0x189b45a0), TOBN(0xbfac0dd0, 0x48d5b8d9)}, + {TOBN(0x34ab3af5, 0x7d3d2ec2), TOBN(0x6fa2fc2d, 0x207bd3af), + TOBN(0x9ff40092, 0x66550ded), TOBN(0x719b3e87, 0x1fd5b913)}}, + {{TOBN(0xa573a496, 0x6d17fbc7), TOBN(0x0cd1a70a, 0x73d2b24e), + TOBN(0x34e2c5ca, 0xb2676937), TOBN(0xe7050b06, 0xbf669f21)}, + {TOBN(0xfbe948b6, 0x1ede9046), TOBN(0xa0530051, 0x97662659), + TOBN(0x58cbd4ed, 0xf10124c5), TOBN(0xde2646e4, 0xdd6c06c8)}}, + {{TOBN(0x332f8108, 0x8cad38c0), TOBN(0x471b7e90, 0x6bd68ae2), + TOBN(0x56ac3fb2, 0x0d8e27a3), TOBN(0xb54660db, 0x136b4b0d)}, + {TOBN(0x123a1e11, 0xa6fd8de4), TOBN(0x44dbffea, 0xa37799ef), + TOBN(0x4540b977, 0xce6ac17c), TOBN(0x495173a8, 0xaf60acef)}}}, + {{{TOBN(0x9ebb284d, 0x391c2a82), TOBN(0xbcdd4863, 0x158308e8), + TOBN(0x006f16ec, 0x83f1edca), TOBN(0xa13e2c37, 0x695dc6c8)}, + {TOBN(0x2ab756f0, 0x4a057a87), TOBN(0xa8765500, 0xa6b48f98), + TOBN(0x4252face, 0x68651c44), TOBN(0xa52b540b, 0xe1765e02)}}, + {{TOBN(0x4f922fc5, 0x16a0d2bb), TOBN(0x0d5cc16c, 0x1a623499), + TOBN(0x9241cf3a, 0x57c62c8b), TOBN(0x2f5e6961, 0xfd1b667f)}, + {TOBN(0x5c15c70b, 0xf5a01797), TOBN(0x3d20b44d, 0x60956192), + TOBN(0x04911b37, 0x071fdb52), TOBN(0xf648f916, 0x8d6f0f7b)}}, + {{TOBN(0x6dc1acaf, 0xe60b7cf7), TOBN(0x25860a50, 0x84a9d869), + TOBN(0x56fc6f09, 0xe7ba8ac4), TOBN(0x828c5bd0, 0x6148d29e)}, + {TOBN(0xac6b435e, 0xdc55ae5f), TOBN(0xa527f56c, 0xc0117411), + TOBN(0x94d5045e, 0xfd24342c), TOBN(0x2c4c0a35, 0x70b67c0d)}}, + {{TOBN(0x027cc8b8, 0xfac61d9a), TOBN(0x7d25e062, 0xe3c6fe8a), + TOBN(0xe08805bf, 0xe5bff503), TOBN(0x13271e6c, 0x6ff632f7)}, + {TOBN(0x55dca6c0, 0x232f76a5), TOBN(0x8957c32d, 0x701ef426), + TOBN(0xee728bcb, 0xa10a5178), TOBN(0x5ea60411, 0xb62c5173)}}, + {{TOBN(0xfc4e964e, 0xd0b8892b), TOBN(0x9ea17683, 0x9301bb74), + TOBN(0x6265c5ae, 0xfcc48626), TOBN(0xe60cf82e, 0xbb3e9102)}, + {TOBN(0x57adf797, 0xd4df5531), TOBN(0x235b59a1, 0x8deeefe2), + TOBN(0x60adcf58, 0x3f306eb1), TOBN(0x105c2753, 0x3d09492d)}}, + {{TOBN(0x4090914b, 0xb5def996), TOBN(0x1cb69c83, 0x233dd1e7), + TOBN(0xc1e9c1d3, 0x9b3d5e76), TOBN(0x1f3338ed, 0xfccf6012)}, + {TOBN(0xb1e95d0d, 0x2f5378a8), TOBN(0xacf4c2c7, 0x2f00cd21), + TOBN(0x6e984240, 0xeb5fe290), TOBN(0xd66c038d, 0x248088ae)}}, + {{TOBN(0x804d264a, 0xf94d70cf), TOBN(0xbdb802ef, 0x7314bf7e), + TOBN(0x8fb54de2, 0x4333ed02), TOBN(0x740461e0, 0x285635d9)}, + {TOBN(0x4113b2c8, 0x365e9383), TOBN(0xea762c83, 0x3fdef652), + TOBN(0x4eec6e2e, 0x47b956c1), TOBN(0xa3d814be, 0x65620fa4)}}, + {{TOBN(0x9ad5462b, 0xb4d8bc50), TOBN(0x181c0b16, 0xa9195770), + TOBN(0xebd4fe1c, 0x78412a68), TOBN(0xae0341bc, 0xc0dff48c)}, + {TOBN(0xb6bc45cf, 0x7003e866), TOBN(0xf11a6dea, 0x8a24a41b), + TOBN(0x5407151a, 0xd04c24c2), TOBN(0x62c9d27d, 0xda5b7b68)}}, + {{TOBN(0x2e964235, 0x88cceff6), TOBN(0x8594c54f, 0x8b07ed69), + TOBN(0x1578e73c, 0xc84d0d0d), TOBN(0x7b4e1055, 0xff532868)}, + {TOBN(0xa348c0d5, 0xb5ec995a), TOBN(0xbf4b9d55, 0x14289a54), + TOBN(0x9ba155a6, 0x58fbd777), TOBN(0x186ed7a8, 0x1a84491d)}}, + {{TOBN(0xd4992b30, 0x614c0900), TOBN(0xda98d121, 0xbd00c24b), + TOBN(0x7f534dc8, 0x7ec4bfa1), TOBN(0x4a5ff674, 0x37dc34bc)}, + {TOBN(0x68c196b8, 0x1d7ea1d7), TOBN(0x38cf2893, 0x80a6d208), + TOBN(0xfd56cd09, 0xe3cbbd6e), TOBN(0xec72e27e, 0x4205a5b6)}}, + {{TOBN(0x15ea68f5, 0xa44f77f7), TOBN(0x7aa5f9fd, 0xb43c52bc), + TOBN(0x86ff676f, 0x94f0e609), TOBN(0xa4cde963, 0x2e2d432b)}, + {TOBN(0x8cafa0c0, 0xeee470af), TOBN(0x84137d0e, 0x8a3f5ec8), + TOBN(0xebb40411, 0xfaa31231), TOBN(0xa239c13f, 0x6f7f7ccf)}}, + {{TOBN(0x32865719, 0xa8afd30b), TOBN(0x86798328, 0x8a826dce), + TOBN(0xdf04e891, 0xc4a8fbe0), TOBN(0xbb6b6e1b, 0xebf56ad3)}, + {TOBN(0x0a695b11, 0x471f1ff0), TOBN(0xd76c3389, 0xbe15baf0), + TOBN(0x018edb95, 0xbe96c43e), TOBN(0xf2beaaf4, 0x90794158)}}, + {{TOBN(0x152db09e, 0xc3076a27), TOBN(0x5e82908e, 0xe416545d), + TOBN(0xa2c41272, 0x356d6f2e), TOBN(0xdc9c9642, 0x31fd74e1)}, + {TOBN(0x66ceb88d, 0x519bf615), TOBN(0xe29ecd76, 0x05a2274e), + TOBN(0x3a0473c4, 0xbf5e2fa0), TOBN(0x6b6eb671, 0x64284e67)}}, + {{TOBN(0xe8b97932, 0xb88756dd), TOBN(0xed4e8652, 0xf17e3e61), + TOBN(0xc2dd1499, 0x3ee1c4a4), TOBN(0xc0aaee17, 0x597f8c0e)}, + {TOBN(0x15c4edb9, 0x6c168af3), TOBN(0x6563c7bf, 0xb39ae875), + TOBN(0xadfadb6f, 0x20adb436), TOBN(0xad55e8c9, 0x9a042ac0)}}, + {{TOBN(0x975a1ed8, 0xb76da1f5), TOBN(0x10dfa466, 0xa58acb94), + TOBN(0x8dd7f7e3, 0xac060282), TOBN(0x6813e66a, 0x572a051e)}, + {TOBN(0xb4ccae1e, 0x350cb901), TOBN(0xb653d656, 0x50cb7822), + TOBN(0x42484710, 0xdfab3b87), TOBN(0xcd7ee537, 0x9b670fd0)}}, + {{TOBN(0x0a50b12e, 0x523b8bf6), TOBN(0x8009eb5b, 0x8f910c1b), + TOBN(0xf535af82, 0x4a167588), TOBN(0x0f835f9c, 0xfb2a2abd)}, + {TOBN(0xf59b2931, 0x2afceb62), TOBN(0xc797df2a, 0x169d383f), + TOBN(0xeb3f5fb0, 0x66ac02b0), TOBN(0x029d4c6f, 0xdaa2d0ca)}}, + {{TOBN(0xd4059bc1, 0xafab4bc5), TOBN(0x833f5c6f, 0x56783247), + TOBN(0xb5346630, 0x8d2d3605), TOBN(0x83387891, 0xd34d8433)}, + {TOBN(0xd973b30f, 0xadd9419a), TOBN(0xbcca1099, 0xafe3fce8), + TOBN(0x08178315, 0x0809aac6), TOBN(0x01b7f21a, 0x540f0f11)}}, + {{TOBN(0x65c29219, 0x909523c8), TOBN(0xa62f648f, 0xa3a1c741), + TOBN(0x88598d4f, 0x60c9e55a), TOBN(0xbce9141b, 0x0e4f347a)}, + {TOBN(0x9af97d84, 0x35f9b988), TOBN(0x0210da62, 0x320475b6), + TOBN(0x3c076e22, 0x9191476c), TOBN(0x7520dbd9, 0x44fc7834)}}, + {{TOBN(0x6a6b2cfe, 0xc1ab1bbd), TOBN(0xef8a65be, 0xdc650938), + TOBN(0x72855540, 0x805d7bc4), TOBN(0xda389396, 0xed11fdfd)}, + {TOBN(0xa9d5bd36, 0x74660876), TOBN(0x11d67c54, 0xb45dff35), + TOBN(0x6af7d148, 0xa4f5da94), TOBN(0xbb8d4c3f, 0xc0bbeb31)}}, + {{TOBN(0x87a7ebd1, 0xe0a1b12a), TOBN(0x1e4ef88d, 0x770ba95f), + TOBN(0x8c33345c, 0xdc2ae9cb), TOBN(0xcecf1276, 0x01cc8403)}, + {TOBN(0x687c012e, 0x1b39b80f), TOBN(0xfd90d0ad, 0x35c33ba4), + TOBN(0xa3ef5a67, 0x5c9661c2), TOBN(0x368fc88e, 0xe017429e)}}, + {{TOBN(0xd30c6761, 0x196a2fa2), TOBN(0x931b9817, 0xbd5b312e), + TOBN(0xba01000c, 0x72f54a31), TOBN(0xa203d2c8, 0x66eaa541)}, + {TOBN(0xf2abdee0, 0x98939db3), TOBN(0xe37d6c2c, 0x3e606c02), + TOBN(0xf2921574, 0x521ff643), TOBN(0x2781b3c4, 0xd7e2fca3)}}, + {{TOBN(0x664300b0, 0x7850ec06), TOBN(0xac5a38b9, 0x7d3a10cf), + TOBN(0x9233188d, 0xe34ab39d), TOBN(0xe77057e4, 0x5072cbb9)}, + {TOBN(0xbcf0c042, 0xb59e78df), TOBN(0x4cfc91e8, 0x1d97de52), + TOBN(0x4661a26c, 0x3ee0ca4a), TOBN(0x5620a4c1, 0xfb8507bc)}}, + {{TOBN(0x4b44d4aa, 0x049f842c), TOBN(0xceabc5d5, 0x1540e82b), + TOBN(0x306710fd, 0x15c6f156), TOBN(0xbe5ae52b, 0x63db1d72)}, + {TOBN(0x06f1e7e6, 0x334957f1), TOBN(0x57e388f0, 0x31144a70), + TOBN(0xfb69bb2f, 0xdf96447b), TOBN(0x0f78ebd3, 0x73e38a12)}}, + {{TOBN(0xb8222605, 0x2b7ce542), TOBN(0xe6d4ce99, 0x7472bde1), + TOBN(0x53e16ebe, 0x09d2f4da), TOBN(0x180ff42e, 0x53b92b2e)}, + {TOBN(0xc59bcc02, 0x2c34a1c6), TOBN(0x3803d6f9, 0x422c46c2), + TOBN(0x18aff74f, 0x5c14a8a2), TOBN(0x55aebf80, 0x10a08b28)}}, + {{TOBN(0x66097d58, 0x7135593f), TOBN(0x32e6eff7, 0x2be570cd), + TOBN(0x584e6a10, 0x2a8c860d), TOBN(0xcd185890, 0xa2eb4163)}, + {TOBN(0x7ceae99d, 0x6d97e134), TOBN(0xd42c6b70, 0xdd8447ce), + TOBN(0x59ddbb4a, 0xb8c50273), TOBN(0x03c612df, 0x3cf34e1e)}}, + {{TOBN(0x84b9ca15, 0x04b6c5a0), TOBN(0x35216f39, 0x18f0e3a3), + TOBN(0x3ec2d2bc, 0xbd986c00), TOBN(0x8bf546d9, 0xd19228fe)}, + {TOBN(0xd1c655a4, 0x4cd623c3), TOBN(0x366ce718, 0x502b8e5a), + TOBN(0x2cfc84b4, 0xeea0bfe7), TOBN(0xe01d5cee, 0xcf443e8e)}}, + {{TOBN(0x8ec045d9, 0x036520f8), TOBN(0xdfb3c3d1, 0x92d40e98), + TOBN(0x0bac4cce, 0xcc559a04), TOBN(0x35eccae5, 0x240ea6b1)}, + {TOBN(0x180b32db, 0xf8a5a0ac), TOBN(0x547972a5, 0xeb699700), + TOBN(0xa3765801, 0xca26bca0), TOBN(0x57e09d0e, 0xa647f25a)}}, + {{TOBN(0xb956970e, 0x2fdd23cc), TOBN(0xb80288bc, 0x5682e971), + TOBN(0xe6e6d91e, 0x9ae86ebc), TOBN(0x0564c83f, 0x8c9f1939)}, + {TOBN(0x551932a2, 0x39560368), TOBN(0xe893752b, 0x049c28e2), + TOBN(0x0b03cee5, 0xa6a158c3), TOBN(0xe12d656b, 0x04964263)}}, + {{TOBN(0x4b47554e, 0x63e3bc1d), TOBN(0xc719b6a2, 0x45044ff7), + TOBN(0x4f24d30a, 0xe48daa07), TOBN(0xa3f37556, 0xc8c1edc3)}, + {TOBN(0x9a47bf76, 0x0700d360), TOBN(0xbb1a1824, 0x822ae4e2), + TOBN(0x22e275a3, 0x89f1fb4c), TOBN(0x72b1aa23, 0x9968c5f5)}}, + {{TOBN(0xa75feaca, 0xbe063f64), TOBN(0x9b392f43, 0xbce47a09), + TOBN(0xd4241509, 0x1ad07aca), TOBN(0x4b0c591b, 0x8d26cd0f)}, + {TOBN(0x2d42ddfd, 0x92f1169a), TOBN(0x63aeb1ac, 0x4cbf2392), + TOBN(0x1de9e877, 0x0691a2af), TOBN(0xebe79af7, 0xd98021da)}}, + {{TOBN(0xcfdf2a4e, 0x40e50acf), TOBN(0xf0a98ad7, 0xaf01d665), + TOBN(0xefb640bf, 0x1831be1f), TOBN(0x6fe8bd2f, 0x80e9ada0)}, + {TOBN(0x94c103a1, 0x6cafbc91), TOBN(0x170f8759, 0x8308e08c), + TOBN(0x5de2d2ab, 0x9780ff4f), TOBN(0x666466bc, 0x45b201f2)}}, + {{TOBN(0x58af2010, 0xf5b343bc), TOBN(0x0f2e400a, 0xf2f142fe), + TOBN(0x3483bfde, 0xa85f4bdf), TOBN(0xf0b1d093, 0x03bfeaa9)}, + {TOBN(0x2ea01b95, 0xc7081603), TOBN(0xe943e4c9, 0x3dba1097), + TOBN(0x47be92ad, 0xb438f3a6), TOBN(0x00bb7742, 0xe5bf6636)}}, + {{TOBN(0x136b7083, 0x824297b4), TOBN(0x9d0e5580, 0x5584455f), + TOBN(0xab48cedc, 0xf1c7d69e), TOBN(0x53a9e481, 0x2a256e76)}, + {TOBN(0x0402b0e0, 0x65eb2413), TOBN(0xdadbbb84, 0x8fc407a7), + TOBN(0xa65cd5a4, 0x8d7f5492), TOBN(0x21d44293, 0x74bae294)}}, + {{TOBN(0x66917ce6, 0x3b5f1cc4), TOBN(0x37ae52ea, 0xce872e62), + TOBN(0xbb087b72, 0x2905f244), TOBN(0x12077086, 0x1e6af74f)}, + {TOBN(0x4b644e49, 0x1058edea), TOBN(0x827510e3, 0xb638ca1d), + TOBN(0x8cf2b704, 0x6038591c), TOBN(0xffc8b47a, 0xfe635063)}}, + {{TOBN(0x3ae220e6, 0x1b4d5e63), TOBN(0xbd864742, 0x9d961b4b), + TOBN(0x610c107e, 0x9bd16bed), TOBN(0x4270352a, 0x1127147b)}, + {TOBN(0x7d17ffe6, 0x64cfc50e), TOBN(0x50dee01a, 0x1e36cb42), + TOBN(0x068a7622, 0x35dc5f9a), TOBN(0x9a08d536, 0xdf53f62c)}}, + {{TOBN(0x4ed71457, 0x6be5f7de), TOBN(0xd93006f8, 0xc2263c9e), + TOBN(0xe073694c, 0xcacacb36), TOBN(0x2ff7a5b4, 0x3ae118ab)}, + {TOBN(0x3cce53f1, 0xcd871236), TOBN(0xf156a39d, 0xc2aa6d52), + TOBN(0x9cc5f271, 0xb198d76d), TOBN(0xbc615b6f, 0x81383d39)}}, + {{TOBN(0xa54538e8, 0xde3eee6b), TOBN(0x58c77538, 0xab910d91), + TOBN(0x31e5bdbc, 0x58d278bd), TOBN(0x3cde4adf, 0xb963acae)}, + {TOBN(0xb1881fd2, 0x5302169c), TOBN(0x8ca60fa0, 0xa989ed8b), + TOBN(0xa1999458, 0xff96a0ee), TOBN(0xc1141f03, 0xac6c283d)}}, + {{TOBN(0x7677408d, 0x6dfafed3), TOBN(0x33a01653, 0x39661588), + TOBN(0x3c9c15ec, 0x0b726fa0), TOBN(0x090cfd93, 0x6c9b56da)}, + {TOBN(0xe34f4bae, 0xa3c40af5), TOBN(0x3469eadb, 0xd21129f1), + TOBN(0xcc51674a, 0x1e207ce8), TOBN(0x1e293b24, 0xc83b1ef9)}}, + {{TOBN(0x17173d13, 0x1e6c0bb4), TOBN(0x19004695, 0x90776d35), + TOBN(0xe7980e34, 0x6de6f922), TOBN(0x873554cb, 0xf4dd9a22)}, + {TOBN(0x0316c627, 0xcbf18a51), TOBN(0x4d93651b, 0x3032c081), + TOBN(0x207f2771, 0x3946834d), TOBN(0x2c08d7b4, 0x30cdbf80)}}, + {{TOBN(0x137a4fb4, 0x86df2a61), TOBN(0xa1ed9c07, 0xecf7b4a2), + TOBN(0xb2e460e2, 0x7bd042ff), TOBN(0xb7f5e2fa, 0x5f62f5ec)}, + {TOBN(0x7aa6ec6b, 0xcc2423b7), TOBN(0x75ce0a7f, 0xba63eea7), + TOBN(0x67a45fb1, 0xf250a6e1), TOBN(0x93bc919c, 0xe53cdc9f)}}, + {{TOBN(0x9271f56f, 0x871942df), TOBN(0x2372ff6f, 0x7859ad66), + TOBN(0x5f4c2b96, 0x33cb1a78), TOBN(0xe3e29101, 0x5838aa83)}, + {TOBN(0xa7ed1611, 0xe4e8110c), TOBN(0x2a2d70d5, 0x330198ce), + TOBN(0xbdf132e8, 0x6720efe0), TOBN(0xe61a8962, 0x66a471bf)}}, + {{TOBN(0x796d3a85, 0x825808bd), TOBN(0x51dc3cb7, 0x3fd6e902), + TOBN(0x643c768a, 0x916219d1), TOBN(0x36cd7685, 0xa2ad7d32)}, + {TOBN(0xe3db9d05, 0xb22922a4), TOBN(0x6494c87e, 0xdba29660), + TOBN(0xf0ac91df, 0xbcd2ebc7), TOBN(0x4deb57a0, 0x45107f8d)}}, + {{TOBN(0x42271f59, 0xc3d12a73), TOBN(0x5f71687c, 0xa5c2c51d), + TOBN(0xcb1f50c6, 0x05797bcb), TOBN(0x29ed0ed9, 0xd6d34eb0)}, + {TOBN(0xe5fe5b47, 0x4683c2eb), TOBN(0x4956eeb5, 0x97447c46), + TOBN(0x5b163a43, 0x71207167), TOBN(0x93fa2fed, 0x0248c5ef)}}, + {{TOBN(0x67930af2, 0x31f63950), TOBN(0xa77797c1, 0x14caa2c9), + TOBN(0x526e80ee, 0x27ac7e62), TOBN(0xe1e6e626, 0x58b28aec)}, + {TOBN(0x636178b0, 0xb3c9fef0), TOBN(0xaf7752e0, 0x6d5f90be), + TOBN(0x94ecaf18, 0xeece51cf), TOBN(0x2864d0ed, 0xca806e1f)}}, + {{TOBN(0x6de2e383, 0x97c69134), TOBN(0x5a42c316, 0xeb291293), + TOBN(0xc7779219, 0x6a60bae0), TOBN(0xa24de346, 0x6b7599d1)}, + {TOBN(0x49d374aa, 0xb75d4941), TOBN(0x98900586, 0x2d501ff0), + TOBN(0x9f16d40e, 0xeb7974cf), TOBN(0x1033860b, 0xcdd8c115)}}, + {{TOBN(0xb6c69ac8, 0x2094cec3), TOBN(0x9976fb88, 0x403b770c), + TOBN(0x1dea026c, 0x4859590d), TOBN(0xb6acbb46, 0x8562d1fd)}, + {TOBN(0x7cd6c461, 0x44569d85), TOBN(0xc3190a36, 0x97f0891d), + TOBN(0xc6f53195, 0x48d5a17d), TOBN(0x7d919966, 0xd749abc8)}}, + {{TOBN(0x65104837, 0xdd1c8a20), TOBN(0x7e5410c8, 0x2f683419), + TOBN(0x958c3ca8, 0xbe94022e), TOBN(0x605c3197, 0x6145dac2)}, + {TOBN(0x3fc07501, 0x01683d54), TOBN(0x1d7127c5, 0x595b1234), + TOBN(0x10b8f87c, 0x9481277f), TOBN(0x677db2a8, 0xe65a1adb)}}, + {{TOBN(0xec2fccaa, 0xddce3345), TOBN(0x2a6811b7, 0x012a4350), + TOBN(0x96760ff1, 0xac598bdc), TOBN(0x054d652a, 0xd1bf4128)}, + {TOBN(0x0a1151d4, 0x92a21005), TOBN(0xad7f3971, 0x33110fdf), + TOBN(0x8c95928c, 0x1960100f), TOBN(0x6c91c825, 0x7bf03362)}}, + {{TOBN(0xc8c8b2a2, 0xce309f06), TOBN(0xfdb27b59, 0xca27204b), + TOBN(0xd223eaa5, 0x0848e32e), TOBN(0xb93e4b2e, 0xe7bfaf1e)}, + {TOBN(0xc5308ae6, 0x44aa3ded), TOBN(0x317a666a, 0xc015d573), + TOBN(0xc888ce23, 0x1a979707), TOBN(0xf141c1e6, 0x0d5c4958)}}, + {{TOBN(0xb53b7de5, 0x61906373), TOBN(0x858dbade, 0xeb999595), + TOBN(0x8cbb47b2, 0xa59e5c36), TOBN(0x660318b3, 0xdcf4e842)}, + {TOBN(0xbd161ccd, 0x12ba4b7a), TOBN(0xf399daab, 0xf8c8282a), + TOBN(0x1587633a, 0xeeb2130d), TOBN(0xa465311a, 0xda38dd7d)}}, + {{TOBN(0x5f75eec8, 0x64d3779b), TOBN(0x3c5d0476, 0xad64c171), + TOBN(0x87410371, 0x2a914428), TOBN(0x8096a891, 0x90e2fc29)}, + {TOBN(0xd3d2ae9d, 0x23b3ebc2), TOBN(0x90bdd6db, 0xa580cfd6), + TOBN(0x52dbb7f3, 0xc5b01f6c), TOBN(0xe68eded4, 0xe102a2dc)}}, + {{TOBN(0x17785b77, 0x99eb6df0), TOBN(0x26c3cc51, 0x7386b779), + TOBN(0x345ed988, 0x6417a48e), TOBN(0xe990b4e4, 0x07d6ef31)}, + {TOBN(0x0f456b7e, 0x2586abba), TOBN(0x239ca6a5, 0x59c96e9a), + TOBN(0xe327459c, 0xe2eb4206), TOBN(0x3a4c3313, 0xa002b90a)}}, + {{TOBN(0x2a114806, 0xf6a3f6fb), TOBN(0xad5cad2f, 0x85c251dd), + TOBN(0x92c1f613, 0xf5a784d3), TOBN(0xec7bfacf, 0x349766d5)}, + {TOBN(0x04b3cd33, 0x3e23cb3b), TOBN(0x3979fe84, 0xc5a64b2d), + TOBN(0x192e2720, 0x7e589106), TOBN(0xa60c43d1, 0xa15b527f)}}, + {{TOBN(0x2dae9082, 0xbe7cf3a6), TOBN(0xcc86ba92, 0xbc967274), + TOBN(0xf28a2ce8, 0xaea0a8a9), TOBN(0x404ca6d9, 0x6ee988b3)}, + {TOBN(0xfd7e9c5d, 0x005921b8), TOBN(0xf56297f1, 0x44e79bf9), + TOBN(0xa163b460, 0x0d75ddc2), TOBN(0x30b23616, 0xa1f2be87)}}, + {{TOBN(0x4b070d21, 0xbfe50e2b), TOBN(0x7ef8cfd0, 0xe1bfede1), + TOBN(0xadba0011, 0x2aac4ae0), TOBN(0x2a3e7d01, 0xb9ebd033)}, + {TOBN(0x995277ec, 0xe38d9d1c), TOBN(0xb500249e, 0x9c5d2de3), + TOBN(0x8912b820, 0xf13ca8c9), TOBN(0xc8798114, 0x877793af)}}, + {{TOBN(0x19e6125d, 0xec3f1dec), TOBN(0x07b1f040, 0x911178da), + TOBN(0xd93ededa, 0x904a6738), TOBN(0x55187a5a, 0x0bebedcd)}, + {TOBN(0xf7d04722, 0xeb329d41), TOBN(0xf449099e, 0xf170b391), + TOBN(0xfd317a69, 0xca99f828), TOBN(0x50c3db2b, 0x34a4976d)}}, + {{TOBN(0xe9ba7784, 0x3757b392), TOBN(0x326caefd, 0xaa3ca05a), + TOBN(0x78e5293b, 0xf1e593d4), TOBN(0x7842a937, 0x0d98fd13)}, + {TOBN(0xe694bf96, 0x5f96b10d), TOBN(0x373a9df6, 0x06a8cd05), + TOBN(0x997d1e51, 0xe8f0c7fc), TOBN(0x1d019790, 0x63fd972e)}}, + {{TOBN(0x0064d858, 0x5499fb32), TOBN(0x7b67bad9, 0x77a8aeb7), + TOBN(0x1d3eb977, 0x2d08eec5), TOBN(0x5fc047a6, 0xcbabae1d)}, + {TOBN(0x0577d159, 0xe54a64bb), TOBN(0x8862201b, 0xc43497e4), + TOBN(0xad6b4e28, 0x2ce0608d), TOBN(0x8b687b7d, 0x0b167aac)}}, + {{TOBN(0x6ed4d367, 0x8b2ecfa9), TOBN(0x24dfe62d, 0xa90c3c38), + TOBN(0xa1862e10, 0x3fe5c42b), TOBN(0x1ca73dca, 0xd5732a9f)}, + {TOBN(0x35f038b7, 0x76bb87ad), TOBN(0x674976ab, 0xf242b81f), + TOBN(0x4f2bde7e, 0xb0fd90cd), TOBN(0x6efc172e, 0xa7fdf092)}}, + {{TOBN(0x3806b69b, 0x92222f1f), TOBN(0x5a2459ca, 0x6cf7ae70), + TOBN(0x6789f69c, 0xa85217ee), TOBN(0x5f232b5e, 0xe3dc85ac)}, + {TOBN(0x660e3ec5, 0x48e9e516), TOBN(0x124b4e47, 0x3197eb31), + TOBN(0x10a0cb13, 0xaafcca23), TOBN(0x7bd63ba4, 0x8213224f)}}, + {{TOBN(0xaffad7cc, 0x290a7f4f), TOBN(0x6b409c9e, 0x0286b461), + TOBN(0x58ab809f, 0xffa407af), TOBN(0xc3122eed, 0xc68ac073)}, + {TOBN(0x17bf9e50, 0x4ef24d7e), TOBN(0x5d929794, 0x3e2a5811), + TOBN(0x519bc867, 0x02902e01), TOBN(0x76bba5da, 0x39c8a851)}}, + {{TOBN(0xe9f9669c, 0xda94951e), TOBN(0x4b6af58d, 0x66b8d418), + TOBN(0xfa321074, 0x17d426a4), TOBN(0xc78e66a9, 0x9dde6027)}, + {TOBN(0x0516c083, 0x4a53b964), TOBN(0xfc659d38, 0xff602330), + TOBN(0x0ab55e5c, 0x58c5c897), TOBN(0x985099b2, 0x838bc5df)}}, + {{TOBN(0x061d9efc, 0xc52fc238), TOBN(0x712b2728, 0x6ac1da3f), + TOBN(0xfb658149, 0x9283fe08), TOBN(0x4954ac94, 0xb8aaa2f7)}, + {TOBN(0x85c0ada4, 0x7fb2e74f), TOBN(0xee8ba98e, 0xb89926b0), + TOBN(0xe4f9d37d, 0x23d1af5b), TOBN(0x14ccdbf9, 0xba9b015e)}}, + {{TOBN(0xb674481b, 0x7bfe7178), TOBN(0x4e1debae, 0x65405868), + TOBN(0x061b2821, 0xc48c867d), TOBN(0x69c15b35, 0x513b30ea)}, + {TOBN(0x3b4a1666, 0x36871088), TOBN(0xe5e29f5d, 0x1220b1ff), + TOBN(0x4b82bb35, 0x233d9f4d), TOBN(0x4e076333, 0x18cdc675)}}}, + {{{TOBN(0x0d53f5c7, 0xa3e6fced), TOBN(0xe8cbbdd5, 0xf45fbdeb), + TOBN(0xf85c01df, 0x13339a70), TOBN(0x0ff71880, 0x142ceb81)}, + {TOBN(0x4c4e8774, 0xbd70437a), TOBN(0x5fb32891, 0xba0bda6a), + TOBN(0x1cdbebd2, 0xf18bd26e), TOBN(0x2f9526f1, 0x03a9d522)}}, + {{TOBN(0x40ce3051, 0x92c4d684), TOBN(0x8b04d725, 0x7612efcd), + TOBN(0xb9dcda36, 0x6f9cae20), TOBN(0x0edc4d24, 0xf058856c)}, + {TOBN(0x64f2e6bf, 0x85427900), TOBN(0x3de81295, 0xdc09dfea), + TOBN(0xd41b4487, 0x379bf26c), TOBN(0x50b62c6d, 0x6df135a9)}}, + {{TOBN(0xd4f8e3b4, 0xc72dfe67), TOBN(0xc416b0f6, 0x90e19fdf), + TOBN(0x18b9098d, 0x4c13bd35), TOBN(0xac11118a, 0x15b8cb9e)}, + {TOBN(0xf598a318, 0xf0062841), TOBN(0xbfe0602f, 0x89f356f4), + TOBN(0x7ae3637e, 0x30177a0c), TOBN(0x34097747, 0x61136537)}}, + {{TOBN(0x0db2fb5e, 0xd005832a), TOBN(0x5f5efd3b, 0x91042e4f), + TOBN(0x8c4ffdc6, 0xed70f8ca), TOBN(0xe4645d0b, 0xb52da9cc)}, + {TOBN(0x9596f58b, 0xc9001d1f), TOBN(0x52c8f0bc, 0x4e117205), + TOBN(0xfd4aa0d2, 0xe398a084), TOBN(0x815bfe3a, 0x104f49de)}}, + {{TOBN(0x97e5443f, 0x23885e5f), TOBN(0xf72f8f99, 0xe8433aab), + TOBN(0xbd00b154, 0xe4d4e604), TOBN(0xd0b35e6a, 0xe5e173ff)}, + {TOBN(0x57b2a048, 0x9164722d), TOBN(0x3e3c665b, 0x88761ec8), + TOBN(0x6bdd1397, 0x3da83832), TOBN(0x3c8b1a1e, 0x73dafe3b)}}, + {{TOBN(0x4497ace6, 0x54317cac), TOBN(0xbe600ab9, 0x521771b3), + TOBN(0xb42e409e, 0xb0dfe8b8), TOBN(0x386a67d7, 0x3942310f)}, + {TOBN(0x25548d8d, 0x4431cc28), TOBN(0xa7cff142, 0x985dc524), + TOBN(0x4d60f5a1, 0x93c4be32), TOBN(0x83ebd5c8, 0xd071c6e1)}}, + {{TOBN(0xba3a80a7, 0xb1fd2b0b), TOBN(0x9b3ad396, 0x5bec33e8), + TOBN(0xb3868d61, 0x79743fb3), TOBN(0xcfd169fc, 0xfdb462fa)}, + {TOBN(0xd3b499d7, 0x9ce0a6af), TOBN(0x55dc1cf1, 0xe42d3ff8), + TOBN(0x04fb9e6c, 0xc6c3e1b2), TOBN(0x47e6961d, 0x6f69a474)}}, + {{TOBN(0x54eb3acc, 0xe548b37b), TOBN(0xb38e7542, 0x84d40549), + TOBN(0x8c3daa51, 0x7b341b4f), TOBN(0x2f6928ec, 0x690bf7fa)}, + {TOBN(0x0496b323, 0x86ce6c41), TOBN(0x01be1c55, 0x10adadcd), + TOBN(0xc04e67e7, 0x4bb5faf9), TOBN(0x3cbaf678, 0xe15c9985)}}, + {{TOBN(0x8cd12145, 0x50ca4247), TOBN(0xba1aa47a, 0xe7dd30aa), + TOBN(0x2f81ddf1, 0xe58fee24), TOBN(0x03452936, 0xeec9b0e8)}, + {TOBN(0x8bdc3b81, 0x243aea96), TOBN(0x9a2919af, 0x15c3d0e5), + TOBN(0x9ea640ec, 0x10948361), TOBN(0x5ac86d5b, 0x6e0bcccf)}}, + {{TOBN(0xf892d918, 0xc36cf440), TOBN(0xaed3e837, 0xc939719c), + TOBN(0xb07b08d2, 0xc0218b64), TOBN(0x6f1bcbba, 0xce9790dd)}, + {TOBN(0x4a84d6ed, 0x60919b8e), TOBN(0xd8900791, 0x8ac1f9eb), + TOBN(0xf84941aa, 0x0dd5daef), TOBN(0xb22fe40a, 0x67fd62c5)}}, + {{TOBN(0x97e15ba2, 0x157f2db3), TOBN(0xbda2fc8f, 0x8e28ca9c), + TOBN(0x5d050da4, 0x37b9f454), TOBN(0x3d57eb57, 0x2379d72e)}, + {TOBN(0xe9b5eba2, 0xfb5ee997), TOBN(0x01648ca2, 0xe11538ca), + TOBN(0x32bb76f6, 0xf6327974), TOBN(0x338f14b8, 0xff3f4bb7)}}, + {{TOBN(0x524d226a, 0xd7ab9a2d), TOBN(0x9c00090d, 0x7dfae958), + TOBN(0x0ba5f539, 0x8751d8c2), TOBN(0x8afcbcdd, 0x3ab8262d)}, + {TOBN(0x57392729, 0xe99d043b), TOBN(0xef51263b, 0xaebc943a), + TOBN(0x9feace93, 0x20862935), TOBN(0x639efc03, 0xb06c817b)}}, + {{TOBN(0x1fe054b3, 0x66b4be7a), TOBN(0x3f25a9de, 0x84a37a1e), + TOBN(0xf39ef1ad, 0x78d75cd9), TOBN(0xd7b58f49, 0x5062c1b5)}, + {TOBN(0x6f74f9a9, 0xff563436), TOBN(0xf718ff29, 0xe8af51e7), + TOBN(0x5234d313, 0x15e97fec), TOBN(0xb6a8e2b1, 0x292f1c0a)}}, + {{TOBN(0xa7f53aa8, 0x327720c1), TOBN(0x956ca322, 0xba092cc8), + TOBN(0x8f03d64a, 0x28746c4d), TOBN(0x51fe1782, 0x66d0d392)}, + {TOBN(0xd19b34db, 0x3c832c80), TOBN(0x60dccc5c, 0x6da2e3b4), + TOBN(0x245dd62e, 0x0a104ccc), TOBN(0xa7ab1de1, 0x620b21fd)}}, + {{TOBN(0xb293ae0b, 0x3893d123), TOBN(0xf7b75783, 0xb15ee71c), + TOBN(0x5aa3c614, 0x42a9468b), TOBN(0xd686123c, 0xdb15d744)}, + {TOBN(0x8c616891, 0xa7ab4116), TOBN(0x6fcd72c8, 0xa4e6a459), + TOBN(0xac219110, 0x77e5fad7), TOBN(0xfb6a20e7, 0x704fa46b)}}, + {{TOBN(0xe839be7d, 0x341d81dc), TOBN(0xcddb6889, 0x32148379), + TOBN(0xda6211a1, 0xf7026ead), TOBN(0xf3b2575f, 0xf4d1cc5e)}, + {TOBN(0x40cfc8f6, 0xa7a73ae6), TOBN(0x83879a5e, 0x61d5b483), + TOBN(0xc5acb1ed, 0x41a50ebc), TOBN(0x59a60cc8, 0x3c07d8fa)}}, + {{TOBN(0x1b73bdce, 0xb1876262), TOBN(0x2b0d79f0, 0x12af4ee9), + TOBN(0x8bcf3b0b, 0xd46e1d07), TOBN(0x17d6af9d, 0xe45d152f)}, + {TOBN(0x73520461, 0x6d736451), TOBN(0x43cbbd97, 0x56b0bf5a), + TOBN(0xb0833a5b, 0xd5999b9d), TOBN(0x702614f0, 0xeb72e398)}}, + {{TOBN(0x0aadf01a, 0x59c3e9f8), TOBN(0x40200e77, 0xce6b3d16), + TOBN(0xda22bdd3, 0xdeddafad), TOBN(0x76dedaf4, 0x310d72e1)}, + {TOBN(0x49ef807c, 0x4bc2e88f), TOBN(0x6ba81291, 0x146dd5a5), + TOBN(0xa1a4077a, 0x7d8d59e9), TOBN(0x87b6a2e7, 0x802db349)}}, + {{TOBN(0xd5679997, 0x1b4e598e), TOBN(0xf499ef1f, 0x06fe4b1d), + TOBN(0x3978d3ae, 0xfcb267c5), TOBN(0xb582b557, 0x235786d0)}, + {TOBN(0x32b3b2ca, 0x1715cb07), TOBN(0x4c3de6a2, 0x8480241d), + TOBN(0x63b5ffed, 0xcb571ecd), TOBN(0xeaf53900, 0xed2fe9a9)}}, + {{TOBN(0xdec98d4a, 0xc3b81990), TOBN(0x1cb83722, 0x9e0cc8fe), + TOBN(0xfe0b0491, 0xd2b427b9), TOBN(0x0f2386ac, 0xe983a66c)}, + {TOBN(0x930c4d1e, 0xb3291213), TOBN(0xa2f82b2e, 0x59a62ae4), + TOBN(0x77233853, 0xf93e89e3), TOBN(0x7f8063ac, 0x11777c7f)}}, + {{TOBN(0xff0eb567, 0x59ad2877), TOBN(0x6f454642, 0x9865c754), + TOBN(0xe6fe701a, 0x236e9a84), TOBN(0xc586ef16, 0x06e40fc3)}, + {TOBN(0x3f62b6e0, 0x24bafad9), TOBN(0xc8b42bd2, 0x64da906a), + TOBN(0xc98e1eb4, 0xda3276a0), TOBN(0x30d0e5fc, 0x06cbf852)}}, + {{TOBN(0x1b6b2ae1, 0xe8b4dfd4), TOBN(0xd754d5c7, 0x8301cbac), + TOBN(0x66097629, 0x112a39ac), TOBN(0xf86b5999, 0x93ba4ab9)}, + {TOBN(0x26c9dea7, 0x99f9d581), TOBN(0x0473b1a8, 0xc2fafeaa), + TOBN(0x1469af55, 0x3b2505a5), TOBN(0x227d16d7, 0xd6a43323)}}, + {{TOBN(0x3316f73c, 0xad3d97f9), TOBN(0x52bf3bb5, 0x1f137455), + TOBN(0x953eafeb, 0x09954e7c), TOBN(0xa721dfed, 0xdd732411)}, + {TOBN(0xb4929821, 0x141d4579), TOBN(0x3411321c, 0xaa3bd435), + TOBN(0xafb355aa, 0x17fa6015), TOBN(0xb4e7ef4a, 0x18e42f0e)}}, + {{TOBN(0x604ac97c, 0x59371000), TOBN(0xe1c48c70, 0x7f759c18), + TOBN(0x3f62ecc5, 0xa5db6b65), TOBN(0x0a78b173, 0x38a21495)}, + {TOBN(0x6be1819d, 0xbcc8ad94), TOBN(0x70dc04f6, 0xd89c3400), + TOBN(0x462557b4, 0xa6b4840a), TOBN(0x544c6ade, 0x60bd21c0)}}, + {{TOBN(0x6a00f24e, 0x907a544b), TOBN(0xa7520dcb, 0x313da210), + TOBN(0xfe939b75, 0x11e4994b), TOBN(0x918b6ba6, 0xbc275d70)}, + {TOBN(0xd3e5e0fc, 0x644be892), TOBN(0x707a9816, 0xfdaf6c42), + TOBN(0x60145567, 0xf15c13fe), TOBN(0x4818ebaa, 0xe130a54a)}}, + {{TOBN(0x28aad3ad, 0x58d2f767), TOBN(0xdc5267fd, 0xd7e7c773), + TOBN(0x4919cc88, 0xc3afcc98), TOBN(0xaa2e6ab0, 0x2db8cd4b)}, + {TOBN(0xd46fec04, 0xd0c63eaa), TOBN(0xa1cb92c5, 0x19ffa832), + TOBN(0x678dd178, 0xe43a631f), TOBN(0xfb5ae1cd, 0x3dc788b3)}}, + {{TOBN(0x68b4fb90, 0x6e77de04), TOBN(0x7992bcf0, 0xf06dbb97), + TOBN(0x896e6a13, 0xc417c01d), TOBN(0x8d96332c, 0xb956be01)}, + {TOBN(0x902fc93a, 0x413aa2b9), TOBN(0x99a4d915, 0xfc98c8a5), + TOBN(0x52c29407, 0x565f1137), TOBN(0x4072690f, 0x21e4f281)}}, + {{TOBN(0x36e607cf, 0x02ff6072), TOBN(0xa47d2ca9, 0x8ad98cdc), + TOBN(0xbf471d1e, 0xf5f56609), TOBN(0xbcf86623, 0xf264ada0)}, + {TOBN(0xb70c0687, 0xaa9e5cb6), TOBN(0xc98124f2, 0x17401c6c), + TOBN(0x8189635f, 0xd4a61435), TOBN(0xd28fb8af, 0xa9d98ea6)}}, + {{TOBN(0xb9a67c2a, 0x40c251f8), TOBN(0x88cd5d87, 0xa2da44be), + TOBN(0x437deb96, 0xe09b5423), TOBN(0x150467db, 0x64287dc1)}, + {TOBN(0xe161debb, 0xcdabb839), TOBN(0xa79e9742, 0xf1839a3e), + TOBN(0xbb8dd3c2, 0x652d202b), TOBN(0x7b3e67f7, 0xe9f97d96)}}, + {{TOBN(0x5aa5d78f, 0xb1cb6ac9), TOBN(0xffa13e8e, 0xca1d0d45), + TOBN(0x369295dd, 0x2ba5bf95), TOBN(0xd68bd1f8, 0x39aff05e)}, + {TOBN(0xaf0d86f9, 0x26d783f2), TOBN(0x543a59b3, 0xfc3aafc1), + TOBN(0x3fcf81d2, 0x7b7da97c), TOBN(0xc990a056, 0xd25dee46)}}, + {{TOBN(0x3e6775b8, 0x519cce2c), TOBN(0xfc9af71f, 0xae13d863), + TOBN(0x774a4a6f, 0x47c1605c), TOBN(0x46ba4245, 0x2fd205e8)}, + {TOBN(0xa06feea4, 0xd3fd524d), TOBN(0x1e724641, 0x6de1acc2), + TOBN(0xf53816f1, 0x334e2b42), TOBN(0x49e5918e, 0x922f0024)}}, + {{TOBN(0x439530b6, 0x65c7322d), TOBN(0xcf12cc01, 0xb3c1b3fb), + TOBN(0xc70b0186, 0x0172f685), TOBN(0xb915ee22, 0x1b58391d)}, + {TOBN(0x9afdf03b, 0xa317db24), TOBN(0x87dec659, 0x17b8ffc4), + TOBN(0x7f46597b, 0xe4d3d050), TOBN(0x80a1c1ed, 0x006500e7)}}, + {{TOBN(0x84902a96, 0x78bf030e), TOBN(0xfb5e9c9a, 0x50560148), + TOBN(0x6dae0a92, 0x63362426), TOBN(0xdcaeecf4, 0xa9e30c40)}, + {TOBN(0xc0d887bb, 0x518d0c6b), TOBN(0x99181152, 0xcb985b9d), + TOBN(0xad186898, 0xef7bc381), TOBN(0x18168ffb, 0x9ee46201)}}, + {{TOBN(0x9a04cdaa, 0x2502753c), TOBN(0xbb279e26, 0x51407c41), + TOBN(0xeacb03aa, 0xf23564e5), TOBN(0x18336582, 0x71e61016)}, + {TOBN(0x8684b8c4, 0xeb809877), TOBN(0xb336e18d, 0xea0e672e), + TOBN(0xefb601f0, 0x34ee5867), TOBN(0x2733edbe, 0x1341cfd1)}}, + {{TOBN(0xb15e809a, 0x26025c3c), TOBN(0xe6e981a6, 0x9350df88), + TOBN(0x92376237, 0x8502fd8e), TOBN(0x4791f216, 0x0c12be9b)}, + {TOBN(0xb7256789, 0x25f02425), TOBN(0xec863194, 0x7a974443), + TOBN(0x7c0ce882, 0xfb41cc52), TOBN(0xc266ff7e, 0xf25c07f2)}}, + {{TOBN(0x3d4da8c3, 0x017025f3), TOBN(0xefcf628c, 0xfb9579b4), + TOBN(0x5c4d0016, 0x1f3716ec), TOBN(0x9c27ebc4, 0x6801116e)}, + {TOBN(0x5eba0ea1, 0x1da1767e), TOBN(0xfe151452, 0x47004c57), + TOBN(0x3ace6df6, 0x8c2373b7), TOBN(0x75c3dffe, 0x5dbc37ac)}}, + {{TOBN(0x3dc32a73, 0xddc925fc), TOBN(0xb679c841, 0x2f65ee0b), + TOBN(0x715a3295, 0x451cbfeb), TOBN(0xd9889768, 0xf76e9a29)}, + {TOBN(0xec20ce7f, 0xb28ad247), TOBN(0xe99146c4, 0x00894d79), + TOBN(0x71457d7c, 0x9f5e3ea7), TOBN(0x097b2662, 0x38030031)}}, + {{TOBN(0xdb7f6ae6, 0xcf9f82a8), TOBN(0x319decb9, 0x438f473a), + TOBN(0xa63ab386, 0x283856c3), TOBN(0x13e3172f, 0xb06a361b)}, + {TOBN(0x2959f8dc, 0x7d5a006c), TOBN(0x2dbc27c6, 0x75fba752), + TOBN(0xc1227ab2, 0x87c22c9e), TOBN(0x06f61f75, 0x71a268b2)}}, + {{TOBN(0x1b6bb971, 0x04779ce2), TOBN(0xaca83812, 0x0aadcb1d), + TOBN(0x297ae0bc, 0xaeaab2d5), TOBN(0xa5c14ee7, 0x5bfb9f13)}, + {TOBN(0xaa00c583, 0xf17a62c7), TOBN(0x39eb962c, 0x173759f6), + TOBN(0x1eeba1d4, 0x86c9a88f), TOBN(0x0ab6c37a, 0xdf016c5e)}}, + {{TOBN(0xa2a147db, 0xa28a0749), TOBN(0x246c20d6, 0xee519165), + TOBN(0x5068d1b1, 0xd3810715), TOBN(0xb1e7018c, 0x748160b9)}, + {TOBN(0x03f5b1fa, 0xf380ff62), TOBN(0xef7fb1dd, 0xf3cb2c1e), + TOBN(0xeab539a8, 0xfc91a7da), TOBN(0x83ddb707, 0xf3f9b561)}}, + {{TOBN(0xc550e211, 0xfe7df7a4), TOBN(0xa7cd07f2, 0x063f6f40), + TOBN(0xb0de3635, 0x2976879c), TOBN(0xb5f83f85, 0xe55741da)}, + {TOBN(0x4ea9d25e, 0xf3d8ac3d), TOBN(0x6fe2066f, 0x62819f02), + TOBN(0x4ab2b9c2, 0xcef4a564), TOBN(0x1e155d96, 0x5ffa2de3)}}, + {{TOBN(0x0eb0a19b, 0xc3a72d00), TOBN(0x4037665b, 0x8513c31b), + TOBN(0x2fb2b6bf, 0x04c64637), TOBN(0x45c34d6e, 0x08cdc639)}, + {TOBN(0x56f1e10f, 0xf01fd796), TOBN(0x4dfb8101, 0xfe3667b8), + TOBN(0xe0eda253, 0x9021d0c0), TOBN(0x7a94e9ff, 0x8a06c6ab)}}, + {{TOBN(0x2d3bb0d9, 0xbb9aa882), TOBN(0xea20e4e5, 0xec05fd10), + TOBN(0xed7eeb5f, 0x1a1ca64e), TOBN(0x2fa6b43c, 0xc6327cbd)}, + {TOBN(0xb577e3cf, 0x3aa91121), TOBN(0x8c6bd5ea, 0x3a34079b), + TOBN(0xd7e5ba39, 0x60e02fc0), TOBN(0xf16dd2c3, 0x90141bf8)}}, + {{TOBN(0xb57276d9, 0x80101b98), TOBN(0x760883fd, 0xb82f0f66), + TOBN(0x89d7de75, 0x4bc3eff3), TOBN(0x03b60643, 0x5dc2ab40)}, + {TOBN(0xcd6e53df, 0xe05beeac), TOBN(0xf2f1e862, 0xbc3325cd), + TOBN(0xdd0f7921, 0x774f03c3), TOBN(0x97ca7221, 0x4552cc1b)}}, + {{TOBN(0x5a0d6afe, 0x1cd19f72), TOBN(0xa20915dc, 0xf183fbeb), + TOBN(0x9fda4b40, 0x832c403c), TOBN(0x32738edd, 0xbe425442)}, + {TOBN(0x469a1df6, 0xb5eccf1a), TOBN(0x4b5aff42, 0x28bbe1f0), + TOBN(0x31359d7f, 0x570dfc93), TOBN(0xa18be235, 0xf0088628)}}, + {{TOBN(0xa5b30fba, 0xb00ed3a9), TOBN(0x34c61374, 0x73cdf8be), + TOBN(0x2c5c5f46, 0xabc56797), TOBN(0x5cecf93d, 0xb82a8ae2)}, + {TOBN(0x7d3dbe41, 0xa968fbf0), TOBN(0xd23d4583, 0x1a5c7f3d), + TOBN(0xf28f69a0, 0xc087a9c7), TOBN(0xc2d75471, 0x474471ca)}}, + {{TOBN(0x36ec9f4a, 0x4eb732ec), TOBN(0x6c943bbd, 0xb1ca6bed), + TOBN(0xd64535e1, 0xf2457892), TOBN(0x8b84a8ea, 0xf7e2ac06)}, + {TOBN(0xe0936cd3, 0x2499dd5f), TOBN(0x12053d7e, 0x0ed04e57), + TOBN(0x4bdd0076, 0xe4305d9d), TOBN(0x34a527b9, 0x1f67f0a2)}}, + {{TOBN(0xe79a4af0, 0x9cec46ea), TOBN(0xb15347a1, 0x658b9bc7), + TOBN(0x6bd2796f, 0x35af2f75), TOBN(0xac957990, 0x4051c435)}, + {TOBN(0x2669dda3, 0xc33a655d), TOBN(0x5d503c2e, 0x88514aa3), + TOBN(0xdfa11337, 0x3753dd41), TOBN(0x3f054673, 0x0b754f78)}}, + {{TOBN(0xbf185677, 0x496125bd), TOBN(0xfb0023c8, 0x3775006c), + TOBN(0xfa0f072f, 0x3a037899), TOBN(0x4222b6eb, 0x0e4aea57)}, + {TOBN(0x3dde5e76, 0x7866d25a), TOBN(0xb6eb04f8, 0x4837aa6f), + TOBN(0x5315591a, 0x2cf1cdb8), TOBN(0x6dfb4f41, 0x2d4e683c)}}, + {{TOBN(0x7e923ea4, 0x48ee1f3a), TOBN(0x9604d9f7, 0x05a2afd5), + TOBN(0xbe1d4a33, 0x40ea4948), TOBN(0x5b45f1f4, 0xb44cbd2f)}, + {TOBN(0x5faf8376, 0x4acc757e), TOBN(0xa7cf9ab8, 0x63d68ff7), + TOBN(0x8ad62f69, 0xdf0e404b), TOBN(0xd65f33c2, 0x12bdafdf)}}, + {{TOBN(0xc365de15, 0xa377b14e), TOBN(0x6bf5463b, 0x8e39f60c), + TOBN(0x62030d2d, 0x2ce68148), TOBN(0xd95867ef, 0xe6f843a8)}, + {TOBN(0xd39a0244, 0xef5ab017), TOBN(0x0bd2d8c1, 0x4ab55d12), + TOBN(0xc9503db3, 0x41639169), TOBN(0x2d4e25b0, 0xf7660c8a)}}, + {{TOBN(0x760cb3b5, 0xe224c5d7), TOBN(0xfa3baf8c, 0x68616919), + TOBN(0x9fbca113, 0x8d142552), TOBN(0x1ab18bf1, 0x7669ebf5)}, + {TOBN(0x55e6f53e, 0x9bdf25dd), TOBN(0x04cc0bf3, 0xcb6cd154), + TOBN(0x595bef49, 0x95e89080), TOBN(0xfe9459a8, 0x104a9ac1)}}, + {{TOBN(0xad2d89ca, 0xcce9bb32), TOBN(0xddea65e1, 0xf7de8285), + TOBN(0x62ed8c35, 0xb351bd4b), TOBN(0x4150ff36, 0x0c0e19a7)}, + {TOBN(0x86e3c801, 0x345f4e47), TOBN(0x3bf21f71, 0x203a266c), + TOBN(0x7ae110d4, 0x855b1f13), TOBN(0x5d6aaf6a, 0x07262517)}}, + {{TOBN(0x1e0f12e1, 0x813d28f1), TOBN(0x6000e11d, 0x7ad7a523), + TOBN(0xc7d8deef, 0xc744a17b), TOBN(0x1e990b48, 0x14c05a00)}, + {TOBN(0x68fddaee, 0x93e976d5), TOBN(0x696241d1, 0x46610d63), + TOBN(0xb204e7c3, 0x893dda88), TOBN(0x8bccfa65, 0x6a3a6946)}}, + {{TOBN(0xb59425b4, 0xc5cd1411), TOBN(0x701b4042, 0xff3658b1), + TOBN(0xe3e56bca, 0x4784cf93), TOBN(0x27de5f15, 0x8fe68d60)}, + {TOBN(0x4ab9cfce, 0xf8d53f19), TOBN(0xddb10311, 0xa40a730d), + TOBN(0x6fa73cd1, 0x4eee0a8a), TOBN(0xfd548748, 0x5249719d)}}, + {{TOBN(0x49d66316, 0xa8123ef0), TOBN(0x73c32db4, 0xe7f95438), + TOBN(0x2e2ed209, 0x0d9e7854), TOBN(0xf98a9329, 0x9d9f0507)}, + {TOBN(0xc5d33cf6, 0x0c6aa20a), TOBN(0x9a32ba14, 0x75279bb2), + TOBN(0x7e3202cb, 0x774a7307), TOBN(0x64ed4bc4, 0xe8c42dbd)}}, + {{TOBN(0xc20f1a06, 0xd4caed0d), TOBN(0xb8021407, 0x171d22b3), + TOBN(0xd426ca04, 0xd13268d7), TOBN(0x92377007, 0x25f4d126)}, + {TOBN(0x4204cbc3, 0x71f21a85), TOBN(0x18461b7a, 0xf82369ba), + TOBN(0xc0c07d31, 0x3fc858f9), TOBN(0x5deb5a50, 0xe2bab569)}}, + {{TOBN(0xd5959d46, 0xd5eea89e), TOBN(0xfdff8424, 0x08437f4b), + TOBN(0xf21071e4, 0x3cfe254f), TOBN(0x72417696, 0x95468321)}, + {TOBN(0x5d8288b9, 0x102cae3e), TOBN(0x2d143e3d, 0xf1965dff), + TOBN(0x00c9a376, 0xa078d847), TOBN(0x6fc0da31, 0x26028731)}}, + {{TOBN(0xa2baeadf, 0xe45083a2), TOBN(0x66bc7218, 0x5e5b4bcd), + TOBN(0x2c826442, 0xd04b8e7f), TOBN(0xc19f5451, 0x6c4b586b)}, + {TOBN(0x60182c49, 0x5b7eeed5), TOBN(0xd9954ecd, 0x7aa9dfa1), + TOBN(0xa403a8ec, 0xc73884ad), TOBN(0x7fb17de2, 0x9bb39041)}}, + {{TOBN(0x694b64c5, 0xabb020e8), TOBN(0x3d18c184, 0x19c4eec7), + TOBN(0x9c4673ef, 0x1c4793e5), TOBN(0xc7b8aeb5, 0x056092e6)}, + {TOBN(0x3aa1ca43, 0xf0f8c16b), TOBN(0x224ed5ec, 0xd679b2f6), + TOBN(0x0d56eeaf, 0x55a205c9), TOBN(0xbfe115ba, 0x4b8e028b)}}, + {{TOBN(0x97e60849, 0x3927f4fe), TOBN(0xf91fbf94, 0x759aa7c5), + TOBN(0x985af769, 0x6be90a51), TOBN(0xc1277b78, 0x78ccb823)}, + {TOBN(0x395b656e, 0xe7a75952), TOBN(0x00df7de0, 0x928da5f5), + TOBN(0x09c23175, 0x4ca4454f), TOBN(0x4ec971f4, 0x7aa2d3c1)}}, + {{TOBN(0x45c3c507, 0xe75d9ccc), TOBN(0x63b7be8a, 0x3dc90306), + TOBN(0x37e09c66, 0x5db44bdc), TOBN(0x50d60da1, 0x6841c6a2)}, + {TOBN(0x6f9b65ee, 0x08df1b12), TOBN(0x38734879, 0x7ff089df), + TOBN(0x9c331a66, 0x3fe8013d), TOBN(0x017f5de9, 0x5f42fcc8)}}, + {{TOBN(0x43077866, 0xe8e57567), TOBN(0xc9f781ce, 0xf9fcdb18), + TOBN(0x38131dda, 0x9b12e174), TOBN(0x25d84aa3, 0x8a03752a)}, + {TOBN(0x45e09e09, 0x4d0c0ce2), TOBN(0x1564008b, 0x92bebba5), + TOBN(0xf7e8ad31, 0xa87284c7), TOBN(0xb7c4b46c, 0x97e7bbaa)}}, + {{TOBN(0x3e22a7b3, 0x97acf4ec), TOBN(0x0426c400, 0x5ea8b640), + TOBN(0x5e3295a6, 0x4e969285), TOBN(0x22aabc59, 0xa6a45670)}, + {TOBN(0xb929714c, 0x5f5942bc), TOBN(0x9a6168bd, 0xfa3182ed), + TOBN(0x2216a665, 0x104152ba), TOBN(0x46908d03, 0xb6926368)}}}, + {{{TOBN(0xa9f5d874, 0x5a1251fb), TOBN(0x967747a8, 0xc72725c7), + TOBN(0x195c33e5, 0x31ffe89e), TOBN(0x609d210f, 0xe964935e)}, + {TOBN(0xcafd6ca8, 0x2fe12227), TOBN(0xaf9b5b96, 0x0426469d), + TOBN(0x2e9ee04c, 0x5693183c), TOBN(0x1084a333, 0xc8146fef)}}, + {{TOBN(0x96649933, 0xaed1d1f7), TOBN(0x566eaff3, 0x50563090), + TOBN(0x345057f0, 0xad2e39cf), TOBN(0x148ff65b, 0x1f832124)}, + {TOBN(0x042e89d4, 0xcf94cf0d), TOBN(0x319bec84, 0x520c58b3), + TOBN(0x2a267626, 0x5361aa0d), TOBN(0xc86fa302, 0x8fbc87ad)}}, + {{TOBN(0xfc83d2ab, 0x5c8b06d5), TOBN(0xb1a785a2, 0xfe4eac46), + TOBN(0xb99315bc, 0x846f7779), TOBN(0xcf31d816, 0xef9ea505)}, + {TOBN(0x2391fe6a, 0x15d7dc85), TOBN(0x2f132b04, 0xb4016b33), + TOBN(0x29547fe3, 0x181cb4c7), TOBN(0xdb66d8a6, 0x650155a1)}}, + {{TOBN(0x6b66d7e1, 0xadc1696f), TOBN(0x98ebe593, 0x0acd72d0), + TOBN(0x65f24550, 0xcc1b7435), TOBN(0xce231393, 0xb4b9a5ec)}, + {TOBN(0x234a22d4, 0xdb067df9), TOBN(0x98dda095, 0xcaff9b00), + TOBN(0x1bbc75a0, 0x6100c9c1), TOBN(0x1560a9c8, 0x939cf695)}}, + {{TOBN(0xcf006d3e, 0x99e0925f), TOBN(0x2dd74a96, 0x6322375a), + TOBN(0xc58b446a, 0xb56af5ba), TOBN(0x50292683, 0xe0b9b4f1)}, + {TOBN(0xe2c34cb4, 0x1aeaffa3), TOBN(0x8b17203f, 0x9b9587c1), + TOBN(0x6d559207, 0xead1350c), TOBN(0x2b66a215, 0xfb7f9604)}}, + {{TOBN(0x0850325e, 0xfe51bf74), TOBN(0x9c4f579e, 0x5e460094), + TOBN(0x5c87b92a, 0x76da2f25), TOBN(0x889de4e0, 0x6febef33)}, + {TOBN(0x6900ec06, 0x646083ce), TOBN(0xbe2a0335, 0xbfe12773), + TOBN(0xadd1da35, 0xc5344110), TOBN(0x757568b7, 0xb802cd20)}}, + {{TOBN(0x75559779, 0x00f7e6c8), TOBN(0x38e8b94f, 0x0facd2f0), + TOBN(0xfea1f3af, 0x03fde375), TOBN(0x5e11a1d8, 0x75881dfc)}, + {TOBN(0xb3a6b02e, 0xc1e2f2ef), TOBN(0x193d2bbb, 0xc605a6c5), + TOBN(0x325ffeee, 0x339a0b2d), TOBN(0x27b6a724, 0x9e0c8846)}}, + {{TOBN(0xe4050f1c, 0xf1c367ca), TOBN(0x9bc85a9b, 0xc90fbc7d), + TOBN(0xa373c4a2, 0xe1a11032), TOBN(0xb64232b7, 0xad0393a9)}, + {TOBN(0xf5577eb0, 0x167dad29), TOBN(0x1604f301, 0x94b78ab2), + TOBN(0x0baa94af, 0xe829348b), TOBN(0x77fbd8dd, 0x41654342)}}, + {{TOBN(0xdab50ea5, 0xb964e39a), TOBN(0xd4c29e3c, 0xd0d3c76e), + TOBN(0x80dae67c, 0x56d11964), TOBN(0x7307a8bf, 0xe5ffcc2f)}, + {TOBN(0x65bbc1aa, 0x91708c3b), TOBN(0xa151e62c, 0x28bf0eeb), + TOBN(0x6cb53381, 0x6fa34db7), TOBN(0x5139e05c, 0xa29403a8)}}, + {{TOBN(0x6ff651b4, 0x94a7cd2e), TOBN(0x5671ffd1, 0x0699336c), + TOBN(0x6f5fd2cc, 0x979a896a), TOBN(0x11e893a8, 0xd8148cef)}, + {TOBN(0x988906a1, 0x65cf7b10), TOBN(0x81b67178, 0xc50d8485), + TOBN(0x7c0deb35, 0x8a35b3de), TOBN(0x423ac855, 0xc1d29799)}}, + {{TOBN(0xaf580d87, 0xdac50b74), TOBN(0x28b2b89f, 0x5869734c), + TOBN(0x99a3b936, 0x874e28fb), TOBN(0xbb2c9190, 0x25f3f73a)}, + {TOBN(0x199f6918, 0x84a9d5b7), TOBN(0x7ebe2325, 0x7e770374), + TOBN(0xf442e107, 0x0738efe2), TOBN(0xcf9f3f56, 0xcf9082d2)}}, + {{TOBN(0x719f69e1, 0x09618708), TOBN(0xcc9e8364, 0xc183f9b1), + TOBN(0xec203a95, 0x366a21af), TOBN(0x6aec5d6d, 0x068b141f)}, + {TOBN(0xee2df78a, 0x994f04e9), TOBN(0xb39ccae8, 0x271245b0), + TOBN(0xb875a4a9, 0x97e43f4f), TOBN(0x507dfe11, 0xdb2cea98)}}, + {{TOBN(0x4fbf81cb, 0x489b03e9), TOBN(0xdb86ec5b, 0x6ec414fa), + TOBN(0xfad444f9, 0xf51b3ae5), TOBN(0xca7d33d6, 0x1914e3fe)}, + {TOBN(0xa9c32f5c, 0x0ae6c4d0), TOBN(0xa9ca1d1e, 0x73969568), + TOBN(0x98043c31, 0x1aa7467e), TOBN(0xe832e75c, 0xe21b5ac6)}}, + {{TOBN(0x314b7aea, 0x5232123d), TOBN(0x08307c8c, 0x65ae86db), + TOBN(0x06e7165c, 0xaa4668ed), TOBN(0xb170458b, 0xb4d3ec39)}, + {TOBN(0x4d2e3ec6, 0xc19bb986), TOBN(0xc5f34846, 0xae0304ed), + TOBN(0x917695a0, 0x6c9f9722), TOBN(0x6c7f7317, 0x4cab1c0a)}}, + {{TOBN(0x6295940e, 0x9d6d2e8b), TOBN(0xd318b8c1, 0x549f7c97), + TOBN(0x22453204, 0x97713885), TOBN(0x468d834b, 0xa8a440fe)}, + {TOBN(0xd81fe5b2, 0xbfba796e), TOBN(0x152364db, 0x6d71f116), + TOBN(0xbb8c7c59, 0xb5b66e53), TOBN(0x0b12c61b, 0x2641a192)}}, + {{TOBN(0x31f14802, 0xfcf0a7fd), TOBN(0x42fd0789, 0x5488b01e), + TOBN(0x71d78d6d, 0x9952b498), TOBN(0x8eb572d9, 0x07ac5201)}, + {TOBN(0xe0a2a44c, 0x4d194a88), TOBN(0xd2b63fd9, 0xba017e66), + TOBN(0x78efc6c8, 0xf888aefc), TOBN(0xb76f6bda, 0x4a881a11)}}, + {{TOBN(0x187f314b, 0xb46c2397), TOBN(0x004cf566, 0x5ded2819), + TOBN(0xa9ea5704, 0x38764d34), TOBN(0xbba45217, 0x78084709)}, + {TOBN(0x06474571, 0x1171121e), TOBN(0xad7b7eb1, 0xe7c9b671), + TOBN(0xdacfbc40, 0x730f7507), TOBN(0x178cd8c6, 0xc7ad7bd1)}}, + {{TOBN(0xbf0be101, 0xb2a67238), TOBN(0x3556d367, 0xaf9c14f2), + TOBN(0x104b7831, 0xa5662075), TOBN(0x58ca59bb, 0x79d9e60a)}, + {TOBN(0x4bc45392, 0xa569a73b), TOBN(0x517a52e8, 0x5698f6c9), + TOBN(0x85643da5, 0xaeadd755), TOBN(0x1aed0cd5, 0x2a581b84)}}, + {{TOBN(0xb9b4ff84, 0x80af1372), TOBN(0x244c3113, 0xf1ba5d1f), + TOBN(0x2a5dacbe, 0xf5f98d31), TOBN(0x2c3323e8, 0x4375bc2a)}, + {TOBN(0x17a3ab4a, 0x5594b1dd), TOBN(0xa1928bfb, 0xceb4797e), + TOBN(0xe83af245, 0xe4886a19), TOBN(0x8979d546, 0x72b5a74a)}}, + {{TOBN(0xa0f726bc, 0x19f9e967), TOBN(0xd9d03152, 0xe8fbbf4e), + TOBN(0xcfd6f51d, 0xb7707d40), TOBN(0x633084d9, 0x63f6e6e0)}, + {TOBN(0xedcd9cdc, 0x55667eaf), TOBN(0x73b7f92b, 0x2e44d56f), + TOBN(0xfb2e39b6, 0x4e962b14), TOBN(0x7d408f6e, 0xf671fcbf)}}, + {{TOBN(0xcc634ddc, 0x164a89bb), TOBN(0x74a42bb2, 0x3ef3bd05), + TOBN(0x1280dbb2, 0x428decbb), TOBN(0x6103f6bb, 0x402c8596)}, + {TOBN(0xfa2bf581, 0x355a5752), TOBN(0x562f96a8, 0x00946674), + TOBN(0x4e4ca16d, 0x6da0223b), TOBN(0xfe47819f, 0x28d3aa25)}}, + {{TOBN(0x9eea3075, 0xf8dfcf8a), TOBN(0xa284f0aa, 0x95669825), + TOBN(0xb3fca250, 0x867d3fd8), TOBN(0x20757b5f, 0x269d691e)}, + {TOBN(0xf2c24020, 0x93b8a5de), TOBN(0xd3f93359, 0xebc06da6), + TOBN(0x1178293e, 0xb2739c33), TOBN(0xd2a3e770, 0xbcd686e5)}}, + {{TOBN(0xa76f49f4, 0xcd941534), TOBN(0x0d37406b, 0xe3c71c0e), + TOBN(0x172d9397, 0x3b97f7e3), TOBN(0xec17e239, 0xbd7fd0de)}, + {TOBN(0xe3290551, 0x6f496ba2), TOBN(0x6a693172, 0x36ad50e7), + TOBN(0xc4e539a2, 0x83e7eff5), TOBN(0x752737e7, 0x18e1b4cf)}}, + {{TOBN(0xa2f7932c, 0x68af43ee), TOBN(0x5502468e, 0x703d00bd), + TOBN(0xe5dc978f, 0x2fb061f5), TOBN(0xc9a1904a, 0x28c815ad)}, + {TOBN(0xd3af538d, 0x470c56a4), TOBN(0x159abc5f, 0x193d8ced), + TOBN(0x2a37245f, 0x20108ef3), TOBN(0xfa17081e, 0x223f7178)}}, + {{TOBN(0x27b0fb2b, 0x10c8c0f5), TOBN(0x2102c3ea, 0x40650547), + TOBN(0x594564df, 0x8ac3bfa7), TOBN(0x98102033, 0x509dad96)}, + {TOBN(0x6989643f, 0xf1d18a13), TOBN(0x35eebd91, 0xd7fc5af0), + TOBN(0x078d096a, 0xfaeaafd8), TOBN(0xb7a89341, 0xdef3de98)}}, + {{TOBN(0x2a206e8d, 0xecf2a73a), TOBN(0x066a6397, 0x8e551994), + TOBN(0x3a6a088a, 0xb98d53a2), TOBN(0x0ce7c67c, 0x2d1124aa)}, + {TOBN(0x48cec671, 0x759a113c), TOBN(0xe3b373d3, 0x4f6f67fa), + TOBN(0x5455d479, 0xfd36727b), TOBN(0xe5a428ee, 0xa13c0d81)}}, + {{TOBN(0xb853dbc8, 0x1c86682b), TOBN(0xb78d2727, 0xb8d02b2a), + TOBN(0xaaf69bed, 0x8ebc329a), TOBN(0xdb6b40b3, 0x293b2148)}, + {TOBN(0xe42ea77d, 0xb8c4961f), TOBN(0xb1a12f7c, 0x20e5e0ab), + TOBN(0xa0ec5274, 0x79e8b05e), TOBN(0x68027391, 0xfab60a80)}}, + {{TOBN(0x6bfeea5f, 0x16b1bd5e), TOBN(0xf957e420, 0x4de30ad3), + TOBN(0xcbaf664e, 0x6a353b9e), TOBN(0x5c873312, 0x26d14feb)}, + {TOBN(0x4e87f98c, 0xb65f57cb), TOBN(0xdb60a621, 0x5e0cdd41), + TOBN(0x67c16865, 0xa6881440), TOBN(0x1093ef1a, 0x46ab52aa)}}, + {{TOBN(0xc095afb5, 0x3f4ece64), TOBN(0x6a6bb02e, 0x7604551a), + TOBN(0x55d44b4e, 0x0b26b8cd), TOBN(0xe5f9a999, 0xf971268a)}, + {TOBN(0xc08ec425, 0x11a7de84), TOBN(0x83568095, 0xfda469dd), + TOBN(0x737bfba1, 0x6c6c90a2), TOBN(0x1cb9c4a0, 0xbe229831)}}, + {{TOBN(0x93bccbba, 0xbb2eec64), TOBN(0xa0c23b64, 0xda03adbe), + TOBN(0x5f7aa00a, 0xe0e86ac4), TOBN(0x470b941e, 0xfc1401e6)}, + {TOBN(0x5ad8d679, 0x9df43574), TOBN(0x4ccfb8a9, 0x0f65d810), + TOBN(0x1bce80e3, 0xaa7fbd81), TOBN(0x273291ad, 0x9508d20a)}}, + {{TOBN(0xf5c4b46b, 0x42a92806), TOBN(0x810684ec, 0xa86ab44a), + TOBN(0x4591640b, 0xca0bc9f8), TOBN(0xb5efcdfc, 0x5c4b6054)}, + {TOBN(0x16fc8907, 0x6e9edd12), TOBN(0xe29d0b50, 0xd4d792f9), + TOBN(0xa45fd01c, 0x9b03116d), TOBN(0x85035235, 0xc81765a4)}}, + {{TOBN(0x1fe2a9b2, 0xb4b4b67c), TOBN(0xc1d10df0, 0xe8020604), + TOBN(0x9d64abfc, 0xbc8058d8), TOBN(0x8943b9b2, 0x712a0fbb)}, + {TOBN(0x90eed914, 0x3b3def04), TOBN(0x85ab3aa2, 0x4ce775ff), + TOBN(0x605fd4ca, 0x7bbc9040), TOBN(0x8b34a564, 0xe2c75dfb)}}, + {{TOBN(0x41ffc94a, 0x10358560), TOBN(0x2d8a5072, 0x9e5c28aa), + TOBN(0xe915a0fc, 0x4cc7eb15), TOBN(0xe9efab05, 0x8f6d0f5d)}, + {TOBN(0xdbab47a9, 0xd19e9b91), TOBN(0x8cfed745, 0x0276154c), + TOBN(0x154357ae, 0x2cfede0d), TOBN(0x520630df, 0x19f5a4ef)}}, + {{TOBN(0x25759f7c, 0xe382360f), TOBN(0xb6db05c9, 0x88bf5857), + TOBN(0x2917d61d, 0x6c58d46c), TOBN(0x14f8e491, 0xfd20cb7a)}, + {TOBN(0xb68a727a, 0x11c20340), TOBN(0x0386f86f, 0xaf7ccbb6), + TOBN(0x5c8bc6cc, 0xfee09a20), TOBN(0x7d76ff4a, 0xbb7eea35)}}, + {{TOBN(0xa7bdebe7, 0xdb15be7a), TOBN(0x67a08054, 0xd89f0302), + TOBN(0x56bf0ea9, 0xc1193364), TOBN(0xc8244467, 0x62837ebe)}, + {TOBN(0x32bd8e8b, 0x20d841b8), TOBN(0x127a0548, 0xdbb8a54f), + TOBN(0x83dd4ca6, 0x63b20236), TOBN(0x87714718, 0x203491fa)}}, + {{TOBN(0x4dabcaaa, 0xaa8a5288), TOBN(0x91cc0c8a, 0xaf23a1c9), + TOBN(0x34c72c6a, 0x3f220e0c), TOBN(0xbcc20bdf, 0x1232144a)}, + {TOBN(0x6e2f42da, 0xa20ede1b), TOBN(0xc441f00c, 0x74a00515), + TOBN(0xbf46a5b6, 0x734b8c4b), TOBN(0x57409503, 0x7b56c9a4)}}, + {{TOBN(0x9f735261, 0xe4585d45), TOBN(0x9231faed, 0x6734e642), + TOBN(0x1158a176, 0xbe70ee6c), TOBN(0x35f1068d, 0x7c3501bf)}, + {TOBN(0x6beef900, 0xa2d26115), TOBN(0x649406f2, 0xef0afee3), + TOBN(0x3f43a60a, 0xbc2420a1), TOBN(0x509002a7, 0xd5aee4ac)}}, + {{TOBN(0xb46836a5, 0x3ff3571b), TOBN(0x24f98b78, 0x837927c1), + TOBN(0x6254256a, 0x4533c716), TOBN(0xf27abb0b, 0xd07ee196)}, + {TOBN(0xd7cf64fc, 0x5c6d5bfd), TOBN(0x6915c751, 0xf0cd7a77), + TOBN(0xd9f59012, 0x8798f534), TOBN(0x772b0da8, 0xf81d8b5f)}}, + {{TOBN(0x1244260c, 0x2e03fa69), TOBN(0x36cf0e3a, 0x3be1a374), + TOBN(0x6e7c1633, 0xef06b960), TOBN(0xa71a4c55, 0x671f90f6)}, + {TOBN(0x7a941251, 0x33c673db), TOBN(0xc0bea510, 0x73e8c131), + TOBN(0x61a8a699, 0xd4f6c734), TOBN(0x25e78c88, 0x341ed001)}}, + {{TOBN(0x5c18acf8, 0x8e2f7d90), TOBN(0xfdbf33d7, 0x77be32cd), + TOBN(0x0a085cd7, 0xd2eb5ee9), TOBN(0x2d702cfb, 0xb3201115)}, + {TOBN(0xb6e0ebdb, 0x85c88ce8), TOBN(0x23a3ce3c, 0x1e01d617), + TOBN(0x3041618e, 0x567333ac), TOBN(0x9dd0fd8f, 0x157edb6b)}}, + {{TOBN(0x27f74702, 0xb57872b8), TOBN(0x2ef26b4f, 0x657d5fe1), + TOBN(0x95426f0a, 0x57cf3d40), TOBN(0x847e2ad1, 0x65a6067a)}, + {TOBN(0xd474d9a0, 0x09996a74), TOBN(0x16a56acd, 0x2a26115c), + TOBN(0x02a615c3, 0xd16f4d43), TOBN(0xcc3fc965, 0xaadb85b7)}}, + {{TOBN(0x386bda73, 0xce07d1b0), TOBN(0xd82910c2, 0x58ad4178), + TOBN(0x124f82cf, 0xcd2617f4), TOBN(0xcc2f5e8d, 0xef691770)}, + {TOBN(0x82702550, 0xb8c30ccc), TOBN(0x7b856aea, 0x1a8e575a), + TOBN(0xbb822fef, 0xb1ab9459), TOBN(0x085928bc, 0xec24e38e)}}, + {{TOBN(0x5d0402ec, 0xba8f4b4d), TOBN(0xc07cd4ba, 0x00b4d58b), + TOBN(0x5d8dffd5, 0x29227e7a), TOBN(0x61d44d0c, 0x31bf386f)}, + {TOBN(0xe486dc2b, 0x135e6f4d), TOBN(0x680962eb, 0xe79410ef), + TOBN(0xa61bd343, 0xf10088b5), TOBN(0x6aa76076, 0xe2e28686)}}, + {{TOBN(0x80463d11, 0x8fb98871), TOBN(0xcb26f5c3, 0xbbc76aff), + TOBN(0xd4ab8edd, 0xfbe03614), TOBN(0xc8eb579b, 0xc0cf2dee)}, + {TOBN(0xcc004c15, 0xc93bae41), TOBN(0x46fbae5d, 0x3aeca3b2), + TOBN(0x671235cf, 0x0f1e9ab1), TOBN(0xadfba934, 0x9ec285c1)}}, + {{TOBN(0x88ded013, 0xf216c980), TOBN(0xc8ac4fb8, 0xf79e0bc1), + TOBN(0xa29b89c6, 0xfb97a237), TOBN(0xb697b780, 0x9922d8e7)}, + {TOBN(0x3142c639, 0xddb945b5), TOBN(0x447b06c7, 0xe094c3a9), + TOBN(0xcdcb3642, 0x72266c90), TOBN(0x633aad08, 0xa9385046)}}, + {{TOBN(0xa36c936b, 0xb57c6477), TOBN(0x871f8b64, 0xe94dbcc6), + TOBN(0x28d0fb62, 0xa591a67b), TOBN(0x9d40e081, 0xc1d926f5)}, + {TOBN(0x3111eaf6, 0xf2d84b5a), TOBN(0x228993f9, 0xa565b644), + TOBN(0x0ccbf592, 0x2c83188b), TOBN(0xf87b30ab, 0x3df3e197)}}, + {{TOBN(0xb8658b31, 0x7642bca8), TOBN(0x1a032d7f, 0x52800f17), + TOBN(0x051dcae5, 0x79bf9445), TOBN(0xeba6b8ee, 0x54a2e253)}, + {TOBN(0x5c8b9cad, 0xd4485692), TOBN(0x84bda40e, 0x8986e9be), + TOBN(0xd16d16a4, 0x2f0db448), TOBN(0x8ec80050, 0xa14d4188)}}, + {{TOBN(0xb2b26107, 0x98fa7aaa), TOBN(0x41209ee4, 0xf073aa4e), + TOBN(0xf1570359, 0xf2d6b19b), TOBN(0xcbe6868c, 0xfc577caf)}, + {TOBN(0x186c4bdc, 0x32c04dd3), TOBN(0xa6c35fae, 0xcfeee397), + TOBN(0xb4a1b312, 0xf086c0cf), TOBN(0xe0a5ccc6, 0xd9461fe2)}}, + {{TOBN(0xc32278aa, 0x1536189f), TOBN(0x1126c55f, 0xba6df571), + TOBN(0x0f71a602, 0xb194560e), TOBN(0x8b2d7405, 0x324bd6e1)}, + {TOBN(0x8481939e, 0x3738be71), TOBN(0xb5090b1a, 0x1a4d97a9), + TOBN(0x116c65a3, 0xf05ba915), TOBN(0x21863ad3, 0xaae448aa)}}, + {{TOBN(0xd24e2679, 0xa7aae5d3), TOBN(0x7076013d, 0x0de5c1c4), + TOBN(0x2d50f8ba, 0xbb05b629), TOBN(0x73c1abe2, 0x6e66efbb)}, + {TOBN(0xefd4b422, 0xf2488af7), TOBN(0xe4105d02, 0x663ba575), + TOBN(0x7eb60a8b, 0x53a69457), TOBN(0x62210008, 0xc945973b)}}, + {{TOBN(0xfb255478, 0x77a50ec6), TOBN(0xbf0392f7, 0x0a37a72c), + TOBN(0xa0a7a19c, 0x4be18e7a), TOBN(0x90d8ea16, 0x25b1e0af)}, + {TOBN(0x7582a293, 0xef953f57), TOBN(0x90a64d05, 0xbdc5465a), + TOBN(0xca79c497, 0xe2510717), TOBN(0x560dbb7c, 0x18cb641f)}}, + {{TOBN(0x1d8e3286, 0x4b66abfb), TOBN(0xd26f52e5, 0x59030900), + TOBN(0x1ee3f643, 0x5584941a), TOBN(0x6d3b3730, 0x569f5958)}, + {TOBN(0x9ff2a62f, 0x4789dba5), TOBN(0x91fcb815, 0x72b5c9b7), + TOBN(0xf446cb7d, 0x6c8f9a0e), TOBN(0x48f625c1, 0x39b7ecb5)}}, + {{TOBN(0xbabae801, 0x1c6219b8), TOBN(0xe7a562d9, 0x28ac2f23), + TOBN(0xe1b48732, 0x26e20588), TOBN(0x06ee1cad, 0x775af051)}, + {TOBN(0xda29ae43, 0xfaff79f7), TOBN(0xc141a412, 0x652ee9e0), + TOBN(0x1e127f6f, 0x195f4bd0), TOBN(0x29c6ab4f, 0x072f34f8)}}, + {{TOBN(0x7b7c1477, 0x30448112), TOBN(0x82b51af1, 0xe4a38656), + TOBN(0x2bf2028a, 0x2f315010), TOBN(0xc9a4a01f, 0x6ea88cd4)}, + {TOBN(0xf63e95d8, 0x257e5818), TOBN(0xdd8efa10, 0xb4519b16), + TOBN(0xed8973e0, 0x0da910bf), TOBN(0xed49d077, 0x5c0fe4a9)}}, + {{TOBN(0xac3aac5e, 0xb7caee1e), TOBN(0x1033898d, 0xa7f4da57), + TOBN(0x42145c0e, 0x5c6669b9), TOBN(0x42daa688, 0xc1aa2aa0)}, + {TOBN(0x629cc15c, 0x1a1d885a), TOBN(0x25572ec0, 0xf4b76817), + TOBN(0x8312e435, 0x9c8f8f28), TOBN(0x8107f8cd, 0x81965490)}}, + {{TOBN(0x516ff3a3, 0x6fa6110c), TOBN(0x74fb1eb1, 0xfb93561f), + TOBN(0x6c0c9047, 0x8457522b), TOBN(0xcfd32104, 0x6bb8bdc6)}, + {TOBN(0x2d6884a2, 0xcc80ad57), TOBN(0x7c27fc35, 0x86a9b637), + TOBN(0x3461baed, 0xadf4e8cd), TOBN(0x1d56251a, 0x617242f0)}}, + {{TOBN(0x0b80d209, 0xc955bef4), TOBN(0xdf02cad2, 0x06adb047), + TOBN(0xf0d7cb91, 0x5ec74fee), TOBN(0xd2503375, 0x1111ba44)}, + {TOBN(0x9671755e, 0xdf53cb36), TOBN(0x54dcb612, 0x3368551b), + TOBN(0x66d69aac, 0xc8a025a4), TOBN(0x6be946c6, 0xe77ef445)}}, + {{TOBN(0x719946d1, 0xa995e094), TOBN(0x65e848f6, 0xe51e04d8), + TOBN(0xe62f3300, 0x6a1e3113), TOBN(0x1541c7c1, 0x501de503)}, + {TOBN(0x4daac9fa, 0xf4acfade), TOBN(0x0e585897, 0x44cd0b71), + TOBN(0x544fd869, 0x0a51cd77), TOBN(0x60fc20ed, 0x0031016d)}}, + {{TOBN(0x58b404ec, 0xa4276867), TOBN(0x46f6c3cc, 0x34f34993), + TOBN(0x477ca007, 0xc636e5bd), TOBN(0x8018f5e5, 0x7c458b47)}, + {TOBN(0xa1202270, 0xe47b668f), TOBN(0xcef48ccd, 0xee14f203), + TOBN(0x23f98bae, 0x62ff9b4d), TOBN(0x55acc035, 0xc589eddd)}}, + {{TOBN(0x3fe712af, 0x64db4444), TOBN(0x19e9d634, 0xbecdd480), + TOBN(0xe08bc047, 0xa930978a), TOBN(0x2dbf24ec, 0xa1280733)}, + {TOBN(0x3c0ae38c, 0x2cd706b2), TOBN(0x5b012a5b, 0x359017b9), + TOBN(0x3943c38c, 0x72e0f5ae), TOBN(0x786167ea, 0x57176fa3)}}, + {{TOBN(0xe5f9897d, 0x594881dc), TOBN(0x6b5efad8, 0xcfb820c1), + TOBN(0xb2179093, 0xd55018de), TOBN(0x39ad7d32, 0x0bac56ce)}, + {TOBN(0xb55122e0, 0x2cfc0e81), TOBN(0x117c4661, 0xf6d89daa), + TOBN(0x362d01e1, 0xcb64fa09), TOBN(0x6a309b4e, 0x3e9c4ddd)}}, + {{TOBN(0xfa979fb7, 0xabea49b1), TOBN(0xb4b1d27d, 0x10e2c6c5), + TOBN(0xbd61c2c4, 0x23afde7a), TOBN(0xeb6614f8, 0x9786d358)}, + {TOBN(0x4a5d816b, 0x7f6f7459), TOBN(0xe431a44f, 0x09360e7b), + TOBN(0x8c27a032, 0xc309914c), TOBN(0xcea5d68a, 0xcaede3d8)}}, + {{TOBN(0x3668f665, 0x3a0a3f95), TOBN(0x89369416, 0x7ceba27b), + TOBN(0x89981fad, 0xe4728fe9), TOBN(0x7102c8a0, 0x8a093562)}, + {TOBN(0xbb80310e, 0x235d21c8), TOBN(0x505e55d1, 0xbefb7f7b), + TOBN(0xa0a90811, 0x12958a67), TOBN(0xd67e106a, 0x4d851fef)}}, + {{TOBN(0xb84011a9, 0x431dd80e), TOBN(0xeb7c7cca, 0x73306cd9), + TOBN(0x20fadd29, 0xd1b3b730), TOBN(0x83858b5b, 0xfe37b3d3)}, + {TOBN(0xbf4cd193, 0xb6251d5c), TOBN(0x1cca1fd3, 0x1352d952), + TOBN(0xc66157a4, 0x90fbc051), TOBN(0x7990a638, 0x89b98636)}}}, + {{{TOBN(0xe5aa692a, 0x87dec0e1), TOBN(0x010ded8d, 0xf7b39d00), + TOBN(0x7b1b80c8, 0x54cfa0b5), TOBN(0x66beb876, 0xa0f8ea28)}, + {TOBN(0x50d7f531, 0x3476cd0e), TOBN(0xa63d0e65, 0xb08d3949), + TOBN(0x1a09eea9, 0x53479fc6), TOBN(0x82ae9891, 0xf499e742)}}, + {{TOBN(0xab58b910, 0x5ca7d866), TOBN(0x582967e2, 0x3adb3b34), + TOBN(0x89ae4447, 0xcceac0bc), TOBN(0x919c667c, 0x7bf56af5)}, + {TOBN(0x9aec17b1, 0x60f5dcd7), TOBN(0xec697b9f, 0xddcaadbc), + TOBN(0x0b98f341, 0x463467f5), TOBN(0xb187f1f7, 0xa967132f)}}, + {{TOBN(0x90fe7a1d, 0x214aeb18), TOBN(0x1506af3c, 0x741432f7), + TOBN(0xbb5565f9, 0xe591a0c4), TOBN(0x10d41a77, 0xb44f1bc3)}, + {TOBN(0xa09d65e4, 0xa84bde96), TOBN(0x42f060d8, 0xf20a6a1c), + TOBN(0x652a3bfd, 0xf27f9ce7), TOBN(0xb6bdb65c, 0x3b3d739f)}}, + {{TOBN(0xeb5ddcb6, 0xec7fae9f), TOBN(0x995f2714, 0xefb66e5a), + TOBN(0xdee95d8e, 0x69445d52), TOBN(0x1b6c2d46, 0x09e27620)}, + {TOBN(0x32621c31, 0x8129d716), TOBN(0xb03909f1, 0x0958c1aa), + TOBN(0x8c468ef9, 0x1af4af63), TOBN(0x162c429f, 0xfba5cdf6)}}, + {{TOBN(0x2f682343, 0x753b9371), TOBN(0x29cab45a, 0x5f1f9cd7), + TOBN(0x571623ab, 0xb245db96), TOBN(0xc507db09, 0x3fd79999)}, + {TOBN(0x4e2ef652, 0xaf036c32), TOBN(0x86f0cc78, 0x05018e5c), + TOBN(0xc10a73d4, 0xab8be350), TOBN(0x6519b397, 0x7e826327)}}, + {{TOBN(0xe8cb5eef, 0x9c053df7), TOBN(0x8de25b37, 0xb300ea6f), + TOBN(0xdb03fa92, 0xc849cffb), TOBN(0x242e43a7, 0xe84169bb)}, + {TOBN(0xe4fa51f4, 0xdd6f958e), TOBN(0x6925a77f, 0xf4445a8d), + TOBN(0xe6e72a50, 0xe90d8949), TOBN(0xc66648e3, 0x2b1f6390)}}, + {{TOBN(0xb2ab1957, 0x173e460c), TOBN(0x1bbbce75, 0x30704590), + TOBN(0xc0a90dbd, 0xdb1c7162), TOBN(0x505e399e, 0x15cdd65d)}, + {TOBN(0x68434dcb, 0x57797ab7), TOBN(0x60ad35ba, 0x6a2ca8e8), + TOBN(0x4bfdb1e0, 0xde3336c1), TOBN(0xbbef99eb, 0xd8b39015)}}, + {{TOBN(0x6c3b96f3, 0x1711ebec), TOBN(0x2da40f1f, 0xce98fdc4), + TOBN(0xb99774d3, 0x57b4411f), TOBN(0x87c8bdf4, 0x15b65bb6)}, + {TOBN(0xda3a89e3, 0xc2eef12d), TOBN(0xde95bb9b, 0x3c7471f3), + TOBN(0x600f225b, 0xd812c594), TOBN(0x54907c5d, 0x2b75a56b)}}, + {{TOBN(0xa93cc5f0, 0x8db60e35), TOBN(0x743e3cd6, 0xfa833319), + TOBN(0x7dad5c41, 0xf81683c9), TOBN(0x70c1e7d9, 0x9c34107e)}, + {TOBN(0x0edc4a39, 0xa6be0907), TOBN(0x36d47035, 0x86d0b7d3), + TOBN(0x8c76da03, 0x272bfa60), TOBN(0x0b4a07ea, 0x0f08a414)}}, + {{TOBN(0x699e4d29, 0x45c1dd53), TOBN(0xcadc5898, 0x231debb5), + TOBN(0xdf49fcc7, 0xa77f00e0), TOBN(0x93057bbf, 0xa73e5a0e)}, + {TOBN(0x2f8b7ecd, 0x027a4cd1), TOBN(0x114734b3, 0xc614011a), + TOBN(0xe7a01db7, 0x67677c68), TOBN(0x89d9be5e, 0x7e273f4f)}}, + {{TOBN(0xd225cb2e, 0x089808ef), TOBN(0xf1f7a27d, 0xd59e4107), + TOBN(0x53afc761, 0x8211b9c9), TOBN(0x0361bc67, 0xe6819159)}, + {TOBN(0x2a865d0b, 0x7f071426), TOBN(0x6a3c1810, 0xe7072567), + TOBN(0x3e3bca1e, 0x0d6bcabd), TOBN(0xa1b02bc1, 0x408591bc)}}, + {{TOBN(0xe0deee59, 0x31fba239), TOBN(0xf47424d3, 0x98bd91d1), + TOBN(0x0f8886f4, 0x071a3c1d), TOBN(0x3f7d41e8, 0xa819233b)}, + {TOBN(0x708623c2, 0xcf6eb998), TOBN(0x86bb49af, 0x609a287f), + TOBN(0x942bb249, 0x63c90762), TOBN(0x0ef6eea5, 0x55a9654b)}}, + {{TOBN(0x5f6d2d72, 0x36f5defe), TOBN(0xfa9922dc, 0x56f99176), + TOBN(0x6c8c5ece, 0xf78ce0c7), TOBN(0x7b44589d, 0xbe09b55e)}, + {TOBN(0xe11b3bca, 0x9ea83770), TOBN(0xd7fa2c7f, 0x2ab71547), + TOBN(0x2a3dd6fa, 0x2a1ddcc0), TOBN(0x09acb430, 0x5a7b7707)}}, + {{TOBN(0x4add4a2e, 0x649d4e57), TOBN(0xcd53a2b0, 0x1917526e), + TOBN(0xc5262330, 0x20b44ac4), TOBN(0x4028746a, 0xbaa2c31d)}, + {TOBN(0x51318390, 0x64291d4c), TOBN(0xbf48f151, 0xee5ad909), + TOBN(0xcce57f59, 0x7b185681), TOBN(0x7c3ac1b0, 0x4854d442)}}, + {{TOBN(0x65587dc3, 0xc093c171), TOBN(0xae7acb24, 0x24f42b65), + TOBN(0x5a338adb, 0x955996cb), TOBN(0xc8e65675, 0x6051f91b)}, + {TOBN(0x66711fba, 0x28b8d0b1), TOBN(0x15d74137, 0xb6c10a90), + TOBN(0x70cdd7eb, 0x3a232a80), TOBN(0xc9e2f07f, 0x6191ed24)}}, + {{TOBN(0xa80d1db6, 0xf79588c0), TOBN(0xfa52fc69, 0xb55768cc), + TOBN(0x0b4df1ae, 0x7f54438a), TOBN(0x0cadd1a7, 0xf9b46a4f)}, + {TOBN(0xb40ea6b3, 0x1803dd6f), TOBN(0x488e4fa5, 0x55eaae35), + TOBN(0x9f047d55, 0x382e4e16), TOBN(0xc9b5b7e0, 0x2f6e0c98)}}, + {{TOBN(0x6b1bd2d3, 0x95762649), TOBN(0xa9604ee7, 0xc7aea3f6), + TOBN(0x3646ff27, 0x6dc6f896), TOBN(0x9bf0e7f5, 0x2860bad1)}, + {TOBN(0x2d92c821, 0x7cb44b92), TOBN(0xa2f5ce63, 0xaea9c182), + TOBN(0xd0a2afb1, 0x9154a5fd), TOBN(0x482e474c, 0x95801da6)}}, + {{TOBN(0xc19972d0, 0xb611c24b), TOBN(0x1d468e65, 0x60a8f351), + TOBN(0xeb758069, 0x7bcf6421), TOBN(0xec9dd0ee, 0x88fbc491)}, + {TOBN(0x5b59d2bf, 0x956c2e32), TOBN(0x73dc6864, 0xdcddf94e), + TOBN(0xfd5e2321, 0xbcee7665), TOBN(0xa7b4f8ef, 0x5e9a06c4)}}, + {{TOBN(0xfba918dd, 0x7280f855), TOBN(0xbbaac260, 0x8baec688), + TOBN(0xa3b3f00f, 0x33400f42), TOBN(0x3d2dba29, 0x66f2e6e4)}, + {TOBN(0xb6f71a94, 0x98509375), TOBN(0x8f33031f, 0xcea423cc), + TOBN(0x009b8dd0, 0x4807e6fb), TOBN(0x5163cfe5, 0x5cdb954c)}}, + {{TOBN(0x03cc8f17, 0xcf41c6e8), TOBN(0xf1f03c2a, 0x037b925c), + TOBN(0xc39c19cc, 0x66d2427c), TOBN(0x823d24ba, 0x7b6c18e4)}, + {TOBN(0x32ef9013, 0x901f0b4f), TOBN(0x684360f1, 0xf8941c2e), + TOBN(0x0ebaff52, 0x2c28092e), TOBN(0x7891e4e3, 0x256c932f)}}, + {{TOBN(0x51264319, 0xac445e3d), TOBN(0x553432e7, 0x8ea74381), + TOBN(0xe6eeaa69, 0x67e9c50a), TOBN(0x27ced284, 0x62e628c7)}, + {TOBN(0x3f96d375, 0x7a4afa57), TOBN(0xde0a14c3, 0xe484c150), + TOBN(0x364a24eb, 0x38bd9923), TOBN(0x1df18da0, 0xe5177422)}}, + {{TOBN(0x174e8f82, 0xd8d38a9b), TOBN(0x2e97c600, 0xe7de1391), + TOBN(0xc5709850, 0xa1c175dd), TOBN(0x969041a0, 0x32ae5035)}, + {TOBN(0xcbfd533b, 0x76a2086b), TOBN(0xd6bba71b, 0xd7c2e8fe), + TOBN(0xb2d58ee6, 0x099dfb67), TOBN(0x3a8b342d, 0x064a85d9)}}, + {{TOBN(0x3bc07649, 0x522f9be3), TOBN(0x690c075b, 0xdf1f49a8), + TOBN(0x80e1aee8, 0x3854ec42), TOBN(0x2a7dbf44, 0x17689dc7)}, + {TOBN(0xc004fc0e, 0x3faf4078), TOBN(0xb2f02e9e, 0xdf11862c), + TOBN(0xf10a5e0f, 0xa0a1b7b3), TOBN(0x30aca623, 0x8936ec80)}}, + {{TOBN(0xf83cbf05, 0x02f40d9a), TOBN(0x4681c468, 0x2c318a4d), + TOBN(0x98575618, 0x0e9c2674), TOBN(0xbe79d046, 0x1847092e)}, + {TOBN(0xaf1e480a, 0x78bd01e0), TOBN(0x6dd359e4, 0x72a51db9), + TOBN(0x62ce3821, 0xe3afbab6), TOBN(0xc5cee5b6, 0x17733199)}}, + {{TOBN(0xe08b30d4, 0x6ffd9fbb), TOBN(0x6e5bc699, 0x36c610b7), + TOBN(0xf343cff2, 0x9ce262cf), TOBN(0xca2e4e35, 0x68b914c1)}, + {TOBN(0x011d64c0, 0x16de36c5), TOBN(0xe0b10fdd, 0x42e2b829), + TOBN(0x78942981, 0x6685aaf8), TOBN(0xe7511708, 0x230ede97)}}, + {{TOBN(0x671ed8fc, 0x3b922bf8), TOBN(0xe4d8c0a0, 0x4c29b133), + TOBN(0x87eb1239, 0x3b6e99c4), TOBN(0xaff3974c, 0x8793beba)}, + {TOBN(0x03749405, 0x2c18df9b), TOBN(0xc5c3a293, 0x91007139), + TOBN(0x6a77234f, 0xe37a0b95), TOBN(0x02c29a21, 0xb661c96b)}}, + {{TOBN(0xc3aaf1d6, 0x141ecf61), TOBN(0x9195509e, 0x3bb22f53), + TOBN(0x29597404, 0x22d51357), TOBN(0x1b083822, 0x537bed60)}, + {TOBN(0xcd7d6e35, 0xe07289f0), TOBN(0x1f94c48c, 0x6dd86eff), + TOBN(0xc8bb1f82, 0xeb0f9cfa), TOBN(0x9ee0b7e6, 0x1b2eb97d)}}, + {{TOBN(0x5a52fe2e, 0x34d74e31), TOBN(0xa352c310, 0x3bf79ab6), + TOBN(0x97ff6c5a, 0xabfeeb8f), TOBN(0xbfbe8fef, 0xf5c97305)}, + {TOBN(0xd6081ce6, 0xa7904608), TOBN(0x1f812f3a, 0xc4fca249), + TOBN(0x9b24bc9a, 0xb9e5e200), TOBN(0x91022c67, 0x38012ee8)}}, + {{TOBN(0xe83d9c5d, 0x30a713a1), TOBN(0x4876e3f0, 0x84ef0f93), + TOBN(0xc9777029, 0xc1fbf928), TOBN(0xef7a6bb3, 0xbce7d2a4)}, + {TOBN(0xb8067228, 0xdfa2a659), TOBN(0xd5cd3398, 0xd877a48f), + TOBN(0xbea4fd8f, 0x025d0f3f), TOBN(0xd67d2e35, 0x2eae7c2b)}}, + {{TOBN(0x184de7d7, 0xcc5f4394), TOBN(0xb5551b5c, 0x4536e142), + TOBN(0x2e89b212, 0xd34aa60a), TOBN(0x14a96fea, 0xf50051d5)}, + {TOBN(0x4e21ef74, 0x0d12bb0b), TOBN(0xc522f020, 0x60b9677e), + TOBN(0x8b12e467, 0x2df7731d), TOBN(0x39f80382, 0x7b326d31)}}, + {{TOBN(0xdfb8630c, 0x39024a94), TOBN(0xaacb96a8, 0x97319452), + TOBN(0xd68a3961, 0xeda3867c), TOBN(0x0c58e2b0, 0x77c4ffca)}, + {TOBN(0x3d545d63, 0x4da919fa), TOBN(0xef79b69a, 0xf15e2289), + TOBN(0x54bc3d3d, 0x808bab10), TOBN(0xc8ab3007, 0x45f82c37)}}, + {{TOBN(0xc12738b6, 0x7c4a658a), TOBN(0xb3c47639, 0x40e72182), + TOBN(0x3b77be46, 0x8798e44f), TOBN(0xdc047df2, 0x17a7f85f)}, + {TOBN(0x2439d4c5, 0x5e59d92d), TOBN(0xcedca475, 0xe8e64d8d), + TOBN(0xa724cd0d, 0x87ca9b16), TOBN(0x35e4fd59, 0xa5540dfe)}}, + {{TOBN(0xf8c1ff18, 0xe4bcf6b1), TOBN(0x856d6285, 0x295018fa), + TOBN(0x433f665c, 0x3263c949), TOBN(0xa6a76dd6, 0xa1f21409)}, + {TOBN(0x17d32334, 0xcc7b4f79), TOBN(0xa1d03122, 0x06720e4a), + TOBN(0xadb6661d, 0x81d9bed5), TOBN(0xf0d6fb02, 0x11db15d1)}}, + {{TOBN(0x7fd11ad5, 0x1fb747d2), TOBN(0xab50f959, 0x3033762b), + TOBN(0x2a7e711b, 0xfbefaf5a), TOBN(0xc7393278, 0x3fef2bbf)}, + {TOBN(0xe29fa244, 0x0df6f9be), TOBN(0x9092757b, 0x71efd215), + TOBN(0xee60e311, 0x4f3d6fd9), TOBN(0x338542d4, 0x0acfb78b)}}, + {{TOBN(0x44a23f08, 0x38961a0f), TOBN(0x1426eade, 0x986987ca), + TOBN(0x36e6ee2e, 0x4a863cc6), TOBN(0x48059420, 0x628b8b79)}, + {TOBN(0x30303ad8, 0x7396e1de), TOBN(0x5c8bdc48, 0x38c5aad1), + TOBN(0x3e40e11f, 0x5c8f5066), TOBN(0xabd6e768, 0x8d246bbd)}}, + {{TOBN(0x68aa40bb, 0x23330a01), TOBN(0xd23f5ee4, 0xc34eafa0), + TOBN(0x3bbee315, 0x5de02c21), TOBN(0x18dd4397, 0xd1d8dd06)}, + {TOBN(0x3ba1939a, 0x122d7b44), TOBN(0xe6d3b40a, 0xa33870d6), + TOBN(0x8e620f70, 0x1c4fe3f8), TOBN(0xf6bba1a5, 0xd3a50cbf)}}, + {{TOBN(0x4a78bde5, 0xcfc0aee0), TOBN(0x847edc46, 0xc08c50bd), + TOBN(0xbaa2439c, 0xad63c9b2), TOBN(0xceb4a728, 0x10fc2acb)}, + {TOBN(0xa419e40e, 0x26da033d), TOBN(0x6cc3889d, 0x03e02683), + TOBN(0x1cd28559, 0xfdccf725), TOBN(0x0fd7e0f1, 0x8d13d208)}}, + {{TOBN(0x01b9733b, 0x1f0df9d4), TOBN(0x8cc2c5f3, 0xa2b5e4f3), + TOBN(0x43053bfa, 0x3a304fd4), TOBN(0x8e87665c, 0x0a9f1aa7)}, + {TOBN(0x087f29ec, 0xd73dc965), TOBN(0x15ace455, 0x3e9023db), + TOBN(0x2370e309, 0x2bce28b4), TOBN(0xf9723442, 0xb6b1e84a)}}, + {{TOBN(0xbeee662e, 0xb72d9f26), TOBN(0xb19396de, 0xf0e47109), + TOBN(0x85b1fa73, 0xe13289d0), TOBN(0x436cf77e, 0x54e58e32)}, + {TOBN(0x0ec833b3, 0xe990ef77), TOBN(0x7373e3ed, 0x1b11fc25), + TOBN(0xbe0eda87, 0x0fc332ce), TOBN(0xced04970, 0x8d7ea856)}}, + {{TOBN(0xf85ff785, 0x7e977ca0), TOBN(0xb66ee8da, 0xdfdd5d2b), + TOBN(0xf5e37950, 0x905af461), TOBN(0x587b9090, 0x966d487c)}, + {TOBN(0x6a198a1b, 0x32ba0127), TOBN(0xa7720e07, 0x141615ac), + TOBN(0xa23f3499, 0x996ef2f2), TOBN(0xef5f64b4, 0x470bcb3d)}}, + {{TOBN(0xa526a962, 0x92b8c559), TOBN(0x0c14aac0, 0x69740a0f), + TOBN(0x0d41a9e3, 0xa6bdc0a5), TOBN(0x97d52106, 0x9c48aef4)}, + {TOBN(0xcf16bd30, 0x3e7c253b), TOBN(0xcc834b1a, 0x47fdedc1), + TOBN(0x7362c6e5, 0x373aab2e), TOBN(0x264ed85e, 0xc5f590ff)}}, + {{TOBN(0x7a46d9c0, 0x66d41870), TOBN(0xa50c20b1, 0x4787ba09), + TOBN(0x185e7e51, 0xe3d44635), TOBN(0xb3b3e080, 0x31e2d8dc)}, + {TOBN(0xbed1e558, 0xa179e9d9), TOBN(0x2daa3f79, 0x74a76781), + TOBN(0x4372baf2, 0x3a40864f), TOBN(0x46900c54, 0x4fe75cb5)}}, + {{TOBN(0xb95f171e, 0xf76765d0), TOBN(0x4ad726d2, 0x95c87502), + TOBN(0x2ec769da, 0x4d7c99bd), TOBN(0x5e2ddd19, 0xc36cdfa8)}, + {TOBN(0xc22117fc, 0xa93e6dea), TOBN(0xe8a2583b, 0x93771123), + TOBN(0xbe2f6089, 0xfa08a3a2), TOBN(0x4809d5ed, 0x8f0e1112)}}, + {{TOBN(0x3b414aa3, 0xda7a095e), TOBN(0x9049acf1, 0x26f5aadd), + TOBN(0x78d46a4d, 0x6be8b84a), TOBN(0xd66b1963, 0xb732b9b3)}, + {TOBN(0x5c2ac2a0, 0xde6e9555), TOBN(0xcf52d098, 0xb5bd8770), + TOBN(0x15a15fa6, 0x0fd28921), TOBN(0x56ccb81e, 0x8b27536d)}}, + {{TOBN(0x0f0d8ab8, 0x9f4ccbb8), TOBN(0xed5f44d2, 0xdb221729), + TOBN(0x43141988, 0x00bed10c), TOBN(0xc94348a4, 0x1d735b8b)}, + {TOBN(0x79f3e9c4, 0x29ef8479), TOBN(0x4c13a4e3, 0x614c693f), + TOBN(0x32c9af56, 0x8e143a14), TOBN(0xbc517799, 0xe29ac5c4)}}, + {{TOBN(0x05e17992, 0x2774856f), TOBN(0x6e52fb05, 0x6c1bf55f), + TOBN(0xaeda4225, 0xe4f19e16), TOBN(0x70f4728a, 0xaf5ccb26)}, + {TOBN(0x5d2118d1, 0xb2947f22), TOBN(0xc827ea16, 0x281d6fb9), + TOBN(0x8412328d, 0x8cf0eabd), TOBN(0x45ee9fb2, 0x03ef9dcf)}}, + {{TOBN(0x8e700421, 0xbb937d63), TOBN(0xdf8ff2d5, 0xcc4b37a6), + TOBN(0xa4c0d5b2, 0x5ced7b68), TOBN(0x6537c1ef, 0xc7308f59)}, + {TOBN(0x25ce6a26, 0x3b37f8e8), TOBN(0x170e9a9b, 0xdeebc6ce), + TOBN(0xdd037952, 0x8728d72c), TOBN(0x445b0e55, 0x850154bc)}}, + {{TOBN(0x4b7d0e06, 0x83a7337b), TOBN(0x1e3416d4, 0xffecf249), + TOBN(0x24840eff, 0x66a2b71f), TOBN(0xd0d9a50a, 0xb37cc26d)}, + {TOBN(0xe2198150, 0x6fe28ef7), TOBN(0x3cc5ef16, 0x23324c7f), + TOBN(0x220f3455, 0x769b5263), TOBN(0xe2ade2f1, 0xa10bf475)}}, + {{TOBN(0x28cd20fa, 0x458d3671), TOBN(0x1549722c, 0x2dc4847b), + TOBN(0x6dd01e55, 0x591941e3), TOBN(0x0e6fbcea, 0x27128ccb)}, + {TOBN(0xae1a1e6b, 0x3bef0262), TOBN(0xfa8c472c, 0x8f54e103), + TOBN(0x7539c0a8, 0x72c052ec), TOBN(0xd7b27369, 0x5a3490e9)}}, + {{TOBN(0x143fe1f1, 0x71684349), TOBN(0x36b4722e, 0x32e19b97), + TOBN(0xdc059227, 0x90980aff), TOBN(0x175c9c88, 0x9e13d674)}, + {TOBN(0xa7de5b22, 0x6e6bfdb1), TOBN(0x5ea5b7b2, 0xbedb4b46), + TOBN(0xd5570191, 0xd34a6e44), TOBN(0xfcf60d2e, 0xa24ff7e6)}}, + {{TOBN(0x614a392d, 0x677819e1), TOBN(0x7be74c7e, 0xaa5a29e8), + TOBN(0xab50fece, 0x63c85f3f), TOBN(0xaca2e2a9, 0x46cab337)}, + {TOBN(0x7f700388, 0x122a6fe3), TOBN(0xdb69f703, 0x882a04a8), + TOBN(0x9a77935d, 0xcf7aed57), TOBN(0xdf16207c, 0x8d91c86f)}}, + {{TOBN(0x2fca49ab, 0x63ed9998), TOBN(0xa3125c44, 0xa77ddf96), + TOBN(0x05dd8a86, 0x24344072), TOBN(0xa023dda2, 0xfec3fb56)}, + {TOBN(0x421b41fc, 0x0c743032), TOBN(0x4f2120c1, 0x5e438639), + TOBN(0xfb7cae51, 0xc83c1b07), TOBN(0xb2370caa, 0xcac2171a)}}, + {{TOBN(0x2eb2d962, 0x6cc820fb), TOBN(0x59feee5c, 0xb85a44bf), + TOBN(0x94620fca, 0x5b6598f0), TOBN(0x6b922cae, 0x7e314051)}, + {TOBN(0xff8745ad, 0x106bed4e), TOBN(0x546e71f5, 0xdfa1e9ab), + TOBN(0x935c1e48, 0x1ec29487), TOBN(0x9509216c, 0x4d936530)}}, + {{TOBN(0xc7ca3067, 0x85c9a2db), TOBN(0xd6ae5152, 0x6be8606f), + TOBN(0x09dbcae6, 0xe14c651d), TOBN(0xc9536e23, 0x9bc32f96)}, + {TOBN(0xa90535a9, 0x34521b03), TOBN(0xf39c526c, 0x878756ff), + TOBN(0x383172ec, 0x8aedf03c), TOBN(0x20a8075e, 0xefe0c034)}}, + {{TOBN(0xf22f9c62, 0x64026422), TOBN(0x8dd10780, 0x24b9d076), + TOBN(0x944c742a, 0x3bef2950), TOBN(0x55b9502e, 0x88a2b00b)}, + {TOBN(0xa59e14b4, 0x86a09817), TOBN(0xa39dd3ac, 0x47bb4071), + TOBN(0x55137f66, 0x3be0592f), TOBN(0x07fcafd4, 0xc9e63f5b)}}, + {{TOBN(0x963652ee, 0x346eb226), TOBN(0x7dfab085, 0xec2facb7), + TOBN(0x273bf2b8, 0x691add26), TOBN(0x30d74540, 0xf2b46c44)}, + {TOBN(0x05e8e73e, 0xf2c2d065), TOBN(0xff9b8a00, 0xd42eeac9), + TOBN(0x2fcbd205, 0x97209d22), TOBN(0xeb740ffa, 0xde14ea2c)}}, + {{TOBN(0xc71ff913, 0xa8aef518), TOBN(0x7bfc74bb, 0xfff4cfa2), + TOBN(0x1716680c, 0xb6b36048), TOBN(0x121b2cce, 0x9ef79af1)}, + {TOBN(0xbff3c836, 0xa01eb3d3), TOBN(0x50eb1c6a, 0x5f79077b), + TOBN(0xa48c32d6, 0xa004bbcf), TOBN(0x47a59316, 0x7d64f61d)}}, + {{TOBN(0x6068147f, 0x93102016), TOBN(0x12c5f654, 0x94d12576), + TOBN(0xefb071a7, 0xc9bc6b91), TOBN(0x7c2da0c5, 0x6e23ea95)}, + {TOBN(0xf4fd45b6, 0xd4a1dd5d), TOBN(0x3e7ad9b6, 0x9122b13c), + TOBN(0x342ca118, 0xe6f57a48), TOBN(0x1c2e94a7, 0x06f8288f)}}, + {{TOBN(0x99e68f07, 0x5a97d231), TOBN(0x7c80de97, 0x4d838758), + TOBN(0xbce0f5d0, 0x05872727), TOBN(0xbe5d95c2, 0x19c4d016)}, + {TOBN(0x921d5cb1, 0x9c2492ee), TOBN(0x42192dc1, 0x404d6fb3), + TOBN(0x4c84dcd1, 0x32f988d3), TOBN(0xde26d61f, 0xa17b8e85)}}, + {{TOBN(0xc466dcb6, 0x137c7408), TOBN(0x9a38d7b6, 0x36a266da), + TOBN(0x7ef5cb06, 0x83bebf1b), TOBN(0xe5cdcbbf, 0x0fd014e3)}, + {TOBN(0x30aa376d, 0xf65965a0), TOBN(0x60fe88c2, 0xebb3e95e), + TOBN(0x33fd0b61, 0x66ee6f20), TOBN(0x8827dcdb, 0x3f41f0a0)}}, + {{TOBN(0xbf8a9d24, 0x0c56c690), TOBN(0x40265dad, 0xddb7641d), + TOBN(0x522b05bf, 0x3a6b662b), TOBN(0x466d1dfe, 0xb1478c9b)}, + {TOBN(0xaa616962, 0x1484469b), TOBN(0x0db60549, 0x02df8f9f), + TOBN(0xc37bca02, 0x3cb8bf51), TOBN(0x5effe346, 0x21371ce8)}}, + {{TOBN(0xe8f65264, 0xff112c32), TOBN(0x8a9c736d, 0x7b971fb2), + TOBN(0xa4f19470, 0x7b75080d), TOBN(0xfc3f2c5a, 0x8839c59b)}, + {TOBN(0x1d6c777e, 0x5aeb49c2), TOBN(0xf3db034d, 0xda1addfe), + TOBN(0xd76fee5a, 0x5535affc), TOBN(0x0853ac70, 0xb92251fd)}}, + {{TOBN(0x37e3d594, 0x8b2a29d5), TOBN(0x28f1f457, 0x4de00ddb), + TOBN(0x8083c1b5, 0xf42c328b), TOBN(0xd8ef1d8f, 0xe493c73b)}, + {TOBN(0x96fb6260, 0x41dc61bd), TOBN(0xf74e8a9d, 0x27ee2f8a), + TOBN(0x7c605a80, 0x2c946a5d), TOBN(0xeed48d65, 0x3839ccfd)}}, + {{TOBN(0x9894344f, 0x3a29467a), TOBN(0xde81e949, 0xc51eba6d), + TOBN(0xdaea066b, 0xa5e5c2f2), TOBN(0x3fc8a614, 0x08c8c7b3)}, + {TOBN(0x7adff88f, 0x06d0de9f), TOBN(0xbbc11cf5, 0x3b75ce0a), + TOBN(0x9fbb7acc, 0xfbbc87d5), TOBN(0xa1458e26, 0x7badfde2)}}}, + {{{TOBN(0x1cb43668, 0xe039c256), TOBN(0x5f26fb8b, 0x7c17fd5d), + TOBN(0xeee426af, 0x79aa062b), TOBN(0x072002d0, 0xd78fbf04)}, + {TOBN(0x4c9ca237, 0xe84fb7e3), TOBN(0xb401d8a1, 0x0c82133d), + TOBN(0xaaa52592, 0x6d7e4181), TOBN(0xe9430833, 0x73dbb152)}}, + {{TOBN(0xf92dda31, 0xbe24319a), TOBN(0x03f7d28b, 0xe095a8e7), + TOBN(0xa52fe840, 0x98782185), TOBN(0x276ddafe, 0x29c24dbc)}, + {TOBN(0x80cd5496, 0x1d7a64eb), TOBN(0xe4360889, 0x7f1dbe42), + TOBN(0x2f81a877, 0x8438d2d5), TOBN(0x7e4d52a8, 0x85169036)}}, + {{TOBN(0x19e3d5b1, 0x1d59715d), TOBN(0xc7eaa762, 0xd788983e), + TOBN(0xe5a730b0, 0xabf1f248), TOBN(0xfbab8084, 0xfae3fd83)}, + {TOBN(0x65e50d21, 0x53765b2f), TOBN(0xbdd4e083, 0xfa127f3d), + TOBN(0x9cf3c074, 0x397b1b10), TOBN(0x59f8090c, 0xb1b59fd3)}}, + {{TOBN(0x7b15fd9d, 0x615faa8f), TOBN(0x8fa1eb40, 0x968554ed), + TOBN(0x7bb4447e, 0x7aa44882), TOBN(0x2bb2d0d1, 0x029fff32)}, + {TOBN(0x075e2a64, 0x6caa6d2f), TOBN(0x8eb879de, 0x22e7351b), + TOBN(0xbcd5624e, 0x9a506c62), TOBN(0x218eaef0, 0xa87e24dc)}}, + {{TOBN(0x37e56847, 0x44ddfa35), TOBN(0x9ccfc5c5, 0xdab3f747), + TOBN(0x9ac1df3f, 0x1ee96cf4), TOBN(0x0c0571a1, 0x3b480b8f)}, + {TOBN(0x2fbeb3d5, 0x4b3a7b3c), TOBN(0x35c03669, 0x5dcdbb99), + TOBN(0x52a0f5dc, 0xb2415b3a), TOBN(0xd57759b4, 0x4413ed9a)}}, + {{TOBN(0x1fe647d8, 0x3d30a2c5), TOBN(0x0857f77e, 0xf78a81dc), + TOBN(0x11d5a334, 0x131a4a9b), TOBN(0xc0a94af9, 0x29d393f5)}, + {TOBN(0xbc3a5c0b, 0xdaa6ec1a), TOBN(0xba9fe493, 0x88d2d7ed), + TOBN(0xbb4335b4, 0xbb614797), TOBN(0x991c4d68, 0x72f83533)}}, + {{TOBN(0x53258c28, 0xd2f01cb3), TOBN(0x93d6eaa3, 0xd75db0b1), + TOBN(0x419a2b0d, 0xe87d0db4), TOBN(0xa1e48f03, 0xd8fe8493)}, + {TOBN(0xf747faf6, 0xc508b23a), TOBN(0xf137571a, 0x35d53549), + TOBN(0x9f5e58e2, 0xfcf9b838), TOBN(0xc7186cee, 0xa7fd3cf5)}}, + {{TOBN(0x77b868ce, 0xe978a1d3), TOBN(0xe3a68b33, 0x7ab92d04), + TOBN(0x51029794, 0x87a5b862), TOBN(0x5f0606c3, 0x3a61d41d)}, + {TOBN(0x2814be27, 0x6f9326f1), TOBN(0x2f521c14, 0xc6fe3c2e), + TOBN(0x17464d7d, 0xacdf7351), TOBN(0x10f5f9d3, 0x777f7e44)}}, + {{TOBN(0xce8e616b, 0x269fb37d), TOBN(0xaaf73804, 0x7de62de5), + TOBN(0xaba11175, 0x4fdd4153), TOBN(0x515759ba, 0x3770b49b)}, + {TOBN(0x8b09ebf8, 0xaa423a61), TOBN(0x592245a1, 0xcd41fb92), + TOBN(0x1cba8ec1, 0x9b4c8936), TOBN(0xa87e91e3, 0xaf36710e)}}, + {{TOBN(0x1fd84ce4, 0x3d34a2e3), TOBN(0xee3759ce, 0xb43b5d61), + TOBN(0x895bc78c, 0x619186c7), TOBN(0xf19c3809, 0xcbb9725a)}, + {TOBN(0xc0be21aa, 0xde744b1f), TOBN(0xa7d222b0, 0x60f8056b), + TOBN(0x74be6157, 0xb23efe11), TOBN(0x6fab2b4f, 0x0cd68253)}}, + {{TOBN(0xad33ea5f, 0x4bf1d725), TOBN(0x9c1d8ee2, 0x4f6c950f), + TOBN(0x544ee78a, 0xa377af06), TOBN(0x54f489bb, 0x94a113e1)}, + {TOBN(0x8f11d634, 0x992fb7e8), TOBN(0x0169a7aa, 0xa2a44347), + TOBN(0x1d49d4af, 0x95020e00), TOBN(0x95945722, 0xe08e120b)}}, + {{TOBN(0xb6e33878, 0xa4d32282), TOBN(0xe36e029d, 0x48020ae7), + TOBN(0xe05847fb, 0x37a9b750), TOBN(0xf876812c, 0xb29e3819)}, + {TOBN(0x84ad138e, 0xd23a17f0), TOBN(0x6d7b4480, 0xf0b3950e), + TOBN(0xdfa8aef4, 0x2fd67ae0), TOBN(0x8d3eea24, 0x52333af6)}}, + {{TOBN(0x0d052075, 0xb15d5acc), TOBN(0xc6d9c79f, 0xbd815bc4), + TOBN(0x8dcafd88, 0xdfa36cf2), TOBN(0x908ccbe2, 0x38aa9070)}, + {TOBN(0x638722c4, 0xba35afce), TOBN(0x5a3da8b0, 0xfd6abf0b), + TOBN(0x2dce252c, 0xc9c335c1), TOBN(0x84e7f0de, 0x65aa799b)}}, + {{TOBN(0x2101a522, 0xb99a72cb), TOBN(0x06de6e67, 0x87618016), + TOBN(0x5ff8c7cd, 0xe6f3653e), TOBN(0x0a821ab5, 0xc7a6754a)}, + {TOBN(0x7e3fa52b, 0x7cb0b5a2), TOBN(0xa7fb121c, 0xc9048790), + TOBN(0x1a725020, 0x06ce053a), TOBN(0xb490a31f, 0x04e929b0)}}, + {{TOBN(0xe17be47d, 0x62dd61ad), TOBN(0x781a961c, 0x6be01371), + TOBN(0x1063bfd3, 0xdae3cbba), TOBN(0x35647406, 0x7f73c9ba)}, + {TOBN(0xf50e957b, 0x2736a129), TOBN(0xa6313702, 0xed13f256), + TOBN(0x9436ee65, 0x3a19fcc5), TOBN(0xcf2bdb29, 0xe7a4c8b6)}}, + {{TOBN(0xb06b1244, 0xc5f95cd8), TOBN(0xda8c8af0, 0xf4ab95f4), + TOBN(0x1bae59c2, 0xb9e5836d), TOBN(0x07d51e7e, 0x3acffffc)}, + {TOBN(0x01e15e6a, 0xc2ccbcda), TOBN(0x3bc1923f, 0x8528c3e0), + TOBN(0x43324577, 0xa49fead4), TOBN(0x61a1b884, 0x2aa7a711)}}, + {{TOBN(0xf9a86e08, 0x700230ef), TOBN(0x0af585a1, 0xbd19adf8), + TOBN(0x7645f361, 0xf55ad8f2), TOBN(0x6e676223, 0x46c3614c)}, + {TOBN(0x23cb257c, 0x4e774d3f), TOBN(0x82a38513, 0xac102d1b), + TOBN(0x9bcddd88, 0x7b126aa5), TOBN(0xe716998b, 0xeefd3ee4)}}, + {{TOBN(0x4239d571, 0xfb167583), TOBN(0xdd011c78, 0xd16c8f8a), + TOBN(0x271c2895, 0x69a27519), TOBN(0x9ce0a3b7, 0xd2d64b6a)}, + {TOBN(0x8c977289, 0xd5ec6738), TOBN(0xa3b49f9a, 0x8840ef6b), + TOBN(0x808c14c9, 0x9a453419), TOBN(0x5c00295b, 0x0cf0a2d5)}}, + {{TOBN(0x524414fb, 0x1d4bcc76), TOBN(0xb07691d2, 0x459a88f1), + TOBN(0x77f43263, 0xf70d110f), TOBN(0x64ada5e0, 0xb7abf9f3)}, + {TOBN(0xafd0f94e, 0x5b544cf5), TOBN(0xb4a13a15, 0xfd2713fe), + TOBN(0xb99b7d6e, 0x250c74f4), TOBN(0x097f2f73, 0x20324e45)}}, + {{TOBN(0x994b37d8, 0xaffa8208), TOBN(0xc3c31b0b, 0xdc29aafc), + TOBN(0x3da74651, 0x7a3a607f), TOBN(0xd8e1b8c1, 0xfe6955d6)}, + {TOBN(0x716e1815, 0xc8418682), TOBN(0x541d487f, 0x7dc91d97), + TOBN(0x48a04669, 0xc6996982), TOBN(0xf39cab15, 0x83a6502e)}}, + {{TOBN(0x025801a0, 0xe68db055), TOBN(0xf3569758, 0xba3338d5), + TOBN(0xb0c8c0aa, 0xee2afa84), TOBN(0x4f6985d3, 0xfb6562d1)}, + {TOBN(0x351f1f15, 0x132ed17a), TOBN(0x510ed0b4, 0xc04365fe), + TOBN(0xa3f98138, 0xe5b1f066), TOBN(0xbc9d95d6, 0x32df03dc)}}, + {{TOBN(0xa83ccf6e, 0x19abd09e), TOBN(0x0b4097c1, 0x4ff17edb), + TOBN(0x58a5c478, 0xd64a06ce), TOBN(0x2ddcc3fd, 0x544a58fd)}, + {TOBN(0xd449503d, 0x9e8153b8), TOBN(0x3324fd02, 0x7774179b), + TOBN(0xaf5d47c8, 0xdbd9120c), TOBN(0xeb860162, 0x34fa94db)}}, + {{TOBN(0x5817bdd1, 0x972f07f4), TOBN(0xe5579e2e, 0xd27bbceb), + TOBN(0x86847a1f, 0x5f11e5a6), TOBN(0xb39ed255, 0x7c3cf048)}, + {TOBN(0xe1076417, 0xa2f62e55), TOBN(0x6b9ab38f, 0x1bcf82a2), + TOBN(0x4bb7c319, 0x7aeb29f9), TOBN(0xf6d17da3, 0x17227a46)}}, + {{TOBN(0xab53ddbd, 0x0f968c00), TOBN(0xa03da7ec, 0x000c880b), + TOBN(0x7b239624, 0x6a9ad24d), TOBN(0x612c0401, 0x01ec60d0)}, + {TOBN(0x70d10493, 0x109f5df1), TOBN(0xfbda4030, 0x80af7550), + TOBN(0x30b93f95, 0xc6b9a9b3), TOBN(0x0c74ec71, 0x007d9418)}}, + {{TOBN(0x94175564, 0x6edb951f), TOBN(0x5f4a9d78, 0x7f22c282), + TOBN(0xb7870895, 0xb38d1196), TOBN(0xbc593df3, 0xa228ce7c)}, + {TOBN(0xc78c5bd4, 0x6af3641a), TOBN(0x7802200b, 0x3d9b3dcc), + TOBN(0x0dc73f32, 0x8be33304), TOBN(0x847ed87d, 0x61ffb79a)}}, + {{TOBN(0xf85c974e, 0x6d671192), TOBN(0x1e14100a, 0xde16f60f), + TOBN(0x45cb0d5a, 0x95c38797), TOBN(0x18923bba, 0x9b022da4)}, + {TOBN(0xef2be899, 0xbbe7e86e), TOBN(0x4a1510ee, 0x216067bf), + TOBN(0xd98c8154, 0x84d5ce3e), TOBN(0x1af777f0, 0xf92a2b90)}}, + {{TOBN(0x9fbcb400, 0x4ef65724), TOBN(0x3e04a4c9, 0x3c0ca6fe), + TOBN(0xfb3e2cb5, 0x55002994), TOBN(0x1f3a93c5, 0x5363ecab)}, + {TOBN(0x1fe00efe, 0x3923555b), TOBN(0x744bedd9, 0x1e1751ea), + TOBN(0x3fb2db59, 0x6ab69357), TOBN(0x8dbd7365, 0xf5e6618b)}}, + {{TOBN(0x99d53099, 0xdf1ea40e), TOBN(0xb3f24a0b, 0x57d61e64), + TOBN(0xd088a198, 0x596eb812), TOBN(0x22c8361b, 0x5762940b)}, + {TOBN(0x66f01f97, 0xf9c0d95c), TOBN(0x88461172, 0x8e43cdae), + TOBN(0x11599a7f, 0xb72b15c3), TOBN(0x135a7536, 0x420d95cc)}}, + {{TOBN(0x2dcdf0f7, 0x5f7ae2f6), TOBN(0x15fc6e1d, 0xd7fa6da2), + TOBN(0x81ca829a, 0xd1d441b6), TOBN(0x84c10cf8, 0x04a106b6)}, + {TOBN(0xa9b26c95, 0xa73fbbd0), TOBN(0x7f24e0cb, 0x4d8f6ee8), + TOBN(0x48b45937, 0x1e25a043), TOBN(0xf8a74fca, 0x036f3dfe)}}, + {{TOBN(0x1ed46585, 0xc9f84296), TOBN(0x7fbaa8fb, 0x3bc278b0), + TOBN(0xa8e96cd4, 0x6c4fcbd0), TOBN(0x940a1202, 0x73b60a5f)}, + {TOBN(0x34aae120, 0x55a4aec8), TOBN(0x550e9a74, 0xdbd742f0), + TOBN(0x794456d7, 0x228c68ab), TOBN(0x492f8868, 0xa4e25ec6)}}, + {{TOBN(0x682915ad, 0xb2d8f398), TOBN(0xf13b51cc, 0x5b84c953), + TOBN(0xcda90ab8, 0x5bb917d6), TOBN(0x4b615560, 0x4ea3dee1)}, + {TOBN(0x578b4e85, 0x0a52c1c8), TOBN(0xeab1a695, 0x20b75fc4), + TOBN(0x60c14f3c, 0xaa0bb3c6), TOBN(0x220f448a, 0xb8216094)}}, + {{TOBN(0x4fe7ee31, 0xb0e63d34), TOBN(0xf4600572, 0xa9e54fab), + TOBN(0xc0493334, 0xd5e7b5a4), TOBN(0x8589fb92, 0x06d54831)}, + {TOBN(0xaa70f5cc, 0x6583553a), TOBN(0x0879094a, 0xe25649e5), + TOBN(0xcc904507, 0x10044652), TOBN(0xebb0696d, 0x02541c4f)}}, + {{TOBN(0x5a171fde, 0xb9718710), TOBN(0x38f1bed8, 0xf374a9f5), + TOBN(0xc8c582e1, 0xba39bdc1), TOBN(0xfc457b0a, 0x908cc0ce)}, + {TOBN(0x9a187fd4, 0x883841e2), TOBN(0x8ec25b39, 0x38725381), + TOBN(0x2553ed05, 0x96f84395), TOBN(0x095c7661, 0x6f6c6897)}}, + {{TOBN(0x917ac85c, 0x4bdc5610), TOBN(0xb2885fe4, 0x179eb301), + TOBN(0x5fc65547, 0x8b78bdcc), TOBN(0x4a9fc893, 0xe59e4699)}, + {TOBN(0xbb7ff0cd, 0x3ce299af), TOBN(0x195be9b3, 0xadf38b20), + TOBN(0x6a929c87, 0xd38ddb8f), TOBN(0x55fcc99c, 0xb21a51b9)}}, + {{TOBN(0x2b695b4c, 0x721a4593), TOBN(0xed1e9a15, 0x768eaac2), + TOBN(0xfb63d71c, 0x7489f914), TOBN(0xf98ba31c, 0x78118910)}, + {TOBN(0x80291373, 0x9b128eb4), TOBN(0x7801214e, 0xd448af4a), + TOBN(0xdbd2e22b, 0x55418dd3), TOBN(0xeffb3c0d, 0xd3998242)}}, + {{TOBN(0xdfa6077c, 0xc7bf3827), TOBN(0xf2165bcb, 0x47f8238f), + TOBN(0xfe37cf68, 0x8564d554), TOBN(0xe5f825c4, 0x0a81fb98)}, + {TOBN(0x43cc4f67, 0xffed4d6f), TOBN(0xbc609578, 0xb50a34b0), + TOBN(0x8aa8fcf9, 0x5041faf1), TOBN(0x5659f053, 0x651773b6)}}, + {{TOBN(0xe87582c3, 0x6044d63b), TOBN(0xa6089409, 0x0cdb0ca0), + TOBN(0x8c993e0f, 0xbfb2bcf6), TOBN(0xfc64a719, 0x45985cfc)}, + {TOBN(0x15c4da80, 0x83dbedba), TOBN(0x804ae112, 0x2be67df7), + TOBN(0xda4c9658, 0xa23defde), TOBN(0x12002ddd, 0x5156e0d3)}}, + {{TOBN(0xe68eae89, 0x5dd21b96), TOBN(0x8b99f28b, 0xcf44624d), + TOBN(0x0ae00808, 0x1ec8897a), TOBN(0xdd0a9303, 0x6712f76e)}, + {TOBN(0x96237522, 0x4e233de4), TOBN(0x192445b1, 0x2b36a8a5), + TOBN(0xabf9ff74, 0x023993d9), TOBN(0x21f37bf4, 0x2aad4a8f)}}, + {{TOBN(0x340a4349, 0xf8bd2bbd), TOBN(0x1d902cd9, 0x4868195d), + TOBN(0x3d27bbf1, 0xe5fdb6f1), TOBN(0x7a5ab088, 0x124f9f1c)}, + {TOBN(0xc466ab06, 0xf7a09e03), TOBN(0x2f8a1977, 0x31f2c123), + TOBN(0xda355dc7, 0x041b6657), TOBN(0xcb840d12, 0x8ece2a7c)}}, + {{TOBN(0xb600ad9f, 0x7db32675), TOBN(0x78fea133, 0x07a06f1b), + TOBN(0x5d032269, 0xb31f6094), TOBN(0x07753ef5, 0x83ec37aa)}, + {TOBN(0x03485aed, 0x9c0bea78), TOBN(0x41bb3989, 0xbc3f4524), + TOBN(0x09403761, 0x697f726d), TOBN(0x6109beb3, 0xdf394820)}}, + {{TOBN(0x804111ea, 0x3b6d1145), TOBN(0xb6271ea9, 0xa8582654), + TOBN(0x619615e6, 0x24e66562), TOBN(0xa2554945, 0xd7b6ad9c)}, + {TOBN(0xd9c4985e, 0x99bfe35f), TOBN(0x9770ccc0, 0x7b51cdf6), + TOBN(0x7c327013, 0x92881832), TOBN(0x8777d45f, 0x286b26d1)}}, + {{TOBN(0x9bbeda22, 0xd847999d), TOBN(0x03aa33b6, 0xc3525d32), + TOBN(0x4b7b96d4, 0x28a959a1), TOBN(0xbb3786e5, 0x31e5d234)}, + {TOBN(0xaeb5d3ce, 0x6961f247), TOBN(0x20aa85af, 0x02f93d3f), + TOBN(0x9cd1ad3d, 0xd7a7ae4f), TOBN(0xbf6688f0, 0x781adaa8)}}, + {{TOBN(0xb1b40e86, 0x7469cead), TOBN(0x1904c524, 0x309fca48), + TOBN(0x9b7312af, 0x4b54bbc7), TOBN(0xbe24bf8f, 0x593affa2)}, + {TOBN(0xbe5e0790, 0xbd98764b), TOBN(0xa0f45f17, 0xa26e299e), + TOBN(0x4af0d2c2, 0x6b8fe4c7), TOBN(0xef170db1, 0x8ae8a3e6)}}, + {{TOBN(0x0e8d61a0, 0x29e0ccc1), TOBN(0xcd53e87e, 0x60ad36ca), + TOBN(0x328c6623, 0xc8173822), TOBN(0x7ee1767d, 0xa496be55)}, + {TOBN(0x89f13259, 0x648945af), TOBN(0x9e45a5fd, 0x25c8009c), + TOBN(0xaf2febd9, 0x1f61ab8c), TOBN(0x43f6bc86, 0x8a275385)}}, + {{TOBN(0x87792348, 0xf2142e79), TOBN(0x17d89259, 0xc6e6238a), + TOBN(0x7536d2f6, 0x4a839d9b), TOBN(0x1f428fce, 0x76a1fbdc)}, + {TOBN(0x1c109601, 0x0db06dfe), TOBN(0xbfc16bc1, 0x50a3a3cc), + TOBN(0xf9cbd9ec, 0x9b30f41b), TOBN(0x5b5da0d6, 0x00138cce)}}, + {{TOBN(0xec1d0a48, 0x56ef96a7), TOBN(0xb47eb848, 0x982bf842), + TOBN(0x66deae32, 0xec3f700d), TOBN(0x4e43c42c, 0xaa1181e0)}, + {TOBN(0xa1d72a31, 0xd1a4aa2a), TOBN(0x440d4668, 0xc004f3ce), + TOBN(0x0d6a2d3b, 0x45fe8a7a), TOBN(0x820e52e2, 0xfb128365)}}, + {{TOBN(0x29ac5fcf, 0x25e51b09), TOBN(0x180cd2bf, 0x2023d159), + TOBN(0xa9892171, 0xa1ebf90e), TOBN(0xf97c4c87, 0x7c132181)}, + {TOBN(0x9f1dc724, 0xc03dbb7e), TOBN(0xae043765, 0x018cbbe4), + TOBN(0xfb0b2a36, 0x0767d153), TOBN(0xa8e2f4d6, 0x249cbaeb)}}, + {{TOBN(0x172a5247, 0xd95ea168), TOBN(0x1758fada, 0x2970764a), + TOBN(0xac803a51, 0x1d978169), TOBN(0x299cfe2e, 0xde77e01b)}, + {TOBN(0x652a1e17, 0xb0a98927), TOBN(0x2e26e1d1, 0x20014495), + TOBN(0x7ae0af9f, 0x7175b56a), TOBN(0xc2e22a80, 0xd64b9f95)}}, + {{TOBN(0x4d0ff9fb, 0xd90a060a), TOBN(0x496a27db, 0xbaf38085), + TOBN(0x32305401, 0xda776bcf), TOBN(0xb8cdcef6, 0x725f209e)}, + {TOBN(0x61ba0f37, 0x436a0bba), TOBN(0x263fa108, 0x76860049), + TOBN(0x92beb98e, 0xda3542cf), TOBN(0xa2d4d14a, 0xd5849538)}}, + {{TOBN(0x989b9d68, 0x12e9a1bc), TOBN(0x61d9075c, 0x5f6e3268), + TOBN(0x352c6aa9, 0x99ace638), TOBN(0xde4e4a55, 0x920f43ff)}, + {TOBN(0xe5e4144a, 0xd673c017), TOBN(0x667417ae, 0x6f6e05ea), + TOBN(0x613416ae, 0xdcd1bd56), TOBN(0x5eb36201, 0x86693711)}}, + {{TOBN(0x2d7bc504, 0x3a1aa914), TOBN(0x175a1299, 0x76dc5975), + TOBN(0xe900e0f2, 0x3fc8125c), TOBN(0x569ef68c, 0x11198875)}, + {TOBN(0x9012db63, 0x63a113b4), TOBN(0xe3bd3f56, 0x98835766), + TOBN(0xa5c94a52, 0x76412dea), TOBN(0xad9e2a09, 0xaa735e5c)}}, + {{TOBN(0x405a984c, 0x508b65e9), TOBN(0xbde4a1d1, 0x6df1a0d1), + TOBN(0x1a9433a1, 0xdfba80da), TOBN(0xe9192ff9, 0x9440ad2e)}, + {TOBN(0x9f649696, 0x5099fe92), TOBN(0x25ddb65c, 0x0b27a54a), + TOBN(0x178279dd, 0xc590da61), TOBN(0x5479a999, 0xfbde681a)}}, + {{TOBN(0xd0e84e05, 0x013fe162), TOBN(0xbe11dc92, 0x632d471b), + TOBN(0xdf0b0c45, 0xfc0e089f), TOBN(0x04fb15b0, 0x4c144025)}, + {TOBN(0xa61d5fc2, 0x13c99927), TOBN(0xa033e9e0, 0x3de2eb35), + TOBN(0xf8185d5c, 0xb8dacbb4), TOBN(0x9a88e265, 0x8644549d)}}, + {{TOBN(0xf717af62, 0x54671ff6), TOBN(0x4bd4241b, 0x5fa58603), + TOBN(0x06fba40b, 0xe67773c0), TOBN(0xc1d933d2, 0x6a2847e9)}, + {TOBN(0xf4f5acf3, 0x689e2c70), TOBN(0x92aab0e7, 0x46bafd31), + TOBN(0x798d76aa, 0x3473f6e5), TOBN(0xcc6641db, 0x93141934)}}, + {{TOBN(0xcae27757, 0xd31e535e), TOBN(0x04cc43b6, 0x87c2ee11), + TOBN(0x8d1f9675, 0x2e029ffa), TOBN(0xc2150672, 0xe4cc7a2c)}, + {TOBN(0x3b03c1e0, 0x8d68b013), TOBN(0xa9d6816f, 0xedf298f3), + TOBN(0x1bfbb529, 0xa2804464), TOBN(0x95a52fae, 0x5db22125)}}, + {{TOBN(0x55b32160, 0x0e1cb64e), TOBN(0x004828f6, 0x7e7fc9fe), + TOBN(0x13394b82, 0x1bb0fb93), TOBN(0xb6293a2d, 0x35f1a920)}, + {TOBN(0xde35ef21, 0xd145d2d9), TOBN(0xbe6225b3, 0xbb8fa603), + TOBN(0x00fc8f6b, 0x32cf252d), TOBN(0xa28e52e6, 0x117cf8c2)}}, + {{TOBN(0x9d1dc89b, 0x4c371e6d), TOBN(0xcebe0675, 0x36ef0f28), + TOBN(0x5de05d09, 0xa4292f81), TOBN(0xa8303593, 0x353e3083)}, + {TOBN(0xa1715b0a, 0x7e37a9bb), TOBN(0x8c56f61e, 0x2b8faec3), + TOBN(0x52507431, 0x33c9b102), TOBN(0x0130cefc, 0xa44431f0)}}, + {{TOBN(0x56039fa0, 0xbd865cfb), TOBN(0x4b03e578, 0xbc5f1dd7), + TOBN(0x40edf2e4, 0xbabe7224), TOBN(0xc752496d, 0x3a1988f6)}, + {TOBN(0xd1572d3b, 0x564beb6b), TOBN(0x0db1d110, 0x39a1c608), + TOBN(0x568d1934, 0x16f60126), TOBN(0x05ae9668, 0xf354af33)}}, + {{TOBN(0x19de6d37, 0xc92544f2), TOBN(0xcc084353, 0xa35837d5), + TOBN(0xcbb6869c, 0x1a514ece), TOBN(0xb633e728, 0x2e1d1066)}, + {TOBN(0xf15dd69f, 0x936c581c), TOBN(0x96e7b8ce, 0x7439c4f9), + TOBN(0x5e676f48, 0x2e448a5b), TOBN(0xb2ca7d5b, 0xfd916bbb)}}, + {{TOBN(0xd55a2541, 0xf5024025), TOBN(0x47bc5769, 0xe4c2d937), + TOBN(0x7d31b92a, 0x0362189f), TOBN(0x83f3086e, 0xef7816f9)}, + {TOBN(0xf9f46d94, 0xb587579a), TOBN(0xec2d22d8, 0x30e76c5f), + TOBN(0x27d57461, 0xb000ffcf), TOBN(0xbb7e65f9, 0x364ffc2c)}}, + {{TOBN(0x7c7c9477, 0x6652a220), TOBN(0x61618f89, 0xd696c981), + TOBN(0x5021701d, 0x89effff3), TOBN(0xf2c8ff8e, 0x7c314163)}, + {TOBN(0x2da413ad, 0x8efb4d3e), TOBN(0x937b5adf, 0xce176d95), + TOBN(0x22867d34, 0x2a67d51c), TOBN(0x262b9b10, 0x18eb3ac9)}}, + {{TOBN(0x4e314fe4, 0xc43ff28b), TOBN(0x76476627, 0x6a664e7a), + TOBN(0x3e90e40b, 0xb7a565c2), TOBN(0x8588993a, 0xc1acf831)}, + {TOBN(0xd7b501d6, 0x8f938829), TOBN(0x996627ee, 0x3edd7d4c), + TOBN(0x37d44a62, 0x90cd34c7), TOBN(0xa8327499, 0xf3833e8d)}}, + {{TOBN(0x2e18917d, 0x4bf50353), TOBN(0x85dd726b, 0x556765fb), + TOBN(0x54fe65d6, 0x93d5ab66), TOBN(0x3ddbaced, 0x915c25fe)}, + {TOBN(0xa799d9a4, 0x12f22e85), TOBN(0xe2a24867, 0x6d06f6bc), + TOBN(0xf4f1ee56, 0x43ca1637), TOBN(0xfda2828b, 0x61ece30a)}}, + {{TOBN(0x758c1a3e, 0xa2dee7a6), TOBN(0xdcde2f3c, 0x734b2284), + TOBN(0xaba445d2, 0x4eaba6ad), TOBN(0x35aaf668, 0x76cee0a7)}, + {TOBN(0x7e0b04a9, 0xe5aa049a), TOBN(0xe74083ad, 0x91103e84), + TOBN(0xbeb183ce, 0x40afecc3), TOBN(0x6b89de9f, 0xea043f7a)}}}, + {{{TOBN(0x0e299d23, 0xfe67ba66), TOBN(0x91450760, 0x93cf2f34), + TOBN(0xf45b5ea9, 0x97fcf913), TOBN(0x5be00843, 0x8bd7ddda)}, + {TOBN(0x358c3e05, 0xd53ff04d), TOBN(0xbf7ccdc3, 0x5de91ef7), + TOBN(0xad684dbf, 0xb69ec1a0), TOBN(0x367e7cf2, 0x801fd997)}}, + {{TOBN(0x0ca1f3b7, 0xb0dc8595), TOBN(0x27de4608, 0x9f1d9f2e), + TOBN(0x1af3bf39, 0xbadd82a7), TOBN(0x79356a79, 0x65862448)}, + {TOBN(0xc0602345, 0xf5f9a052), TOBN(0x1a8b0f89, 0x139a42f9), + TOBN(0xb53eee42, 0x844d40fc), TOBN(0x93b0bfe5, 0x4e5b6368)}}, + {{TOBN(0x5434dd02, 0xc024789c), TOBN(0x90dca9ea, 0x41b57bfc), + TOBN(0x8aa898e2, 0x243398df), TOBN(0xf607c834, 0x894a94bb)}, + {TOBN(0xbb07be97, 0xc2c99b76), TOBN(0x6576ba67, 0x18c29302), + TOBN(0x3d79efcc, 0xe703a88c), TOBN(0xf259ced7, 0xb6a0d106)}}, + {{TOBN(0x0f893a5d, 0xc8de610b), TOBN(0xe8c515fb, 0x67e223ce), + TOBN(0x7774bfa6, 0x4ead6dc5), TOBN(0x89d20f95, 0x925c728f)}, + {TOBN(0x7a1e0966, 0x098583ce), TOBN(0xa2eedb94, 0x93f2a7d7), + TOBN(0x1b282097, 0x4c304d4a), TOBN(0x0842e3da, 0xc077282d)}}, + {{TOBN(0xe4d972a3, 0x3b9e2d7b), TOBN(0x7cc60b27, 0xc48218ff), + TOBN(0x8fc70838, 0x84149d91), TOBN(0x5c04346f, 0x2f461ecc)}, + {TOBN(0xebe9fdf2, 0x614650a9), TOBN(0x5e35b537, 0xc1f666ac), + TOBN(0x645613d1, 0x88babc83), TOBN(0x88cace3a, 0xc5e1c93e)}}, + {{TOBN(0x209ca375, 0x3de92e23), TOBN(0xccb03cc8, 0x5fbbb6e3), + TOBN(0xccb90f03, 0xd7b1487e), TOBN(0xfa9c2a38, 0xc710941f)}, + {TOBN(0x756c3823, 0x6724ceed), TOBN(0x3a902258, 0x192d0323), + TOBN(0xb150e519, 0xea5e038e), TOBN(0xdcba2865, 0xc7427591)}}, + {{TOBN(0xe549237f, 0x78890732), TOBN(0xc443bef9, 0x53fcb4d9), + TOBN(0x9884d8a6, 0xeb3480d6), TOBN(0x8a35b6a1, 0x3048b186)}, + {TOBN(0xb4e44716, 0x65e9a90a), TOBN(0x45bf380d, 0x653006c0), + TOBN(0x8f3f820d, 0x4fe9ae3b), TOBN(0x244a35a0, 0x979a3b71)}}, + {{TOBN(0xa1010e9d, 0x74cd06ff), TOBN(0x9c17c7df, 0xaca3eeac), + TOBN(0x74c86cd3, 0x8063aa2b), TOBN(0x8595c4b3, 0x734614ff)}, + {TOBN(0xa3de00ca, 0x990f62cc), TOBN(0xd9bed213, 0xca0c3be5), + TOBN(0x7886078a, 0xdf8ce9f5), TOBN(0xddb27ce3, 0x5cd44444)}}, + {{TOBN(0xed374a66, 0x58926ddd), TOBN(0x138b2d49, 0x908015b8), + TOBN(0x886c6579, 0xde1f7ab8), TOBN(0x888b9aa0, 0xc3020b7a)}, + {TOBN(0xd3ec034e, 0x3a96e355), TOBN(0xba65b0b8, 0xf30fbe9a), + TOBN(0x064c8e50, 0xff21367a), TOBN(0x1f508ea4, 0x0b04b46e)}}, + {{TOBN(0x98561a49, 0x747c866c), TOBN(0xbbb1e5fe, 0x0518a062), + TOBN(0x20ff4e8b, 0xecdc3608), TOBN(0x7f55cded, 0x20184027)}, + {TOBN(0x8d73ec95, 0xf38c85f0), TOBN(0x5b589fdf, 0x8bc3b8c3), + TOBN(0xbe95dd98, 0x0f12b66f), TOBN(0xf5bd1a09, 0x0e338e01)}}, + {{TOBN(0x65163ae5, 0x5e915918), TOBN(0x6158d6d9, 0x86f8a46b), + TOBN(0x8466b538, 0xeeebf99c), TOBN(0xca8761f6, 0xbca477ef)}, + {TOBN(0xaf3449c2, 0x9ebbc601), TOBN(0xef3b0f41, 0xe0c3ae2f), + TOBN(0xaa6c577d, 0x5de63752), TOBN(0xe9166601, 0x64682a51)}}, + {{TOBN(0x5a3097be, 0xfc15aa1e), TOBN(0x40d12548, 0xb54b0745), + TOBN(0x5bad4706, 0x519a5f12), TOBN(0xed03f717, 0xa439dee6)}, + {TOBN(0x0794bb6c, 0x4a02c499), TOBN(0xf725083d, 0xcffe71d2), + TOBN(0x2cad7519, 0x0f3adcaf), TOBN(0x7f68ea1c, 0x43729310)}}, + {{TOBN(0xe747c8c7, 0xb7ffd977), TOBN(0xec104c35, 0x80761a22), + TOBN(0x8395ebaf, 0x5a3ffb83), TOBN(0xfb3261f4, 0xe4b63db7)}, + {TOBN(0x53544960, 0xd883e544), TOBN(0x13520d70, 0x8cc2eeb8), + TOBN(0x08f6337b, 0xd3d65f99), TOBN(0x83997db2, 0x781cf95b)}}, + {{TOBN(0xce6ff106, 0x0dbd2c01), TOBN(0x4f8eea6b, 0x1f9ce934), + TOBN(0x546f7c4b, 0x0e993921), TOBN(0x6236a324, 0x5e753fc7)}, + {TOBN(0x65a41f84, 0xa16022e9), TOBN(0x0c18d878, 0x43d1dbb2), + TOBN(0x73c55640, 0x2d4cef9c), TOBN(0xa0428108, 0x70444c74)}}, + {{TOBN(0x68e4f15e, 0x9afdfb3c), TOBN(0x49a56143, 0x5bdfb6df), + TOBN(0xa9bc1bd4, 0x5f823d97), TOBN(0xbceb5970, 0xea111c2a)}, + {TOBN(0x366b455f, 0xb269bbc4), TOBN(0x7cd85e1e, 0xe9bc5d62), + TOBN(0xc743c41c, 0x4f18b086), TOBN(0xa4b40990, 0x95294fb9)}}, + {{TOBN(0x9c7c581d, 0x26ee8382), TOBN(0xcf17dcc5, 0x359d638e), + TOBN(0xee8273ab, 0xb728ae3d), TOBN(0x1d112926, 0xf821f047)}, + {TOBN(0x11498477, 0x50491a74), TOBN(0x687fa761, 0xfde0dfb9), + TOBN(0x2c258022, 0x7ea435ab), TOBN(0x6b8bdb94, 0x91ce7e3f)}}, + {{TOBN(0x4c5b5dc9, 0x3bf834aa), TOBN(0x04371819, 0x4f6c7e4b), + TOBN(0xc284e00a, 0x3736bcad), TOBN(0x0d881118, 0x21ae8f8d)}, + {TOBN(0xf9cf0f82, 0xf48c8e33), TOBN(0xa11fd075, 0xa1bf40db), + TOBN(0xdceab0de, 0xdc2733e5), TOBN(0xc560a8b5, 0x8e986bd7)}}, + {{TOBN(0x48dd1fe2, 0x3929d097), TOBN(0x3885b290, 0x92f188f1), + TOBN(0x0f2ae613, 0xda6fcdac), TOBN(0x9054303e, 0xb662a46c)}, + {TOBN(0xb6871e44, 0x0738042a), TOBN(0x98e6a977, 0xbdaf6449), + TOBN(0xd8bc0650, 0xd1c9df1b), TOBN(0xef3d6451, 0x36e098f9)}}, + {{TOBN(0x03fbae82, 0xb6d72d28), TOBN(0x77ca9db1, 0xf5d84080), + TOBN(0x8a112cff, 0xa58efc1c), TOBN(0x518d761c, 0xc564cb4a)}, + {TOBN(0x69b5740e, 0xf0d1b5ce), TOBN(0x717039cc, 0xe9eb1785), + TOBN(0x3fe29f90, 0x22f53382), TOBN(0x8e54ba56, 0x6bc7c95c)}}, + {{TOBN(0x9c806d8a, 0xf7f91d0f), TOBN(0x3b61b0f1, 0xa82a5728), + TOBN(0x4640032d, 0x94d76754), TOBN(0x273eb5de, 0x47d834c6)}, + {TOBN(0x2988abf7, 0x7b4e4d53), TOBN(0xb7ce66bf, 0xde401777), + TOBN(0x9fba6b32, 0x715071b3), TOBN(0x82413c24, 0xad3a1a98)}}, + {{TOBN(0x5b7fc8c4, 0xe0e8ad93), TOBN(0xb5679aee, 0x5fab868d), + TOBN(0xb1f9d2fa, 0x2b3946f3), TOBN(0x458897dc, 0x5685b50a)}, + {TOBN(0x1e98c930, 0x89d0caf3), TOBN(0x39564c5f, 0x78642e92), + TOBN(0x1b77729a, 0x0dbdaf18), TOBN(0xf9170722, 0x579e82e6)}}, + {{TOBN(0x680c0317, 0xe4515fa5), TOBN(0xf85cff84, 0xfb0c790f), + TOBN(0xc7a82aab, 0x6d2e0765), TOBN(0x7446bca9, 0x35c82b32)}, + {TOBN(0x5de607aa, 0x6d63184f), TOBN(0x7c1a46a8, 0x262803a6), + TOBN(0xd218313d, 0xaebe8035), TOBN(0x92113ffd, 0xc73c51f8)}}, + {{TOBN(0x4b38e083, 0x12e7e46c), TOBN(0x69d0a37a, 0x56126bd5), + TOBN(0xfb3f324b, 0x73c07e04), TOBN(0xa0c22f67, 0x8fda7267)}, + {TOBN(0x8f2c0051, 0x4d2c7d8f), TOBN(0xbc45ced3, 0xcbe2cae5), + TOBN(0xe1c6cf07, 0xa8f0f277), TOBN(0xbc392312, 0x1eb99a98)}}, + {{TOBN(0x75537b7e, 0x3cc8ac85), TOBN(0x8d725f57, 0xdd02753b), + TOBN(0xfd05ff64, 0xb737df2f), TOBN(0x55fe8712, 0xf6d2531d)}, + {TOBN(0x57ce04a9, 0x6ab6b01c), TOBN(0x69a02a89, 0x7cd93724), + TOBN(0x4f82ac35, 0xcf86699b), TOBN(0x8242d3ad, 0x9cb4b232)}}, + {{TOBN(0x713d0f65, 0xd62105e5), TOBN(0xbb222bfa, 0x2d29be61), + TOBN(0xf2f9a79e, 0x6cfbef09), TOBN(0xfc24d8d3, 0xd5d6782f)}, + {TOBN(0x5db77085, 0xd4129967), TOBN(0xdb81c3cc, 0xdc3c2a43), + TOBN(0x9d655fc0, 0x05d8d9a3), TOBN(0x3f5d057a, 0x54298026)}}, + {{TOBN(0x1157f56d, 0x88c54694), TOBN(0xb26baba5, 0x9b09573e), + TOBN(0x2cab03b0, 0x22adffd1), TOBN(0x60a412c8, 0xdd69f383)}, + {TOBN(0xed76e98b, 0x54b25039), TOBN(0xd4ee67d3, 0x687e714d), + TOBN(0x87739648, 0x7b00b594), TOBN(0xce419775, 0xc9ef709b)}}, + {{TOBN(0x40f76f85, 0x1c203a40), TOBN(0x30d352d6, 0xeafd8f91), + TOBN(0xaf196d3d, 0x95578dd2), TOBN(0xea4bb3d7, 0x77cc3f3d)}, + {TOBN(0x42a5bd03, 0xb98e782b), TOBN(0xac958c40, 0x0624920d), + TOBN(0xb838134c, 0xfc56fcc8), TOBN(0x86ec4ccf, 0x89572e5e)}}, + {{TOBN(0x69c43526, 0x9be47be0), TOBN(0x323b7dd8, 0xcb28fea1), + TOBN(0xfa5538ba, 0x3a6c67e5), TOBN(0xef921d70, 0x1d378e46)}, + {TOBN(0xf92961fc, 0x3c4b880e), TOBN(0x3f6f914e, 0x98940a67), + TOBN(0xa990eb0a, 0xfef0ff39), TOBN(0xa6c2920f, 0xf0eeff9c)}}, + {{TOBN(0xca804166, 0x51b8d9a3), TOBN(0x42531bc9, 0x0ffb0db1), + TOBN(0x72ce4718, 0xaa82e7ce), TOBN(0x6e199913, 0xdf574741)}, + {TOBN(0xd5f1b13d, 0xd5d36946), TOBN(0x8255dc65, 0xf68f0194), + TOBN(0xdc9df4cd, 0x8710d230), TOBN(0x3453c20f, 0x138c1988)}}, + {{TOBN(0x9af98dc0, 0x89a6ef01), TOBN(0x4dbcc3f0, 0x9857df85), + TOBN(0x34805601, 0x5c1ad924), TOBN(0x40448da5, 0xd0493046)}, + {TOBN(0xf629926d, 0x4ee343e2), TOBN(0x6343f1bd, 0x90e8a301), + TOBN(0xefc93491, 0x40815b3f), TOBN(0xf882a423, 0xde8f66fb)}}, + {{TOBN(0x3a12d5f4, 0xe7db9f57), TOBN(0x7dfba38a, 0x3c384c27), + TOBN(0x7a904bfd, 0x6fc660b1), TOBN(0xeb6c5db3, 0x2773b21c)}, + {TOBN(0xc350ee66, 0x1cdfe049), TOBN(0x9baac0ce, 0x44540f29), + TOBN(0xbc57b6ab, 0xa5ec6aad), TOBN(0x167ce8c3, 0x0a7c1baa)}}, + {{TOBN(0xb23a03a5, 0x53fb2b56), TOBN(0x6ce141e7, 0x4e057f78), + TOBN(0x796525c3, 0x89e490d9), TOBN(0x0bc95725, 0xa31a7e75)}, + {TOBN(0x1ec56791, 0x1220fd06), TOBN(0x716e3a3c, 0x408b0bd6), + TOBN(0x31cd6bf7, 0xe8ebeba9), TOBN(0xa7326ca6, 0xbee6b670)}}, + {{TOBN(0x3d9f851c, 0xcd090c43), TOBN(0x561e8f13, 0xf12c3988), + TOBN(0x50490b6a, 0x904b7be4), TOBN(0x61690ce1, 0x0410737b)}, + {TOBN(0x299e9a37, 0x0f009052), TOBN(0x258758f0, 0xf026092e), + TOBN(0x9fa255f3, 0xfdfcdc0f), TOBN(0xdbc9fb1f, 0xc0e1bcd2)}}, + {{TOBN(0x35f9dd6e, 0x24651840), TOBN(0xdca45a84, 0xa5c59abc), + TOBN(0x103d396f, 0xecca4938), TOBN(0x4532da0a, 0xb97b3f29)}, + {TOBN(0xc4135ea5, 0x1999a6bf), TOBN(0x3aa9505a, 0x5e6bf2ee), + TOBN(0xf77cef06, 0x3f5be093), TOBN(0x97d1a0f8, 0xa943152e)}}, + {{TOBN(0x2cb0ebba, 0x2e1c21dd), TOBN(0xf41b29fc, 0x2c6797c4), + TOBN(0xc6e17321, 0xb300101f), TOBN(0x4422b0e9, 0xd0d79a89)}, + {TOBN(0x49e4901c, 0x92f1bfc4), TOBN(0x06ab1f8f, 0xe1e10ed9), + TOBN(0x84d35577, 0xdb2926b8), TOBN(0xca349d39, 0x356e8ec2)}}, + {{TOBN(0x70b63d32, 0x343bf1a9), TOBN(0x8fd3bd28, 0x37d1a6b1), + TOBN(0x0454879c, 0x316865b4), TOBN(0xee959ff6, 0xc458efa2)}, + {TOBN(0x0461dcf8, 0x9706dc3f), TOBN(0x737db0e2, 0x164e4b2e), + TOBN(0x09262680, 0x2f8843c8), TOBN(0x54498bbc, 0x7745e6f6)}}, + {{TOBN(0x359473fa, 0xa29e24af), TOBN(0xfcc3c454, 0x70aa87a1), + TOBN(0xfd2c4bf5, 0x00573ace), TOBN(0xb65b514e, 0x28dd1965)}, + {TOBN(0xe46ae7cf, 0x2193e393), TOBN(0x60e9a4e1, 0xf5444d97), + TOBN(0xe7594e96, 0x00ff38ed), TOBN(0x43d84d2f, 0x0a0e0f02)}}, + {{TOBN(0x8b6db141, 0xee398a21), TOBN(0xb88a56ae, 0xe3bcc5be), + TOBN(0x0a1aa52f, 0x373460ea), TOBN(0x20da1a56, 0x160bb19b)}, + {TOBN(0xfb54999d, 0x65bf0384), TOBN(0x71a14d24, 0x5d5a180e), + TOBN(0xbc44db7b, 0x21737b04), TOBN(0xd84fcb18, 0x01dd8e92)}}, + {{TOBN(0x80de937b, 0xfa44b479), TOBN(0x53505499, 0x5c98fd4f), + TOBN(0x1edb12ab, 0x28f08727), TOBN(0x4c58b582, 0xa5f3ef53)}, + {TOBN(0xbfb236d8, 0x8327f246), TOBN(0xc3a3bfaa, 0x4d7df320), + TOBN(0xecd96c59, 0xb96024f2), TOBN(0xfc293a53, 0x7f4e0433)}}, + {{TOBN(0x5341352b, 0x5acf6e10), TOBN(0xc50343fd, 0xafe652c3), + TOBN(0x4af3792d, 0x18577a7f), TOBN(0xe1a4c617, 0xaf16823d)}, + {TOBN(0x9b26d0cd, 0x33425d0a), TOBN(0x306399ed, 0x9b7bc47f), + TOBN(0x2a792f33, 0x706bb20b), TOBN(0x31219614, 0x98111055)}}, + {{TOBN(0x864ec064, 0x87f5d28b), TOBN(0x11392d91, 0x962277fd), + TOBN(0xb5aa7942, 0xbb6aed5f), TOBN(0x080094dc, 0x47e799d9)}, + {TOBN(0x4afa588c, 0x208ba19b), TOBN(0xd3e7570f, 0x8512f284), + TOBN(0xcbae64e6, 0x02f5799a), TOBN(0xdeebe7ef, 0x514b9492)}}, + {{TOBN(0x30300f98, 0xe5c298ff), TOBN(0x17f561be, 0x3678361f), + TOBN(0xf52ff312, 0x98cb9a16), TOBN(0x6233c3bc, 0x5562d490)}, + {TOBN(0x7bfa15a1, 0x92e3a2cb), TOBN(0x961bcfd1, 0xe6365119), + TOBN(0x3bdd29bf, 0x2c8c53b1), TOBN(0x739704df, 0x822844ba)}}, + {{TOBN(0x7dacfb58, 0x7e7b754b), TOBN(0x23360791, 0xa806c9b9), + TOBN(0xe7eb88c9, 0x23504452), TOBN(0x2983e996, 0x852c1783)}, + {TOBN(0xdd4ae529, 0x958d881d), TOBN(0x026bae03, 0x262c7b3c), + TOBN(0x3a6f9193, 0x960b52d1), TOBN(0xd0980f90, 0x92696cfb)}}, + {{TOBN(0x4c1f428c, 0xd5f30851), TOBN(0x94dfed27, 0x2a4f6630), + TOBN(0x4df53772, 0xfc5d48a4), TOBN(0xdd2d5a2f, 0x933260ce)}, + {TOBN(0x574115bd, 0xd44cc7a5), TOBN(0x4ba6b20d, 0xbd12533a), + TOBN(0x30e93cb8, 0x243057c9), TOBN(0x794c486a, 0x14de320e)}}, + {{TOBN(0xe925d4ce, 0xf21496e4), TOBN(0xf951d198, 0xec696331), + TOBN(0x9810e2de, 0x3e8d812f), TOBN(0xd0a47259, 0x389294ab)}, + {TOBN(0x513ba2b5, 0x0e3bab66), TOBN(0x462caff5, 0xabad306f), + TOBN(0xe2dc6d59, 0xaf04c49e), TOBN(0x1aeb8750, 0xe0b84b0b)}}, + {{TOBN(0xc034f12f, 0x2f7d0ca2), TOBN(0x6d2e8128, 0xe06acf2f), + TOBN(0x801f4f83, 0x21facc2f), TOBN(0xa1170c03, 0xf40ef607)}, + {TOBN(0xfe0a1d4f, 0x7805a99c), TOBN(0xbde56a36, 0xcc26aba5), + TOBN(0x5b1629d0, 0x35531f40), TOBN(0xac212c2b, 0x9afa6108)}}, + {{TOBN(0x30a06bf3, 0x15697be5), TOBN(0x6f0545dc, 0x2c63c7c1), + TOBN(0x5d8cb842, 0x7ccdadaf), TOBN(0xd52e379b, 0xac7015bb)}, + {TOBN(0xc4f56147, 0xf462c23e), TOBN(0xd44a4298, 0x46bc24b0), + TOBN(0xbc73d23a, 0xe2856d4f), TOBN(0x61cedd8c, 0x0832bcdf)}}, + {{TOBN(0x60953556, 0x99f241d7), TOBN(0xee4adbd7, 0x001a349d), + TOBN(0x0b35bf6a, 0xaa89e491), TOBN(0x7f0076f4, 0x136f7546)}, + {TOBN(0xd19a18ba, 0x9264da3d), TOBN(0x6eb2d2cd, 0x62a7a28b), + TOBN(0xcdba941f, 0x8761c971), TOBN(0x1550518b, 0xa3be4a5d)}}, + {{TOBN(0xd0e8e2f0, 0x57d0b70c), TOBN(0xeea8612e, 0xcd133ba3), + TOBN(0x814670f0, 0x44416aec), TOBN(0x424db6c3, 0x30775061)}, + {TOBN(0xd96039d1, 0x16213fd1), TOBN(0xc61e7fa5, 0x18a3478f), + TOBN(0xa805bdcc, 0xcb0c5021), TOBN(0xbdd6f3a8, 0x0cc616dd)}}, + {{TOBN(0x06009667, 0x5d97f7e2), TOBN(0x31db0fc1, 0xaf0bf4b6), + TOBN(0x23680ed4, 0x5491627a), TOBN(0xb99a3c66, 0x7d741fb1)}, + {TOBN(0xe9bb5f55, 0x36b1ff92), TOBN(0x29738577, 0x512b388d), + TOBN(0xdb8a2ce7, 0x50fcf263), TOBN(0x385346d4, 0x6c4f7b47)}}, + {{TOBN(0xbe86c5ef, 0x31631f9e), TOBN(0xbf91da21, 0x03a57a29), + TOBN(0xc3b1f796, 0x7b23f821), TOBN(0x0f7d00d2, 0x770db354)}, + {TOBN(0x8ffc6c3b, 0xd8fe79da), TOBN(0xcc5e8c40, 0xd525c996), + TOBN(0x4640991d, 0xcfff632a), TOBN(0x64d97e8c, 0x67112528)}}, + {{TOBN(0xc232d973, 0x02f1cd1e), TOBN(0xce87eacb, 0x1dd212a4), + TOBN(0x6e4c8c73, 0xe69802f7), TOBN(0x12ef0290, 0x1fffddbd)}, + {TOBN(0x941ec74e, 0x1bcea6e2), TOBN(0xd0b54024, 0x3cb92cbb), + TOBN(0x809fb9d4, 0x7e8f9d05), TOBN(0x3bf16159, 0xf2992aae)}}, + {{TOBN(0xad40f279, 0xf8a7a838), TOBN(0x11aea631, 0x05615660), + TOBN(0xbf52e6f1, 0xa01f6fa1), TOBN(0xef046995, 0x3dc2aec9)}, + {TOBN(0x785dbec9, 0xd8080711), TOBN(0xe1aec60a, 0x9fdedf76), + TOBN(0xece797b5, 0xfa21c126), TOBN(0xc66e898f, 0x05e52732)}}, + {{TOBN(0x39bb69c4, 0x08811fdb), TOBN(0x8bfe1ef8, 0x2fc7f082), + TOBN(0xc8e7a393, 0x174f4138), TOBN(0xfba8ad1d, 0xd58d1f98)}, + {TOBN(0xbc21d0ce, 0xbfd2fd5b), TOBN(0x0b839a82, 0x6ee60d61), + TOBN(0xaacf7658, 0xafd22253), TOBN(0xb526bed8, 0xaae396b3)}}, + {{TOBN(0xccc1bbc2, 0x38564464), TOBN(0x9e3ff947, 0x8c45bc73), + TOBN(0xcde9bca3, 0x58188a78), TOBN(0x138b8ee0, 0xd73bf8f7)}, + {TOBN(0x5c7e234c, 0x4123c489), TOBN(0x66e69368, 0xfa643297), + TOBN(0x0629eeee, 0x39a15fa3), TOBN(0x95fab881, 0xa9e2a927)}}, + {{TOBN(0xb2497007, 0xeafbb1e1), TOBN(0xd75c9ce6, 0xe75b7a93), + TOBN(0x3558352d, 0xefb68d78), TOBN(0xa2f26699, 0x223f6396)}, + {TOBN(0xeb911ecf, 0xe469b17a), TOBN(0x62545779, 0xe72d3ec2), + TOBN(0x8ea47de7, 0x82cb113f), TOBN(0xebe4b086, 0x4e1fa98d)}}, + {{TOBN(0xec2d5ed7, 0x8cdfedb1), TOBN(0xa535c077, 0xfe211a74), + TOBN(0x9678109b, 0x11d244c5), TOBN(0xf17c8bfb, 0xbe299a76)}, + {TOBN(0xb651412e, 0xfb11fbc4), TOBN(0xea0b5482, 0x94ab3f65), + TOBN(0xd8dffd95, 0x0cf78243), TOBN(0x2e719e57, 0xce0361d4)}}, + {{TOBN(0x9007f085, 0x304ddc5b), TOBN(0x095e8c6d, 0x4daba2ea), + TOBN(0x5a33cdb4, 0x3f9d28a9), TOBN(0x85b95cd8, 0xe2283003)}, + {TOBN(0xbcd6c819, 0xb9744733), TOBN(0x29c5f538, 0xfc7f5783), + TOBN(0x6c49b2fa, 0xd59038e4), TOBN(0x68349cc1, 0x3bbe1018)}}, + {{TOBN(0xcc490c1d, 0x21830ee5), TOBN(0x36f9c4ee, 0xe9bfa297), + TOBN(0x58fd7294, 0x48de1a94), TOBN(0xaadb13a8, 0x4e8f2cdc)}, + {TOBN(0x515eaaa0, 0x81313dba), TOBN(0xc76bb468, 0xc2152dd8), + TOBN(0x357f8d75, 0xa653dbf8), TOBN(0xe4d8c4d1, 0xb14ac143)}}, + {{TOBN(0xbdb8e675, 0xb055cb40), TOBN(0x898f8e7b, 0x977b5167), + TOBN(0xecc65651, 0xb82fb863), TOBN(0x56544814, 0x6d88f01f)}, + {TOBN(0xb0928e95, 0x263a75a9), TOBN(0xcfb6836f, 0x1a22fcda), + TOBN(0x651d14db, 0x3f3bd37c), TOBN(0x1d3837fb, 0xb6ad4664)}}, + {{TOBN(0x7c5fb538, 0xff4f94ab), TOBN(0x7243c712, 0x6d7fb8f2), + TOBN(0xef13d60c, 0xa85c5287), TOBN(0x18cfb7c7, 0x4bb8dd1b)}, + {TOBN(0x82f9bfe6, 0x72908219), TOBN(0x35c4592b, 0x9d5144ab), + TOBN(0x52734f37, 0x9cf4b42f), TOBN(0x6bac55e7, 0x8c60ddc4)}}, + {{TOBN(0xb5cd811e, 0x94dea0f6), TOBN(0x259ecae4, 0xe18cc1a3), + TOBN(0x6a0e836e, 0x15e660f8), TOBN(0x6c639ea6, 0x0e02bff2)}, + {TOBN(0x8721b8cb, 0x7e1026fd), TOBN(0x9e73b50b, 0x63261942), + TOBN(0xb8c70974, 0x77f01da3), TOBN(0x1839e6a6, 0x8268f57f)}}, + {{TOBN(0x571b9415, 0x5150b805), TOBN(0x1892389e, 0xf92c7097), + TOBN(0x8d69c18e, 0x4a084b95), TOBN(0x7014c512, 0xbe5b495c)}, + {TOBN(0x4780db36, 0x1b07523c), TOBN(0x2f6219ce, 0x2c1c64fa), + TOBN(0xc38b81b0, 0x602c105a), TOBN(0xab4f4f20, 0x5dc8e360)}}, + {{TOBN(0x20d3c982, 0xcf7d62d2), TOBN(0x1f36e29d, 0x23ba8150), + TOBN(0x48ae0bf0, 0x92763f9e), TOBN(0x7a527e6b, 0x1d3a7007)}, + {TOBN(0xb4a89097, 0x581a85e3), TOBN(0x1f1a520f, 0xdc158be5), + TOBN(0xf98db37d, 0x167d726e), TOBN(0x8802786e, 0x1113e862)}}}, + {{{TOBN(0xefb2149e, 0x36f09ab0), TOBN(0x03f163ca, 0x4a10bb5b), + TOBN(0xd0297045, 0x06e20998), TOBN(0x56f0af00, 0x1b5a3bab)}, + {TOBN(0x7af4cfec, 0x70880e0d), TOBN(0x7332a66f, 0xbe3d913f), + TOBN(0x32e6c84a, 0x7eceb4bd), TOBN(0xedc4a79a, 0x9c228f55)}}, + {{TOBN(0xc37c7dd0, 0xc55c4496), TOBN(0xa6a96357, 0x25bbabd2), + TOBN(0x5b7e63f2, 0xadd7f363), TOBN(0x9dce3782, 0x2e73f1df)}, + {TOBN(0xe1e5a16a, 0xb2b91f71), TOBN(0xe4489823, 0x5ba0163c), + TOBN(0xf2759c32, 0xf6e515ad), TOBN(0xa5e2f1f8, 0x8615eecf)}}, + {{TOBN(0x74519be7, 0xabded551), TOBN(0x03d358b8, 0xc8b74410), + TOBN(0x4d00b10b, 0x0e10d9a9), TOBN(0x6392b0b1, 0x28da52b7)}, + {TOBN(0x6744a298, 0x0b75c904), TOBN(0xc305b0ae, 0xa8f7f96c), + TOBN(0x042e421d, 0x182cf932), TOBN(0xf6fc5d50, 0x9e4636ca)}}, + {{TOBN(0x795847c9, 0xd64cc78c), TOBN(0x6c50621b, 0x9b6cb27b), + TOBN(0x07099bf8, 0xdf8022ab), TOBN(0x48f862eb, 0xc04eda1d)}, + {TOBN(0xd12732ed, 0xe1603c16), TOBN(0x19a80e0f, 0x5c9a9450), + TOBN(0xe2257f54, 0xb429b4fc), TOBN(0x66d3b2c6, 0x45460515)}}, + {{TOBN(0x6ca4f87e, 0x822e37be), TOBN(0x73f237b4, 0x253bda4e), + TOBN(0xf747f3a2, 0x41190aeb), TOBN(0xf06fa36f, 0x804cf284)}, + {TOBN(0x0a6bbb6e, 0xfc621c12), TOBN(0x5d624b64, 0x40b80ec6), + TOBN(0x4b072425, 0x7ba556f3), TOBN(0x7fa0c354, 0x3e2d20a8)}}, + {{TOBN(0xe921fa31, 0xe3229d41), TOBN(0xa929c652, 0x94531bd4), + TOBN(0x84156027, 0xa6d38209), TOBN(0xf3d69f73, 0x6bdb97bd)}, + {TOBN(0x8906d19a, 0x16833631), TOBN(0x68a34c2e, 0x03d51be3), + TOBN(0xcb59583b, 0x0e511cd8), TOBN(0x99ce6bfd, 0xfdc132a8)}}, + {{TOBN(0x3facdaaa, 0xffcdb463), TOBN(0x658bbc1a, 0x34a38b08), + TOBN(0x12a801f8, 0xf1a9078d), TOBN(0x1567bcf9, 0x6ab855de)}, + {TOBN(0xe08498e0, 0x3572359b), TOBN(0xcf0353e5, 0x8659e68b), + TOBN(0xbb86e9c8, 0x7d23807c), TOBN(0xbc08728d, 0x2198e8a2)}}, + {{TOBN(0x8de2b7bc, 0x453cadd6), TOBN(0x203900a7, 0xbc0bc1f8), + TOBN(0xbcd86e47, 0xa6abd3af), TOBN(0x911cac12, 0x8502effb)}, + {TOBN(0x2d550242, 0xec965469), TOBN(0x0e9f7692, 0x29e0017e), + TOBN(0x633f078f, 0x65979885), TOBN(0xfb87d449, 0x4cf751ef)}}, + {{TOBN(0xe1790e4b, 0xfc25419a), TOBN(0x36467203, 0x4bff3cfd), + TOBN(0xc8db6386, 0x25b6e83f), TOBN(0x6cc69f23, 0x6cad6fd2)}, + {TOBN(0x0219e45a, 0x6bc68bb9), TOBN(0xe43d79b6, 0x297f7334), + TOBN(0x7d445368, 0x465dc97c), TOBN(0x4b9eea32, 0x2a0b949a)}}, + {{TOBN(0x1b96c6ba, 0x6102d021), TOBN(0xeaafac78, 0x2f4461ea), + TOBN(0xd4b85c41, 0xc49f19a8), TOBN(0x275c28e4, 0xcf538875)}, + {TOBN(0x35451a9d, 0xdd2e54e0), TOBN(0x6991adb5, 0x0605618b), + TOBN(0x5b8b4bcd, 0x7b36cd24), TOBN(0x372a4f8c, 0x56f37216)}}, + {{TOBN(0xc890bd73, 0xa6a5da60), TOBN(0x6f083da0, 0xdc4c9ff0), + TOBN(0xf4e14d94, 0xf0536e57), TOBN(0xf9ee1eda, 0xaaec8243)}, + {TOBN(0x571241ec, 0x8bdcf8e7), TOBN(0xa5db8271, 0x0b041e26), + TOBN(0x9a0b9a99, 0xe3fff040), TOBN(0xcaaf21dd, 0x7c271202)}}, + {{TOBN(0xb4e2b2e1, 0x4f0dd2e8), TOBN(0xe77e7c4f, 0x0a377ac7), + TOBN(0x69202c3f, 0x0d7a2198), TOBN(0xf759b7ff, 0x28200eb8)}, + {TOBN(0xc87526ed, 0xdcfe314e), TOBN(0xeb84c524, 0x53d5cf99), + TOBN(0xb1b52ace, 0x515138b6), TOBN(0x5aa7ff8c, 0x23fca3f4)}}, + {{TOBN(0xff0b13c3, 0xb9791a26), TOBN(0x960022da, 0xcdd58b16), + TOBN(0xdbd55c92, 0x57aad2de), TOBN(0x3baaaaa3, 0xf30fe619)}, + {TOBN(0x9a4b2346, 0x0d881efd), TOBN(0x506416c0, 0x46325e2a), + TOBN(0x91381e76, 0x035c18d4), TOBN(0xb3bb68be, 0xf27817b0)}}, + {{TOBN(0x15bfb8bf, 0x5116f937), TOBN(0x7c64a586, 0xc1268943), + TOBN(0x71e25cc3, 0x8419a2c8), TOBN(0x9fd6b0c4, 0x8335f463)}, + {TOBN(0x4bf0ba3c, 0xe8ee0e0e), TOBN(0x6f6fba60, 0x298c21fa), + TOBN(0x57d57b39, 0xae66bee0), TOBN(0x292d5130, 0x22672544)}}, + {{TOBN(0xf451105d, 0xbab093b3), TOBN(0x012f59b9, 0x02839986), + TOBN(0x8a915802, 0x3474a89c), TOBN(0x048c919c, 0x2de03e97)}, + {TOBN(0xc476a2b5, 0x91071cd5), TOBN(0x791ed89a, 0x034970a5), + TOBN(0x89bd9042, 0xe1b7994b), TOBN(0x8eaf5179, 0xa1057ffd)}}, + {{TOBN(0x6066e2a2, 0xd551ee10), TOBN(0x87a8f1d8, 0x727e09a6), + TOBN(0x00d08bab, 0x2c01148d), TOBN(0x6da8e4f1, 0x424f33fe)}, + {TOBN(0x466d17f0, 0xcf9a4e71), TOBN(0xff502010, 0x3bf5cb19), + TOBN(0xdccf97d8, 0xd062ecc0), TOBN(0x80c0d9af, 0x81d80ac4)}}, + {{TOBN(0xe87771d8, 0x033f2876), TOBN(0xb0186ec6, 0x7d5cc3db), + TOBN(0x58e8bb80, 0x3bc9bc1d), TOBN(0x4d1395cc, 0x6f6ef60e)}, + {TOBN(0xa73c62d6, 0x186244a0), TOBN(0x918e5f23, 0x110a5b53), + TOBN(0xed4878ca, 0x741b7eab), TOBN(0x3038d71a, 0xdbe03e51)}}, + {{TOBN(0x840204b7, 0xa93c3246), TOBN(0x21ab6069, 0xa0b9b4cd), + TOBN(0xf5fa6e2b, 0xb1d64218), TOBN(0x1de6ad0e, 0xf3d56191)}, + {TOBN(0x570aaa88, 0xff1929c7), TOBN(0xc6df4c6b, 0x640e87b5), + TOBN(0xde8a74f2, 0xc65f0ccc), TOBN(0x8b972fd5, 0xe6f6cc01)}}, + {{TOBN(0x3fff36b6, 0x0b846531), TOBN(0xba7e45e6, 0x10a5e475), + TOBN(0x84a1d10e, 0x4145b6c5), TOBN(0xf1f7f91a, 0x5e046d9d)}, + {TOBN(0x0317a692, 0x44de90d7), TOBN(0x951a1d4a, 0xf199c15e), + TOBN(0x91f78046, 0xc9d73deb), TOBN(0x74c82828, 0xfab8224f)}}, + {{TOBN(0xaa6778fc, 0xe7560b90), TOBN(0xb4073e61, 0xa7e824ce), + TOBN(0xff0d693c, 0xd642eba8), TOBN(0x7ce2e57a, 0x5dccef38)}, + {TOBN(0x89c2c789, 0x1df1ad46), TOBN(0x83a06922, 0x098346fd), + TOBN(0x2d715d72, 0xda2fc177), TOBN(0x7b6dd71d, 0x85b6cf1d)}}, + {{TOBN(0xc60a6d0a, 0x73fa9cb0), TOBN(0xedd3992e, 0x328bf5a9), + TOBN(0xc380ddd0, 0x832c8c82), TOBN(0xd182d410, 0xa2a0bf50)}, + {TOBN(0x7d9d7438, 0xd9a528db), TOBN(0xe8b1a0e9, 0xcaf53994), + TOBN(0xddd6e5fe, 0x0e19987c), TOBN(0xacb8df03, 0x190b059d)}}, + {{TOBN(0x53703a32, 0x8300129f), TOBN(0x1f637662, 0x68c43bfd), + TOBN(0xbcbd1913, 0x00e54051), TOBN(0x812fcc62, 0x7bf5a8c5)}, + {TOBN(0x3f969d5f, 0x29fb85da), TOBN(0x72f4e00a, 0x694759e8), + TOBN(0x426b6e52, 0x790726b7), TOBN(0x617bbc87, 0x3bdbb209)}}, + {{TOBN(0x511f8bb9, 0x97aee317), TOBN(0x812a4096, 0xe81536a8), + TOBN(0x137dfe59, 0x3ac09b9b), TOBN(0x0682238f, 0xba8c9a7a)}, + {TOBN(0x7072ead6, 0xaeccb4bd), TOBN(0x6a34e9aa, 0x692ba633), + TOBN(0xc82eaec2, 0x6fff9d33), TOBN(0xfb753512, 0x1d4d2b62)}}, + {{TOBN(0x1a0445ff, 0x1d7aadab), TOBN(0x65d38260, 0xd5f6a67c), + TOBN(0x6e62fb08, 0x91cfb26f), TOBN(0xef1e0fa5, 0x5c7d91d6)}, + {TOBN(0x47e7c7ba, 0x33db72cd), TOBN(0x017cbc09, 0xfa7c74b2), + TOBN(0x3c931590, 0xf50a503c), TOBN(0xcac54f60, 0x616baa42)}}, + {{TOBN(0x9b6cd380, 0xb2369f0f), TOBN(0x97d3a70d, 0x23c76151), + TOBN(0x5f9dd6fc, 0x9862a9c6), TOBN(0x044c4ab2, 0x12312f51)}, + {TOBN(0x035ea0fd, 0x834a2ddc), TOBN(0x49e6b862, 0xcc7b826d), + TOBN(0xb03d6883, 0x62fce490), TOBN(0x62f2497a, 0xb37e36e9)}}, + {{TOBN(0x04b005b6, 0xc6458293), TOBN(0x36bb5276, 0xe8d10af7), + TOBN(0xacf2dc13, 0x8ee617b8), TOBN(0x470d2d35, 0xb004b3d4)}, + {TOBN(0x06790832, 0xfeeb1b77), TOBN(0x2bb75c39, 0x85657f9c), + TOBN(0xd70bd4ed, 0xc0f60004), TOBN(0xfe797ecc, 0x219b018b)}}, + {{TOBN(0x9b5bec2a, 0x753aebcc), TOBN(0xdaf9f3dc, 0xc939eca5), + TOBN(0xd6bc6833, 0xd095ad09), TOBN(0x98abdd51, 0xdaa4d2fc)}, + {TOBN(0xd9840a31, 0x8d168be5), TOBN(0xcf7c10e0, 0x2325a23c), + TOBN(0xa5c02aa0, 0x7e6ecfaf), TOBN(0x2462e7e6, 0xb5bfdf18)}}, + {{TOBN(0xab2d8a8b, 0xa0cc3f12), TOBN(0x68dd485d, 0xbc672a29), + TOBN(0x72039752, 0x596f2cd3), TOBN(0x5d3eea67, 0xa0cf3d8d)}, + {TOBN(0x810a1a81, 0xe6602671), TOBN(0x8f144a40, 0x14026c0c), + TOBN(0xbc753a6d, 0x76b50f85), TOBN(0xc4dc21e8, 0x645cd4a4)}}, + {{TOBN(0xc5262dea, 0x521d0378), TOBN(0x802b8e0e, 0x05011c6f), + TOBN(0x1ba19cbb, 0x0b4c19ea), TOBN(0x21db64b5, 0xebf0aaec)}, + {TOBN(0x1f394ee9, 0x70342f9d), TOBN(0x93a10aee, 0x1bc44a14), + TOBN(0xa7eed31b, 0x3efd0baa), TOBN(0x6e7c824e, 0x1d154e65)}}, + {{TOBN(0xee23fa81, 0x9966e7ee), TOBN(0x64ec4aa8, 0x05b7920d), + TOBN(0x2d44462d, 0x2d90aad4), TOBN(0xf44dd195, 0xdf277ad5)}, + {TOBN(0x8d6471f1, 0xbb46b6a1), TOBN(0x1e65d313, 0xfd885090), + TOBN(0x33a800f5, 0x13a977b4), TOBN(0xaca9d721, 0x0797e1ef)}}, + {{TOBN(0x9a5a85a0, 0xfcff6a17), TOBN(0x9970a3f3, 0x1eca7cee), + TOBN(0xbb9f0d6b, 0xc9504be3), TOBN(0xe0c504be, 0xadd24ee2)}, + {TOBN(0x7e09d956, 0x77fcc2f4), TOBN(0xef1a5227, 0x65bb5fc4), + TOBN(0x145d4fb1, 0x8b9286aa), TOBN(0x66fd0c5d, 0x6649028b)}}, + {{TOBN(0x98857ceb, 0x1bf4581c), TOBN(0xe635e186, 0xaca7b166), + TOBN(0x278ddd22, 0x659722ac), TOBN(0xa0903c4c, 0x1db68007)}, + {TOBN(0x366e4589, 0x48f21402), TOBN(0x31b49c14, 0xb96abda2), + TOBN(0x329c4b09, 0xe0403190), TOBN(0x97197ca3, 0xd29f43fe)}}, + {{TOBN(0x8073dd1e, 0x274983d8), TOBN(0xda1a3bde, 0x55717c8f), + TOBN(0xfd3d4da2, 0x0361f9d1), TOBN(0x1332d081, 0x4c7de1ce)}, + {TOBN(0x9b7ef7a3, 0xaa6d0e10), TOBN(0x17db2e73, 0xf54f1c4a), + TOBN(0xaf3dffae, 0x4cd35567), TOBN(0xaaa2f406, 0xe56f4e71)}}, + {{TOBN(0x8966759e, 0x7ace3fc7), TOBN(0x9594eacf, 0x45a8d8c6), + TOBN(0x8de3bd8b, 0x91834e0e), TOBN(0xafe4ca53, 0x548c0421)}, + {TOBN(0xfdd7e856, 0xe6ee81c6), TOBN(0x8f671beb, 0x6b891a3a), + TOBN(0xf7a58f2b, 0xfae63829), TOBN(0x9ab186fb, 0x9c11ac9f)}}, + {{TOBN(0x8d6eb369, 0x10b5be76), TOBN(0x046b7739, 0xfb040bcd), + TOBN(0xccb4529f, 0xcb73de88), TOBN(0x1df0fefc, 0xcf26be03)}, + {TOBN(0xad7757a6, 0xbcfcd027), TOBN(0xa8786c75, 0xbb3165ca), + TOBN(0xe9db1e34, 0x7e99a4d9), TOBN(0x99ee86df, 0xb06c504b)}}, + {{TOBN(0x5b7c2ddd, 0xc15c9f0a), TOBN(0xdf87a734, 0x4295989e), + TOBN(0x59ece47c, 0x03d08fda), TOBN(0xb074d3dd, 0xad5fc702)}, + {TOBN(0x20407903, 0x51a03776), TOBN(0x2bb1f77b, 0x2a608007), + TOBN(0x25c58f4f, 0xe1153185), TOBN(0xe6df62f6, 0x766e6447)}}, + {{TOBN(0xefb3d1be, 0xed51275a), TOBN(0x5de47dc7, 0x2f0f483f), + TOBN(0x7932d98e, 0x97c2bedf), TOBN(0xd5c11927, 0x0219f8a1)}, + {TOBN(0x9d751200, 0xa73a294e), TOBN(0x5f88434a, 0x9dc20172), + TOBN(0xd28d9fd3, 0xa26f506a), TOBN(0xa890cd31, 0x9d1dcd48)}}, + {{TOBN(0x0aebaec1, 0x70f4d3b4), TOBN(0xfd1a1369, 0x0ffc8d00), + TOBN(0xb9d9c240, 0x57d57838), TOBN(0x45929d26, 0x68bac361)}, + {TOBN(0x5a2cd060, 0x25b15ca6), TOBN(0x4b3c83e1, 0x6e474446), + TOBN(0x1aac7578, 0xee1e5134), TOBN(0xa418f5d6, 0xc91e2f41)}}, + {{TOBN(0x6936fc8a, 0x213ed68b), TOBN(0x860ae7ed, 0x510a5224), + TOBN(0x63660335, 0xdef09b53), TOBN(0x641b2897, 0xcd79c98d)}, + {TOBN(0x29bd38e1, 0x01110f35), TOBN(0x79c26f42, 0x648b1937), + TOBN(0x64dae519, 0x9d9164f4), TOBN(0xd85a2310, 0x0265c273)}}, + {{TOBN(0x7173dd5d, 0x4b07e2b1), TOBN(0xd144c4cb, 0x8d9ea221), + TOBN(0xe8b04ea4, 0x1105ab14), TOBN(0x92dda542, 0xfe80d8f1)}, + {TOBN(0xe9982fa8, 0xcf03dce6), TOBN(0x8b5ea965, 0x1a22cffc), + TOBN(0xf7f4ea7f, 0x3fad88c4), TOBN(0x62db773e, 0x6a5ba95c)}}, + {{TOBN(0xd20f02fb, 0x93f24567), TOBN(0xfd46c69a, 0x315257ca), + TOBN(0x0ac74cc7, 0x8bcab987), TOBN(0x46f31c01, 0x5ceca2f5)}, + {TOBN(0x40aedb59, 0x888b219e), TOBN(0xe50ecc37, 0xe1fccd02), + TOBN(0x1bcd9dad, 0x911f816c), TOBN(0x583cc1ec, 0x8db9b00c)}}, + {{TOBN(0xf3cd2e66, 0xa483bf11), TOBN(0xfa08a6f5, 0xb1b2c169), + TOBN(0xf375e245, 0x4be9fa28), TOBN(0x99a7ffec, 0x5b6d011f)}, + {TOBN(0x6a3ebddb, 0xc4ae62da), TOBN(0x6cea00ae, 0x374aef5d), + TOBN(0xab5fb98d, 0x9d4d05bc), TOBN(0x7cba1423, 0xd560f252)}}, + {{TOBN(0x49b2cc21, 0x208490de), TOBN(0x1ca66ec3, 0xbcfb2879), + TOBN(0x7f1166b7, 0x1b6fb16f), TOBN(0xfff63e08, 0x65fe5db3)}, + {TOBN(0xb8345abe, 0x8b2610be), TOBN(0xb732ed80, 0x39de3df4), + TOBN(0x0e24ed50, 0x211c32b4), TOBN(0xd10d8a69, 0x848ff27d)}}, + {{TOBN(0xc1074398, 0xed4de248), TOBN(0xd7cedace, 0x10488927), + TOBN(0xa4aa6bf8, 0x85673e13), TOBN(0xb46bae91, 0x6daf30af)}, + {TOBN(0x07088472, 0xfcef7ad8), TOBN(0x61151608, 0xd4b35e97), + TOBN(0xbcfe8f26, 0xdde29986), TOBN(0xeb84c4c7, 0xd5a34c79)}}, + {{TOBN(0xc1eec55c, 0x164e1214), TOBN(0x891be86d, 0xa147bb03), + TOBN(0x9fab4d10, 0x0ba96835), TOBN(0xbf01e9b8, 0xa5c1ae9f)}, + {TOBN(0x6b4de139, 0xb186ebc0), TOBN(0xd5c74c26, 0x85b91bca), + TOBN(0x5086a99c, 0xc2d93854), TOBN(0xeed62a7b, 0xa7a9dfbc)}}, + {{TOBN(0x8778ed6f, 0x76b7618a), TOBN(0xbff750a5, 0x03b66062), + TOBN(0x4cb7be22, 0xb65186db), TOBN(0x369dfbf0, 0xcc3a6d13)}, + {TOBN(0xc7dab26c, 0x7191a321), TOBN(0x9edac3f9, 0x40ed718e), + TOBN(0xbc142b36, 0xd0cfd183), TOBN(0xc8af82f6, 0x7c991693)}}, + {{TOBN(0xb3d1e4d8, 0x97ce0b2a), TOBN(0xe6d7c87f, 0xc3a55cdf), + TOBN(0x35846b95, 0x68b81afe), TOBN(0x018d12af, 0xd3c239d8)}, + {TOBN(0x2b2c6208, 0x01206e15), TOBN(0xe0e42453, 0xa3b882c6), + TOBN(0x854470a3, 0xa50162d5), TOBN(0x08157478, 0x7017a62a)}}, + {{TOBN(0x18bd3fb4, 0x820357c7), TOBN(0x992039ae, 0x6f1458ad), + TOBN(0x9a1df3c5, 0x25b44aa1), TOBN(0x2d780357, 0xed3d5281)}, + {TOBN(0x58cf7e4d, 0xc77ad4d4), TOBN(0xd49a7998, 0xf9df4fc4), + TOBN(0x4465a8b5, 0x1d71205e), TOBN(0xa0ee0ea6, 0x649254aa)}}, + {{TOBN(0x4b5eeecf, 0xab7bd771), TOBN(0x6c873073, 0x35c262b9), + TOBN(0xdc5bd648, 0x3c9d61e7), TOBN(0x233d6d54, 0x321460d2)}, + {TOBN(0xd20c5626, 0xfc195bcc), TOBN(0x25445958, 0x04d78b63), + TOBN(0xe03fcb3d, 0x17ec8ef3), TOBN(0x54b690d1, 0x46b8f781)}}, + {{TOBN(0x82fa2c8a, 0x21230646), TOBN(0xf51aabb9, 0x084f418c), + TOBN(0xff4fbec1, 0x1a30ba43), TOBN(0x6a5acf73, 0x743c9df7)}, + {TOBN(0x1da2b357, 0xd635b4d5), TOBN(0xc3de68dd, 0xecd5c1da), + TOBN(0xa689080b, 0xd61af0dd), TOBN(0xdea5938a, 0xd665bf99)}}, + {{TOBN(0x0231d71a, 0xfe637294), TOBN(0x01968aa6, 0xa5a81cd8), + TOBN(0x11252d50, 0x048e63b5), TOBN(0xc446bc52, 0x6ca007e9)}, + {TOBN(0xef8c50a6, 0x96d6134b), TOBN(0x9361fbf5, 0x9e09a05c), + TOBN(0xf17f85a6, 0xdca3291a), TOBN(0xb178d548, 0xff251a21)}}, + {{TOBN(0x87f6374b, 0xa4df3915), TOBN(0x566ce1bf, 0x2fd5d608), + TOBN(0x425cba4d, 0x7de35102), TOBN(0x6b745f8f, 0x58c5d5e2)}, + {TOBN(0x88402af6, 0x63122edf), TOBN(0x3190f9ed, 0x3b989a89), + TOBN(0x4ad3d387, 0xebba3156), TOBN(0xef385ad9, 0xc7c469a5)}}, + {{TOBN(0xb08281de, 0x3f642c29), TOBN(0x20be0888, 0x910ffb88), + TOBN(0xf353dd4a, 0xd5292546), TOBN(0x3f1627de, 0x8377a262)}, + {TOBN(0xa5faa013, 0xeefcd638), TOBN(0x8f3bf626, 0x74cc77c3), + TOBN(0x32618f65, 0xa348f55e), TOBN(0x5787c0dc, 0x9fefeb9e)}}, + {{TOBN(0xf1673aa2, 0xd9a23e44), TOBN(0x88dfa993, 0x4e10690d), + TOBN(0x1ced1b36, 0x2bf91108), TOBN(0x9193ceca, 0x3af48649)}, + {TOBN(0xfb34327d, 0x2d738fc5), TOBN(0x6697b037, 0x975fee6c), + TOBN(0x2f485da0, 0xc04079a5), TOBN(0x2cdf5735, 0x2feaa1ac)}}, + {{TOBN(0x76944420, 0xbd55659e), TOBN(0x7973e32b, 0x4376090c), + TOBN(0x86bb4fe1, 0x163b591a), TOBN(0x10441aed, 0xc196f0ca)}, + {TOBN(0x3b431f4a, 0x045ad915), TOBN(0x6c11b437, 0xa4afacb1), + TOBN(0x30b0c7db, 0x71fdbbd8), TOBN(0xb642931f, 0xeda65acd)}}, + {{TOBN(0x4baae6e8, 0x9c92b235), TOBN(0xa73bbd0e, 0x6b3993a1), + TOBN(0xd06d60ec, 0x693dd031), TOBN(0x03cab91b, 0x7156881c)}, + {TOBN(0xd615862f, 0x1db3574b), TOBN(0x485b0185, 0x64bb061a), + TOBN(0x27434988, 0xa0181e06), TOBN(0x2cd61ad4, 0xc1c0c757)}}, + {{TOBN(0x3effed5a, 0x2ff9f403), TOBN(0x8dc98d8b, 0x62239029), + TOBN(0x2206021e, 0x1f17b70d), TOBN(0xafbec0ca, 0xbf510015)}, + {TOBN(0x9fed7164, 0x80130dfa), TOBN(0x306dc2b5, 0x8a02dcf5), + TOBN(0x48f06620, 0xfeb10fc0), TOBN(0x78d1e1d5, 0x5a57cf51)}}, + {{TOBN(0xadef8c5a, 0x192ef710), TOBN(0x88afbd4b, 0x3b7431f9), + TOBN(0x7e1f7407, 0x64250c9e), TOBN(0x6e31318d, 0xb58bec07)}, + {TOBN(0xfd4fc4b8, 0x24f89b4e), TOBN(0x65a5dd88, 0x48c36a2a), + TOBN(0x4f1eccff, 0xf024baa7), TOBN(0x22a21cf2, 0xcba94650)}}, + {{TOBN(0x95d29dee, 0x42a554f7), TOBN(0x828983a5, 0x002ec4ba), + TOBN(0x8112a1f7, 0x8badb73d), TOBN(0x79ea8897, 0xa27c1839)}, + {TOBN(0x8969a5a7, 0xd065fd83), TOBN(0xf49af791, 0xb262a0bc), + TOBN(0xfcdea8b6, 0xaf2b5127), TOBN(0x10e913e1, 0x564c2dbc)}}, + {{TOBN(0x51239d14, 0xbc21ef51), TOBN(0xe51c3ceb, 0x4ce57292), + TOBN(0x795ff068, 0x47bbcc3b), TOBN(0x86b46e1e, 0xbd7e11e6)}, + {TOBN(0x0ea6ba23, 0x80041ef4), TOBN(0xd72fe505, 0x6262342e), + TOBN(0x8abc6dfd, 0x31d294d4), TOBN(0xbbe017a2, 0x1278c2c9)}}, + {{TOBN(0xb1fcfa09, 0xb389328a), TOBN(0x322fbc62, 0xd01771b5), + TOBN(0x04c0d063, 0x60b045bf), TOBN(0xdb652edc, 0x10e52d01)}, + {TOBN(0x50ef932c, 0x03ec6627), TOBN(0xde1b3b2d, 0xc1ee50e3), + TOBN(0x5ab7bdc5, 0xdc37a90d), TOBN(0xfea67213, 0x31e33a96)}}, + {{TOBN(0x6482b5cb, 0x4f2999aa), TOBN(0x38476cc6, 0xb8cbf0dd), + TOBN(0x93ebfacb, 0x173405bb), TOBN(0x15cdafe7, 0xe52369ec)}, + {TOBN(0xd42d5ba4, 0xd935b7db), TOBN(0x648b6004, 0x1c99a4cd), + TOBN(0x785101bd, 0xa3b5545b), TOBN(0x4bf2c38a, 0x9dd67faf)}}, + {{TOBN(0xb1aadc63, 0x4442449c), TOBN(0xe0e9921a, 0x33ad4fb8), + TOBN(0x5c552313, 0xaa686d82), TOBN(0xdee635fa, 0x465d866c)}, + {TOBN(0xbc3c224a, 0x18ee6e8a), TOBN(0xeed748a6, 0xed42e02f), + TOBN(0xe70f930a, 0xd474cd08), TOBN(0x774ea6ec, 0xfff24adf)}}, + {{TOBN(0x03e2de1c, 0xf3480d4a), TOBN(0xf0d8edc7, 0xbc8acf1a), + TOBN(0xf23e3303, 0x68295a9c), TOBN(0xfadd5f68, 0xc546a97d)}, + {TOBN(0x895597ad, 0x96f8acb1), TOBN(0xbddd49d5, 0x671bdae2), + TOBN(0x16fcd528, 0x21dd43f4), TOBN(0xa5a45412, 0x6619141a)}}}, + {{{TOBN(0x8ce9b6bf, 0xc360e25a), TOBN(0xe6425195, 0x075a1a78), + TOBN(0x9dc756a8, 0x481732f4), TOBN(0x83c0440f, 0x5432b57a)}, + {TOBN(0xc670b3f1, 0xd720281f), TOBN(0x2205910e, 0xd135e051), + TOBN(0xded14b0e, 0xdb052be7), TOBN(0x697b3d27, 0xc568ea39)}}, + {{TOBN(0x2e599b9a, 0xfb3ff9ed), TOBN(0x28c2e0ab, 0x17f6515c), + TOBN(0x1cbee4fd, 0x474da449), TOBN(0x071279a4, 0x4f364452)}, + {TOBN(0x97abff66, 0x01fbe855), TOBN(0x3ee394e8, 0x5fda51c4), + TOBN(0x190385f6, 0x67597c0b), TOBN(0x6e9fccc6, 0xa27ee34b)}}, + {{TOBN(0x0b89de93, 0x14092ebb), TOBN(0xf17256bd, 0x428e240c), + TOBN(0xcf89a7f3, 0x93d2f064), TOBN(0x4f57841e, 0xe1ed3b14)}, + {TOBN(0x4ee14405, 0xe708d855), TOBN(0x856aae72, 0x03f1c3d0), + TOBN(0xc8e5424f, 0xbdd7eed5), TOBN(0x3333e4ef, 0x73ab4270)}}, + {{TOBN(0x3bc77ade, 0xdda492f8), TOBN(0xc11a3aea, 0x78297205), + TOBN(0x5e89a3e7, 0x34931b4c), TOBN(0x17512e2e, 0x9f5694bb)}, + {TOBN(0x5dc349f3, 0x177bf8b6), TOBN(0x232ea4ba, 0x08c7ff3e), + TOBN(0x9c4f9d16, 0xf511145d), TOBN(0xccf109a3, 0x33b379c3)}}, + {{TOBN(0xe75e7a88, 0xa1f25897), TOBN(0x7ac6961f, 0xa1b5d4d8), + TOBN(0xe3e10773, 0x08f3ed5c), TOBN(0x208a54ec, 0x0a892dfb)}, + {TOBN(0xbe826e19, 0x78660710), TOBN(0x0cf70a97, 0x237df2c8), + TOBN(0x418a7340, 0xed704da5), TOBN(0xa3eeb9a9, 0x08ca33fd)}}, + {{TOBN(0x49d96233, 0x169bca96), TOBN(0x04d286d4, 0x2da6aafb), + TOBN(0xc09606ec, 0xa0c2fa94), TOBN(0x8869d0d5, 0x23ff0fb3)}, + {TOBN(0xa99937e5, 0xd0150d65), TOBN(0xa92e2503, 0x240c14c9), + TOBN(0x656bf945, 0x108e2d49), TOBN(0x152a733a, 0xa2f59e2b)}}, + {{TOBN(0xb4323d58, 0x8434a920), TOBN(0xc0af8e93, 0x622103c5), + TOBN(0x667518ef, 0x938dbf9a), TOBN(0xa1843073, 0x83a9cdf2)}, + {TOBN(0x350a94aa, 0x5447ab80), TOBN(0xe5e5a325, 0xc75a3d61), + TOBN(0x74ba507f, 0x68411a9e), TOBN(0x10581fc1, 0x594f70c5)}}, + {{TOBN(0x60e28570, 0x80eb24a9), TOBN(0x7bedfb4d, 0x488e0cfd), + TOBN(0x721ebbd7, 0xc259cdb8), TOBN(0x0b0da855, 0xbc6390a9)}, + {TOBN(0x2b4d04db, 0xde314c70), TOBN(0xcdbf1fbc, 0x6c32e846), + TOBN(0x33833eab, 0xb162fc9e), TOBN(0x9939b48b, 0xb0dd3ab7)}}, + {{TOBN(0x5aaa98a7, 0xcb0c9c8c), TOBN(0x75105f30, 0x81c4375c), + TOBN(0xceee5057, 0x5ef1c90f), TOBN(0xb31e065f, 0xc23a17bf)}, + {TOBN(0x5364d275, 0xd4b6d45a), TOBN(0xd363f3ad, 0x62ec8996), + TOBN(0xb5d21239, 0x4391c65b), TOBN(0x84564765, 0xebb41b47)}}, + {{TOBN(0x20d18ecc, 0x37107c78), TOBN(0xacff3b6b, 0x570c2a66), + TOBN(0x22f975d9, 0x9bd0d845), TOBN(0xef0a0c46, 0xba178fa0)}, + {TOBN(0x1a419651, 0x76b6028e), TOBN(0xc49ec674, 0x248612d4), + TOBN(0x5b6ac4f2, 0x7338af55), TOBN(0x06145e62, 0x7bee5a36)}}, + {{TOBN(0x33e95d07, 0xe75746b5), TOBN(0x1c1e1f6d, 0xc40c78be), + TOBN(0x967833ef, 0x222ff8e2), TOBN(0x4bedcf6a, 0xb49180ad)}, + {TOBN(0x6b37e9c1, 0x3d7a4c8a), TOBN(0x2748887c, 0x6ddfe760), + TOBN(0xf7055123, 0xaa3a5bbc), TOBN(0x954ff225, 0x7bbb8e74)}}, + {{TOBN(0xc42b8ab1, 0x97c3dfb9), TOBN(0x55a549b0, 0xcf168154), + TOBN(0xad6748e7, 0xc1b50692), TOBN(0x2775780f, 0x6fc5cbcb)}, + {TOBN(0x4eab80b8, 0xe1c9d7c8), TOBN(0x8c69dae1, 0x3fdbcd56), + TOBN(0x47e6b4fb, 0x9969eace), TOBN(0x002f1085, 0xa705cb5a)}}, + {{TOBN(0x4e23ca44, 0x6d3fea55), TOBN(0xb4ae9c86, 0xf4810568), + TOBN(0x47bfb91b, 0x2a62f27d), TOBN(0x60deb4c9, 0xd9bac28c)}, + {TOBN(0xa892d894, 0x7de6c34c), TOBN(0x4ee68259, 0x4494587d), + TOBN(0x914ee14e, 0x1a3f8a5b), TOBN(0xbb113eaa, 0x28700385)}}, + {{TOBN(0x81ca03b9, 0x2115b4c9), TOBN(0x7c163d38, 0x8908cad1), + TOBN(0xc912a118, 0xaa18179a), TOBN(0xe09ed750, 0x886e3081)}, + {TOBN(0xa676e3fa, 0x26f516ca), TOBN(0x753cacf7, 0x8e732f91), + TOBN(0x51592aea, 0x833da8b4), TOBN(0xc626f42f, 0x4cbea8aa)}}, + {{TOBN(0xef9dc899, 0xa7b56eaf), TOBN(0x00c0e52c, 0x34ef7316), + TOBN(0x5b1e4e24, 0xfe818a86), TOBN(0x9d31e20d, 0xc538be47)}, + {TOBN(0x22eb932d, 0x3ed68974), TOBN(0xe44bbc08, 0x7c4e87c4), + TOBN(0x4121086e, 0x0dde9aef), TOBN(0x8e6b9cff, 0x134f4345)}}, + {{TOBN(0x96892c1f, 0x711b0eb9), TOBN(0xb905f2c8, 0x780ab954), + TOBN(0xace26309, 0xa20792db), TOBN(0xec8ac9b3, 0x0684e126)}, + {TOBN(0x486ad8b6, 0xb40a2447), TOBN(0x60121fc1, 0x9fe3fb24), + TOBN(0x5626fccf, 0x1a8e3b3f), TOBN(0x4e568622, 0x6ad1f394)}}, + {{TOBN(0xda7aae0d, 0x196aa5a1), TOBN(0xe0df8c77, 0x1041b5fb), + TOBN(0x451465d9, 0x26b318b7), TOBN(0xc29b6e55, 0x7ab136e9)}, + {TOBN(0x2c2ab48b, 0x71148463), TOBN(0xb5738de3, 0x64454a76), + TOBN(0x54ccf9a0, 0x5a03abe4), TOBN(0x377c0296, 0x0427d58e)}}, + {{TOBN(0x73f5f0b9, 0x2bb39c1f), TOBN(0x14373f2c, 0xe608d8c5), + TOBN(0xdcbfd314, 0x00fbb805), TOBN(0xdf18fb20, 0x83afdcfb)}, + {TOBN(0x81a57f42, 0x42b3523f), TOBN(0xe958532d, 0x87f650fb), + TOBN(0xaa8dc8b6, 0x8b0a7d7c), TOBN(0x1b75dfb7, 0x150166be)}}, + {{TOBN(0x90e4f7c9, 0x2d7d1413), TOBN(0x67e2d6b5, 0x9834f597), + TOBN(0x4fd4f4f9, 0xa808c3e8), TOBN(0xaf8237e0, 0xd5281ec1)}, + {TOBN(0x25ab5fdc, 0x84687cee), TOBN(0xc5ded6b1, 0xa5b26c09), + TOBN(0x8e4a5aec, 0xc8ea7650), TOBN(0x23b73e5c, 0x14cc417f)}}, + {{TOBN(0x2bfb4318, 0x3037bf52), TOBN(0xb61e6db5, 0x78c725d7), + TOBN(0x8efd4060, 0xbbb3e5d7), TOBN(0x2e014701, 0xdbac488e)}, + {TOBN(0xac75cf9a, 0x360aa449), TOBN(0xb70cfd05, 0x79634d08), + TOBN(0xa591536d, 0xfffb15ef), TOBN(0xb2c37582, 0xd07c106c)}}, + {{TOBN(0xb4293fdc, 0xf50225f9), TOBN(0xc52e175c, 0xb0e12b03), + TOBN(0xf649c3ba, 0xd0a8bf64), TOBN(0x745a8fef, 0xeb8ae3c6)}, + {TOBN(0x30d7e5a3, 0x58321bc3), TOBN(0xb1732be7, 0x0bc4df48), + TOBN(0x1f217993, 0xe9ea5058), TOBN(0xf7a71cde, 0x3e4fd745)}}, + {{TOBN(0x86cc533e, 0x894c5bbb), TOBN(0x6915c7d9, 0x69d83082), + TOBN(0xa6aa2d05, 0x5815c244), TOBN(0xaeeee592, 0x49b22ce5)}, + {TOBN(0x89e39d13, 0x78135486), TOBN(0x3a275c1f, 0x16b76f2f), + TOBN(0xdb6bcc1b, 0xe036e8f5), TOBN(0x4df69b21, 0x5e4709f5)}}, + {{TOBN(0xa188b250, 0x2d0f39aa), TOBN(0x622118bb, 0x15a85947), + TOBN(0x2ebf520f, 0xfde0f4fa), TOBN(0xa40e9f29, 0x4860e539)}, + {TOBN(0x7b6a51eb, 0x22b57f0f), TOBN(0x849a33b9, 0x7e80644a), + TOBN(0x50e5d16f, 0x1cf095fe), TOBN(0xd754b54e, 0xec55f002)}}, + {{TOBN(0x5cfbbb22, 0x236f4a98), TOBN(0x0b0c59e9, 0x066800bb), + TOBN(0x4ac69a8f, 0x5a9a7774), TOBN(0x2b33f804, 0xd6bec948)}, + {TOBN(0xb3729295, 0x32e6c466), TOBN(0x68956d0f, 0x4e599c73), + TOBN(0xa47a249f, 0x155c31cc), TOBN(0x24d80f0d, 0xe1ce284e)}}, + {{TOBN(0xcd821dfb, 0x988baf01), TOBN(0xe6331a7d, 0xdbb16647), + TOBN(0x1eb8ad33, 0x094cb960), TOBN(0x593cca38, 0xc91bbca5)}, + {TOBN(0x384aac8d, 0x26567456), TOBN(0x40fa0309, 0xc04b6490), + TOBN(0x97834cd6, 0xdab6c8f6), TOBN(0x68a7318d, 0x3f91e55f)}}, + {{TOBN(0xa00fd04e, 0xfc4d3157), TOBN(0xb56f8ab2, 0x2bf3bdea), + TOBN(0x014f5648, 0x4fa57172), TOBN(0x948c5860, 0x450abdb3)}, + {TOBN(0x342b5df0, 0x0ebd4f08), TOBN(0x3e5168cd, 0x0e82938e), + TOBN(0x7aedc1ce, 0xb0df5dd0), TOBN(0x6bbbc6d9, 0xe5732516)}}, + {{TOBN(0xc7bfd486, 0x605daaa6), TOBN(0x46fd72b7, 0xbb9a6c9e), + TOBN(0xe4847fb1, 0xa124fb89), TOBN(0x75959cbd, 0xa2d8ffbc)}, + {TOBN(0x42579f65, 0xc8a588ee), TOBN(0x368c92e6, 0xb80b499d), + TOBN(0xea4ef6cd, 0x999a5df1), TOBN(0xaa73bb7f, 0x936fe604)}}, + {{TOBN(0xf347a70d, 0x6457d188), TOBN(0x86eda86b, 0x8b7a388b), + TOBN(0xb7cdff06, 0x0ccd6013), TOBN(0xbeb1b6c7, 0xd0053fb2)}, + {TOBN(0x0b022387, 0x99240a9f), TOBN(0x1bbb384f, 0x776189b2), + TOBN(0x8695e71e, 0x9066193a), TOBN(0x2eb50097, 0x06ffac7e)}}, + {{TOBN(0x0654a9c0, 0x4a7d2caa), TOBN(0x6f3fb3d1, 0xa5aaa290), + TOBN(0x835db041, 0xff476e8f), TOBN(0x540b8b0b, 0xc42295e4)}, + {TOBN(0xa5c73ac9, 0x05e214f5), TOBN(0x9a74075a, 0x56a0b638), + TOBN(0x2e4b1090, 0xce9e680b), TOBN(0x57a5b479, 0x6b8d9afa)}}, + {{TOBN(0x0dca48e7, 0x26bfe65c), TOBN(0x097e391c, 0x7290c307), + TOBN(0x683c462e, 0x6669e72e), TOBN(0xf505be1e, 0x062559ac)}, + {TOBN(0x5fbe3ea1, 0xe3a3035a), TOBN(0x6431ebf6, 0x9cd50da8), + TOBN(0xfd169d5c, 0x1f6407f2), TOBN(0x8d838a95, 0x60fce6b8)}}, + {{TOBN(0x2a2bfa7f, 0x650006f0), TOBN(0xdfd7dad3, 0x50c0fbb2), + TOBN(0x92452495, 0xccf9ad96), TOBN(0x183bf494, 0xd95635f9)}, + {TOBN(0x02d5df43, 0x4a7bd989), TOBN(0x505385cc, 0xa5431095), + TOBN(0xdd98e67d, 0xfd43f53e), TOBN(0xd61e1a6c, 0x500c34a9)}}, + {{TOBN(0x5a4b46c6, 0x4a8a3d62), TOBN(0x8469c4d0, 0x247743d2), + TOBN(0x2bb3a13d, 0x88f7e433), TOBN(0x62b23a10, 0x01be5849)}, + {TOBN(0xe83596b4, 0xa63d1a4c), TOBN(0x454e7fea, 0x7d183f3e), + TOBN(0x643fce61, 0x17afb01c), TOBN(0x4e65e5e6, 0x1c4c3638)}}, + {{TOBN(0x41d85ea1, 0xef74c45b), TOBN(0x2cfbfa66, 0xae328506), + TOBN(0x98b078f5, 0x3ada7da9), TOBN(0xd985fe37, 0xec752fbb)}, + {TOBN(0xeece68fe, 0x5a0148b4), TOBN(0x6f9a55c7, 0x2d78136d), + TOBN(0x232dccc4, 0xd2b729ce), TOBN(0xa27e0dfd, 0x90aafbc4)}}, + {{TOBN(0x96474452, 0x12b4603e), TOBN(0xa876c551, 0x6b706d14), + TOBN(0xdf145fcf, 0x69a9d412), TOBN(0xe2ab75b7, 0x2d479c34)}, + {TOBN(0x12df9a76, 0x1a23ff97), TOBN(0xc6138992, 0x5d359d10), + TOBN(0x6e51c7ae, 0xfa835f22), TOBN(0x69a79cb1, 0xc0fcc4d9)}}, + {{TOBN(0xf57f350d, 0x594cc7e1), TOBN(0x3079ca63, 0x3350ab79), + TOBN(0x226fb614, 0x9aff594a), TOBN(0x35afec02, 0x6d59a62b)}, + {TOBN(0x9bee46f4, 0x06ed2c6e), TOBN(0x58da1735, 0x7d939a57), + TOBN(0x44c50402, 0x8fd1797e), TOBN(0xd8853e7c, 0x5ccea6ca)}}, + {{TOBN(0x4065508d, 0xa35fcd5f), TOBN(0x8965df8c, 0x495ccaeb), + TOBN(0x0f2da850, 0x12e1a962), TOBN(0xee471b94, 0xc1cf1cc4)}, + {TOBN(0xcef19bc8, 0x0a08fb75), TOBN(0x704958f5, 0x81de3591), + TOBN(0x2867f8b2, 0x3aef4f88), TOBN(0x8d749384, 0xea9f9a5f)}}, + {{TOBN(0x1b385537, 0x8c9049f4), TOBN(0x5be948f3, 0x7b92d8b6), + TOBN(0xd96f725d, 0xb6e2bd6b), TOBN(0x37a222bc, 0x958c454d)}, + {TOBN(0xe7c61abb, 0x8809bf61), TOBN(0x46f07fbc, 0x1346f18d), + TOBN(0xfb567a7a, 0xe87c0d1c), TOBN(0x84a461c8, 0x7ef3d07a)}}, + {{TOBN(0x0a5adce6, 0xd9278d98), TOBN(0x24d94813, 0x9dfc73e1), + TOBN(0x4f3528b6, 0x054321c3), TOBN(0x2e03fdde, 0x692ea706)}, + {TOBN(0x10e60619, 0x47b533c0), TOBN(0x1a8bc73f, 0x2ca3c055), + TOBN(0xae58d4b2, 0x1bb62b8f), TOBN(0xb2045a73, 0x584a24e3)}}, + {{TOBN(0x3ab3d5af, 0xbd76e195), TOBN(0x478dd1ad, 0x6938a810), + TOBN(0x6ffab393, 0x6ee3d5cb), TOBN(0xdfb693db, 0x22b361e4)}, + {TOBN(0xf9694496, 0x51dbf1a7), TOBN(0xcab4b4ef, 0x08a2e762), + TOBN(0xe8c92f25, 0xd39bba9a), TOBN(0x850e61bc, 0xf1464d96)}}, + {{TOBN(0xb7e830e3, 0xdc09508b), TOBN(0xfaf6d2cf, 0x74317655), + TOBN(0x72606ceb, 0xdf690355), TOBN(0x48bb92b3, 0xd0c3ded6)}, + {TOBN(0x65b75484, 0x5c7cf892), TOBN(0xf6cd7ac9, 0xd5d5f01f), + TOBN(0xc2c30a59, 0x96401d69), TOBN(0x91268650, 0xed921878)}}, + {{TOBN(0x380bf913, 0xb78c558f), TOBN(0x43c0baeb, 0xc8afdaa9), + TOBN(0x377f61d5, 0x54f169d3), TOBN(0xf8da07e3, 0xae5ff20b)}, + {TOBN(0xb676c49d, 0xa8a90ea8), TOBN(0x81c1ff2b, 0x83a29b21), + TOBN(0x383297ac, 0x2ad8d276), TOBN(0x3001122f, 0xba89f982)}}, + {{TOBN(0xe1d794be, 0x6718e448), TOBN(0x246c1482, 0x7c3e6e13), + TOBN(0x56646ef8, 0x5d26b5ef), TOBN(0x80f5091e, 0x88069cdd)}, + {TOBN(0xc5992e2f, 0x724bdd38), TOBN(0x02e915b4, 0x8471e8c7), + TOBN(0x96ff320a, 0x0d0ff2a9), TOBN(0xbf886487, 0x4384d1a0)}}, + {{TOBN(0xbbe1e6a6, 0xc93f72d6), TOBN(0xd5f75d12, 0xcad800ea), + TOBN(0xfa40a09f, 0xe7acf117), TOBN(0x32c8cdd5, 0x7581a355)}, + {TOBN(0x74221992, 0x7023c499), TOBN(0xa8afe5d7, 0x38ec3901), + TOBN(0x5691afcb, 0xa90e83f0), TOBN(0x41bcaa03, 0x0b8f8eac)}}, + {{TOBN(0xe38b5ff9, 0x8d2668d5), TOBN(0x0715281a, 0x7ad81965), + TOBN(0x1bc8fc7c, 0x03c6ce11), TOBN(0xcbbee6e2, 0x8b650436)}, + {TOBN(0x06b00fe8, 0x0cdb9808), TOBN(0x17d6e066, 0xfe3ed315), + TOBN(0x2e9d38c6, 0x4d0b5018), TOBN(0xab8bfd56, 0x844dcaef)}}, + {{TOBN(0x42894a59, 0x513aed8b), TOBN(0xf77f3b6d, 0x314bd07a), + TOBN(0xbbdecb8f, 0x8e42b582), TOBN(0xf10e2fa8, 0xd2390fe6)}, + {TOBN(0xefb95022, 0x62a2f201), TOBN(0x4d59ea50, 0x50ee32b0), + TOBN(0xd87f7728, 0x6da789a8), TOBN(0xcf98a2cf, 0xf79492c4)}}, + {{TOBN(0xf9577239, 0x720943c2), TOBN(0xba044cf5, 0x3990b9d0), + TOBN(0x5aa8e823, 0x95f2884a), TOBN(0x834de6ed, 0x0278a0af)}, + {TOBN(0xc8e1ee9a, 0x5f25bd12), TOBN(0x9259ceaa, 0x6f7ab271), + TOBN(0x7e6d97a2, 0x77d00b76), TOBN(0x5c0c6eea, 0xa437832a)}}, + {{TOBN(0x5232c20f, 0x5606b81d), TOBN(0xabd7b375, 0x0d991ee5), + TOBN(0x4d2bfe35, 0x8632d951), TOBN(0x78f85146, 0x98ed9364)}, + {TOBN(0x951873f0, 0xf30c3282), TOBN(0x0da8ac80, 0xa789230b), + TOBN(0x3ac7789c, 0x5398967f), TOBN(0xa69b8f7f, 0xbdda0fb5)}}, + {{TOBN(0xe5db7717, 0x6add8545), TOBN(0x1b71cb66, 0x72c49b66), + TOBN(0xd8560739, 0x68421d77), TOBN(0x03840fe8, 0x83e3afea)}, + {TOBN(0xb391dad5, 0x1ec69977), TOBN(0xae243fb9, 0x307f6726), + TOBN(0xc88ac87b, 0xe8ca160c), TOBN(0x5174cced, 0x4ce355f4)}}, + {{TOBN(0x98a35966, 0xe58ba37d), TOBN(0xfdcc8da2, 0x7817335d), + TOBN(0x5b752830, 0x83fbc7bf), TOBN(0x68e419d4, 0xd9c96984)}, + {TOBN(0x409a39f4, 0x02a40380), TOBN(0x88940faf, 0x1fe977bc), + TOBN(0xc640a94b, 0x8f8edea6), TOBN(0x1e22cd17, 0xed11547d)}}, + {{TOBN(0xe28568ce, 0x59ffc3e2), TOBN(0x60aa1b55, 0xc1dee4e7), + TOBN(0xc67497c8, 0x837cb363), TOBN(0x06fb438a, 0x105a2bf2)}, + {TOBN(0x30357ec4, 0x500d8e20), TOBN(0x1ad9095d, 0x0670db10), + TOBN(0x7f589a05, 0xc73b7cfd), TOBN(0xf544607d, 0x880d6d28)}}, + {{TOBN(0x17ba93b1, 0xa20ef103), TOBN(0xad859130, 0x6ba6577b), + TOBN(0x65c91cf6, 0x6fa214a0), TOBN(0xd7d49c6c, 0x27990da5)}, + {TOBN(0xecd9ec8d, 0x20bb569d), TOBN(0xbd4b2502, 0xeeffbc33), + TOBN(0x2056ca5a, 0x6bed0467), TOBN(0x7916a1f7, 0x5b63728c)}}, + {{TOBN(0xd4f9497d, 0x53a4f566), TOBN(0x89734664, 0x97b56810), + TOBN(0xf8e1da74, 0x0494a621), TOBN(0x82546a93, 0x8d011c68)}, + {TOBN(0x1f3acb19, 0xc61ac162), TOBN(0x52f8fa9c, 0xabad0d3e), + TOBN(0x15356523, 0xb4b7ea43), TOBN(0x5a16ad61, 0xae608125)}}, + {{TOBN(0xb0bcb87f, 0x4faed184), TOBN(0x5f236b1d, 0x5029f45f), + TOBN(0xd42c7607, 0x0bc6b1fc), TOBN(0xc644324e, 0x68aefce3)}, + {TOBN(0x8e191d59, 0x5c5d8446), TOBN(0xc0208077, 0x13ae1979), + TOBN(0xadcaee55, 0x3ba59cc7), TOBN(0x20ed6d6b, 0xa2cb81ba)}}, + {{TOBN(0x0952ba19, 0xb6efcffc), TOBN(0x60f12d68, 0x97c0b87c), + TOBN(0x4ee2c7c4, 0x9caa30bc), TOBN(0x767238b7, 0x97fbff4e)}, + {TOBN(0xebc73921, 0x501b5d92), TOBN(0x3279e3df, 0xc2a37737), + TOBN(0x9fc12bc8, 0x6d197543), TOBN(0xfa94dc6f, 0x0a40db4e)}}, + {{TOBN(0x7392b41a, 0x530ccbbd), TOBN(0x87c82146, 0xea823525), + TOBN(0xa52f984c, 0x05d98d0c), TOBN(0x2ae57d73, 0x5ef6974c)}, + {TOBN(0x9377f7bf, 0x3042a6dd), TOBN(0xb1a007c0, 0x19647a64), + TOBN(0xfaa9079a, 0x0cca9767), TOBN(0x3d81a25b, 0xf68f72d5)}}, + {{TOBN(0x752067f8, 0xff81578e), TOBN(0x78622150, 0x9045447d), + TOBN(0xc0c22fcf, 0x0505aa6f), TOBN(0x1030f0a6, 0x6bed1c77)}, + {TOBN(0x31f29f15, 0x1f0bd739), TOBN(0x2d7989c7, 0xe6debe85), + TOBN(0x5c070e72, 0x8e677e98), TOBN(0x0a817bd3, 0x06e81fd5)}}, + {{TOBN(0xc110d830, 0xb0f2ac95), TOBN(0x48d0995a, 0xab20e64e), + TOBN(0x0f3e00e1, 0x7729cd9a), TOBN(0x2a570c20, 0xdd556946)}, + {TOBN(0x912dbcfd, 0x4e86214d), TOBN(0x2d014ee2, 0xcf615498), + TOBN(0x55e2b1e6, 0x3530d76e), TOBN(0xc5135ae4, 0xfd0fd6d1)}}, + {{TOBN(0x0066273a, 0xd4f3049f), TOBN(0xbb8e9893, 0xe7087477), + TOBN(0x2dba1ddb, 0x14c6e5fd), TOBN(0xdba37886, 0x51f57e6c)}, + {TOBN(0x5aaee0a6, 0x5a72f2cf), TOBN(0x1208bfbf, 0x7bea5642), + TOBN(0xf5c6aa3b, 0x67872c37), TOBN(0xd726e083, 0x43f93224)}}, + {{TOBN(0x1854daa5, 0x061f1658), TOBN(0xc0016df1, 0xdf0cd2b3), + TOBN(0xc2a3f23e, 0x833d50de), TOBN(0x73b681d2, 0xbbbd3017)}, + {TOBN(0x2f046dc4, 0x3ac343c0), TOBN(0x9c847e7d, 0x85716421), + TOBN(0xe1e13c91, 0x0917eed4), TOBN(0x3fc9eebd, 0x63a1b9c6)}}, + {{TOBN(0x0f816a72, 0x7fe02299), TOBN(0x6335ccc2, 0x294f3319), + TOBN(0x3820179f, 0x4745c5be), TOBN(0xe647b782, 0x922f066e)}, + {TOBN(0xc22e49de, 0x02cafb8a), TOBN(0x299bc2ff, 0xfcc2eccc), + TOBN(0x9a8feea2, 0x6e0e8282), TOBN(0xa627278b, 0xfe893205)}}, + {{TOBN(0xa7e19733, 0x7933e47b), TOBN(0xf4ff6b13, 0x2e766402), + TOBN(0xa4d8be0a, 0x98440d9f), TOBN(0x658f5c2f, 0x38938808)}, + {TOBN(0x90b75677, 0xc95b3b3e), TOBN(0xfa044269, 0x3137b6ff), + TOBN(0x077b039b, 0x43c47c29), TOBN(0xcca95dd3, 0x8a6445b2)}}, + {{TOBN(0x0b498ba4, 0x2333fc4c), TOBN(0x274f8e68, 0xf736a1b1), + TOBN(0x6ca348fd, 0x5f1d4b2e), TOBN(0x24d3be78, 0xa8f10199)}, + {TOBN(0x8535f858, 0xca14f530), TOBN(0xa6e7f163, 0x5b982e51), + TOBN(0x847c8512, 0x36e1bf62), TOBN(0xf6a7c58e, 0x03448418)}}, + {{TOBN(0x583f3703, 0xf9374ab6), TOBN(0x864f9195, 0x6e564145), + TOBN(0x33bc3f48, 0x22526d50), TOBN(0x9f323c80, 0x1262a496)}, + {TOBN(0xaa97a7ae, 0x3f046a9a), TOBN(0x70da183e, 0xdf8a039a), + TOBN(0x5b68f71c, 0x52aa0ba6), TOBN(0x9be0fe51, 0x21459c2d)}}, + {{TOBN(0xc1e17eb6, 0xcbc613e5), TOBN(0x33131d55, 0x497ea61c), + TOBN(0x2f69d39e, 0xaf7eded5), TOBN(0x73c2f434, 0xde6af11b)}, + {TOBN(0x4ca52493, 0xa4a375fa), TOBN(0x5f06787c, 0xb833c5c2), + TOBN(0x814e091f, 0x3e6e71cf), TOBN(0x76451f57, 0x8b746666)}}}, + {{{TOBN(0x80f9bdef, 0x694db7e0), TOBN(0xedca8787, 0xb9fcddc6), + TOBN(0x51981c34, 0x03b8dce1), TOBN(0x4274dcf1, 0x70e10ba1)}, + {TOBN(0xf72743b8, 0x6def6d1a), TOBN(0xd25b1670, 0xebdb1866), + TOBN(0xc4491e8c, 0x050c6f58), TOBN(0x2be2b2ab, 0x87fbd7f5)}}, + {{TOBN(0x3e0e5c9d, 0xd111f8ec), TOBN(0xbcc33f8d, 0xb7c4e760), + TOBN(0x702f9a91, 0xbd392a51), TOBN(0x7da4a795, 0xc132e92d)}, + {TOBN(0x1a0b0ae3, 0x0bb1151b), TOBN(0x54febac8, 0x02e32251), + TOBN(0xea3a5082, 0x694e9e78), TOBN(0xe58ffec1, 0xe4fe40b8)}}, + {{TOBN(0xf85592fc, 0xd1e0cf9e), TOBN(0xdea75f0d, 0xc0e7b2e8), + TOBN(0xc04215cf, 0xc135584e), TOBN(0x174fc727, 0x2f57092a)}, + {TOBN(0xe7277877, 0xeb930bea), TOBN(0x504caccb, 0x5eb02a5a), + TOBN(0xf9fe08f7, 0xf5241b9b), TOBN(0xe7fb62f4, 0x8d5ca954)}}, + {{TOBN(0xfbb8349d, 0x29c4120b), TOBN(0x9f94391f, 0xc0d0d915), + TOBN(0xc4074fa7, 0x5410ba51), TOBN(0xa66adbf6, 0x150a5911)}, + {TOBN(0xc164543c, 0x34bfca38), TOBN(0xe0f27560, 0xb9e1ccfc), + TOBN(0x99da0f53, 0xe820219c), TOBN(0xe8234498, 0xc6b4997a)}}, + {{TOBN(0xcfb88b76, 0x9d4c5423), TOBN(0x9e56eb10, 0xb0521c49), + TOBN(0x418e0b5e, 0xbe8700a1), TOBN(0x00cbaad6, 0xf93cb58a)}, + {TOBN(0xe923fbde, 0xd92a5e67), TOBN(0xca4979ac, 0x1f347f11), + TOBN(0x89162d85, 0x6bc0585b), TOBN(0xdd6254af, 0xac3c70e3)}}, + {{TOBN(0x7b23c513, 0x516e19e4), TOBN(0x56e2e847, 0xc5c4d593), + TOBN(0x9f727d73, 0x5ce71ef6), TOBN(0x5b6304a6, 0xf79a44c5)}, + {TOBN(0x6638a736, 0x3ab7e433), TOBN(0x1adea470, 0xfe742f83), + TOBN(0xe054b854, 0x5b7fc19f), TOBN(0xf935381a, 0xba1d0698)}}, + {{TOBN(0x546eab2d, 0x799e9a74), TOBN(0x96239e0e, 0xa949f729), + TOBN(0xca274c6b, 0x7090055a), TOBN(0x835142c3, 0x9020c9b0)}, + {TOBN(0xa405667a, 0xa2e8807f), TOBN(0x29f2c085, 0x1aa3d39e), + TOBN(0xcc555d64, 0x42fc72f5), TOBN(0xe856e0e7, 0xfbeacb3c)}}, + {{TOBN(0xb5504f9d, 0x918e4936), TOBN(0x65035ef6, 0xb2513982), + TOBN(0x0553a0c2, 0x6f4d9cb9), TOBN(0x6cb10d56, 0xbea85509)}, + {TOBN(0x48d957b7, 0xa242da11), TOBN(0x16a4d3dd, 0x672b7268), + TOBN(0x3d7e637c, 0x8502a96b), TOBN(0x27c7032b, 0x730d463b)}}, + {{TOBN(0xbdc02b18, 0xe4136a14), TOBN(0xbacf969d, 0x678e32bf), + TOBN(0xc98d89a3, 0xdd9c3c03), TOBN(0x7b92420a, 0x23becc4f)}, + {TOBN(0xd4b41f78, 0xc64d565c), TOBN(0x9f969d00, 0x10f28295), + TOBN(0xec7f7f76, 0xb13d051a), TOBN(0x08945e1e, 0xa92da585)}}, + {{TOBN(0x55366b7d, 0x5846426f), TOBN(0xe7d09e89, 0x247d441d), + TOBN(0x510b404d, 0x736fbf48), TOBN(0x7fa003d0, 0xe784bd7d)}, + {TOBN(0x25f7614f, 0x17fd9596), TOBN(0x49e0e0a1, 0x35cb98db), + TOBN(0x2c65957b, 0x2e83a76a), TOBN(0x5d40da8d, 0xcddbe0f8)}}, + {{TOBN(0xf2b8c405, 0x050bad24), TOBN(0x8918426d, 0xc2aa4823), + TOBN(0x2aeab3dd, 0xa38365a7), TOBN(0x72031717, 0x7c91b690)}, + {TOBN(0x8b00d699, 0x60a94120), TOBN(0x478a255d, 0xe99eaeec), + TOBN(0xbf656a5f, 0x6f60aafd), TOBN(0xdfd7cb75, 0x5dee77b3)}}, + {{TOBN(0x37f68bb4, 0xa595939d), TOBN(0x03556479, 0x28740217), + TOBN(0x8e740e7c, 0x84ad7612), TOBN(0xd89bc843, 0x9044695f)}, + {TOBN(0xf7f3da5d, 0x85a9184d), TOBN(0x562563bb, 0x9fc0b074), + TOBN(0x06d2e6aa, 0xf88a888e), TOBN(0x612d8643, 0x161fbe7c)}}, + {{TOBN(0x465edba7, 0xf64085e7), TOBN(0xb230f304, 0x29aa8511), + TOBN(0x53388426, 0xcda2d188), TOBN(0x90885735, 0x4b666649)}, + {TOBN(0x6f02ff9a, 0x652f54f6), TOBN(0x65c82294, 0x5fae2bf0), + TOBN(0x7816ade0, 0x62f5eee3), TOBN(0xdcdbdf43, 0xfcc56d70)}}, + {{TOBN(0x9fb3bba3, 0x54530bb2), TOBN(0xbde3ef77, 0xcb0869ea), + TOBN(0x89bc9046, 0x0b431163), TOBN(0x4d03d7d2, 0xe4819a35)}, + {TOBN(0x33ae4f9e, 0x43b6a782), TOBN(0x216db307, 0x9c88a686), + TOBN(0x91dd88e0, 0x00ffedd9), TOBN(0xb280da9f, 0x12bd4840)}}, + {{TOBN(0x32a7cb8a, 0x1635e741), TOBN(0xfe14008a, 0x78be02a7), + TOBN(0x3fafb334, 0x1b7ae030), TOBN(0x7fd508e7, 0x5add0ce9)}, + {TOBN(0x72c83219, 0xd607ad51), TOBN(0x0f229c0a, 0x8d40964a), + TOBN(0x1be2c336, 0x1c878da2), TOBN(0xe0c96742, 0xeab2ab86)}}, + {{TOBN(0x458f8691, 0x3e538cd7), TOBN(0xa7001f6c, 0x8e08ad53), + TOBN(0x52b8c6e6, 0xbf5d15ff), TOBN(0x548234a4, 0x011215dd)}, + {TOBN(0xff5a9d2d, 0x3d5b4045), TOBN(0xb0ffeeb6, 0x4a904190), + TOBN(0x55a3aca4, 0x48607f8b), TOBN(0x8cbd665c, 0x30a0672a)}}, + {{TOBN(0x87f834e0, 0x42583068), TOBN(0x02da2aeb, 0xf3f6e683), + TOBN(0x6b763e5d, 0x05c12248), TOBN(0x7230378f, 0x65a8aefc)}, + {TOBN(0x93bd80b5, 0x71e8e5ca), TOBN(0x53ab041c, 0xb3b62524), + TOBN(0x1b860513, 0x6c9c552e), TOBN(0xe84d402c, 0xd5524e66)}}, + {{TOBN(0xa37f3573, 0xf37f5937), TOBN(0xeb0f6c7d, 0xd1e4fca5), + TOBN(0x2965a554, 0xac8ab0fc), TOBN(0x17fbf56c, 0x274676ac)}, + {TOBN(0x2e2f6bd9, 0xacf7d720), TOBN(0x41fc8f88, 0x10224766), + TOBN(0x517a14b3, 0x85d53bef), TOBN(0xdae327a5, 0x7d76a7d1)}}, + {{TOBN(0x6ad0a065, 0xc4818267), TOBN(0x33aa189b, 0x37c1bbc1), + TOBN(0x64970b52, 0x27392a92), TOBN(0x21699a1c, 0x2d1535ea)}, + {TOBN(0xcd20779c, 0xc2d7a7fd), TOBN(0xe3186059, 0x99c83cf2), + TOBN(0x9b69440b, 0x72c0b8c7), TOBN(0xa81497d7, 0x7b9e0e4d)}}, + {{TOBN(0x515d5c89, 0x1f5f82dc), TOBN(0x9a7f67d7, 0x6361079e), + TOBN(0xa8da81e3, 0x11a35330), TOBN(0xe44990c4, 0x4b18be1b)}, + {TOBN(0xc7d5ed95, 0xaf103e59), TOBN(0xece8aba7, 0x8dac9261), + TOBN(0xbe82b099, 0x9394b8d3), TOBN(0x6830f09a, 0x16adfe83)}}, + {{TOBN(0x250a29b4, 0x88172d01), TOBN(0x8b20bd65, 0xcaff9e02), + TOBN(0xb8a7661e, 0xe8a6329a), TOBN(0x4520304d, 0xd3fce920)}, + {TOBN(0xae45da1f, 0x2b47f7ef), TOBN(0xe07f5288, 0x5bffc540), + TOBN(0xf7997009, 0x3464f874), TOBN(0x2244c2cd, 0xa6fa1f38)}}, + {{TOBN(0x43c41ac1, 0x94d7d9b1), TOBN(0x5bafdd82, 0xc82e7f17), + TOBN(0xdf0614c1, 0x5fda0fca), TOBN(0x74b043a7, 0xa8ae37ad)}, + {TOBN(0x3ba6afa1, 0x9e71734c), TOBN(0x15d5437e, 0x9c450f2e), + TOBN(0x4a5883fe, 0x67e242b1), TOBN(0x5143bdc2, 0x2c1953c2)}}, + {{TOBN(0x542b8b53, 0xfc5e8920), TOBN(0x363bf9a8, 0x9a9cee08), + TOBN(0x02375f10, 0xc3486e08), TOBN(0x2037543b, 0x8c5e70d2)}, + {TOBN(0x7109bccc, 0x625640b4), TOBN(0xcbc1051e, 0x8bc62c3b), + TOBN(0xf8455fed, 0x803f26ea), TOBN(0x6badceab, 0xeb372424)}}, + {{TOBN(0xa2a9ce7c, 0x6b53f5f9), TOBN(0x64246595, 0x1b176d99), + TOBN(0xb1298d36, 0xb95c081b), TOBN(0x53505bb8, 0x1d9a9ee6)}, + {TOBN(0x3f6f9e61, 0xf2ba70b0), TOBN(0xd07e16c9, 0x8afad453), + TOBN(0x9f1694bb, 0xe7eb4a6a), TOBN(0xdfebced9, 0x3cb0bc8e)}}, + {{TOBN(0x92d3dcdc, 0x53868c8b), TOBN(0x174311a2, 0x386107a6), + TOBN(0x4109e07c, 0x689b4e64), TOBN(0x30e4587f, 0x2df3dcb6)}, + {TOBN(0x841aea31, 0x0811b3b2), TOBN(0x6144d41d, 0x0cce43ea), + TOBN(0x464c4581, 0x2a9a7803), TOBN(0xd03d371f, 0x3e158930)}}, + {{TOBN(0xc676d7f2, 0xb1f3390b), TOBN(0x9f7a1b8c, 0xa5b61272), + TOBN(0x4ebebfc9, 0xc2e127a9), TOBN(0x4602500c, 0x5dd997bf)}, + {TOBN(0x7f09771c, 0x4711230f), TOBN(0x058eb37c, 0x020f09c1), + TOBN(0xab693d4b, 0xfee5e38b), TOBN(0x9289eb1f, 0x4653cbc0)}}, + {{TOBN(0xbecf46ab, 0xd51b9cf5), TOBN(0xd2aa9c02, 0x9f0121af), + TOBN(0x36aaf7d2, 0xe90dc274), TOBN(0x909e4ea0, 0x48b95a3c)}, + {TOBN(0xe6b70496, 0x6f32dbdb), TOBN(0x672188a0, 0x8b030b3e), + TOBN(0xeeffe5b3, 0xcfb617e2), TOBN(0x87e947de, 0x7c82709e)}}, + {{TOBN(0xa44d2b39, 0x1770f5a7), TOBN(0xe4d4d791, 0x0e44eb82), + TOBN(0x42e69d1e, 0x3f69712a), TOBN(0xbf11c4d6, 0xac6a820e)}, + {TOBN(0xb5e7f3e5, 0x42c4224c), TOBN(0xd6b4e81c, 0x449d941c), + TOBN(0x5d72bd16, 0x5450e878), TOBN(0x6a61e28a, 0xee25ac54)}}, + {{TOBN(0x33272094, 0xe6f1cd95), TOBN(0x7512f30d, 0x0d18673f), + TOBN(0x32f7a4ca, 0x5afc1464), TOBN(0x2f095656, 0x6bbb977b)}, + {TOBN(0x586f47ca, 0xa8226200), TOBN(0x02c868ad, 0x1ac07369), + TOBN(0x4ef2b845, 0xc613acbe), TOBN(0x43d7563e, 0x0386054c)}}, + {{TOBN(0x54da9dc7, 0xab952578), TOBN(0xb5423df2, 0x26e84d0b), + TOBN(0xa8b64eeb, 0x9b872042), TOBN(0xac205782, 0x5990f6df)}, + {TOBN(0x4ff696eb, 0x21f4c77a), TOBN(0x1a79c3e4, 0xaab273af), + TOBN(0x29bc922e, 0x9436b3f1), TOBN(0xff807ef8, 0xd6d9a27a)}}, + {{TOBN(0x82acea3d, 0x778f22a0), TOBN(0xfb10b2e8, 0x5b5e7469), + TOBN(0xc0b16980, 0x2818ee7d), TOBN(0x011afff4, 0xc91c1a2f)}, + {TOBN(0x95a6d126, 0xad124418), TOBN(0x31c081a5, 0xe72e295f), + TOBN(0x36bb283a, 0xf2f4db75), TOBN(0xd115540f, 0x7acef462)}}, + {{TOBN(0xc7f3a8f8, 0x33f6746c), TOBN(0x21e46f65, 0xfea990ca), + TOBN(0x915fd5c5, 0xcaddb0a9), TOBN(0xbd41f016, 0x78614555)}, + {TOBN(0x346f4434, 0x426ffb58), TOBN(0x80559436, 0x14dbc204), + TOBN(0xf3dd20fe, 0x5a969b7f), TOBN(0x9d59e956, 0xe899a39a)}}, + {{TOBN(0xf1b0971c, 0x8ad4cf4b), TOBN(0x03448860, 0x2ffb8fb8), + TOBN(0xf071ac3c, 0x65340ba4), TOBN(0x408d0596, 0xb27fd758)}, + {TOBN(0xe7c78ea4, 0x98c364b0), TOBN(0xa4aac4a5, 0x051e8ab5), + TOBN(0xb9e1d560, 0x485d9002), TOBN(0x9acd518a, 0x88844455)}}, + {{TOBN(0xe4ca688f, 0xd06f56c0), TOBN(0xa48af70d, 0xdf027972), + TOBN(0x691f0f04, 0x5e9a609d), TOBN(0xa9dd82cd, 0xee61270e)}, + {TOBN(0x8903ca63, 0xa0ef18d3), TOBN(0x9fb7ee35, 0x3d6ca3bd), + TOBN(0xa7b4a09c, 0xabf47d03), TOBN(0x4cdada01, 0x1c67de8e)}}, + {{TOBN(0x52003749, 0x9355a244), TOBN(0xe77fd2b6, 0x4f2151a9), + TOBN(0x695d6cf6, 0x66b4efcb), TOBN(0xc5a0cacf, 0xda2cfe25)}, + {TOBN(0x104efe5c, 0xef811865), TOBN(0xf52813e8, 0x9ea5cc3d), + TOBN(0x855683dc, 0x40b58dbc), TOBN(0x0338ecde, 0x175fcb11)}}, + {{TOBN(0xf9a05637, 0x74921592), TOBN(0xb4f1261d, 0xb9bb9d31), + TOBN(0x551429b7, 0x4e9c5459), TOBN(0xbe182e6f, 0x6ea71f53)}, + {TOBN(0xd3a3b07c, 0xdfc50573), TOBN(0x9ba1afda, 0x62be8d44), + TOBN(0x9bcfd2cb, 0x52ab65d3), TOBN(0xdf11d547, 0xa9571802)}}, + {{TOBN(0x099403ee, 0x02a2404a), TOBN(0x497406f4, 0x21088a71), + TOBN(0x99479409, 0x5004ae71), TOBN(0xbdb42078, 0xa812c362)}, + {TOBN(0x2b72a30f, 0xd8828442), TOBN(0x283add27, 0xfcb5ed1c), + TOBN(0xf7c0e200, 0x66a40015), TOBN(0x3e3be641, 0x08b295ef)}}, + {{TOBN(0xac127dc1, 0xe038a675), TOBN(0x729deff3, 0x8c5c6320), + TOBN(0xb7df8fd4, 0xa90d2c53), TOBN(0x9b74b0ec, 0x681e7cd3)}, + {TOBN(0x5cb5a623, 0xdab407e5), TOBN(0xcdbd3615, 0x76b340c6), + TOBN(0xa184415a, 0x7d28392c), TOBN(0xc184c1d8, 0xe96f7830)}}, + {{TOBN(0xc3204f19, 0x81d3a80f), TOBN(0xfde0c841, 0xc8e02432), + TOBN(0x78203b3e, 0x8149e0c1), TOBN(0x5904bdbb, 0x08053a73)}, + {TOBN(0x30fc1dd1, 0x101b6805), TOBN(0x43c223bc, 0x49aa6d49), + TOBN(0x9ed67141, 0x7a174087), TOBN(0x311469a0, 0xd5997008)}}, + {{TOBN(0xb189b684, 0x5e43fc61), TOBN(0xf3282375, 0xe0d3ab57), + TOBN(0x4fa34b67, 0xb1181da8), TOBN(0x621ed0b2, 0x99ee52b8)}, + {TOBN(0x9b178de1, 0xad990676), TOBN(0xd51de67b, 0x56d54065), + TOBN(0x2a2c27c4, 0x7538c201), TOBN(0x33856ec8, 0x38a40f5c)}}, + {{TOBN(0x2522fc15, 0xbe6cdcde), TOBN(0x1e603f33, 0x9f0c6f89), + TOBN(0x7994edc3, 0x103e30a6), TOBN(0x033a00db, 0x220c853e)}, + {TOBN(0xd3cfa409, 0xf7bb7fd7), TOBN(0x70f8781e, 0x462d18f6), + TOBN(0xbbd82980, 0x687fe295), TOBN(0x6eef4c32, 0x595669f3)}}, + {{TOBN(0x86a9303b, 0x2f7e85c3), TOBN(0x5fce4621, 0x71988f9b), + TOBN(0x5b935bf6, 0xc138acb5), TOBN(0x30ea7d67, 0x25661212)}, + {TOBN(0xef1eb5f4, 0xe51ab9a2), TOBN(0x0587c98a, 0xae067c78), + TOBN(0xb3ce1b3c, 0x77ca9ca6), TOBN(0x2a553d4d, 0x54b5f057)}}, + {{TOBN(0xc7898236, 0x4da29ec2), TOBN(0xdbdd5d13, 0xb9c57316), + TOBN(0xc57d6e6b, 0x2cd80d47), TOBN(0x80b460cf, 0xfe9e7391)}, + {TOBN(0x98648cab, 0xf963c31e), TOBN(0x67f9f633, 0xcc4d32fd), + TOBN(0x0af42a9d, 0xfdf7c687), TOBN(0x55f292a3, 0x0b015ea7)}}, + {{TOBN(0x89e468b2, 0xcd21ab3d), TOBN(0xe504f022, 0xc393d392), + TOBN(0xab21e1d4, 0xa5013af9), TOBN(0xe3283f78, 0xc2c28acb)}, + {TOBN(0xf38b35f6, 0x226bf99f), TOBN(0xe8354274, 0x0e291e69), + TOBN(0x61673a15, 0xb20c162d), TOBN(0xc101dc75, 0xb04fbdbe)}}, + {{TOBN(0x8323b4c2, 0x255bd617), TOBN(0x6c969693, 0x6c2a9154), + TOBN(0xc6e65860, 0x62679387), TOBN(0x8e01db0c, 0xb8c88e23)}, + {TOBN(0x33c42873, 0x893a5559), TOBN(0x7630f04b, 0x47a3e149), + TOBN(0xb5d80805, 0xddcf35f8), TOBN(0x582ca080, 0x77dfe732)}}, + {{TOBN(0x2c7156e1, 0x0b1894a0), TOBN(0x92034001, 0xd81c68c0), + TOBN(0xed225d00, 0xc8b115b5), TOBN(0x237f9c22, 0x83b907f2)}, + {TOBN(0x0ea2f32f, 0x4470e2c0), TOBN(0xb725f7c1, 0x58be4e95), + TOBN(0x0f1dcafa, 0xb1ae5463), TOBN(0x59ed5187, 0x1ba2fc04)}}, + {{TOBN(0xf6e0f316, 0xd0115d4d), TOBN(0x5180b12f, 0xd3691599), + TOBN(0x157e32c9, 0x527f0a41), TOBN(0x7b0b081d, 0xa8e0ecc0)}, + {TOBN(0x6dbaaa8a, 0xbf4f0dd0), TOBN(0x99b289c7, 0x4d252696), + TOBN(0x79b7755e, 0xdbf864fe), TOBN(0x6974e2b1, 0x76cad3ab)}}, + {{TOBN(0x35dbbee2, 0x06ddd657), TOBN(0xe7cbdd11, 0x2ff3a96d), + TOBN(0x88381968, 0x076be758), TOBN(0x2d737e72, 0x08c91f5d)}, + {TOBN(0x5f83ab62, 0x86ec3776), TOBN(0x98aa649d, 0x945fa7a1), + TOBN(0xf477ec37, 0x72ef0933), TOBN(0x66f52b1e, 0x098c17b1)}}, + {{TOBN(0x9eec58fb, 0xd803738b), TOBN(0x91aaade7, 0xe4e86aa4), + TOBN(0x6b1ae617, 0xa5b51492), TOBN(0x63272121, 0xbbc45974)}, + {TOBN(0x7e0e28f0, 0x862c5129), TOBN(0x0a8f79a9, 0x3321a4a0), + TOBN(0xe26d1664, 0x5041c88f), TOBN(0x0571b805, 0x53233e3a)}}, + {{TOBN(0xd1b0ccde, 0xc9520711), TOBN(0x55a9e4ed, 0x3c8b84bf), + TOBN(0x9426bd39, 0xa1fef314), TOBN(0x4f5f638e, 0x6eb93f2b)}, + {TOBN(0xba2a1ed3, 0x2bf9341b), TOBN(0xd63c1321, 0x4d42d5a9), + TOBN(0xd2964a89, 0x316dc7c5), TOBN(0xd1759606, 0xca511851)}}, + {{TOBN(0xd8a9201f, 0xf9e6ed35), TOBN(0xb7b5ee45, 0x6736925a), + TOBN(0x0a83fbbc, 0x99581af7), TOBN(0x3076bc40, 0x64eeb051)}, + {TOBN(0x5511c98c, 0x02dec312), TOBN(0x270de898, 0x238dcb78), + TOBN(0x2cf4cf9c, 0x539c08c9), TOBN(0xa70cb65e, 0x38d3b06e)}}, + {{TOBN(0xb12ec10e, 0xcfe57bbd), TOBN(0x82c7b656, 0x35a0c2b5), + TOBN(0xddc7d5cd, 0x161c67bd), TOBN(0xe32e8985, 0xae3a32cc)}, + {TOBN(0x7aba9444, 0xd11a5529), TOBN(0xe964ed02, 0x2427fa1a), + TOBN(0x1528392d, 0x24a1770a), TOBN(0xa152ce2c, 0x12c72fcd)}}, + {{TOBN(0x714553a4, 0x8ec07649), TOBN(0x18b4c290, 0x459dd453), + TOBN(0xea32b714, 0x7b64b110), TOBN(0xb871bfa5, 0x2e6f07a2)}, + {TOBN(0xb67112e5, 0x9e2e3c9b), TOBN(0xfbf250e5, 0x44aa90f6), + TOBN(0xf77aedb8, 0xbd539006), TOBN(0x3b0cdf9a, 0xd172a66f)}}, + {{TOBN(0xedf69fea, 0xf8c51187), TOBN(0x05bb67ec, 0x741e4da7), + TOBN(0x47df0f32, 0x08114345), TOBN(0x56facb07, 0xbb9792b1)}, + {TOBN(0xf3e007e9, 0x8f6229e4), TOBN(0x62d103f4, 0x526fba0f), + TOBN(0x4f33bef7, 0xb0339d79), TOBN(0x9841357b, 0xb59bfec1)}}, + {{TOBN(0xfa8dbb59, 0xc34e6705), TOBN(0xc3c7180b, 0x7fdaa84c), + TOBN(0xf95872fc, 0xa4108537), TOBN(0x8750cc3b, 0x932a3e5a)}, + {TOBN(0xb61cc69d, 0xb7275d7d), TOBN(0xffa0168b, 0x2e59b2e9), + TOBN(0xca032abc, 0x6ecbb493), TOBN(0x1d86dbd3, 0x2c9082d8)}}, + {{TOBN(0xae1e0b67, 0xe28ef5ba), TOBN(0x2c9a4699, 0xcb18e169), + TOBN(0x0ecd0e33, 0x1e6bbd20), TOBN(0x571b360e, 0xaf5e81d2)}, + {TOBN(0xcd9fea58, 0x101c1d45), TOBN(0x6651788e, 0x18880452), + TOBN(0xa9972635, 0x1f8dd446), TOBN(0x44bed022, 0xe37281d0)}}, + {{TOBN(0x094b2b2d, 0x33da525d), TOBN(0xf193678e, 0x13144fd8), + TOBN(0xb8ab5ba4, 0xf4c1061d), TOBN(0x4343b5fa, 0xdccbe0f4)}, + {TOBN(0xa8702371, 0x63812713), TOBN(0x47bf6d2d, 0xf7611d93), + TOBN(0x46729b8c, 0xbd21e1d7), TOBN(0x7484d4e0, 0xd629e77d)}}, + {{TOBN(0x830e6eea, 0x60dbac1f), TOBN(0x23d8c484, 0xda06a2f7), + TOBN(0x896714b0, 0x50ca535b), TOBN(0xdc8d3644, 0xebd97a9b)}, + {TOBN(0x106ef9fa, 0xb12177b4), TOBN(0xf79bf464, 0x534d5d9c), + TOBN(0x2537a349, 0xa6ab360b), TOBN(0xc7c54253, 0xa00c744f)}}, + {{TOBN(0xb3c7a047, 0xe5911a76), TOBN(0x61ffa5c8, 0x647f1ee7), + TOBN(0x15aed36f, 0x8f56ab42), TOBN(0x6a0d41b0, 0xa3ff9ac9)}, + {TOBN(0x68f469f5, 0xcc30d357), TOBN(0xbe9adf81, 0x6b72be96), + TOBN(0x1cd926fe, 0x903ad461), TOBN(0x7e89e38f, 0xcaca441b)}}, + {{TOBN(0xf0f82de5, 0xfacf69d4), TOBN(0x363b7e76, 0x4775344c), + TOBN(0x6894f312, 0xb2e36d04), TOBN(0x3c6cb4fe, 0x11d1c9a5)}, + {TOBN(0x85d9c339, 0x4008e1f2), TOBN(0x5e9a85ea, 0x249f326c), + TOBN(0xdc35c60a, 0x678c5e06), TOBN(0xc08b944f, 0x9f86fba9)}}, + {{TOBN(0xde40c02c, 0x89f71f0f), TOBN(0xad8f3e31, 0xff3da3c0), + TOBN(0x3ea5096b, 0x42125ded), TOBN(0x13879cbf, 0xa7379183)}, + {TOBN(0x6f4714a5, 0x6b306a0b), TOBN(0x359c2ea6, 0x67646c5e), + TOBN(0xfacf8943, 0x07726368), TOBN(0x07a58935, 0x65ff431e)}}, + {{TOBN(0x24d661d1, 0x68754ab0), TOBN(0x801fce1d, 0x6f429a76), + TOBN(0xc068a85f, 0xa58ce769), TOBN(0xedc35c54, 0x5d5eca2b)}, + {TOBN(0xea31276f, 0xa3f660d1), TOBN(0xa0184ebe, 0xb8fc7167), + TOBN(0x0f20f21a, 0x1d8db0ae), TOBN(0xd96d095f, 0x56c35e12)}}, + {{TOBN(0xedf402b5, 0xf8c2a25b), TOBN(0x1bb772b9, 0x059204b6), + TOBN(0x50cbeae2, 0x19b4e34c), TOBN(0x93109d80, 0x3fa0845a)}, + {TOBN(0x54f7ccf7, 0x8ef59fb5), TOBN(0x3b438fe2, 0x88070963), + TOBN(0x9e28c659, 0x31f3ba9b), TOBN(0x9cc31b46, 0xead9da92)}}, + {{TOBN(0x3c2f0ba9, 0xb733aa5f), TOBN(0xdece47cb, 0xf05af235), + TOBN(0xf8e3f715, 0xa2ac82a5), TOBN(0xc97ba641, 0x2203f18a)}, + {TOBN(0xc3af5504, 0x09c11060), TOBN(0x56ea2c05, 0x46af512d), + TOBN(0xfac28daf, 0xf3f28146), TOBN(0x87fab43a, 0x959ef494)}}}, + {{{TOBN(0x09891641, 0xd4c5105f), TOBN(0x1ae80f8e, 0x6d7fbd65), + TOBN(0x9d67225f, 0xbee6bdb0), TOBN(0x3b433b59, 0x7fc4d860)}, + {TOBN(0x44e66db6, 0x93e85638), TOBN(0xf7b59252, 0xe3e9862f), + TOBN(0xdb785157, 0x665c32ec), TOBN(0x702fefd7, 0xae362f50)}}, + {{TOBN(0x3754475d, 0x0fefb0c3), TOBN(0xd48fb56b, 0x46d7c35d), + TOBN(0xa070b633, 0x363798a4), TOBN(0xae89f3d2, 0x8fdb98e6)}, + {TOBN(0x970b89c8, 0x6363d14c), TOBN(0x89817521, 0x67abd27d), + TOBN(0x9bf7d474, 0x44d5a021), TOBN(0xb3083baf, 0xcac72aee)}}, + {{TOBN(0x389741de, 0xbe949a44), TOBN(0x638e9388, 0x546a4fa5), + TOBN(0x3fe6419c, 0xa0047bdc), TOBN(0x7047f648, 0xaaea57ca)}, + {TOBN(0x54e48a90, 0x41fbab17), TOBN(0xda8e0b28, 0x576bdba2), + TOBN(0xe807eebc, 0xc72afddc), TOBN(0x07d3336d, 0xf42577bf)}}, + {{TOBN(0x62a8c244, 0xbfe20925), TOBN(0x91c19ac3, 0x8fdce867), + TOBN(0x5a96a5d5, 0xdd387063), TOBN(0x61d587d4, 0x21d324f6)}, + {TOBN(0xe87673a2, 0xa37173ea), TOBN(0x23848008, 0x53778b65), + TOBN(0x10f8441e, 0x05bab43e), TOBN(0xfa11fe12, 0x4621efbe)}}, + {{TOBN(0x047b772e, 0x81685d7b), TOBN(0x23f27d81, 0xbf34a976), + TOBN(0xc27608e2, 0x915f48ef), TOBN(0x3b0b43fa, 0xa521d5c3)}, + {TOBN(0x7613fb26, 0x63ca7284), TOBN(0x7f5729b4, 0x1d4db837), + TOBN(0x87b14898, 0x583b526b), TOBN(0x00b732a6, 0xbbadd3d1)}}, + {{TOBN(0x8e02f426, 0x2048e396), TOBN(0x436b50b6, 0x383d9de4), + TOBN(0xf78d3481, 0x471e85ad), TOBN(0x8b01ea6a, 0xd005c8d6)}, + {TOBN(0xd3c7afee, 0x97015c07), TOBN(0x46cdf1a9, 0x4e3ba2ae), + TOBN(0x7a42e501, 0x83d3a1d2), TOBN(0xd54b5268, 0xb541dff4)}}, + {{TOBN(0x3f24cf30, 0x4e23e9bc), TOBN(0x4387f816, 0x126e3624), + TOBN(0x26a46a03, 0x3b0b6d61), TOBN(0xaf1bc845, 0x8b2d777c)}, + {TOBN(0x25c401ba, 0x527de79c), TOBN(0x0e1346d4, 0x4261bbb6), + TOBN(0x4b96c44b, 0x287b4bc7), TOBN(0x658493c7, 0x5254562f)}}, + {{TOBN(0x23f949fe, 0xb8a24a20), TOBN(0x17ebfed1, 0xf52ca53f), + TOBN(0x9b691bbe, 0xbcfb4853), TOBN(0x5617ff6b, 0x6278a05d)}, + {TOBN(0x241b34c5, 0xe3c99ebd), TOBN(0xfc64242e, 0x1784156a), + TOBN(0x4206482f, 0x695d67df), TOBN(0xb967ce0e, 0xee27c011)}}, + {{TOBN(0x65db3751, 0x21c80b5d), TOBN(0x2e7a563c, 0xa31ecca0), + TOBN(0xe56ffc4e, 0x5238a07e), TOBN(0x3d6c2966, 0x32ced854)}, + {TOBN(0xe99d7d1a, 0xaf70b885), TOBN(0xafc3bad9, 0x2d686459), + TOBN(0x9c78bf46, 0x0cc8ba5b), TOBN(0x5a439519, 0x18955aa3)}}, + {{TOBN(0xf8b517a8, 0x5fe4e314), TOBN(0xe60234d0, 0xfcb8906f), + TOBN(0xffe542ac, 0xf2061b23), TOBN(0x287e191f, 0x6b4cb59c)}, + {TOBN(0x21857ddc, 0x09d877d8), TOBN(0x1c23478c, 0x14678941), + TOBN(0xbbf0c056, 0xb6e05ea4), TOBN(0x82da4b53, 0xb01594fe)}}, + {{TOBN(0xf7526791, 0xfadb8608), TOBN(0x049e832d, 0x7b74cdf6), + TOBN(0xa43581cc, 0xc2b90a34), TOBN(0x73639eb8, 0x9360b10c)}, + {TOBN(0x4fba331f, 0xe1e4a71b), TOBN(0x6ffd6b93, 0x8072f919), + TOBN(0x6e53271c, 0x65679032), TOBN(0x67206444, 0xf14272ce)}}, + {{TOBN(0xc0f734a3, 0xb2335834), TOBN(0x9526205a, 0x90ef6860), + TOBN(0xcb8be717, 0x04e2bb0d), TOBN(0x2418871e, 0x02f383fa)}, + {TOBN(0xd7177681, 0x4082c157), TOBN(0xcc914ad0, 0x29c20073), + TOBN(0xf186c1eb, 0xe587e728), TOBN(0x6fdb3c22, 0x61bcd5fd)}}, + {{TOBN(0x30d014a6, 0xf2f9f8e9), TOBN(0x963ece23, 0x4fec49d2), + TOBN(0x862025c5, 0x9605a8d9), TOBN(0x39874445, 0x19f8929a)}, + {TOBN(0x01b6ff65, 0x12bf476a), TOBN(0x598a64d8, 0x09cf7d91), + TOBN(0xd7ec7749, 0x93be56ca), TOBN(0x10899785, 0xcbb33615)}}, + {{TOBN(0xb8a092fd, 0x02eee3ad), TOBN(0xa86b3d35, 0x30145270), + TOBN(0x323d98c6, 0x8512b675), TOBN(0x4b8bc785, 0x62ebb40f)}, + {TOBN(0x7d301f54, 0x413f9cde), TOBN(0xa5e4fb4f, 0x2bab5664), + TOBN(0x1d2b252d, 0x1cbfec23), TOBN(0xfcd576bb, 0xe177120d)}}, + {{TOBN(0x04427d3e, 0x83731a34), TOBN(0x2bb9028e, 0xed836e8e), + TOBN(0xb36acff8, 0xb612ca7c), TOBN(0xb88fe5ef, 0xd3d9c73a)}, + {TOBN(0xbe2a6bc6, 0xedea4eb3), TOBN(0x43b93133, 0x488eec77), + TOBN(0xf41ff566, 0xb17106e1), TOBN(0x469e9172, 0x654efa32)}}, + {{TOBN(0xb4480f04, 0x41c23fa3), TOBN(0xb4712eb0, 0xc1989a2e), + TOBN(0x3ccbba0f, 0x93a29ca7), TOBN(0x6e205c14, 0xd619428c)}, + {TOBN(0x90db7957, 0xb3641686), TOBN(0x0432691d, 0x45ac8b4e), + TOBN(0x07a759ac, 0xf64e0350), TOBN(0x0514d89c, 0x9c972517)}}, + {{TOBN(0x1701147f, 0xa8e67fc3), TOBN(0x9e2e0b8b, 0xab2085be), + TOBN(0xd5651824, 0xac284e57), TOBN(0x890d4325, 0x74893664)}, + {TOBN(0x8a7c5e6e, 0xc55e68a3), TOBN(0xbf12e90b, 0x4339c85a), + TOBN(0x31846b85, 0xf922b655), TOBN(0x9a54ce4d, 0x0bf4d700)}}, + {{TOBN(0xd7f4e83a, 0xf1a14295), TOBN(0x916f955c, 0xb285d4f9), + TOBN(0xe57bb0e0, 0x99ffdaba), TOBN(0x28a43034, 0xeab0d152)}, + {TOBN(0x0a36ffa2, 0xb8a9cef8), TOBN(0x5517407e, 0xb9ec051a), + TOBN(0x9c796096, 0xea68e672), TOBN(0x853db5fb, 0xfb3c77fb)}}, + {{TOBN(0x21474ba9, 0xe864a51a), TOBN(0x6c267699, 0x6e8a1b8b), + TOBN(0x7c823626, 0x94120a28), TOBN(0xe61e9a48, 0x8383a5db)}, + {TOBN(0x7dd75003, 0x9f84216d), TOBN(0xab020d07, 0xad43cd85), + TOBN(0x9437ae48, 0xda12c659), TOBN(0x6449c2eb, 0xe65452ad)}}, + {{TOBN(0xcc7c4c1c, 0x2cf9d7c1), TOBN(0x1320886a, 0xee95e5ab), + TOBN(0xbb7b9056, 0xbeae170c), TOBN(0xc8a5b250, 0xdbc0d662)}, + {TOBN(0x4ed81432, 0xc11d2303), TOBN(0x7da66912, 0x1f03769f), + TOBN(0x3ac7a5fd, 0x84539828), TOBN(0x14dada94, 0x3bccdd02)}}, + {{TOBN(0x8b84c321, 0x7ef6b0d1), TOBN(0x52a9477a, 0x7c933f22), + TOBN(0x5ef6728a, 0xfd440b82), TOBN(0x5c3bd859, 0x6ce4bd5e)}, + {TOBN(0x918b80f5, 0xf22c2d3e), TOBN(0x368d5040, 0xb7bb6cc5), + TOBN(0xb66142a1, 0x2695a11c), TOBN(0x60ac583a, 0xeb19ea70)}}, + {{TOBN(0x317cbb98, 0x0eab2437), TOBN(0x8cc08c55, 0x5e2654c8), + TOBN(0xfe2d6520, 0xe6d8307f), TOBN(0xe9f147f3, 0x57428993)}, + {TOBN(0x5f9c7d14, 0xd2fd6cf1), TOBN(0xa3ecd064, 0x2d4fcbb0), + TOBN(0xad83fef0, 0x8e7341f7), TOBN(0x643f23a0, 0x3a63115c)}}, + {{TOBN(0xd38a78ab, 0xe65ab743), TOBN(0xbf7c75b1, 0x35edc89c), + TOBN(0x3dd8752e, 0x530df568), TOBN(0xf85c4a76, 0xe308c682)}, + {TOBN(0x4c9955b2, 0xe68acf37), TOBN(0xa544df3d, 0xab32af85), + TOBN(0x4b8ec3f5, 0xa25cf493), TOBN(0x4d8f2764, 0x1a622feb)}}, + {{TOBN(0x7bb4f7aa, 0xf0dcbc49), TOBN(0x7de551f9, 0x70bbb45b), + TOBN(0xcfd0f3e4, 0x9f2ca2e5), TOBN(0xece58709, 0x1f5c76ef)}, + {TOBN(0x32920edd, 0x167d79ae), TOBN(0x039df8a2, 0xfa7d7ec1), + TOBN(0xf46206c0, 0xbb30af91), TOBN(0x1ff5e2f5, 0x22676b59)}}, + {{TOBN(0x11f4a039, 0x6ea51d66), TOBN(0x506c1445, 0x807d7a26), + TOBN(0x60da5705, 0x755a9b24), TOBN(0x8fc8cc32, 0x1f1a319e)}, + {TOBN(0x83642d4d, 0x9433d67d), TOBN(0x7fa5cb8f, 0x6a7dd296), + TOBN(0x576591db, 0x9b7bde07), TOBN(0x13173d25, 0x419716fb)}}, + {{TOBN(0xea30599d, 0xd5b340ff), TOBN(0xfc6b5297, 0xb0fe76c5), + TOBN(0x1c6968c8, 0xab8f5adc), TOBN(0xf723c7f5, 0x901c928d)}, + {TOBN(0x4203c321, 0x9773d402), TOBN(0xdf7c6aa3, 0x1b51dd47), + TOBN(0x3d49e37a, 0x552be23c), TOBN(0x57febee8, 0x0b5a6e87)}}, + {{TOBN(0xc5ecbee4, 0x7bd8e739), TOBN(0x79d44994, 0xae63bf75), + TOBN(0x168bd00f, 0x38fb8923), TOBN(0x75d48ee4, 0xd0533130)}, + {TOBN(0x554f77aa, 0xdb5cdf33), TOBN(0x3396e896, 0x3c696769), + TOBN(0x2fdddbf2, 0xd3fd674e), TOBN(0xbbb8f6ee, 0x99d0e3e5)}}, + {{TOBN(0x51b90651, 0xcbae2f70), TOBN(0xefc4bc05, 0x93aaa8eb), + TOBN(0x8ecd8689, 0xdd1df499), TOBN(0x1aee99a8, 0x22f367a5)}, + {TOBN(0x95d485b9, 0xae8274c5), TOBN(0x6c14d445, 0x7d30b39c), + TOBN(0xbafea90b, 0xbcc1ef81), TOBN(0x7c5f317a, 0xa459a2ed)}}, + {{TOBN(0x01211075, 0x4ef44227), TOBN(0xa17bed6e, 0xdc20f496), + TOBN(0x0cdfe424, 0x819853cd), TOBN(0x13793298, 0xf71e2ce7)}, + {TOBN(0x3c1f3078, 0xdbbe307b), TOBN(0x6dd1c20e, 0x76ee9936), + TOBN(0x23ee4b57, 0x423caa20), TOBN(0x4ac3793b, 0x8efb840e)}}, + {{TOBN(0x934438eb, 0xed1f8ca0), TOBN(0x3e546658, 0x4ebb25a2), + TOBN(0xc415af0e, 0xc069896f), TOBN(0xc13eddb0, 0x9a5aa43d)}, + {TOBN(0x7a04204f, 0xd49eb8f6), TOBN(0xd0d5bdfc, 0xd74f1670), + TOBN(0x3697e286, 0x56fc0558), TOBN(0x10207371, 0x01cebade)}}, + {{TOBN(0x5f87e690, 0x0647a82b), TOBN(0x908e0ed4, 0x8f40054f), + TOBN(0xa9f633d4, 0x79853803), TOBN(0x8ed13c9a, 0x4a28b252)}, + {TOBN(0x3e2ef676, 0x1f460f64), TOBN(0x53930b9b, 0x36d06336), + TOBN(0x347073ac, 0x8fc4979b), TOBN(0x84380e0e, 0x5ecd5597)}}, + {{TOBN(0xe3b22c6b, 0xc4fe3c39), TOBN(0xba4a8153, 0x6c7bebdf), + TOBN(0xf23ab6b7, 0x25693459), TOBN(0x53bc3770, 0x14922b11)}, + {TOBN(0x4645c8ab, 0x5afc60db), TOBN(0xaa022355, 0x20b9f2a3), + TOBN(0x52a2954c, 0xce0fc507), TOBN(0x8c2731bb, 0x7ce1c2e7)}}, + {{TOBN(0xf39608ab, 0x18a0339d), TOBN(0xac7a658d, 0x3735436c), + TOBN(0xb22c2b07, 0xcd992b4f), TOBN(0x4e83daec, 0xf40dcfd4)}, + {TOBN(0x8a34c7be, 0x2f39ea3e), TOBN(0xef0c005f, 0xb0a56d2e), + TOBN(0x62731f6a, 0x6edd8038), TOBN(0x5721d740, 0x4e3cb075)}}, + {{TOBN(0x1ea41511, 0xfbeeee1b), TOBN(0xd1ef5e73, 0xef1d0c05), + TOBN(0x42feefd1, 0x73c07d35), TOBN(0xe530a00a, 0x8a329493)}, + {TOBN(0x5d55b7fe, 0xf15ebfb0), TOBN(0x549de03c, 0xd322491a), + TOBN(0xf7b5f602, 0x745b3237), TOBN(0x3632a3a2, 0x1ab6e2b6)}}, + {{TOBN(0x0d3bba89, 0x0ef59f78), TOBN(0x0dfc6443, 0xc9e52b9a), + TOBN(0x1dc79699, 0x72631447), TOBN(0xef033917, 0xb3be20b1)}, + {TOBN(0x0c92735d, 0xb1383948), TOBN(0xc1fc29a2, 0xc0dd7d7d), + TOBN(0x6485b697, 0x403ed068), TOBN(0x13bfaab3, 0xaac93bdc)}}, + {{TOBN(0x410dc6a9, 0x0deeaf52), TOBN(0xb003fb02, 0x4c641c15), + TOBN(0x1384978c, 0x5bc504c4), TOBN(0x37640487, 0x864a6a77)}, + {TOBN(0x05991bc6, 0x222a77da), TOBN(0x62260a57, 0x5e47eb11), + TOBN(0xc7af6613, 0xf21b432c), TOBN(0x22f3acc9, 0xab4953e9)}}, + {{TOBN(0x52934922, 0x8e41d155), TOBN(0x4d024568, 0x3ac059ef), + TOBN(0xb0201755, 0x4d884411), TOBN(0xce8055cf, 0xa59a178f)}, + {TOBN(0xcd77d1af, 0xf6204549), TOBN(0xa0a00a3e, 0xc7066759), + TOBN(0x471071ef, 0x0272c229), TOBN(0x009bcf6b, 0xd3c4b6b0)}}, + {{TOBN(0x2a2638a8, 0x22305177), TOBN(0xd51d59df, 0x41645bbf), + TOBN(0xa81142fd, 0xc0a7a3c0), TOBN(0xa17eca6d, 0x4c7063ee)}, + {TOBN(0x0bb887ed, 0x60d9dcec), TOBN(0xd6d28e51, 0x20ad2455), + TOBN(0xebed6308, 0xa67102ba), TOBN(0x042c3114, 0x8bffa408)}}, + {{TOBN(0xfd099ac5, 0x8aa68e30), TOBN(0x7a6a3d7c, 0x1483513e), + TOBN(0xffcc6b75, 0xba2d8f0c), TOBN(0x54dacf96, 0x1e78b954)}, + {TOBN(0xf645696f, 0xa4a9af89), TOBN(0x3a411940, 0x06ac98ec), + TOBN(0x41b8b3f6, 0x22a67a20), TOBN(0x2d0b1e0f, 0x99dec626)}}, + {{TOBN(0x27c89192, 0x40be34e8), TOBN(0xc7162b37, 0x91907f35), + TOBN(0x90188ec1, 0xa956702b), TOBN(0xca132f7d, 0xdf93769c)}, + {TOBN(0x3ece44f9, 0x0e2025b4), TOBN(0x67aaec69, 0x0c62f14c), + TOBN(0xad741418, 0x22e3cc11), TOBN(0xcf9b75c3, 0x7ff9a50e)}}, + {{TOBN(0x02fa2b16, 0x4d348272), TOBN(0xbd99d61a, 0x9959d56d), + TOBN(0xbc4f19db, 0x18762916), TOBN(0xcc7cce50, 0x49c1ac80)}, + {TOBN(0x4d59ebaa, 0xd846bd83), TOBN(0x8775a9dc, 0xa9202849), + TOBN(0x07ec4ae1, 0x6e1f4ca9), TOBN(0x27eb5875, 0xba893f11)}}, + {{TOBN(0x00284d51, 0x662cc565), TOBN(0x82353a6b, 0x0db4138d), + TOBN(0xd9c7aaaa, 0xaa32a594), TOBN(0xf5528b5e, 0xa5669c47)}, + {TOBN(0xf3220231, 0x2f23c5ff), TOBN(0xe3e8147a, 0x6affa3a1), + TOBN(0xfb423d5c, 0x202ddda0), TOBN(0x3d6414ac, 0x6b871bd4)}}, + {{TOBN(0x586f82e1, 0xa51a168a), TOBN(0xb712c671, 0x48ae5448), + TOBN(0x9a2e4bd1, 0x76233eb8), TOBN(0x0188223a, 0x78811ca9)}, + {TOBN(0x553c5e21, 0xf7c18de1), TOBN(0x7682e451, 0xb27bb286), + TOBN(0x3ed036b3, 0x0e51e929), TOBN(0xf487211b, 0xec9cb34f)}}, + {{TOBN(0x0d094277, 0x0c24efc8), TOBN(0x0349fd04, 0xbef737a4), + TOBN(0x6d1c9dd2, 0x514cdd28), TOBN(0x29c135ff, 0x30da9521)}, + {TOBN(0xea6e4508, 0xf78b0b6f), TOBN(0x176f5dd2, 0x678c143c), + TOBN(0x08148418, 0x4be21e65), TOBN(0x27f7525c, 0xe7df38c4)}}, + {{TOBN(0x1fb70e09, 0x748ab1a4), TOBN(0x9cba50a0, 0x5efe4433), + TOBN(0x7846c7a6, 0x15f75af2), TOBN(0x2a7c2c57, 0x5ee73ea8)}, + {TOBN(0x42e566a4, 0x3f0a449a), TOBN(0x45474c3b, 0xad90fc3d), + TOBN(0x7447be3d, 0x8b61d057), TOBN(0x3e9d1cf1, 0x3a4ec092)}}, + {{TOBN(0x1603e453, 0xf380a6e6), TOBN(0x0b86e431, 0x9b1437c2), + TOBN(0x7a4173f2, 0xef29610a), TOBN(0x8fa729a7, 0xf03d57f7)}, + {TOBN(0x3e186f6e, 0x6c9c217e), TOBN(0xbe1d3079, 0x91919524), + TOBN(0x92a62a70, 0x153d4fb1), TOBN(0x32ed3e34, 0xd68c2f71)}}, + {{TOBN(0xd785027f, 0x9eb1a8b7), TOBN(0xbc37eb77, 0xc5b22fe8), + TOBN(0x466b34f0, 0xb9d6a191), TOBN(0x008a89af, 0x9a05f816)}, + {TOBN(0x19b028fb, 0x7d42c10a), TOBN(0x7fe8c92f, 0x49b3f6b8), + TOBN(0x58907cc0, 0xa5a0ade3), TOBN(0xb3154f51, 0x559d1a7c)}}, + {{TOBN(0x5066efb6, 0xd9790ed6), TOBN(0xa77a0cbc, 0xa6aa793b), + TOBN(0x1a915f3c, 0x223e042e), TOBN(0x1c5def04, 0x69c5874b)}, + {TOBN(0x0e830078, 0x73b6c1da), TOBN(0x55cf85d2, 0xfcd8557a), + TOBN(0x0f7c7c76, 0x0460f3b1), TOBN(0x87052acb, 0x46e58063)}}, + {{TOBN(0x09212b80, 0x907eae66), TOBN(0x3cb068e0, 0x4d721c89), + TOBN(0xa87941ae, 0xdd45ac1c), TOBN(0xde8d5c0d, 0x0daa0dbb)}, + {TOBN(0xda421fdc, 0xe3502e6e), TOBN(0xc8944201, 0x4d89a084), + TOBN(0x7307ba5e, 0xf0c24bfb), TOBN(0xda212beb, 0x20bde0ef)}}, + {{TOBN(0xea2da24b, 0xf82ce682), TOBN(0x058d3816, 0x07f71fe4), + TOBN(0x35a02462, 0x5ffad8de), TOBN(0xcd7b05dc, 0xaadcefab)}, + {TOBN(0xd442f8ed, 0x1d9f54ec), TOBN(0x8be3d618, 0xb2d3b5ca), + TOBN(0xe2220ed0, 0xe06b2ce2), TOBN(0x82699a5f, 0x1b0da4c0)}}, + {{TOBN(0x3ff106f5, 0x71c0c3a7), TOBN(0x8f580f5a, 0x0d34180c), + TOBN(0x4ebb120e, 0x22d7d375), TOBN(0x5e5782cc, 0xe9513675)}, + {TOBN(0x2275580c, 0x99c82a70), TOBN(0xe8359fbf, 0x15ea8c4c), + TOBN(0x53b48db8, 0x7b415e70), TOBN(0xaacf2240, 0x100c6014)}}, + {{TOBN(0x9faaccf5, 0xe4652f1d), TOBN(0xbd6fdd2a, 0xd56157b2), + TOBN(0xa4f4fb1f, 0x6261ec50), TOBN(0x244e55ad, 0x476bcd52)}, + {TOBN(0x881c9305, 0x047d320b), TOBN(0x1ca983d5, 0x6181263f), + TOBN(0x354e9a44, 0x278fb8ee), TOBN(0xad2dbc0f, 0x396e4964)}}, + {{TOBN(0x723f3aa2, 0x9268b3de), TOBN(0x0d1ca29a, 0xe6e0609a), + TOBN(0x794866aa, 0x6cf44252), TOBN(0x0b59f3e3, 0x01af87ed)}, + {TOBN(0xe234e5ff, 0x7f4a6c51), TOBN(0xa8768fd2, 0x61dc2f7e), + TOBN(0xdafc7332, 0x0a94d81f), TOBN(0xd7f84282, 0x06938ce1)}}, + {{TOBN(0xae0b3c0e, 0x0546063e), TOBN(0x7fbadcb2, 0x5d61abc6), + TOBN(0xd5d7a2c9, 0x369ac400), TOBN(0xa5978d09, 0xae67d10c)}, + {TOBN(0x290f211e, 0x4f85eaac), TOBN(0xe61e2ad1, 0xfacac681), + TOBN(0xae125225, 0x388384cd), TOBN(0xa7fb68e9, 0xccfde30f)}}, + {{TOBN(0x7a59b936, 0x3daed4c2), TOBN(0x80a9aa40, 0x2606f789), + TOBN(0xb40c1ea5, 0xf6a6d90a), TOBN(0x948364d3, 0x514d5885)}, + {TOBN(0x062ebc60, 0x70985182), TOBN(0xa6db5b0e, 0x33310895), + TOBN(0x64a12175, 0xe329c2f5), TOBN(0xc5f25bd2, 0x90ea237e)}}, + {{TOBN(0x7915c524, 0x2d0a4c23), TOBN(0xeb5d26e4, 0x6bb3cc52), + TOBN(0x369a9116, 0xc09e2c92), TOBN(0x0c527f92, 0xcf182cf8)}, + {TOBN(0x9e591938, 0x2aede0ac), TOBN(0xb2922208, 0x6cc34939), + TOBN(0x3c9d8962, 0x99a34361), TOBN(0x3c81836d, 0xc1905fe6)}}, + {{TOBN(0x4bfeb57f, 0xa001ec5a), TOBN(0xe993f5bb, 0xa0dc5dba), + TOBN(0x47884109, 0x724a1380), TOBN(0x8a0369ab, 0x32fe9a04)}, + {TOBN(0xea068d60, 0x8c927db8), TOBN(0xbf5f37cf, 0x94655741), + TOBN(0x47d402a2, 0x04b6c7ea), TOBN(0x4551c295, 0x6af259cb)}}, + {{TOBN(0x698b71e7, 0xed77ee8b), TOBN(0xbddf7bd0, 0xf309d5c7), + TOBN(0x6201c22c, 0x34e780ca), TOBN(0xab04f7d8, 0x4c295ef4)}, + {TOBN(0x1c947294, 0x4313a8ce), TOBN(0xe532e4ac, 0x92ca4cfe), + TOBN(0x89738f80, 0xd0a7a97a), TOBN(0xec088c88, 0xa580fd5b)}}, + {{TOBN(0x612b1ecc, 0x42ce9e51), TOBN(0x8f9840fd, 0xb25fdd2a), + TOBN(0x3cda78c0, 0x01e7f839), TOBN(0x546b3d3a, 0xece05480)}, + {TOBN(0x271719a9, 0x80d30916), TOBN(0x45497107, 0x584c20c4), + TOBN(0xaf8f9478, 0x5bc78608), TOBN(0x28c7d484, 0x277e2a4c)}}, + {{TOBN(0xfce01767, 0x88a2ffe4), TOBN(0xdc506a35, 0x28e169a5), + TOBN(0x0ea10861, 0x7af9c93a), TOBN(0x1ed24361, 0x03fa0e08)}, + {TOBN(0x96eaaa92, 0xa3d694e7), TOBN(0xc0f43b4d, 0xef50bc74), + TOBN(0xce6aa58c, 0x64114db4), TOBN(0x8218e8ea, 0x7c000fd4)}}, + {{TOBN(0xac815dfb, 0x185f8844), TOBN(0xcd7e90cb, 0x1557abfb), + TOBN(0x23d16655, 0xafbfecdf), TOBN(0x80f3271f, 0x085cac4a)}, + {TOBN(0x7fc39aa7, 0xd0e62f47), TOBN(0x88d519d1, 0x460a48e5), + TOBN(0x59559ac4, 0xd28f101e), TOBN(0x7981d9e9, 0xca9ae816)}}, + {{TOBN(0x5c38652c, 0x9ac38203), TOBN(0x86eaf87f, 0x57657fe5), + TOBN(0x568fc472, 0xe21f5416), TOBN(0x2afff39c, 0xe7e597b5)}, + {TOBN(0x3adbbb07, 0x256d4eab), TOBN(0x22598692, 0x8285ab89), + TOBN(0x35f8112a, 0x041caefe), TOBN(0x95df02e3, 0xa5064c8b)}}, + {{TOBN(0x4d63356e, 0xc7004bf3), TOBN(0x230a08f4, 0xdb83c7de), + TOBN(0xca27b270, 0x8709a7b7), TOBN(0x0d1c4cc4, 0xcb9abd2d)}, + {TOBN(0x8a0bc66e, 0x7550fee8), TOBN(0x369cd4c7, 0x9cf7247e), + TOBN(0x75562e84, 0x92b5b7e7), TOBN(0x8fed0da0, 0x5802af7b)}}, + {{TOBN(0x6a7091c2, 0xe48fb889), TOBN(0x26882c13, 0x7b8a9d06), + TOBN(0xa2498663, 0x1b82a0e2), TOBN(0x844ed736, 0x3518152d)}, + {TOBN(0x282f476f, 0xd86e27c7), TOBN(0xa04edaca, 0x04afefdc), + TOBN(0x8b256ebc, 0x6119e34d), TOBN(0x56a413e9, 0x0787d78b)}}}, + {{{TOBN(0x82ee061d, 0x5a74be50), TOBN(0xe41781c4, 0xdea16ff5), + TOBN(0xe0b0c81e, 0x99bfc8a2), TOBN(0x624f4d69, 0x0b547e2d)}, + {TOBN(0x3a83545d, 0xbdcc9ae4), TOBN(0x2573dbb6, 0x409b1e8e), + TOBN(0x482960c4, 0xa6c93539), TOBN(0xf01059ad, 0x5ae18798)}}, + {{TOBN(0x715c9f97, 0x3112795f), TOBN(0xe8244437, 0x984e6ee1), + TOBN(0x55cb4858, 0xecb66bcd), TOBN(0x7c136735, 0xabaffbee)}, + {TOBN(0x54661595, 0x5dbec38e), TOBN(0x51c0782c, 0x388ad153), + TOBN(0x9ba4c53a, 0xc6e0952f), TOBN(0x27e6782a, 0x1b21dfa8)}}, + {{TOBN(0x682f903d, 0x4ed2dbc2), TOBN(0x0eba59c8, 0x7c3b2d83), + TOBN(0x8e9dc84d, 0x9c7e9335), TOBN(0x5f9b21b0, 0x0eb226d7)}, + {TOBN(0xe33bd394, 0xaf267bae), TOBN(0xaa86cc25, 0xbe2e15ae), + TOBN(0x4f0bf67d, 0x6a8ec500), TOBN(0x5846aa44, 0xf9630658)}}, + {{TOBN(0xfeb09740, 0xe2c2bf15), TOBN(0x627a2205, 0xa9e99704), + TOBN(0xec8d73d0, 0xc2fbc565), TOBN(0x223eed8f, 0xc20c8de8)}, + {TOBN(0x1ee32583, 0xa8363b49), TOBN(0x1a0b6cb9, 0xc9c2b0a6), + TOBN(0x49f7c3d2, 0x90dbc85c), TOBN(0xa8dfbb97, 0x1ef4c1ac)}}, + {{TOBN(0xafb34d4c, 0x65c7c2ab), TOBN(0x1d4610e7, 0xe2c5ea84), + TOBN(0x893f6d1b, 0x973c4ab5), TOBN(0xa3cdd7e9, 0x945ba5c4)}, + {TOBN(0x60514983, 0x064417ee), TOBN(0x1459b23c, 0xad6bdf2b), + TOBN(0x23b2c341, 0x5cf726c3), TOBN(0x3a829635, 0x32d6354a)}}, + {{TOBN(0x294f901f, 0xab192c18), TOBN(0xec5fcbfe, 0x7030164f), + TOBN(0xe2e2fcb7, 0xe2246ba6), TOBN(0x1e7c88b3, 0x221a1a0c)}, + {TOBN(0x72c7dd93, 0xc92d88c5), TOBN(0x41c2148e, 0x1106fb59), + TOBN(0x547dd4f5, 0xa0f60f14), TOBN(0xed9b52b2, 0x63960f31)}}, + {{TOBN(0x6c8349eb, 0xb0a5b358), TOBN(0xb154c5c2, 0x9e7e2ed6), + TOBN(0xcad5eccf, 0xeda462db), TOBN(0xf2d6dbe4, 0x2de66b69)}, + {TOBN(0x426aedf3, 0x8665e5b2), TOBN(0x488a8513, 0x7b7f5723), + TOBN(0x15cc43b3, 0x8bcbb386), TOBN(0x27ad0af3, 0xd791d879)}}, + {{TOBN(0xc16c236e, 0x846e364f), TOBN(0x7f33527c, 0xdea50ca0), + TOBN(0xc4810775, 0x0926b86d), TOBN(0x6c2a3609, 0x0598e70c)}, + {TOBN(0xa6755e52, 0xf024e924), TOBN(0xe0fa07a4, 0x9db4afca), + TOBN(0x15c3ce7d, 0x66831790), TOBN(0x5b4ef350, 0xa6cbb0d6)}}, + {{TOBN(0x2c4aafc4, 0xb6205969), TOBN(0x42563f02, 0xf6c7854f), + TOBN(0x016aced5, 0x1d983b48), TOBN(0xfeb356d8, 0x99949755)}, + {TOBN(0x8c2a2c81, 0xd1a39bd7), TOBN(0x8f44340f, 0xe6934ae9), + TOBN(0x148cf91c, 0x447904da), TOBN(0x7340185f, 0x0f51a926)}}, + {{TOBN(0x2f8f00fb, 0x7409ab46), TOBN(0x057e78e6, 0x80e289b2), + TOBN(0x03e5022c, 0xa888e5d1), TOBN(0x3c87111a, 0x9dede4e2)}, + {TOBN(0x5b9b0e1c, 0x7809460b), TOBN(0xe751c852, 0x71c9abc7), + TOBN(0x8b944e28, 0xc7cc1dc9), TOBN(0x4f201ffa, 0x1d3cfa08)}}, + {{TOBN(0x02fc905c, 0x3e6721ce), TOBN(0xd52d70da, 0xd0b3674c), + TOBN(0x5dc2e5ca, 0x18810da4), TOBN(0xa984b273, 0x5c69dd99)}, + {TOBN(0x63b92527, 0x84de5ca4), TOBN(0x2f1c9872, 0xc852dec4), + TOBN(0x18b03593, 0xc2e3de09), TOBN(0x19d70b01, 0x9813dc2f)}}, + {{TOBN(0x42806b2d, 0xa6dc1d29), TOBN(0xd3030009, 0xf871e144), + TOBN(0xa1feb333, 0xaaf49276), TOBN(0xb5583b9e, 0xc70bc04b)}, + {TOBN(0x1db0be78, 0x95695f20), TOBN(0xfc841811, 0x89d012b5), + TOBN(0x6409f272, 0x05f61643), TOBN(0x40d34174, 0xd5883128)}}, + {{TOBN(0xd79196f5, 0x67419833), TOBN(0x6059e252, 0x863b7b08), + TOBN(0x84da1817, 0x1c56700c), TOBN(0x5758ee56, 0xb28d3ec4)}, + {TOBN(0x7da2771d, 0x013b0ea6), TOBN(0xfddf524b, 0x54c5e9b9), + TOBN(0x7df4faf8, 0x24305d80), TOBN(0x58f5c1bf, 0x3a97763f)}}, + {{TOBN(0xa5af37f1, 0x7c696042), TOBN(0xd4cba22c, 0x4a2538de), + TOBN(0x211cb995, 0x9ea42600), TOBN(0xcd105f41, 0x7b069889)}, + {TOBN(0xb1e1cf19, 0xddb81e74), TOBN(0x472f2d89, 0x5157b8ca), + TOBN(0x086fb008, 0xee9db885), TOBN(0x365cd570, 0x0f26d131)}}, + {{TOBN(0x284b02bb, 0xa2be7053), TOBN(0xdcbbf7c6, 0x7ab9a6d6), + TOBN(0x4425559c, 0x20f7a530), TOBN(0x961f2dfa, 0x188767c8)}, + {TOBN(0xe2fd9435, 0x70dc80c4), TOBN(0x104d6b63, 0xf0784120), + TOBN(0x7f592bc1, 0x53567122), TOBN(0xf6bc1246, 0xf688ad77)}}, + {{TOBN(0x05214c05, 0x0f15dde9), TOBN(0xa47a76a8, 0x0d5f2b82), + TOBN(0xbb254d30, 0x62e82b62), TOBN(0x11a05fe0, 0x3ec955ee)}, + {TOBN(0x7eaff46e, 0x9d529b36), TOBN(0x55ab1301, 0x8f9e3df6), + TOBN(0xc463e371, 0x99317698), TOBN(0xfd251438, 0xccda47ad)}}, + {{TOBN(0xca9c3547, 0x23d695ea), TOBN(0x48ce626e, 0x16e589b5), + TOBN(0x6b5b64c7, 0xb187d086), TOBN(0xd02e1794, 0xb2207948)}, + {TOBN(0x8b58e98f, 0x7198111d), TOBN(0x90ca6305, 0xdcf9c3cc), + TOBN(0x5691fe72, 0xf34089b0), TOBN(0x60941af1, 0xfc7c80ff)}}, + {{TOBN(0xa09bc0a2, 0x22eb51e5), TOBN(0xc0bb7244, 0xaa9cf09a), + TOBN(0x36a8077f, 0x80159f06), TOBN(0x8b5c989e, 0xdddc560e)}, + {TOBN(0x19d2f316, 0x512e1f43), TOBN(0x02eac554, 0xad08ff62), + TOBN(0x012ab84c, 0x07d20b4e), TOBN(0x37d1e115, 0xd6d4e4e1)}}, + {{TOBN(0xb6443e1a, 0xab7b19a8), TOBN(0xf08d067e, 0xdef8cd45), + TOBN(0x63adf3e9, 0x685e03da), TOBN(0xcf15a10e, 0x4792b916)}, + {TOBN(0xf44bcce5, 0xb738a425), TOBN(0xebe131d5, 0x9636b2fd), + TOBN(0x94068841, 0x7850d605), TOBN(0x09684eaa, 0xb40d749d)}}, + {{TOBN(0x8c3c669c, 0x72ba075b), TOBN(0x89f78b55, 0xba469015), + TOBN(0x5706aade, 0x3e9f8ba8), TOBN(0x6d8bd565, 0xb32d7ed7)}, + {TOBN(0x25f4e63b, 0x805f08d6), TOBN(0x7f48200d, 0xc3bcc1b5), + TOBN(0x4e801968, 0xb025d847), TOBN(0x74afac04, 0x87cbe0a8)}}, + {{TOBN(0x43ed2c2b, 0x7e63d690), TOBN(0xefb6bbf0, 0x0223cdb8), + TOBN(0x4fec3cae, 0x2884d3fe), TOBN(0x065ecce6, 0xd75e25a4)}, + {TOBN(0x6c2294ce, 0x69f79071), TOBN(0x0d9a8e5f, 0x044b8666), + TOBN(0x5009f238, 0x17b69d8f), TOBN(0x3c29f8fe, 0xc5dfdaf7)}}, + {{TOBN(0x9067528f, 0xebae68c4), TOBN(0x5b385632, 0x30c5ba21), + TOBN(0x540df119, 0x1fdd1aec), TOBN(0xcf37825b, 0xcfba4c78)}, + {TOBN(0x77eff980, 0xbeb11454), TOBN(0x40a1a991, 0x60c1b066), + TOBN(0xe8018980, 0xf889a1c7), TOBN(0xb9c52ae9, 0x76c24be0)}}, + {{TOBN(0x05fbbcce, 0x45650ef4), TOBN(0xae000f10, 0x8aa29ac7), + TOBN(0x884b7172, 0x4f04c470), TOBN(0x7cd4fde2, 0x19bb5c25)}, + {TOBN(0x6477b22a, 0xe8840869), TOBN(0xa8868859, 0x5fbd0686), + TOBN(0xf23cc02e, 0x1116dfba), TOBN(0x76cd563f, 0xd87d7776)}}, + {{TOBN(0xe2a37598, 0xa9d82abf), TOBN(0x5f188ccb, 0xe6c170f5), + TOBN(0x81682200, 0x5066b087), TOBN(0xda22c212, 0xc7155ada)}, + {TOBN(0x151e5d3a, 0xfbddb479), TOBN(0x4b606b84, 0x6d715b99), + TOBN(0x4a73b54b, 0xf997cb2e), TOBN(0x9a1bfe43, 0x3ecd8b66)}}, + {{TOBN(0x1c312809, 0x2a67d48a), TOBN(0xcd6a671e, 0x031fa9e2), + TOBN(0xbec3312a, 0x0e43a34a), TOBN(0x1d935639, 0x55ef47d3)}, + {TOBN(0x5ea02489, 0x8fea73ea), TOBN(0x8247b364, 0xa035afb2), + TOBN(0xb58300a6, 0x5265b54c), TOBN(0x3286662f, 0x722c7148)}}, + {{TOBN(0xb77fd76b, 0xb4ec4c20), TOBN(0xf0a12fa7, 0x0f3fe3fd), + TOBN(0xf845bbf5, 0x41d8c7e8), TOBN(0xe4d969ca, 0x5ec10aa8)}, + {TOBN(0x4c0053b7, 0x43e232a3), TOBN(0xdc7a3fac, 0x37f8a45a), + TOBN(0x3c4261c5, 0x20d81c8f), TOBN(0xfd4b3453, 0xb00eab00)}}, + {{TOBN(0x76d48f86, 0xd36e3062), TOBN(0x626c5277, 0xa143ff02), + TOBN(0x538174de, 0xaf76f42e), TOBN(0x2267aa86, 0x6407ceac)}, + {TOBN(0xfad76351, 0x72e572d5), TOBN(0xab861af7, 0xba7330eb), + TOBN(0xa0a1c8c7, 0x418d8657), TOBN(0x988821cb, 0x20289a52)}}, + {{TOBN(0x79732522, 0xcccc18ad), TOBN(0xaadf3f8d, 0xf1a6e027), + TOBN(0xf7382c93, 0x17c2354d), TOBN(0x5ce1680c, 0xd818b689)}, + {TOBN(0x359ebbfc, 0xd9ecbee9), TOBN(0x4330689c, 0x1cae62ac), + TOBN(0xb55ce5b4, 0xc51ac38a), TOBN(0x7921dfea, 0xfe238ee8)}}, + {{TOBN(0x3972bef8, 0x271d1ca5), TOBN(0x3e423bc7, 0xe8aabd18), + TOBN(0x57b09f3f, 0x44a3e5e3), TOBN(0x5da886ae, 0x7b444d66)}, + {TOBN(0x68206634, 0xa9964375), TOBN(0x356a2fa3, 0x699cd0ff), + TOBN(0xaf0faa24, 0xdba515e9), TOBN(0x536e1f5c, 0xb321d79a)}}, + {{TOBN(0xd3b9913a, 0x5c04e4ea), TOBN(0xd549dcfe, 0xd6f11513), + TOBN(0xee227bf5, 0x79fd1d94), TOBN(0x9f35afee, 0xb43f2c67)}, + {TOBN(0xd2638d24, 0xf1314f53), TOBN(0x62baf948, 0xcabcd822), + TOBN(0x5542de29, 0x4ef48db0), TOBN(0xb3eb6a04, 0xfc5f6bb2)}}, + {{TOBN(0x23c110ae, 0x1208e16a), TOBN(0x1a4d15b5, 0xf8363e24), + TOBN(0x30716844, 0x164be00b), TOBN(0xa8e24824, 0xf6f4690d)}, + {TOBN(0x548773a2, 0x90b170cf), TOBN(0xa1bef331, 0x42f191f4), + TOBN(0x70f418d0, 0x9247aa97), TOBN(0xea06028e, 0x48be9147)}}, + {{TOBN(0xe13122f3, 0xdbfb894e), TOBN(0xbe9b79f6, 0xce274b18), + TOBN(0x85a49de5, 0xca58aadf), TOBN(0x24957758, 0x11487351)}, + {TOBN(0x111def61, 0xbb939099), TOBN(0x1d6a974a, 0x26d13694), + TOBN(0x4474b4ce, 0xd3fc253b), TOBN(0x3a1485e6, 0x4c5db15e)}}, + {{TOBN(0xe79667b4, 0x147c15b4), TOBN(0xe34f553b, 0x7bc61301), + TOBN(0x032b80f8, 0x17094381), TOBN(0x55d8bafd, 0x723eaa21)}, + {TOBN(0x5a987995, 0xf1c0e74e), TOBN(0x5a9b292e, 0xebba289c), + TOBN(0x413cd4b2, 0xeb4c8251), TOBN(0x98b5d243, 0xd162db0a)}}, + {{TOBN(0xbb47bf66, 0x68342520), TOBN(0x08d68949, 0xbaa862d1), + TOBN(0x11f349c7, 0xe906abcd), TOBN(0x454ce985, 0xed7bf00e)}, + {TOBN(0xacab5c9e, 0xb55b803b), TOBN(0xb03468ea, 0x31e3c16d), + TOBN(0x5c24213d, 0xd273bf12), TOBN(0x211538eb, 0x71587887)}}, + {{TOBN(0x198e4a2f, 0x731dea2d), TOBN(0xd5856cf2, 0x74ed7b2a), + TOBN(0x86a632eb, 0x13a664fe), TOBN(0x932cd909, 0xbda41291)}, + {TOBN(0x850e95d4, 0xc0c4ddc0), TOBN(0xc0f422f8, 0x347fc2c9), + TOBN(0xe68cbec4, 0x86076bcb), TOBN(0xf9e7c0c0, 0xcd6cd286)}}, + {{TOBN(0x65994ddb, 0x0f5f27ca), TOBN(0xe85461fb, 0xa80d59ff), + TOBN(0xff05481a, 0x66601023), TOBN(0xc665427a, 0xfc9ebbfb)}, + {TOBN(0xb0571a69, 0x7587fd52), TOBN(0x935289f8, 0x8d49efce), + TOBN(0x61becc60, 0xea420688), TOBN(0xb22639d9, 0x13a786af)}}, + {{TOBN(0x1a8e6220, 0x361ecf90), TOBN(0x001f23e0, 0x25506463), + TOBN(0xe4ae9b5d, 0x0a5c2b79), TOBN(0xebc9cdad, 0xd8149db5)}, + {TOBN(0xb33164a1, 0x934aa728), TOBN(0x750eb00e, 0xae9b60f3), + TOBN(0x5a91615b, 0x9b9cfbfd), TOBN(0x97015cbf, 0xef45f7f6)}}, + {{TOBN(0xb462c4a5, 0xbf5151df), TOBN(0x21adcc41, 0xb07118f2), + TOBN(0xd60c545b, 0x043fa42c), TOBN(0xfc21aa54, 0xe96be1ab)}, + {TOBN(0xe84bc32f, 0x4e51ea80), TOBN(0x3dae45f0, 0x259b5d8d), + TOBN(0xbb73c7eb, 0xc38f1b5e), TOBN(0xe405a74a, 0xe8ae617d)}}, + {{TOBN(0xbb1ae9c6, 0x9f1c56bd), TOBN(0x8c176b98, 0x49f196a4), + TOBN(0xc448f311, 0x6875092b), TOBN(0xb5afe3de, 0x9f976033)}, + {TOBN(0xa8dafd49, 0x145813e5), TOBN(0x687fc4d9, 0xe2b34226), + TOBN(0xf2dfc92d, 0x4c7ff57f), TOBN(0x004e3fc1, 0x401f1b46)}}, + {{TOBN(0x5afddab6, 0x1430c9ab), TOBN(0x0bdd41d3, 0x2238e997), + TOBN(0xf0947430, 0x418042ae), TOBN(0x71f9adda, 0xcdddc4cb)}, + {TOBN(0x7090c016, 0xc52dd907), TOBN(0xd9bdf44d, 0x29e2047f), + TOBN(0xe6f1fe80, 0x1b1011a6), TOBN(0xb63accbc, 0xd9acdc78)}}, + {{TOBN(0xcfc7e235, 0x1272a95b), TOBN(0x0c667717, 0xa6276ac8), + TOBN(0x3c0d3709, 0xe2d7eef7), TOBN(0x5add2b06, 0x9a685b3e)}, + {TOBN(0x363ad32d, 0x14ea5d65), TOBN(0xf8e01f06, 0x8d7dd506), + TOBN(0xc9ea2213, 0x75b4aac6), TOBN(0xed2a2bf9, 0x0d353466)}}, + {{TOBN(0x439d79b5, 0xe9d3a7c3), TOBN(0x8e0ee5a6, 0x81b7f34b), + TOBN(0xcf3dacf5, 0x1dc4ba75), TOBN(0x1d3d1773, 0xeb3310c7)}, + {TOBN(0xa8e67112, 0x7747ae83), TOBN(0x31f43160, 0x197d6b40), + TOBN(0x0521ccee, 0xcd961400), TOBN(0x67246f11, 0xf6535768)}}, + {{TOBN(0x702fcc5a, 0xef0c3133), TOBN(0x247cc45d, 0x7e16693b), + TOBN(0xfd484e49, 0xc729b749), TOBN(0x522cef7d, 0xb218320f)}, + {TOBN(0xe56ef405, 0x59ab93b3), TOBN(0x225fba11, 0x9f181071), + TOBN(0x33bd6595, 0x15330ed0), TOBN(0xc4be69d5, 0x1ddb32f7)}}, + {{TOBN(0x264c7668, 0x0448087c), TOBN(0xac30903f, 0x71432dae), + TOBN(0x3851b266, 0x00f9bf47), TOBN(0x400ed311, 0x6cdd6d03)}, + {TOBN(0x045e79fe, 0xf8fd2424), TOBN(0xfdfd974a, 0xfa6da98b), + TOBN(0x45c9f641, 0x0c1e673a), TOBN(0x76f2e733, 0x5b2c5168)}}, + {{TOBN(0x1adaebb5, 0x2a601753), TOBN(0xb286514c, 0xc57c2d49), + TOBN(0xd8769670, 0x1e0bfd24), TOBN(0x950c547e, 0x04478922)}, + {TOBN(0xd1d41969, 0xe5d32bfe), TOBN(0x30bc1472, 0x750d6c3e), + TOBN(0x8f3679fe, 0xe0e27f3a), TOBN(0x8f64a7dc, 0xa4a6ee0c)}}, + {{TOBN(0x2fe59937, 0x633dfb1f), TOBN(0xea82c395, 0x977f2547), + TOBN(0xcbdfdf1a, 0x661ea646), TOBN(0xc7ccc591, 0xb9085451)}, + {TOBN(0x82177962, 0x81761e13), TOBN(0xda57596f, 0x9196885c), + TOBN(0xbc17e849, 0x28ffbd70), TOBN(0x1e6e0a41, 0x2671d36f)}}, + {{TOBN(0x61ae872c, 0x4152fcf5), TOBN(0x441c87b0, 0x9e77e754), + TOBN(0xd0799dd5, 0xa34dff09), TOBN(0x766b4e44, 0x88a6b171)}, + {TOBN(0xdc06a512, 0x11f1c792), TOBN(0xea02ae93, 0x4be35c3e), + TOBN(0xe5ca4d6d, 0xe90c469e), TOBN(0x4df4368e, 0x56e4ff5c)}}, + {{TOBN(0x7817acab, 0x4baef62e), TOBN(0x9f5a2202, 0xa85b91e8), + TOBN(0x9666ebe6, 0x6ce57610), TOBN(0x32ad31f3, 0xf73bfe03)}, + {TOBN(0x628330a4, 0x25bcf4d6), TOBN(0xea950593, 0x515056e6), + TOBN(0x59811c89, 0xe1332156), TOBN(0xc89cf1fe, 0x8c11b2d7)}}, + {{TOBN(0x75b63913, 0x04e60cc0), TOBN(0xce811e8d, 0x4625d375), + TOBN(0x030e43fc, 0x2d26e562), TOBN(0xfbb30b4b, 0x608d36a0)}, + {TOBN(0x634ff82c, 0x48528118), TOBN(0x7c6fe085, 0xcd285911), + TOBN(0x7f2830c0, 0x99358f28), TOBN(0x2e60a95e, 0x665e6c09)}}, + {{TOBN(0x08407d3d, 0x9b785dbf), TOBN(0x530889ab, 0xa759bce7), + TOBN(0xf228e0e6, 0x52f61239), TOBN(0x2b6d1461, 0x6879be3c)}, + {TOBN(0xe6902c04, 0x51a7bbf7), TOBN(0x30ad99f0, 0x76f24a64), + TOBN(0x66d9317a, 0x98bc6da0), TOBN(0xf4f877f3, 0xcb596ac0)}}, + {{TOBN(0xb05ff62d, 0x4c44f119), TOBN(0x4555f536, 0xe9b77416), + TOBN(0xc7c0d059, 0x8caed63b), TOBN(0x0cd2b7ce, 0xc358b2a9)}, + {TOBN(0x3f33287b, 0x46945fa3), TOBN(0xf8785b20, 0xd67c8791), + TOBN(0xc54a7a61, 0x9637bd08), TOBN(0x54d4598c, 0x18be79d7)}}, + {{TOBN(0x889e5acb, 0xc46d7ce1), TOBN(0x9a515bb7, 0x8b085877), + TOBN(0xfac1a03d, 0x0b7a5050), TOBN(0x7d3e738a, 0xf2926035)}, + {TOBN(0x861cc2ce, 0x2a6cb0eb), TOBN(0x6f2e2955, 0x8f7adc79), + TOBN(0x61c4d451, 0x33016376), TOBN(0xd9fd2c80, 0x5ad59090)}}, + {{TOBN(0xe5a83738, 0xb2b836a1), TOBN(0x855b41a0, 0x7c0d6622), + TOBN(0x186fe317, 0x7cc19af1), TOBN(0x6465c1ff, 0xfdd99acb)}, + {TOBN(0x46e5c23f, 0x6974b99e), TOBN(0x75a7cf8b, 0xa2717cbe), + TOBN(0x4d2ebc3f, 0x062be658), TOBN(0x094b4447, 0x5f209c98)}}, + {{TOBN(0x4af285ed, 0xb940cb5a), TOBN(0x6706d792, 0x7cc82f10), + TOBN(0xc8c8776c, 0x030526fa), TOBN(0xfa8e6f76, 0xa0da9140)}, + {TOBN(0x77ea9d34, 0x591ee4f0), TOBN(0x5f46e337, 0x40274166), + TOBN(0x1bdf98bb, 0xea671457), TOBN(0xd7c08b46, 0x862a1fe2)}}, + {{TOBN(0x46cc303c, 0x1c08ad63), TOBN(0x99543440, 0x4c845e7b), + TOBN(0x1b8fbdb5, 0x48f36bf7), TOBN(0x5b82c392, 0x8c8273a7)}, + {TOBN(0x08f712c4, 0x928435d5), TOBN(0x071cf0f1, 0x79330380), + TOBN(0xc74c2d24, 0xa8da054a), TOBN(0xcb0e7201, 0x43c46b5c)}}, + {{TOBN(0x0ad7337a, 0xc0b7eff3), TOBN(0x8552225e, 0xc5e48b3c), + TOBN(0xe6f78b0c, 0x73f13a5f), TOBN(0x5e70062e, 0x82349cbe)}, + {TOBN(0x6b8d5048, 0xe7073969), TOBN(0x392d2a29, 0xc33cb3d2), + TOBN(0xee4f727c, 0x4ecaa20f), TOBN(0xa068c99e, 0x2ccde707)}}, + {{TOBN(0xfcd5651f, 0xb87a2913), TOBN(0xea3e3c15, 0x3cc252f0), + TOBN(0x777d92df, 0x3b6cd3e4), TOBN(0x7a414143, 0xc5a732e7)}, + {TOBN(0xa895951a, 0xa71ff493), TOBN(0xfe980c92, 0xbbd37cf6), + TOBN(0x45bd5e64, 0xdecfeeff), TOBN(0x910dc2a9, 0xa44c43e9)}}, + {{TOBN(0xcb403f26, 0xcca9f54d), TOBN(0x928bbdfb, 0x9303f6db), + TOBN(0x3c37951e, 0xa9eee67c), TOBN(0x3bd61a52, 0xf79961c3)}, + {TOBN(0x09a238e6, 0x395c9a79), TOBN(0x6940ca2d, 0x61eb352d), + TOBN(0x7d1e5c5e, 0xc1875631), TOBN(0x1e19742c, 0x1e1b20d1)}}, + {{TOBN(0x4633d908, 0x23fc2e6e), TOBN(0xa76e29a9, 0x08959149), + TOBN(0x61069d9c, 0x84ed7da5), TOBN(0x0baa11cf, 0x5dbcad51)}, + {TOBN(0xd01eec64, 0x961849da), TOBN(0x93b75f1f, 0xaf3d8c28), + TOBN(0x57bc4f9f, 0x1ca2ee44), TOBN(0x5a26322d, 0x00e00558)}}, + {{TOBN(0x1888d658, 0x61a023ef), TOBN(0x1d72aab4, 0xb9e5246e), + TOBN(0xa9a26348, 0xe5563ec0), TOBN(0xa0971963, 0xc3439a43)}, + {TOBN(0x567dd54b, 0xadb9b5b7), TOBN(0x73fac1a1, 0xc45a524b), + TOBN(0x8fe97ef7, 0xfe38e608), TOBN(0x608748d2, 0x3f384f48)}}, + {{TOBN(0xb0571794, 0xc486094f), TOBN(0x869254a3, 0x8bf3a8d6), + TOBN(0x148a8dd1, 0x310b0e25), TOBN(0x99ab9f3f, 0x9aa3f7d8)}, + {TOBN(0x0927c68a, 0x6706c02e), TOBN(0x22b5e76c, 0x69790e6c), + TOBN(0x6c325260, 0x6c71376c), TOBN(0x53a57690, 0x09ef6657)}}, + {{TOBN(0x8d63f852, 0xedffcf3a), TOBN(0xb4d2ed04, 0x3c0a6f55), + TOBN(0xdb3aa8de, 0x12519b9e), TOBN(0x5d38e9c4, 0x1e0a569a)}, + {TOBN(0x871528bf, 0x303747e2), TOBN(0xa208e77c, 0xf5b5c18d), + TOBN(0x9d129c88, 0xca6bf923), TOBN(0xbcbf197f, 0xbf02839f)}}, + {{TOBN(0x9b9bf030, 0x27323194), TOBN(0x3b055a8b, 0x339ca59d), + TOBN(0xb46b2312, 0x0f669520), TOBN(0x19789f1f, 0x497e5f24)}, + {TOBN(0x9c499468, 0xaaf01801), TOBN(0x72ee1190, 0x8b69d59c), + TOBN(0x8bd39595, 0xacf4c079), TOBN(0x3ee11ece, 0x8e0cd048)}}, + {{TOBN(0xebde86ec, 0x1ed66f18), TOBN(0x225d906b, 0xd61fce43), + TOBN(0x5cab07d6, 0xe8bed74d), TOBN(0x16e4617f, 0x27855ab7)}, + {TOBN(0x6568aadd, 0xb2fbc3dd), TOBN(0xedb5484f, 0x8aeddf5b), + TOBN(0x878f20e8, 0x6dcf2fad), TOBN(0x3516497c, 0x615f5699)}}}, + {{{TOBN(0xef0a3fec, 0xfa181e69), TOBN(0x9ea02f81, 0x30d69a98), + TOBN(0xb2e9cf8e, 0x66eab95d), TOBN(0x520f2beb, 0x24720021)}, + {TOBN(0x621c540a, 0x1df84361), TOBN(0x12037721, 0x71fa6d5d), + TOBN(0x6e3c7b51, 0x0ff5f6ff), TOBN(0x817a069b, 0xabb2bef3)}}, + {{TOBN(0x83572fb6, 0xb294cda6), TOBN(0x6ce9bf75, 0xb9039f34), + TOBN(0x20e012f0, 0x095cbb21), TOBN(0xa0aecc1b, 0xd063f0da)}, + {TOBN(0x57c21c3a, 0xf02909e5), TOBN(0xc7d59ecf, 0x48ce9cdc), + TOBN(0x2732b844, 0x8ae336f8), TOBN(0x056e3723, 0x3f4f85f4)}}, + {{TOBN(0x8a10b531, 0x89e800ca), TOBN(0x50fe0c17, 0x145208fd), + TOBN(0x9e43c0d3, 0xb714ba37), TOBN(0x427d200e, 0x34189acc)}, + {TOBN(0x05dee24f, 0xe616e2c0), TOBN(0x9c25f4c8, 0xee1854c1), + TOBN(0x4d3222a5, 0x8f342a73), TOBN(0x0807804f, 0xa027c952)}}, + {{TOBN(0xc222653a, 0x4f0d56f3), TOBN(0x961e4047, 0xca28b805), + TOBN(0x2c03f8b0, 0x4a73434b), TOBN(0x4c966787, 0xab712a19)}, + {TOBN(0xcc196c42, 0x864fee42), TOBN(0xc1be93da, 0x5b0ece5c), + TOBN(0xa87d9f22, 0xc131c159), TOBN(0x2bb6d593, 0xdce45655)}}, + {{TOBN(0x22c49ec9, 0xb809b7ce), TOBN(0x8a41486b, 0xe2c72c2c), + TOBN(0x813b9420, 0xfea0bf36), TOBN(0xb3d36ee9, 0xa66dac69)}, + {TOBN(0x6fddc08a, 0x328cc987), TOBN(0x0a3bcd2c, 0x3a326461), + TOBN(0x7103c49d, 0xd810dbba), TOBN(0xf9d81a28, 0x4b78a4c4)}}, + {{TOBN(0x3de865ad, 0xe4d55941), TOBN(0xdedafa5e, 0x30384087), + TOBN(0x6f414abb, 0x4ef18b9b), TOBN(0x9ee9ea42, 0xfaee5268)}, + {TOBN(0x260faa16, 0x37a55a4a), TOBN(0xeb19a514, 0x015f93b9), + TOBN(0x51d7ebd2, 0x9e9c3598), TOBN(0x523fc56d, 0x1932178e)}}, + {{TOBN(0x501d070c, 0xb98fe684), TOBN(0xd60fbe9a, 0x124a1458), + TOBN(0xa45761c8, 0x92bc6b3f), TOBN(0xf5384858, 0xfe6f27cb)}, + {TOBN(0x4b0271f7, 0xb59e763b), TOBN(0x3d4606a9, 0x5b5a8e5e), + TOBN(0x1eda5d9b, 0x05a48292), TOBN(0xda7731d0, 0xe6fec446)}}, + {{TOBN(0xa3e33693, 0x90d45871), TOBN(0xe9764040, 0x06166d8d), + TOBN(0xb5c33682, 0x89a90403), TOBN(0x4bd17983, 0x72f1d637)}, + {TOBN(0xa616679e, 0xd5d2c53a), TOBN(0x5ec4bcd8, 0xfdcf3b87), + TOBN(0xae6d7613, 0xb66a694e), TOBN(0x7460fc76, 0xe3fc27e5)}}, + {{TOBN(0x70469b82, 0x95caabee), TOBN(0xde024ca5, 0x889501e3), + TOBN(0x6bdadc06, 0x076ed265), TOBN(0x0cb1236b, 0x5a0ef8b2)}, + {TOBN(0x4065ddbf, 0x0972ebf9), TOBN(0xf1dd3875, 0x22aca432), + TOBN(0xa88b97cf, 0x744aff76), TOBN(0xd1359afd, 0xfe8e3d24)}}, + {{TOBN(0x52a3ba2b, 0x91502cf3), TOBN(0x2c3832a8, 0x084db75d), + TOBN(0x04a12ddd, 0xde30b1c9), TOBN(0x7802eabc, 0xe31fd60c)}, + {TOBN(0x33707327, 0xa37fddab), TOBN(0x65d6f2ab, 0xfaafa973), + TOBN(0x3525c5b8, 0x11e6f91a), TOBN(0x76aeb0c9, 0x5f46530b)}}, + {{TOBN(0xe8815ff6, 0x2f93a675), TOBN(0xa6ec9684, 0x05f48679), + TOBN(0x6dcbb556, 0x358ae884), TOBN(0x0af61472, 0xe19e3873)}, + {TOBN(0x72334372, 0xa5f696be), TOBN(0xc65e57ea, 0x6f22fb70), + TOBN(0x268da30c, 0x946cea90), TOBN(0x136a8a87, 0x65681b2a)}}, + {{TOBN(0xad5e81dc, 0x0f9f44d4), TOBN(0xf09a6960, 0x2c46585a), + TOBN(0xd1649164, 0xc447d1b1), TOBN(0x3b4b36c8, 0x879dc8b1)}, + {TOBN(0x20d4177b, 0x3b6b234c), TOBN(0x096a2505, 0x1730d9d0), + TOBN(0x0611b9b8, 0xef80531d), TOBN(0xba904b3b, 0x64bb495d)}}, + {{TOBN(0x1192d9d4, 0x93a3147a), TOBN(0x9f30a5dc, 0x9a565545), + TOBN(0x90b1f9cb, 0x6ef07212), TOBN(0x29958546, 0x0d87fc13)}, + {TOBN(0xd3323eff, 0xc17db9ba), TOBN(0xcb18548c, 0xcb1644a8), + TOBN(0x18a306d4, 0x4f49ffbc), TOBN(0x28d658f1, 0x4c2e8684)}}, + {{TOBN(0x44ba60cd, 0xa99f8c71), TOBN(0x67b7abdb, 0x4bf742ff), + TOBN(0x66310f9c, 0x914b3f99), TOBN(0xae430a32, 0xf412c161)}, + {TOBN(0x1e6776d3, 0x88ace52f), TOBN(0x4bc0fa24, 0x52d7067d), + TOBN(0x03c286aa, 0x8f07cd1b), TOBN(0x4cb8f38c, 0xa985b2c1)}}, + {{TOBN(0x83ccbe80, 0x8c3bff36), TOBN(0x005a0bd2, 0x5263e575), + TOBN(0x460d7dda, 0x259bdcd1), TOBN(0x4a1c5642, 0xfa5cab6b)}, + {TOBN(0x2b7bdbb9, 0x9fe4fc88), TOBN(0x09418e28, 0xcc97bbb5), + TOBN(0xd8274fb4, 0xa12321ae), TOBN(0xb137007d, 0x5c87b64e)}}, + {{TOBN(0x80531fe1, 0xc63c4962), TOBN(0x50541e89, 0x981fdb25), + TOBN(0xdc1291a1, 0xfd4c2b6b), TOBN(0xc0693a17, 0xa6df4fca)}, + {TOBN(0xb2c4604e, 0x0117f203), TOBN(0x245f1963, 0x0a99b8d0), + TOBN(0xaedc20aa, 0xc6212c44), TOBN(0xb1ed4e56, 0x520f52a8)}}, + {{TOBN(0xfe48f575, 0xf8547be3), TOBN(0x0a7033cd, 0xa9e45f98), + TOBN(0x4b45d3a9, 0x18c50100), TOBN(0xb2a6cd6a, 0xa61d41da)}, + {TOBN(0x60bbb4f5, 0x57933c6b), TOBN(0xa7538ebd, 0x2b0d7ffc), + TOBN(0x9ea3ab8d, 0x8cd626b6), TOBN(0x8273a484, 0x3601625a)}}, + {{TOBN(0x88859845, 0x0168e508), TOBN(0x8cbc9bb2, 0x99a94abd), + TOBN(0x713ac792, 0xfab0a671), TOBN(0xa3995b19, 0x6c9ebffc)}, + {TOBN(0xe711668e, 0x1239e152), TOBN(0x56892558, 0xbbb8dff4), + TOBN(0x8bfc7dab, 0xdbf17963), TOBN(0x5b59fe5a, 0xb3de1253)}}, + {{TOBN(0x7e3320eb, 0x34a9f7ae), TOBN(0xe5e8cf72, 0xd751efe4), + TOBN(0x7ea003bc, 0xd9be2f37), TOBN(0xc0f551a0, 0xb6c08ef7)}, + {TOBN(0x56606268, 0x038f6725), TOBN(0x1dd38e35, 0x6d92d3b6), + TOBN(0x07dfce7c, 0xc3cbd686), TOBN(0x4e549e04, 0x651c5da8)}}, + {{TOBN(0x4058f93b, 0x08b19340), TOBN(0xc2fae6f4, 0xcac6d89d), + TOBN(0x4bad8a8c, 0x8f159cc7), TOBN(0x0ddba4b3, 0xcb0b601c)}, + {TOBN(0xda4fc7b5, 0x1dd95f8c), TOBN(0x1d163cd7, 0xcea5c255), + TOBN(0x30707d06, 0x274a8c4c), TOBN(0x79d9e008, 0x2802e9ce)}}, + {{TOBN(0x02a29ebf, 0xe6ddd505), TOBN(0x37064e74, 0xb50bed1a), + TOBN(0x3f6bae65, 0xa7327d57), TOBN(0x3846f5f1, 0xf83920bc)}, + {TOBN(0x87c37491, 0x60df1b9b), TOBN(0x4cfb2895, 0x2d1da29f), + TOBN(0x10a478ca, 0x4ed1743c), TOBN(0x390c6030, 0x3edd47c6)}}, + {{TOBN(0x8f3e5312, 0x8c0a78de), TOBN(0xccd02bda, 0x1e85df70), + TOBN(0xd6c75c03, 0xa61b6582), TOBN(0x0762921c, 0xfc0eebd1)}, + {TOBN(0xd34d0823, 0xd85010c0), TOBN(0xd73aaacb, 0x0044cf1f), + TOBN(0xfb4159bb, 0xa3b5e78a), TOBN(0x2287c7f7, 0xe5826f3f)}}, + {{TOBN(0x4aeaf742, 0x580b1a01), TOBN(0xf080415d, 0x60423b79), + TOBN(0xe12622cd, 0xa7dea144), TOBN(0x49ea4996, 0x59d62472)}, + {TOBN(0xb42991ef, 0x571f3913), TOBN(0x0610f214, 0xf5b25a8a), + TOBN(0x47adc585, 0x30b79e8f), TOBN(0xf90e3df6, 0x07a065a2)}}, + {{TOBN(0x5d0a5deb, 0x43e2e034), TOBN(0x53fb5a34, 0x444024aa), + TOBN(0xa8628c68, 0x6b0c9f7f), TOBN(0x9c69c29c, 0xac563656)}, + {TOBN(0x5a231feb, 0xbace47b6), TOBN(0xbdce0289, 0x9ea5a2ec), + TOBN(0x05da1fac, 0x9463853e), TOBN(0x96812c52, 0x509e78aa)}}, + {{TOBN(0xd3fb5771, 0x57151692), TOBN(0xeb2721f8, 0xd98e1c44), + TOBN(0xc0506087, 0x32399be1), TOBN(0xda5a5511, 0xd979d8b8)}, + {TOBN(0x737ed55d, 0xc6f56780), TOBN(0xe20d3004, 0x0dc7a7f4), + TOBN(0x02ce7301, 0xf5941a03), TOBN(0x91ef5215, 0xed30f83a)}}, + {{TOBN(0x28727fc1, 0x4092d85f), TOBN(0x72d223c6, 0x5c49e41a), + TOBN(0xa7cf30a2, 0xba6a4d81), TOBN(0x7c086209, 0xb030d87d)}, + {TOBN(0x04844c7d, 0xfc588b09), TOBN(0x728cd499, 0x5874bbb0), + TOBN(0xcc1281ee, 0xe84c0495), TOBN(0x0769b5ba, 0xec31958f)}}, + {{TOBN(0x665c228b, 0xf99c2471), TOBN(0xf2d8a11b, 0x191eb110), + TOBN(0x4594f494, 0xd36d7024), TOBN(0x482ded8b, 0xcdcb25a1)}, + {TOBN(0xc958a9d8, 0xdadd4885), TOBN(0x7004477e, 0xf1d2b547), + TOBN(0x0a45f6ef, 0x2a0af550), TOBN(0x4fc739d6, 0x2f8d6351)}}, + {{TOBN(0x75cdaf27, 0x786f08a9), TOBN(0x8700bb26, 0x42c2737f), + TOBN(0x855a7141, 0x1c4e2670), TOBN(0x810188c1, 0x15076fef)}, + {TOBN(0xc251d0c9, 0xabcd3297), TOBN(0xae4c8967, 0xf48108eb), + TOBN(0xbd146de7, 0x18ceed30), TOBN(0xf9d4f07a, 0xc986bced)}}, + {{TOBN(0x5ad98ed5, 0x83fa1e08), TOBN(0x7780d33e, 0xbeabd1fb), + TOBN(0xe330513c, 0x903b1196), TOBN(0xba11de9e, 0xa47bc8c4)}, + {TOBN(0x684334da, 0x02c2d064), TOBN(0x7ecf360d, 0xa48de23b), + TOBN(0x57a1b474, 0x0a9089d8), TOBN(0xf28fa439, 0xff36734c)}}, + {{TOBN(0xf2a482cb, 0xea4570b3), TOBN(0xee65d68b, 0xa5ebcee9), + TOBN(0x988d0036, 0xb9694cd5), TOBN(0x53edd0e9, 0x37885d32)}, + {TOBN(0xe37e3307, 0xbeb9bc6d), TOBN(0xe9abb907, 0x9f5c6768), + TOBN(0x4396ccd5, 0x51f2160f), TOBN(0x2500888c, 0x47336da6)}}, + {{TOBN(0x383f9ed9, 0x926fce43), TOBN(0x809dd1c7, 0x04da2930), + TOBN(0x30f6f596, 0x8a4cb227), TOBN(0x0d700c7f, 0x73a56b38)}, + {TOBN(0x1825ea33, 0xab64a065), TOBN(0xaab9b735, 0x1338df80), + TOBN(0x1516100d, 0x9b63f57f), TOBN(0x2574395a, 0x27a6a634)}}, + {{TOBN(0xb5560fb6, 0x700a1acd), TOBN(0xe823fd73, 0xfd999681), + TOBN(0xda915d1f, 0x6cb4e1ba), TOBN(0x0d030118, 0x6ebe00a3)}, + {TOBN(0x744fb0c9, 0x89fca8cd), TOBN(0x970d01db, 0xf9da0e0b), + TOBN(0x0ad8c564, 0x7931d76f), TOBN(0xb15737bf, 0xf659b96a)}}, + {{TOBN(0xdc9933e8, 0xa8b484e7), TOBN(0xb2fdbdf9, 0x7a26dec7), + TOBN(0x2349e9a4, 0x9f1f0136), TOBN(0x7860368e, 0x70fddddb)}, + {TOBN(0xd93d2c1c, 0xf9ad3e18), TOBN(0x6d6c5f17, 0x689f4e79), + TOBN(0x7a544d91, 0xb24ff1b6), TOBN(0x3e12a5eb, 0xfe16cd8c)}}, + {{TOBN(0x543574e9, 0xa56b872f), TOBN(0xa1ad550c, 0xfcf68ea2), + TOBN(0x689e37d2, 0x3f560ef7), TOBN(0x8c54b9ca, 0xc9d47a8b)}, + {TOBN(0x46d40a4a, 0x088ac342), TOBN(0xec450c7c, 0x1576c6d0), + TOBN(0xb589e31c, 0x1f9689e9), TOBN(0xdacf2602, 0xb8781718)}}, + {{TOBN(0xa89237c6, 0xc8cb6b42), TOBN(0x1326fc93, 0xb96ef381), + TOBN(0x55d56c6d, 0xb5f07825), TOBN(0xacba2eea, 0x7449e22d)}, + {TOBN(0x74e0887a, 0x633c3000), TOBN(0xcb6cd172, 0xd7cbcf71), + TOBN(0x309e81de, 0xc36cf1be), TOBN(0x07a18a6d, 0x60ae399b)}}, + {{TOBN(0xb36c2679, 0x9edce57e), TOBN(0x52b892f4, 0xdf001d41), + TOBN(0xd884ae5d, 0x16a1f2c6), TOBN(0x9b329424, 0xefcc370a)}, + {TOBN(0x3120daf2, 0xbd2e21df), TOBN(0x55298d2d, 0x02470a99), + TOBN(0x0b78af6c, 0xa05db32e), TOBN(0x5c76a331, 0x601f5636)}}, + {{TOBN(0xaae861ff, 0xf8a4f29c), TOBN(0x70dc9240, 0xd68f8d49), + TOBN(0x960e649f, 0x81b1321c), TOBN(0x3d2c801b, 0x8792e4ce)}, + {TOBN(0xf479f772, 0x42521876), TOBN(0x0bed93bc, 0x416c79b1), + TOBN(0xa67fbc05, 0x263e5bc9), TOBN(0x01e8e630, 0x521db049)}}, + {{TOBN(0x76f26738, 0xc6f3431e), TOBN(0xe609cb02, 0xe3267541), + TOBN(0xb10cff2d, 0x818c877c), TOBN(0x1f0e75ce, 0x786a13cb)}, + {TOBN(0xf4fdca64, 0x1158544d), TOBN(0x5d777e89, 0x6cb71ed0), + TOBN(0x3c233737, 0xa9aa4755), TOBN(0x7b453192, 0xe527ab40)}}, + {{TOBN(0xdb59f688, 0x39f05ffe), TOBN(0x8f4f4be0, 0x6d82574e), + TOBN(0xcce3450c, 0xee292d1b), TOBN(0xaa448a12, 0x61ccd086)}, + {TOBN(0xabce91b3, 0xf7914967), TOBN(0x4537f09b, 0x1908a5ed), + TOBN(0xa812421e, 0xf51042e7), TOBN(0xfaf5cebc, 0xec0b3a34)}}, + {{TOBN(0x730ffd87, 0x4ca6b39a), TOBN(0x70fb72ed, 0x02efd342), + TOBN(0xeb4735f9, 0xd75c8edb), TOBN(0xc11f2157, 0xc278aa51)}, + {TOBN(0xc459f635, 0xbf3bfebf), TOBN(0x3a1ff0b4, 0x6bd9601f), + TOBN(0xc9d12823, 0xc420cb73), TOBN(0x3e9af3e2, 0x3c2915a3)}}, + {{TOBN(0xe0c82c72, 0xb41c3440), TOBN(0x175239e5, 0xe3039a5f), + TOBN(0xe1084b8a, 0x558795a3), TOBN(0x328d0a1d, 0xd01e5c60)}, + {TOBN(0x0a495f2e, 0xd3788a04), TOBN(0x25d8ff16, 0x66c11a9f), + TOBN(0xf5155f05, 0x9ed692d6), TOBN(0x954fa107, 0x4f425fe4)}}, + {{TOBN(0xd16aabf2, 0xe98aaa99), TOBN(0x90cd8ba0, 0x96b0f88a), + TOBN(0x957f4782, 0xc154026a), TOBN(0x54ee0734, 0x52af56d2)}, + {TOBN(0xbcf89e54, 0x45b4147a), TOBN(0x3d102f21, 0x9a52816c), + TOBN(0x6808517e, 0x39b62e77), TOBN(0x92e25421, 0x69169ad8)}}, + {{TOBN(0xd721d871, 0xbb608558), TOBN(0x60e4ebae, 0xf6d4ff9b), + TOBN(0x0ba10819, 0x41f2763e), TOBN(0xca2e45be, 0x51ee3247)}, + {TOBN(0x66d172ec, 0x2bfd7a5f), TOBN(0x528a8f2f, 0x74d0b12d), + TOBN(0xe17f1e38, 0xdabe70dc), TOBN(0x1d5d7316, 0x9f93983c)}}, + {{TOBN(0x51b2184a, 0xdf423e31), TOBN(0xcb417291, 0xaedb1a10), + TOBN(0x2054ca93, 0x625bcab9), TOBN(0x54396860, 0xa98998f0)}, + {TOBN(0x4e53f6c4, 0xa54ae57e), TOBN(0x0ffeb590, 0xee648e9d), + TOBN(0xfbbdaadc, 0x6afaf6bc), TOBN(0xf88ae796, 0xaa3bfb8a)}}, + {{TOBN(0x209f1d44, 0xd2359ed9), TOBN(0xac68dd03, 0xf3544ce2), + TOBN(0xf378da47, 0xfd51e569), TOBN(0xe1abd860, 0x2cc80097)}, + {TOBN(0x23ca18d9, 0x343b6e3a), TOBN(0x480797e8, 0xb40a1bae), + TOBN(0xd1f0c717, 0x533f3e67), TOBN(0x44896970, 0x06e6cdfc)}}, + {{TOBN(0x8ca21055, 0x52a82e8d), TOBN(0xb2caf785, 0x78460cdc), + TOBN(0x4c1b7b62, 0xe9037178), TOBN(0xefc09d2c, 0xdb514b58)}, + {TOBN(0x5f2df9ee, 0x9113be5c), TOBN(0x2fbda78f, 0xb3f9271c), + TOBN(0xe09a81af, 0x8f83fc54), TOBN(0x06b13866, 0x8afb5141)}}, + {{TOBN(0x38f6480f, 0x43e3865d), TOBN(0x72dd77a8, 0x1ddf47d9), + TOBN(0xf2a8e971, 0x4c205ff7), TOBN(0x46d449d8, 0x9d088ad8)}, + {TOBN(0x926619ea, 0x185d706f), TOBN(0xe47e02eb, 0xc7dd7f62), + TOBN(0xe7f120a7, 0x8cbc2031), TOBN(0xc18bef00, 0x998d4ac9)}}, + {{TOBN(0x18f37a9c, 0x6bdf22da), TOBN(0xefbc432f, 0x90dc82df), + TOBN(0xc52cef8e, 0x5d703651), TOBN(0x82887ba0, 0xd99881a5)}, + {TOBN(0x7cec9dda, 0xb920ec1d), TOBN(0xd0d7e8c3, 0xec3e8d3b), + TOBN(0x445bc395, 0x4ca88747), TOBN(0xedeaa2e0, 0x9fd53535)}}, + {{TOBN(0x461b1d93, 0x6cc87475), TOBN(0xd92a52e2, 0x6d2383bd), + TOBN(0xfabccb59, 0xd7903546), TOBN(0x6111a761, 0x3d14b112)}, + {TOBN(0x0ae584fe, 0xb3d5f612), TOBN(0x5ea69b8d, 0x60e828ec), + TOBN(0x6c078985, 0x54087030), TOBN(0x649cab04, 0xac4821fe)}}, + {{TOBN(0x25ecedcf, 0x8bdce214), TOBN(0xb5622f72, 0x86af7361), + TOBN(0x0e1227aa, 0x7038b9e2), TOBN(0xd0efb273, 0xac20fa77)}, + {TOBN(0x817ff88b, 0x79df975b), TOBN(0x856bf286, 0x1999503e), + TOBN(0xb4d5351f, 0x5038ec46), TOBN(0x740a52c5, 0xfc42af6e)}}, + {{TOBN(0x2e38bb15, 0x2cbb1a3f), TOBN(0xc3eb99fe, 0x17a83429), + TOBN(0xca4fcbf1, 0xdd66bb74), TOBN(0x880784d6, 0xcde5e8fc)}, + {TOBN(0xddc84c1c, 0xb4e7a0be), TOBN(0x8780510d, 0xbd15a72f), + TOBN(0x44bcf1af, 0x81ec30e1), TOBN(0x141e50a8, 0x0a61073e)}}, + {{TOBN(0x0d955718, 0x47be87ae), TOBN(0x68a61417, 0xf76a4372), + TOBN(0xf57e7e87, 0xc607c3d3), TOBN(0x043afaf8, 0x5252f332)}, + {TOBN(0xcc14e121, 0x1552a4d2), TOBN(0xb6dee692, 0xbb4d4ab4), + TOBN(0xb6ab74c8, 0xa03816a4), TOBN(0x84001ae4, 0x6f394a29)}}, + {{TOBN(0x5bed8344, 0xd795fb45), TOBN(0x57326e7d, 0xb79f55a5), + TOBN(0xc9533ce0, 0x4accdffc), TOBN(0x53473caf, 0x3993fa04)}, + {TOBN(0x7906eb93, 0xa13df4c8), TOBN(0xa73e51f6, 0x97cbe46f), + TOBN(0xd1ab3ae1, 0x0ae4ccf8), TOBN(0x25614508, 0x8a5b3dbc)}}, + {{TOBN(0x61eff962, 0x11a71b27), TOBN(0xdf71412b, 0x6bb7fa39), + TOBN(0xb31ba6b8, 0x2bd7f3ef), TOBN(0xb0b9c415, 0x69180d29)}, + {TOBN(0xeec14552, 0x014cdde5), TOBN(0x702c624b, 0x227b4bbb), + TOBN(0x2b15e8c2, 0xd3e988f3), TOBN(0xee3bcc6d, 0xa4f7fd04)}}, + {{TOBN(0x9d00822a, 0x42ac6c85), TOBN(0x2db0cea6, 0x1df9f2b7), + TOBN(0xd7cad2ab, 0x42de1e58), TOBN(0x346ed526, 0x2d6fbb61)}, + {TOBN(0xb3962995, 0x1a2faf09), TOBN(0x2fa8a580, 0x7c25612e), + TOBN(0x30ae04da, 0x7cf56490), TOBN(0x75662908, 0x0eea3961)}}, + {{TOBN(0x3609f5c5, 0x3d080847), TOBN(0xcb081d39, 0x5241d4f6), + TOBN(0xb4fb3810, 0x77961a63), TOBN(0xc20c5984, 0x2abb66fc)}, + {TOBN(0x3d40aa7c, 0xf902f245), TOBN(0x9cb12736, 0x4e536b1e), + TOBN(0x5eda24da, 0x99b3134f), TOBN(0xafbd9c69, 0x5cd011af)}}, + {{TOBN(0x9a16e30a, 0xc7088c7d), TOBN(0x5ab65710, 0x3207389f), + TOBN(0x1b09547f, 0xe7407a53), TOBN(0x2322f9d7, 0x4fdc6eab)}, + {TOBN(0xc0f2f22d, 0x7430de4d), TOBN(0x19382696, 0xe68ca9a9), + TOBN(0x17f1eff1, 0x918e5868), TOBN(0xe3b5b635, 0x586f4204)}}, + {{TOBN(0x146ef980, 0x3fbc4341), TOBN(0x359f2c80, 0x5b5eed4e), + TOBN(0x9f35744e, 0x7482e41d), TOBN(0x9a9ac3ec, 0xf3b224c2)}, + {TOBN(0x9161a6fe, 0x91fc50ae), TOBN(0x89ccc66b, 0xc613fa7c), + TOBN(0x89268b14, 0xc732f15a), TOBN(0x7cd6f4e2, 0xb467ed03)}}, + {{TOBN(0xfbf79869, 0xce56b40e), TOBN(0xf93e094c, 0xc02dde98), + TOBN(0xefe0c3a8, 0xedee2cd7), TOBN(0x90f3ffc0, 0xb268fd42)}, + {TOBN(0x81a7fd56, 0x08241aed), TOBN(0x95ab7ad8, 0x00b1afe8), + TOBN(0x40127056, 0x3e310d52), TOBN(0xd3ffdeb1, 0x09d9fc43)}}, + {{TOBN(0xc8f85c91, 0xd11a8594), TOBN(0x2e74d258, 0x31cf6db8), + TOBN(0x829c7ca3, 0x02b5dfd0), TOBN(0xe389cfbe, 0x69143c86)}, + {TOBN(0xd01b6405, 0x941768d8), TOBN(0x45103995, 0x03bf825d), + TOBN(0xcc4ee166, 0x56cd17e2), TOBN(0xbea3c283, 0xba037e79)}}, + {{TOBN(0x4e1ac06e, 0xd9a47520), TOBN(0xfbfe18aa, 0xaf852404), + TOBN(0x5615f8e2, 0x8087648a), TOBN(0x7301e47e, 0xb9d150d9)}, + {TOBN(0x79f9f9dd, 0xb299b977), TOBN(0x76697a7b, 0xa5b78314), + TOBN(0x10d67468, 0x7d7c90e7), TOBN(0x7afffe03, 0x937210b5)}}, + {{TOBN(0x5aef3e4b, 0x28c22cee), TOBN(0xefb0ecd8, 0x09fd55ae), + TOBN(0x4cea7132, 0x0d2a5d6a), TOBN(0x9cfb5fa1, 0x01db6357)}, + {TOBN(0x395e0b57, 0xf36e1ac5), TOBN(0x008fa9ad, 0x36cafb7d), + TOBN(0x8f6cdf70, 0x5308c4db), TOBN(0x51527a37, 0x95ed2477)}}, + {{TOBN(0xba0dee30, 0x5bd21311), TOBN(0x6ed41b22, 0x909c90d7), + TOBN(0xc5f6b758, 0x7c8696d3), TOBN(0x0db8eaa8, 0x3ce83a80)}, + {TOBN(0xd297fe37, 0xb24b4b6f), TOBN(0xfe58afe8, 0x522d1f0d), + TOBN(0x97358736, 0x8c98dbd9), TOBN(0x6bc226ca, 0x9454a527)}}, + {{TOBN(0xa12b384e, 0xce53c2d0), TOBN(0x779d897d, 0x5e4606da), + TOBN(0xa53e47b0, 0x73ec12b0), TOBN(0x462dbbba, 0x5756f1ad)}, + {TOBN(0x69fe09f2, 0xcafe37b6), TOBN(0x273d1ebf, 0xecce2e17), + TOBN(0x8ac1d538, 0x3cf607fd), TOBN(0x8035f7ff, 0x12e10c25)}}}, + {{{TOBN(0x854d34c7, 0x7e6c5520), TOBN(0xc27df9ef, 0xdcb9ea58), + TOBN(0x405f2369, 0xd686666d), TOBN(0x29d1febf, 0x0417aa85)}, + {TOBN(0x9846819e, 0x93470afe), TOBN(0x3e6a9669, 0xe2a27f9e), + TOBN(0x24d008a2, 0xe31e6504), TOBN(0xdba7cecf, 0x9cb7680a)}}, + {{TOBN(0xecaff541, 0x338d6e43), TOBN(0x56f7dd73, 0x4541d5cc), + TOBN(0xb5d426de, 0x96bc88ca), TOBN(0x48d94f6b, 0x9ed3a2c3)}, + {TOBN(0x6354a3bb, 0x2ef8279c), TOBN(0xd575465b, 0x0b1867f2), + TOBN(0xef99b0ff, 0x95225151), TOBN(0xf3e19d88, 0xf94500d8)}}, + {{TOBN(0x92a83268, 0xe32dd620), TOBN(0x913ec99f, 0x627849a2), + TOBN(0xedd8fdfa, 0x2c378882), TOBN(0xaf96f33e, 0xee6f8cfe)}, + {TOBN(0xc06737e5, 0xdc3fa8a5), TOBN(0x236bb531, 0xb0b03a1d), + TOBN(0x33e59f29, 0x89f037b0), TOBN(0x13f9b5a7, 0xd9a12a53)}}, + {{TOBN(0x0d0df6ce, 0x51efb310), TOBN(0xcb5b2eb4, 0x958df5be), + TOBN(0xd6459e29, 0x36158e59), TOBN(0x82aae2b9, 0x1466e336)}, + {TOBN(0xfb658a39, 0x411aa636), TOBN(0x7152ecc5, 0xd4c0a933), + TOBN(0xf10c758a, 0x49f026b7), TOBN(0xf4837f97, 0xcb09311f)}}, + {{TOBN(0xddfb02c4, 0xc753c45f), TOBN(0x18ca81b6, 0xf9c840fe), + TOBN(0x846fd09a, 0xb0f8a3e6), TOBN(0xb1162add, 0xe7733dbc)}, + {TOBN(0x7070ad20, 0x236e3ab6), TOBN(0xf88cdaf5, 0xb2a56326), + TOBN(0x05fc8719, 0x997cbc7a), TOBN(0x442cd452, 0x4b665272)}}, + {{TOBN(0x7807f364, 0xb71698f5), TOBN(0x6ba418d2, 0x9f7b605e), + TOBN(0xfd20b00f, 0xa03b2cbb), TOBN(0x883eca37, 0xda54386f)}, + {TOBN(0xff0be43f, 0xf3437f24), TOBN(0xe910b432, 0xa48bb33c), + TOBN(0x4963a128, 0x329df765), TOBN(0xac1dd556, 0xbe2fe6f7)}}, + {{TOBN(0x557610f9, 0x24a0a3fc), TOBN(0x38e17bf4, 0xe881c3f9), + TOBN(0x6ba84faf, 0xed0dac99), TOBN(0xd4a222c3, 0x59eeb918)}, + {TOBN(0xc79c1dbe, 0x13f542b6), TOBN(0x1fc65e0d, 0xe425d457), + TOBN(0xeffb754f, 0x1debb779), TOBN(0x638d8fd0, 0x9e08af60)}}, + {{TOBN(0x994f523a, 0x626332d5), TOBN(0x7bc38833, 0x5561bb44), + TOBN(0x005ed4b0, 0x3d845ea2), TOBN(0xd39d3ee1, 0xc2a1f08a)}, + {TOBN(0x6561fdd3, 0xe7676b0d), TOBN(0x620e35ff, 0xfb706017), + TOBN(0x36ce424f, 0xf264f9a8), TOBN(0xc4c3419f, 0xda2681f7)}}, + {{TOBN(0xfb6afd2f, 0x69beb6e8), TOBN(0x3a50b993, 0x6d700d03), + TOBN(0xc840b2ad, 0x0c83a14f), TOBN(0x573207be, 0x54085bef)}, + {TOBN(0x5af882e3, 0x09fe7e5b), TOBN(0x957678a4, 0x3b40a7e1), + TOBN(0x172d4bdd, 0x543056e2), TOBN(0x9c1b26b4, 0x0df13c0a)}}, + {{TOBN(0x1c30861c, 0xf405ff06), TOBN(0xebac86bd, 0x486e828b), + TOBN(0xe791a971, 0x636933fc), TOBN(0x50e7c2be, 0x7aeee947)}, + {TOBN(0xc3d4a095, 0xfa90d767), TOBN(0xae60eb7b, 0xe670ab7b), + TOBN(0x17633a64, 0x397b056d), TOBN(0x93a21f33, 0x105012aa)}}, + {{TOBN(0x663c370b, 0xabb88643), TOBN(0x91df36d7, 0x22e21599), + TOBN(0x183ba835, 0x8b761671), TOBN(0x381eea1d, 0x728f3bf1)}, + {TOBN(0xb9b2f1ba, 0x39966e6c), TOBN(0x7c464a28, 0xe7295492), + TOBN(0x0fd5f70a, 0x09b26b7f), TOBN(0xa9aba1f9, 0xfbe009df)}}, + {{TOBN(0x857c1f22, 0x369b87ad), TOBN(0x3c00e5d9, 0x32fca556), + TOBN(0x1ad74cab, 0x90b06466), TOBN(0xa7112386, 0x550faaf2)}, + {TOBN(0x7435e198, 0x6d9bd5f5), TOBN(0x2dcc7e38, 0x59c3463f), + TOBN(0xdc7df748, 0xca7bd4b2), TOBN(0x13cd4c08, 0x9dec2f31)}}, + {{TOBN(0x0d3b5df8, 0xe3237710), TOBN(0x0dadb26e, 0xcbd2f7b0), + TOBN(0x9f5966ab, 0xe4aa082b), TOBN(0x666ec8de, 0x350e966e)}, + {TOBN(0x1bfd1ed5, 0xee524216), TOBN(0xcd93c59b, 0x41dab0b6), + TOBN(0x658a8435, 0xd186d6ba), TOBN(0x1b7d34d2, 0x159d1195)}}, + {{TOBN(0x5936e460, 0x22caf46b), TOBN(0x6a45dd8f, 0x9a96fe4f), + TOBN(0xf7925434, 0xb98f474e), TOBN(0x41410412, 0x0053ef15)}, + {TOBN(0x71cf8d12, 0x41de97bf), TOBN(0xb8547b61, 0xbd80bef4), + TOBN(0xb47d3970, 0xc4db0037), TOBN(0xf1bcd328, 0xfef20dff)}}, + {{TOBN(0x31a92e09, 0x10caad67), TOBN(0x1f591960, 0x5531a1e1), + TOBN(0x3bb852e0, 0x5f4fc840), TOBN(0x63e297ca, 0x93a72c6c)}, + {TOBN(0x3c2b0b2e, 0x49abad67), TOBN(0x6ec405fc, 0xed3db0d9), + TOBN(0xdc14a530, 0x7fef1d40), TOBN(0xccd19846, 0x280896fc)}}, + {{TOBN(0x00f83176, 0x9bb81648), TOBN(0xd69eb485, 0x653120d0), + TOBN(0xd17d75f4, 0x4ccabc62), TOBN(0x34a07f82, 0xb749fcb1)}, + {TOBN(0x2c3af787, 0xbbfb5554), TOBN(0xb06ed4d0, 0x62e283f8), + TOBN(0x5722889f, 0xa19213a0), TOBN(0x162b085e, 0xdcf3c7b4)}}, + {{TOBN(0xbcaecb31, 0xe0dd3eca), TOBN(0xc6237fbc, 0xe52f13a5), + TOBN(0xcc2b6b03, 0x27bac297), TOBN(0x2ae1cac5, 0xb917f54a)}, + {TOBN(0x474807d4, 0x7845ae4f), TOBN(0xfec7dd92, 0xce5972e0), + TOBN(0xc3bd2541, 0x1d7915bb), TOBN(0x66f85dc4, 0xd94907ca)}}, + {{TOBN(0xd981b888, 0xbdbcf0ca), TOBN(0xd75f5da6, 0xdf279e9f), + TOBN(0x128bbf24, 0x7054e934), TOBN(0x3c6ff6e5, 0x81db134b)}, + {TOBN(0x795b7cf4, 0x047d26e4), TOBN(0xf370f7b8, 0x5049ec37), + TOBN(0xc6712d4d, 0xced945af), TOBN(0xdf30b5ec, 0x095642bc)}}, + {{TOBN(0x9b034c62, 0x4896246e), TOBN(0x5652c016, 0xee90bbd1), + TOBN(0xeb38636f, 0x87fedb73), TOBN(0x5e32f847, 0x0135a613)}, + {TOBN(0x0703b312, 0xcf933c83), TOBN(0xd05bb76e, 0x1a7f47e6), + TOBN(0x825e4f0c, 0x949c2415), TOBN(0x569e5622, 0x7250d6f8)}}, + {{TOBN(0xbbe9eb3a, 0x6568013e), TOBN(0x8dbd203f, 0x22f243fc), + TOBN(0x9dbd7694, 0xb342734a), TOBN(0x8f6d12f8, 0x46afa984)}, + {TOBN(0xb98610a2, 0xc9eade29), TOBN(0xbab4f323, 0x47dd0f18), + TOBN(0x5779737b, 0x671c0d46), TOBN(0x10b6a7c6, 0xd3e0a42a)}}, + {{TOBN(0xfb19ddf3, 0x3035b41c), TOBN(0xd336343f, 0x99c45895), + TOBN(0x61fe4938, 0x54c857e5), TOBN(0xc4d506be, 0xae4e57d5)}, + {TOBN(0x3cd8c8cb, 0xbbc33f75), TOBN(0x7281f08a, 0x9262c77d), + TOBN(0x083f4ea6, 0xf11a2823), TOBN(0x8895041e, 0x9fba2e33)}}, + {{TOBN(0xfcdfea49, 0x9c438edf), TOBN(0x7678dcc3, 0x91edba44), + TOBN(0xf07b3b87, 0xe2ba50f0), TOBN(0xc13888ef, 0x43948c1b)}, + {TOBN(0xc2135ad4, 0x1140af42), TOBN(0x8e5104f3, 0x926ed1a7), + TOBN(0xf24430cb, 0x88f6695f), TOBN(0x0ce0637b, 0x6d73c120)}}, + {{TOBN(0xb2db01e6, 0xfe631e8f), TOBN(0x1c5563d7, 0xd7bdd24b), + TOBN(0x8daea3ba, 0x369ad44f), TOBN(0x000c81b6, 0x8187a9f9)}, + {TOBN(0x5f48a951, 0xaae1fd9a), TOBN(0xe35626c7, 0x8d5aed8a), + TOBN(0x20952763, 0x0498c622), TOBN(0x76d17634, 0x773aa504)}}, + {{TOBN(0x36d90dda, 0xeb300f7a), TOBN(0x9dcf7dfc, 0xedb5e801), + TOBN(0x645cb268, 0x74d5244c), TOBN(0xa127ee79, 0x348e3aa2)}, + {TOBN(0x488acc53, 0x575f1dbb), TOBN(0x95037e85, 0x80e6161e), + TOBN(0x57e59283, 0x292650d0), TOBN(0xabe67d99, 0x14938216)}}, + {{TOBN(0x3c7f944b, 0x3f8e1065), TOBN(0xed908cb6, 0x330e8924), + TOBN(0x08ee8fd5, 0x6f530136), TOBN(0x2227b7d5, 0xd7ffc169)}, + {TOBN(0x4f55c893, 0xb5cd6dd5), TOBN(0x82225e11, 0xa62796e8), + TOBN(0x5c6cead1, 0xcb18e12c), TOBN(0x4381ae0c, 0x84f5a51a)}}, + {{TOBN(0x345913d3, 0x7fafa4c8), TOBN(0x3d918082, 0x0491aac0), + TOBN(0x9347871f, 0x3e69264c), TOBN(0xbea9dd3c, 0xb4f4f0cd)}, + {TOBN(0xbda5d067, 0x3eadd3e7), TOBN(0x0033c1b8, 0x0573bcd8), + TOBN(0x25589379, 0x5da2486c), TOBN(0xcb89ee5b, 0x86abbee7)}}, + {{TOBN(0x8fe0a8f3, 0x22532e5d), TOBN(0xb6410ff0, 0x727dfc4c), + TOBN(0x619b9d58, 0x226726db), TOBN(0x5ec25669, 0x7a2b2dc7)}, + {TOBN(0xaf4d2e06, 0x4c3beb01), TOBN(0x852123d0, 0x7acea556), + TOBN(0x0e9470fa, 0xf783487a), TOBN(0x75a7ea04, 0x5664b3eb)}}, + {{TOBN(0x4ad78f35, 0x6798e4ba), TOBN(0x9214e6e5, 0xc7d0e091), + TOBN(0xc420b488, 0xb1290403), TOBN(0x64049e0a, 0xfc295749)}, + {TOBN(0x03ef5af1, 0x3ae9841f), TOBN(0xdbe4ca19, 0xb0b662a6), + TOBN(0x46845c5f, 0xfa453458), TOBN(0xf8dabf19, 0x10b66722)}}, + {{TOBN(0xb650f0aa, 0xcce2793b), TOBN(0x71db851e, 0xc5ec47c1), + TOBN(0x3eb78f3e, 0x3b234fa9), TOBN(0xb0c60f35, 0xfc0106ce)}, + {TOBN(0x05427121, 0x774eadbd), TOBN(0x25367faf, 0xce323863), + TOBN(0x7541b5c9, 0xcd086976), TOBN(0x4ff069e2, 0xdc507ad1)}}, + {{TOBN(0x74145256, 0x8776e667), TOBN(0x6e76142c, 0xb23c6bb5), + TOBN(0xdbf30712, 0x1b3a8a87), TOBN(0x60e7363e, 0x98450836)}, + {TOBN(0x5741450e, 0xb7366d80), TOBN(0xe4ee14ca, 0x4837dbdf), + TOBN(0xa765eb9b, 0x69d4316f), TOBN(0x04548dca, 0x8ef43825)}}, + {{TOBN(0x9c9f4e4c, 0x5ae888eb), TOBN(0x733abb51, 0x56e9ac99), + TOBN(0xdaad3c20, 0xba6ac029), TOBN(0x9b8dd3d3, 0x2ba3e38e)}, + {TOBN(0xa9bb4c92, 0x0bc5d11a), TOBN(0xf20127a7, 0x9c5f88a3), + TOBN(0x4f52b06e, 0x161d3cb8), TOBN(0x26c1ff09, 0x6afaf0a6)}}, + {{TOBN(0x32670d2f, 0x7189e71f), TOBN(0xc6438748, 0x5ecf91e7), + TOBN(0x15758e57, 0xdb757a21), TOBN(0x427d09f8, 0x290a9ce5)}, + {TOBN(0x846a308f, 0x38384a7a), TOBN(0xaac3acb4, 0xb0732b99), + TOBN(0x9e941009, 0x17845819), TOBN(0x95cba111, 0xa7ce5e03)}}, + {{TOBN(0x6f3d4f7f, 0xb00009c4), TOBN(0xb8396c27, 0x8ff28b5f), + TOBN(0xb1a9ae43, 0x1c97975d), TOBN(0x9d7ba8af, 0xe5d9fed5)}, + {TOBN(0x338cf09f, 0x34f485b6), TOBN(0xbc0ddacc, 0x64122516), + TOBN(0xa450da12, 0x05d471fe), TOBN(0x4c3a6250, 0x628dd8c9)}}, + {{TOBN(0x69c7d103, 0xd1295837), TOBN(0xa2893e50, 0x3807eb2f), + TOBN(0xd6e1e1de, 0xbdb41491), TOBN(0xc630745b, 0x5e138235)}, + {TOBN(0xc892109e, 0x48661ae1), TOBN(0x8d17e7eb, 0xea2b2674), + TOBN(0x00ec0f87, 0xc328d6b5), TOBN(0x6d858645, 0xf079ff9e)}}, + {{TOBN(0x6cdf243e, 0x19115ead), TOBN(0x1ce1393e, 0x4bac4fcf), + TOBN(0x2c960ed0, 0x9c29f25b), TOBN(0x59be4d8e, 0x9d388a05)}, + {TOBN(0x0d46e06c, 0xd0def72b), TOBN(0xb923db5d, 0xe0342748), + TOBN(0xf7d3aacd, 0x936d4a3d), TOBN(0x558519cc, 0x0b0b099e)}}, + {{TOBN(0x3ea8ebf8, 0x827097ef), TOBN(0x259353db, 0xd054f55d), + TOBN(0x84c89abc, 0x6d2ed089), TOBN(0x5c548b69, 0x8e096a7c)}, + {TOBN(0xd587f616, 0x994b995d), TOBN(0x4d1531f6, 0xa5845601), + TOBN(0x792ab31e, 0x451fd9f0), TOBN(0xc8b57bb2, 0x65adf6ca)}}, + {{TOBN(0x68440fcb, 0x1cd5ad73), TOBN(0xb9c860e6, 0x6144da4f), + TOBN(0x2ab286aa, 0x8462beb8), TOBN(0xcc6b8fff, 0xef46797f)}, + {TOBN(0xac820da4, 0x20c8a471), TOBN(0x69ae05a1, 0x77ff7faf), + TOBN(0xb9163f39, 0xbfb5da77), TOBN(0xbd03e590, 0x2c73ab7a)}}, + {{TOBN(0x7e862b5e, 0xb2940d9e), TOBN(0x3c663d86, 0x4b9af564), + TOBN(0xd8309031, 0xbde3033d), TOBN(0x298231b2, 0xd42c5bc6)}, + {TOBN(0x42090d2c, 0x552ad093), TOBN(0xa4799d1c, 0xff854695), + TOBN(0x0a88b5d6, 0xd31f0d00), TOBN(0xf8b40825, 0xa2f26b46)}}, + {{TOBN(0xec29b1ed, 0xf1bd7218), TOBN(0xd491c53b, 0x4b24c86e), + TOBN(0xd2fe588f, 0x3395ea65), TOBN(0x6f3764f7, 0x4456ef15)}, + {TOBN(0xdb43116d, 0xcdc34800), TOBN(0xcdbcd456, 0xc1e33955), + TOBN(0xefdb5540, 0x74ab286b), TOBN(0x948c7a51, 0xd18c5d7c)}}, + {{TOBN(0xeb81aa37, 0x7378058e), TOBN(0x41c746a1, 0x04411154), + TOBN(0xa10c73bc, 0xfb828ac7), TOBN(0x6439be91, 0x9d972b29)}, + {TOBN(0x4bf3b4b0, 0x43a2fbad), TOBN(0x39e6dadf, 0x82b5e840), + TOBN(0x4f716408, 0x6397bd4c), TOBN(0x0f7de568, 0x7f1eeccb)}}, + {{TOBN(0x5865c5a1, 0xd2ffbfc1), TOBN(0xf74211fa, 0x4ccb6451), + TOBN(0x66368a88, 0xc0b32558), TOBN(0x5b539dc2, 0x9ad7812e)}, + {TOBN(0x579483d0, 0x2f3af6f6), TOBN(0x52132078, 0x99934ece), + TOBN(0x50b9650f, 0xdcc9e983), TOBN(0xca989ec9, 0xaee42b8a)}}, + {{TOBN(0x6a44c829, 0xd6f62f99), TOBN(0x8f06a309, 0x4c2a7c0c), + TOBN(0x4ea2b3a0, 0x98a0cb0a), TOBN(0x5c547b70, 0xbeee8364)}, + {TOBN(0x461d40e1, 0x682afe11), TOBN(0x9e0fc77a, 0x7b41c0a8), + TOBN(0x79e4aefd, 0xe20d5d36), TOBN(0x2916e520, 0x32dd9f63)}}, + {{TOBN(0xf59e52e8, 0x3f883faf), TOBN(0x396f9639, 0x2b868d35), + TOBN(0xc902a9df, 0x4ca19881), TOBN(0x0fc96822, 0xdb2401a6)}, + {TOBN(0x41237587, 0x66f1c68d), TOBN(0x10fc6de3, 0xfb476c0d), + TOBN(0xf8b6b579, 0x841f5d90), TOBN(0x2ba8446c, 0xfa24f44a)}}, + {{TOBN(0xa237b920, 0xef4a9975), TOBN(0x60bb6004, 0x2330435f), + TOBN(0xd6f4ab5a, 0xcfb7e7b5), TOBN(0xb2ac5097, 0x83435391)}, + {TOBN(0xf036ee2f, 0xb0d1ea67), TOBN(0xae779a6a, 0x74c56230), + TOBN(0x59bff8c8, 0xab838ae6), TOBN(0xcd83ca99, 0x9b38e6f0)}}, + {{TOBN(0xbb27bef5, 0xe33deed3), TOBN(0xe6356f6f, 0x001892a8), + TOBN(0xbf3be6cc, 0x7adfbd3e), TOBN(0xaecbc81c, 0x33d1ac9d)}, + {TOBN(0xe4feb909, 0xe6e861dc), TOBN(0x90a247a4, 0x53f5f801), + TOBN(0x01c50acb, 0x27346e57), TOBN(0xce29242e, 0x461acc1b)}}, + {{TOBN(0x04dd214a, 0x2f998a91), TOBN(0x271ee9b1, 0xd4baf27b), + TOBN(0x7e3027d1, 0xe8c26722), TOBN(0x21d1645c, 0x1820dce5)}, + {TOBN(0x086f242c, 0x7501779c), TOBN(0xf0061407, 0xfa0e8009), + TOBN(0xf23ce477, 0x60187129), TOBN(0x05bbdedb, 0x0fde9bd0)}}, + {{TOBN(0x682f4832, 0x25d98473), TOBN(0xf207fe85, 0x5c658427), + TOBN(0xb6fdd7ba, 0x4166ffa1), TOBN(0x0c314056, 0x9eed799d)}, + {TOBN(0x0db8048f, 0x4107e28f), TOBN(0x74ed3871, 0x41216840), + TOBN(0x74489f8f, 0x56a3c06e), TOBN(0x1e1c005b, 0x12777134)}}, + {{TOBN(0xdb332a73, 0xf37ec3c3), TOBN(0xc65259bd, 0xdd59eba0), + TOBN(0x2291709c, 0xdb4d3257), TOBN(0x9a793b25, 0xbd389390)}, + {TOBN(0xf39fe34b, 0xe43756f0), TOBN(0x2f76bdce, 0x9afb56c9), + TOBN(0x9f37867a, 0x61208b27), TOBN(0xea1d4307, 0x089972c3)}}, + {{TOBN(0x8c595330, 0x8bdf623a), TOBN(0x5f5accda, 0x8441fb7d), + TOBN(0xfafa9418, 0x32ddfd95), TOBN(0x6ad40c5a, 0x0fde9be7)}, + {TOBN(0x43faba89, 0xaeca8709), TOBN(0xc64a7cf1, 0x2c248a9d), + TOBN(0x16620252, 0x72637a76), TOBN(0xaee1c791, 0x22b8d1bb)}}, + {{TOBN(0xf0f798fd, 0x21a843b2), TOBN(0x56e4ed4d, 0x8d005cb1), + TOBN(0x355f7780, 0x1f0d8abe), TOBN(0x197b04cf, 0x34522326)}, + {TOBN(0x41f9b31f, 0xfd42c13f), TOBN(0x5ef7feb2, 0xb40f933d), + TOBN(0x27326f42, 0x5d60bad4), TOBN(0x027ecdb2, 0x8c92cf89)}}, + {{TOBN(0x04aae4d1, 0x4e3352fe), TOBN(0x08414d2f, 0x73591b90), + TOBN(0x5ed6124e, 0xb7da7d60), TOBN(0xb985b931, 0x4d13d4ec)}, + {TOBN(0xa592d3ab, 0x96bf36f9), TOBN(0x012dbed5, 0xbbdf51df), + TOBN(0xa57963c0, 0xdf6c177d), TOBN(0x010ec869, 0x87ca29cf)}}, + {{TOBN(0xba1700f6, 0xbf926dff), TOBN(0x7c9fdbd1, 0xf4bf6bc2), + TOBN(0xdc18dc8f, 0x64da11f5), TOBN(0xa6074b7a, 0xd938ae75)}, + {TOBN(0x14270066, 0xe84f44a4), TOBN(0x99998d38, 0xd27b954e), + TOBN(0xc1be8ab2, 0xb4f38e9a), TOBN(0x8bb55bbf, 0x15c01016)}}, + {{TOBN(0xf73472b4, 0x0ea2ab30), TOBN(0xd365a340, 0xf73d68dd), + TOBN(0xc01a7168, 0x19c2e1eb), TOBN(0x32f49e37, 0x34061719)}, + {TOBN(0xb73c57f1, 0x01d8b4d6), TOBN(0x03c8423c, 0x26b47700), + TOBN(0x321d0bc8, 0xa4d8826a), TOBN(0x6004213c, 0x4bc0e638)}}, + {{TOBN(0xf78c64a1, 0xc1c06681), TOBN(0x16e0a16f, 0xef018e50), + TOBN(0x31cbdf91, 0xdb42b2b3), TOBN(0xf8f4ffce, 0xe0d36f58)}, + {TOBN(0xcdcc71cd, 0x4cc5e3e0), TOBN(0xd55c7cfa, 0xa129e3e0), + TOBN(0xccdb6ba0, 0x0fb2cbf1), TOBN(0x6aba0005, 0xc4bce3cb)}}, + {{TOBN(0x501cdb30, 0xd232cfc4), TOBN(0x9ddcf12e, 0xd58a3cef), + TOBN(0x02d2cf9c, 0x87e09149), TOBN(0xdc5d7ec7, 0x2c976257)}, + {TOBN(0x6447986e, 0x0b50d7dd), TOBN(0x88fdbaf7, 0x807f112a), + TOBN(0x58c9822a, 0xb00ae9f6), TOBN(0x6abfb950, 0x6d3d27e0)}}, + {{TOBN(0xd0a74487, 0x8a429f4f), TOBN(0x0649712b, 0xdb516609), + TOBN(0xb826ba57, 0xe769b5df), TOBN(0x82335df2, 0x1fc7aaf2)}, + {TOBN(0x2389f067, 0x5c93d995), TOBN(0x59ac367a, 0x68677be6), + TOBN(0xa77985ff, 0x21d9951b), TOBN(0x038956fb, 0x85011cce)}}, + {{TOBN(0x608e48cb, 0xbb734e37), TOBN(0xc08c0bf2, 0x2be5b26f), + TOBN(0x17bbdd3b, 0xf9b1a0d9), TOBN(0xeac7d898, 0x10483319)}, + {TOBN(0xc95c4baf, 0xbc1a6dea), TOBN(0xfdd0e2bf, 0x172aafdb), + TOBN(0x40373cbc, 0x8235c41a), TOBN(0x14303f21, 0xfb6f41d5)}}, + {{TOBN(0xba063621, 0x0408f237), TOBN(0xcad3b09a, 0xecd2d1ed), + TOBN(0x4667855a, 0x52abb6a2), TOBN(0xba9157dc, 0xaa8b417b)}, + {TOBN(0xfe7f3507, 0x4f013efb), TOBN(0x1b112c4b, 0xaa38c4a2), + TOBN(0xa1406a60, 0x9ba64345), TOBN(0xe53cba33, 0x6993c80b)}}, + {{TOBN(0x45466063, 0xded40d23), TOBN(0x3d5f1f4d, 0x54908e25), + TOBN(0x9ebefe62, 0x403c3c31), TOBN(0x274ea0b5, 0x0672a624)}, + {TOBN(0xff818d99, 0x451d1b71), TOBN(0x80e82643, 0x8f79cf79), + TOBN(0xa165df13, 0x73ce37f5), TOBN(0xa744ef4f, 0xfe3a21fd)}}, + {{TOBN(0x73f1e7f5, 0xcf551396), TOBN(0xc616898e, 0x868c676b), + TOBN(0x671c28c7, 0x8c442c36), TOBN(0xcfe5e558, 0x5e0a317d)}, + {TOBN(0x1242d818, 0x7051f476), TOBN(0x56fad2a6, 0x14f03442), + TOBN(0x262068bc, 0x0a44d0f6), TOBN(0xdfa2cd6e, 0xce6edf4e)}}, + {{TOBN(0x0f43813a, 0xd15d1517), TOBN(0x61214cb2, 0x377d44f5), + TOBN(0xd399aa29, 0xc639b35f), TOBN(0x42136d71, 0x54c51c19)}, + {TOBN(0x9774711b, 0x08417221), TOBN(0x0a5546b3, 0x52545a57), + TOBN(0x80624c41, 0x1150582d), TOBN(0x9ec5c418, 0xfbc555bc)}}, + {{TOBN(0x2c87dcad, 0x771849f1), TOBN(0xb0c932c5, 0x01d7bf6f), + TOBN(0x6aa5cd3e, 0x89116eb2), TOBN(0xd378c25a, 0x51ca7bd3)}, + {TOBN(0xc612a0da, 0x9e6e3e31), TOBN(0x0417a54d, 0xb68ad5d0), + TOBN(0x00451e4a, 0x22c6edb8), TOBN(0x9fbfe019, 0xb42827ce)}}, + {{TOBN(0x2fa92505, 0xba9384a2), TOBN(0x21b8596e, 0x64ad69c1), + TOBN(0x8f4fcc49, 0x983b35a6), TOBN(0xde093760, 0x72754672)}, + {TOBN(0x2f14ccc8, 0xf7bffe6d), TOBN(0x27566bff, 0x5d94263d), + TOBN(0xb5b4e9c6, 0x2df3ec30), TOBN(0x94f1d7d5, 0x3e6ea6ba)}}, + {{TOBN(0x97b7851a, 0xaaca5e9b), TOBN(0x518aa521, 0x56713b97), + TOBN(0x3357e8c7, 0x150a61f6), TOBN(0x7842e7e2, 0xec2c2b69)}, + {TOBN(0x8dffaf65, 0x6868a548), TOBN(0xd963bd82, 0xe068fc81), + TOBN(0x64da5c8b, 0x65917733), TOBN(0x927090ff, 0x7b247328)}}}, + {{{TOBN(0x214bc9a7, 0xd298c241), TOBN(0xe3b697ba, 0x56807cfd), + TOBN(0xef1c7802, 0x4564eadb), TOBN(0xdde8cdcf, 0xb48149c5)}, + {TOBN(0x946bf0a7, 0x5a4d2604), TOBN(0x27154d7f, 0x6c1538af), + TOBN(0x95cc9230, 0xde5b1fcc), TOBN(0xd88519e9, 0x66864f82)}}, + {{TOBN(0xb828dd1a, 0x7cb1282c), TOBN(0xa08d7626, 0xbe46973a), + TOBN(0x6baf8d40, 0xe708d6b2), TOBN(0x72571fa1, 0x4daeb3f3)}, + {TOBN(0x85b1732f, 0xf22dfd98), TOBN(0x87ab01a7, 0x0087108d), + TOBN(0xaaaafea8, 0x5988207a), TOBN(0xccc832f8, 0x69f00755)}}, + {{TOBN(0x964d950e, 0x36ff3bf0), TOBN(0x8ad20f6f, 0xf0b34638), + TOBN(0x4d9177b3, 0xb5d7585f), TOBN(0xcf839760, 0xef3f019f)}, + {TOBN(0x582fc5b3, 0x8288c545), TOBN(0x2f8e4e9b, 0x13116bd1), + TOBN(0xf91e1b2f, 0x332120ef), TOBN(0xcf568724, 0x2a17dd23)}}, + {{TOBN(0x488f1185, 0xca8d9d1a), TOBN(0xadf2c77d, 0xd987ded2), + TOBN(0x5f3039f0, 0x60c46124), TOBN(0xe5d70b75, 0x71e095f4)}, + {TOBN(0x82d58650, 0x6260e70f), TOBN(0x39d75ea7, 0xf750d105), + TOBN(0x8cf3d0b1, 0x75bac364), TOBN(0xf3a7564d, 0x21d01329)}}, + {{TOBN(0x182f04cd, 0x2f52d2a7), TOBN(0x4fde149a, 0xe2df565a), + TOBN(0xb80c5eec, 0xa79fb2f7), TOBN(0xab491d7b, 0x22ddc897)}, + {TOBN(0x99d76c18, 0xc6312c7f), TOBN(0xca0d5f3d, 0x6aa41a57), + TOBN(0x71207325, 0xd15363a0), TOBN(0xe82aa265, 0xbeb252c2)}}, + {{TOBN(0x94ab4700, 0xec3128c2), TOBN(0x6c76d862, 0x8e383f49), + TOBN(0xdc36b150, 0xc03024eb), TOBN(0xfb439477, 0x53daac69)}, + {TOBN(0xfc68764a, 0x8dc79623), TOBN(0x5b86995d, 0xb440fbb2), + TOBN(0xd66879bf, 0xccc5ee0d), TOBN(0x05228942, 0x95aa8bd3)}}, + {{TOBN(0xb51a40a5, 0x1e6a75c1), TOBN(0x24327c76, 0x0ea7d817), + TOBN(0x06630182, 0x07774597), TOBN(0xd6fdbec3, 0x97fa7164)}, + {TOBN(0x20c99dfb, 0x13c90f48), TOBN(0xd6ac5273, 0x686ef263), + TOBN(0xc6a50bdc, 0xfef64eeb), TOBN(0xcd87b281, 0x86fdfc32)}}, + {{TOBN(0xb24aa43e, 0x3fcd3efc), TOBN(0xdd26c034, 0xb8088e9a), + TOBN(0xa5ef4dc9, 0xbd3d46ea), TOBN(0xa2f99d58, 0x8a4c6a6f)}, + {TOBN(0xddabd355, 0x2f1da46c), TOBN(0x72c3f8ce, 0x1afacdd1), + TOBN(0xd90c4eee, 0x92d40578), TOBN(0xd28bb41f, 0xca623b94)}}, + {{TOBN(0x50fc0711, 0x745edc11), TOBN(0x9dd9ad7d, 0x3dc87558), + TOBN(0xce6931fb, 0xb49d1e64), TOBN(0x6c77a0a2, 0xc98bd0f9)}, + {TOBN(0x62b9a629, 0x6baf7cb1), TOBN(0xcf065f91, 0xccf72d22), + TOBN(0x7203cce9, 0x79639071), TOBN(0x09ae4885, 0xf9cb732f)}}, + {{TOBN(0x5e7c3bec, 0xee8314f3), TOBN(0x1c068aed, 0xdbea298f), + TOBN(0x08d381f1, 0x7c80acec), TOBN(0x03b56be8, 0xe330495b)}, + {TOBN(0xaeffb8f2, 0x9222882d), TOBN(0x95ff38f6, 0xc4af8bf7), + TOBN(0x50e32d35, 0x1fc57d8c), TOBN(0x6635be52, 0x17b444f0)}}, + {{TOBN(0x04d15276, 0xa5177900), TOBN(0x4e1dbb47, 0xf6858752), + TOBN(0x5b475622, 0xc615796c), TOBN(0xa6fa0387, 0x691867bf)}, + {TOBN(0xed7f5d56, 0x2844c6d0), TOBN(0xc633cf9b, 0x03a2477d), + TOBN(0xf6be5c40, 0x2d3721d6), TOBN(0xaf312eb7, 0xe9fd68e6)}}, + {{TOBN(0x242792d2, 0xe7417ce1), TOBN(0xff42bc71, 0x970ee7f5), + TOBN(0x1ff4dc6d, 0x5c67a41e), TOBN(0x77709b7b, 0x20882a58)}, + {TOBN(0x3554731d, 0xbe217f2c), TOBN(0x2af2a8cd, 0x5bb72177), + TOBN(0x58eee769, 0x591dd059), TOBN(0xbb2930c9, 0x4bba6477)}}, + {{TOBN(0x863ee047, 0x7d930cfc), TOBN(0x4c262ad1, 0x396fd1f4), + TOBN(0xf4765bc8, 0x039af7e1), TOBN(0x2519834b, 0x5ba104f6)}, + {TOBN(0x7cd61b4c, 0xd105f961), TOBN(0xa5415da5, 0xd63bca54), + TOBN(0x778280a0, 0x88a1f17c), TOBN(0xc4968949, 0x2329512c)}}, + {{TOBN(0x174a9126, 0xcecdaa7a), TOBN(0xfc8c7e0e, 0x0b13247b), + TOBN(0x29c110d2, 0x3484c1c4), TOBN(0xf8eb8757, 0x831dfc3b)}, + {TOBN(0x022f0212, 0xc0067452), TOBN(0x3f6f69ee, 0x7b9b926c), + TOBN(0x09032da0, 0xef42daf4), TOBN(0x79f00ade, 0x83f80de4)}}, + {{TOBN(0x6210db71, 0x81236c97), TOBN(0x74f7685b, 0x3ee0781f), + TOBN(0x4df7da7b, 0xa3e41372), TOBN(0x2aae38b1, 0xb1a1553e)}, + {TOBN(0x1688e222, 0xf6dd9d1b), TOBN(0x57695448, 0x5b8b6487), + TOBN(0x478d2127, 0x4b2edeaa), TOBN(0xb2818fa5, 0x1e85956a)}}, + {{TOBN(0x1e6addda, 0xf176f2c0), TOBN(0x01ca4604, 0xe2572658), + TOBN(0x0a404ded, 0x85342ffb), TOBN(0x8cf60f96, 0x441838d6)}, + {TOBN(0x9bbc691c, 0xc9071c4a), TOBN(0xfd588744, 0x34442803), + TOBN(0x97101c85, 0x809c0d81), TOBN(0xa7fb754c, 0x8c456f7f)}}, + {{TOBN(0xc95f3c5c, 0xd51805e1), TOBN(0xab4ccd39, 0xb299dca8), + TOBN(0x3e03d20b, 0x47eaf500), TOBN(0xfa3165c1, 0xd7b80893)}, + {TOBN(0x005e8b54, 0xe160e552), TOBN(0xdc4972ba, 0x9019d11f), + TOBN(0x21a6972e, 0x0c9a4a7a), TOBN(0xa52c258f, 0x37840fd7)}}, + {{TOBN(0xf8559ff4, 0xc1e99d81), TOBN(0x08e1a7d6, 0xa3c617c0), + TOBN(0xb398fd43, 0x248c6ba7), TOBN(0x6ffedd91, 0xd1283794)}, + {TOBN(0x8a6a59d2, 0xd629d208), TOBN(0xa9d141d5, 0x3490530e), + TOBN(0x42f6fc18, 0x38505989), TOBN(0x09bf250d, 0x479d94ee)}}, + {{TOBN(0x223ad3b1, 0xb3822790), TOBN(0x6c5926c0, 0x93b8971c), + TOBN(0x609efc7e, 0x75f7fa62), TOBN(0x45d66a6d, 0x1ec2d989)}, + {TOBN(0x4422d663, 0x987d2792), TOBN(0x4a73caad, 0x3eb31d2b), + TOBN(0xf06c2ac1, 0xa32cb9e6), TOBN(0xd9445c5f, 0x91aeba84)}}, + {{TOBN(0x6af7a1d5, 0xaf71013f), TOBN(0xe68216e5, 0x0bedc946), + TOBN(0xf4cba30b, 0xd27370a0), TOBN(0x7981afbf, 0x870421cc)}, + {TOBN(0x02496a67, 0x9449f0e1), TOBN(0x86cfc4be, 0x0a47edae), + TOBN(0x3073c936, 0xb1feca22), TOBN(0xf5694612, 0x03f8f8fb)}}, + {{TOBN(0xd063b723, 0x901515ea), TOBN(0x4c6c77a5, 0x749cf038), + TOBN(0x6361e360, 0xab9e5059), TOBN(0x596cf171, 0xa76a37c0)}, + {TOBN(0x800f53fa, 0x6530ae7a), TOBN(0x0f5e631e, 0x0792a7a6), + TOBN(0x5cc29c24, 0xefdb81c9), TOBN(0xa269e868, 0x3f9c40ba)}}, + {{TOBN(0xec14f9e1, 0x2cb7191e), TOBN(0x78ea1bd8, 0xe5b08ea6), + TOBN(0x3c65aa9b, 0x46332bb9), TOBN(0x84cc22b3, 0xbf80ce25)}, + {TOBN(0x0098e9e9, 0xd49d5bf1), TOBN(0xcd4ec1c6, 0x19087da4), + TOBN(0x3c9d07c5, 0xaef6e357), TOBN(0x839a0268, 0x9f8f64b8)}}, + {{TOBN(0xc5e9eb62, 0xc6d8607f), TOBN(0x759689f5, 0x6aa995e4), + TOBN(0x70464669, 0xbbb48317), TOBN(0x921474bf, 0xe402417d)}, + {TOBN(0xcabe135b, 0x2a354c8c), TOBN(0xd51e52d2, 0x812fa4b5), + TOBN(0xec741096, 0x53311fe8), TOBN(0x4f774535, 0xb864514b)}}, + {{TOBN(0xbcadd671, 0x5bde48f8), TOBN(0xc9703873, 0x2189bc7d), + TOBN(0x5d45299e, 0xc709ee8a), TOBN(0xd1287ee2, 0x845aaff8)}, + {TOBN(0x7d1f8874, 0xdb1dbf1f), TOBN(0xea46588b, 0x990c88d6), + TOBN(0x60ba649a, 0x84368313), TOBN(0xd5fdcbce, 0x60d543ae)}}, + {{TOBN(0x90b46d43, 0x810d5ab0), TOBN(0x6739d8f9, 0x04d7e5cc), + TOBN(0x021c1a58, 0x0d337c33), TOBN(0x00a61162, 0x68e67c40)}, + {TOBN(0x95ef413b, 0x379f0a1f), TOBN(0xfe126605, 0xe9e2ab95), + TOBN(0x67578b85, 0x2f5f199c), TOBN(0xf5c00329, 0x2cb84913)}}, + {{TOBN(0xf7956430, 0x37577dd8), TOBN(0x83b82af4, 0x29c5fe88), + TOBN(0x9c1bea26, 0xcdbdc132), TOBN(0x589fa086, 0x9c04339e)}, + {TOBN(0x033e9538, 0xb13799df), TOBN(0x85fa8b21, 0xd295d034), + TOBN(0xdf17f73f, 0xbd9ddcca), TOBN(0xf32bd122, 0xddb66334)}}, + {{TOBN(0x55ef88a7, 0x858b044c), TOBN(0x1f0d69c2, 0x5aa9e397), + TOBN(0x55fd9cc3, 0x40d85559), TOBN(0xc774df72, 0x7785ddb2)}, + {TOBN(0x5dcce9f6, 0xd3bd2e1c), TOBN(0xeb30da20, 0xa85dfed0), + TOBN(0x5ed7f5bb, 0xd3ed09c4), TOBN(0x7d42a35c, 0x82a9c1bd)}}, + {{TOBN(0xcf3de995, 0x9890272d), TOBN(0x75f3432a, 0x3e713a10), + TOBN(0x5e13479f, 0xe28227b8), TOBN(0xb8561ea9, 0xfefacdc8)}, + {TOBN(0xa6a297a0, 0x8332aafd), TOBN(0x9b0d8bb5, 0x73809b62), + TOBN(0xd2fa1cfd, 0x0c63036f), TOBN(0x7a16eb55, 0xbd64bda8)}}, + {{TOBN(0x3f5cf5f6, 0x78e62ddc), TOBN(0x2267c454, 0x07fd752b), + TOBN(0x5e361b6b, 0x5e437bbe), TOBN(0x95c59501, 0x8354e075)}, + {TOBN(0xec725f85, 0xf2b254d9), TOBN(0x844b617d, 0x2cb52b4e), + TOBN(0xed8554f5, 0xcf425fb5), TOBN(0xab67703e, 0x2af9f312)}}, + {{TOBN(0x4cc34ec1, 0x3cf48283), TOBN(0xb09daa25, 0x9c8a705e), + TOBN(0xd1e9d0d0, 0x5b7d4f84), TOBN(0x4df6ef64, 0xdb38929d)}, + {TOBN(0xe16b0763, 0xaa21ba46), TOBN(0xc6b1d178, 0xa293f8fb), + TOBN(0x0ff5b602, 0xd520aabf), TOBN(0x94d671bd, 0xc339397a)}}, + {{TOBN(0x7c7d98cf, 0x4f5792fa), TOBN(0x7c5e0d67, 0x11215261), + TOBN(0x9b19a631, 0xa7c5a6d4), TOBN(0xc8511a62, 0x7a45274d)}, + {TOBN(0x0c16621c, 0xa5a60d99), TOBN(0xf7fbab88, 0xcf5e48cb), + TOBN(0xab1e6ca2, 0xf7ddee08), TOBN(0x83bd08ce, 0xe7867f3c)}}, + {{TOBN(0xf7e48e8a, 0x2ac13e27), TOBN(0x4494f6df, 0x4eb1a9f5), + TOBN(0xedbf84eb, 0x981f0a62), TOBN(0x49badc32, 0x536438f0)}, + {TOBN(0x50bea541, 0x004f7571), TOBN(0xbac67d10, 0xdf1c94ee), + TOBN(0x253d73a1, 0xb727bc31), TOBN(0xb3d01cf2, 0x30686e28)}}, + {{TOBN(0x51b77b1b, 0x55fd0b8b), TOBN(0xa099d183, 0xfeec3173), + TOBN(0x202b1fb7, 0x670e72b7), TOBN(0xadc88b33, 0xa8e1635f)}, + {TOBN(0x34e8216a, 0xf989d905), TOBN(0xc2e68d20, 0x29b58d01), + TOBN(0x11f81c92, 0x6fe55a93), TOBN(0x15f1462a, 0x8f296f40)}}, + {{TOBN(0x1915d375, 0xea3d62f2), TOBN(0xa17765a3, 0x01c8977d), + TOBN(0x7559710a, 0xe47b26f6), TOBN(0xe0bd29c8, 0x535077a5)}, + {TOBN(0x615f976d, 0x08d84858), TOBN(0x370dfe85, 0x69ced5c1), + TOBN(0xbbc7503c, 0xa734fa56), TOBN(0xfbb9f1ec, 0x91ac4574)}}, + {{TOBN(0x95d7ec53, 0x060dd7ef), TOBN(0xeef2dacd, 0x6e657979), + TOBN(0x54511af3, 0xe2a08235), TOBN(0x1e324aa4, 0x1f4aea3d)}, + {TOBN(0x550e7e71, 0xe6e67671), TOBN(0xbccd5190, 0xbf52faf7), + TOBN(0xf880d316, 0x223cc62a), TOBN(0x0d402c7e, 0x2b32eb5d)}}, + {{TOBN(0xa40bc039, 0x306a5a3b), TOBN(0x4e0a41fd, 0x96783a1b), + TOBN(0xa1e8d39a, 0x0253cdd4), TOBN(0x6480be26, 0xc7388638)}, + {TOBN(0xee365e1d, 0x2285f382), TOBN(0x188d8d8f, 0xec0b5c36), + TOBN(0x34ef1a48, 0x1f0f4d82), TOBN(0x1a8f43e1, 0xa487d29a)}}, + {{TOBN(0x8168226d, 0x77aefb3a), TOBN(0xf69a751e, 0x1e72c253), + TOBN(0x8e04359a, 0xe9594df1), TOBN(0x475ffd7d, 0xd14c0467)}, + {TOBN(0xb5a2c2b1, 0x3844e95c), TOBN(0x85caf647, 0xdd12ef94), + TOBN(0x1ecd2a9f, 0xf1063d00), TOBN(0x1dd2e229, 0x23843311)}}, + {{TOBN(0x38f0e09d, 0x73d17244), TOBN(0x3ede7746, 0x8fc653f1), + TOBN(0xae4459f5, 0xdc20e21c), TOBN(0x00db2ffa, 0x6a8599ea)}, + {TOBN(0x11682c39, 0x30cfd905), TOBN(0x4934d074, 0xa5c112a6), + TOBN(0xbdf063c5, 0x568bfe95), TOBN(0x779a440a, 0x016c441a)}}, + {{TOBN(0x0c23f218, 0x97d6fbdc), TOBN(0xd3a5cd87, 0xe0776aac), + TOBN(0xcee37f72, 0xd712e8db), TOBN(0xfb28c70d, 0x26f74e8d)}, + {TOBN(0xffe0c728, 0xb61301a0), TOBN(0xa6282168, 0xd3724354), + TOBN(0x7ff4cb00, 0x768ffedc), TOBN(0xc51b3088, 0x03b02de9)}}, + {{TOBN(0xa5a8147c, 0x3902dda5), TOBN(0x35d2f706, 0xfe6973b4), + TOBN(0x5ac2efcf, 0xc257457e), TOBN(0x933f48d4, 0x8700611b)}, + {TOBN(0xc365af88, 0x4912beb2), TOBN(0x7f5a4de6, 0x162edf94), + TOBN(0xc646ba7c, 0x0c32f34b), TOBN(0x632c6af3, 0xb2091074)}}, + {{TOBN(0x58d4f2e3, 0x753e43a9), TOBN(0x70e1d217, 0x24d4e23f), + TOBN(0xb24bf729, 0xafede6a6), TOBN(0x7f4a94d8, 0x710c8b60)}, + {TOBN(0xaad90a96, 0x8d4faa6a), TOBN(0xd9ed0b32, 0xb066b690), + TOBN(0x52fcd37b, 0x78b6dbfd), TOBN(0x0b64615e, 0x8bd2b431)}}, + {{TOBN(0x228e2048, 0xcfb9fad5), TOBN(0xbeaa386d, 0x240b76bd), + TOBN(0x2d6681c8, 0x90dad7bc), TOBN(0x3e553fc3, 0x06d38f5e)}, + {TOBN(0xf27cdb9b, 0x9d5f9750), TOBN(0x3e85c52a, 0xd28c5b0e), + TOBN(0x190795af, 0x5247c39b), TOBN(0x547831eb, 0xbddd6828)}}, + {{TOBN(0xf327a227, 0x4a82f424), TOBN(0x36919c78, 0x7e47f89d), + TOBN(0xe4783919, 0x43c7392c), TOBN(0xf101b9aa, 0x2316fefe)}, + {TOBN(0xbcdc9e9c, 0x1c5009d2), TOBN(0xfb55ea13, 0x9cd18345), + TOBN(0xf5b5e231, 0xa3ce77c7), TOBN(0xde6b4527, 0xd2f2cb3d)}}, + {{TOBN(0x10f6a333, 0x9bb26f5f), TOBN(0x1e85db8e, 0x044d85b6), + TOBN(0xc3697a08, 0x94197e54), TOBN(0x65e18cc0, 0xa7cb4ea8)}, + {TOBN(0xa38c4f50, 0xa471fe6e), TOBN(0xf031747a, 0x2f13439c), + TOBN(0x53c4a6ba, 0xc007318b), TOBN(0xa8da3ee5, 0x1deccb3d)}}, + {{TOBN(0x0555b31c, 0x558216b1), TOBN(0x90c7810c, 0x2f79e6c2), + TOBN(0x9b669f4d, 0xfe8eed3c), TOBN(0x70398ec8, 0xe0fac126)}, + {TOBN(0xa96a449e, 0xf701b235), TOBN(0x0ceecdb3, 0xeb94f395), + TOBN(0x285fc368, 0xd0cb7431), TOBN(0x0d37bb52, 0x16a18c64)}}, + {{TOBN(0x05110d38, 0xb880d2dd), TOBN(0xa60f177b, 0x65930d57), + TOBN(0x7da34a67, 0xf36235f5), TOBN(0x47f5e17c, 0x183816b9)}, + {TOBN(0xc7664b57, 0xdb394af4), TOBN(0x39ba215d, 0x7036f789), + TOBN(0x46d2ca0e, 0x2f27b472), TOBN(0xc42647ee, 0xf73a84b7)}}, + {{TOBN(0x44bc7545, 0x64488f1d), TOBN(0xaa922708, 0xf4cf85d5), + TOBN(0x721a01d5, 0x53e4df63), TOBN(0x649c0c51, 0x5db46ced)}, + {TOBN(0x6bf0d64e, 0x3cffcb6c), TOBN(0xe3bf93fe, 0x50f71d96), + TOBN(0x75044558, 0xbcc194a0), TOBN(0x16ae3372, 0x6afdc554)}}, + {{TOBN(0xbfc01adf, 0x5ca48f3f), TOBN(0x64352f06, 0xe22a9b84), + TOBN(0xcee54da1, 0xc1099e4a), TOBN(0xbbda54e8, 0xfa1b89c0)}, + {TOBN(0x166a3df5, 0x6f6e55fb), TOBN(0x1ca44a24, 0x20176f88), + TOBN(0x936afd88, 0xdfb7b5ff), TOBN(0xe34c2437, 0x8611d4a0)}}, + {{TOBN(0x7effbb75, 0x86142103), TOBN(0x6704ba1b, 0x1f34fc4d), + TOBN(0x7c2a468f, 0x10c1b122), TOBN(0x36b3a610, 0x8c6aace9)}, + {TOBN(0xabfcc0a7, 0x75a0d050), TOBN(0x066f9197, 0x3ce33e32), + TOBN(0xce905ef4, 0x29fe09be), TOBN(0x89ee25ba, 0xa8376351)}}, + {{TOBN(0x2a3ede22, 0xfd29dc76), TOBN(0x7fd32ed9, 0x36f17260), + TOBN(0x0cadcf68, 0x284b4126), TOBN(0x63422f08, 0xa7951fc8)}, + {TOBN(0x562b24f4, 0x0807e199), TOBN(0xfe9ce5d1, 0x22ad4490), + TOBN(0xc2f51b10, 0x0db2b1b4), TOBN(0xeb3613ff, 0xe4541d0d)}}, + {{TOBN(0xbd2c4a05, 0x2680813b), TOBN(0x527aa55d, 0x561b08d6), + TOBN(0xa9f8a40e, 0xa7205558), TOBN(0xe3eea56f, 0x243d0bec)}, + {TOBN(0x7b853817, 0xa0ff58b3), TOBN(0xb67d3f65, 0x1a69e627), + TOBN(0x0b76bbb9, 0xa869b5d6), TOBN(0xa3afeb82, 0x546723ed)}}, + {{TOBN(0x5f24416d, 0x3e554892), TOBN(0x8413b53d, 0x430e2a45), + TOBN(0x99c56aee, 0x9032a2a0), TOBN(0x09432bf6, 0xeec367b1)}, + {TOBN(0x552850c6, 0xdaf0ecc1), TOBN(0x49ebce55, 0x5bc92048), + TOBN(0xdfb66ba6, 0x54811307), TOBN(0x1b84f797, 0x6f298597)}}, + {{TOBN(0x79590481, 0x8d1d7a0d), TOBN(0xd9fabe03, 0x3a6fa556), + TOBN(0xa40f9c59, 0xba9e5d35), TOBN(0xcb1771c1, 0xf6247577)}, + {TOBN(0x542a47ca, 0xe9a6312b), TOBN(0xa34b3560, 0x552dd8c5), + TOBN(0xfdf94de0, 0x0d794716), TOBN(0xd46124a9, 0x9c623094)}}, + {{TOBN(0x56b7435d, 0x68afe8b4), TOBN(0x27f20540, 0x6c0d8ea1), + TOBN(0x12b77e14, 0x73186898), TOBN(0xdbc3dd46, 0x7479490f)}, + {TOBN(0x951a9842, 0xc03b0c05), TOBN(0x8b1b3bb3, 0x7921bc96), + TOBN(0xa573b346, 0x2b202e0a), TOBN(0x77e4665d, 0x47254d56)}}, + {{TOBN(0x08b70dfc, 0xd23e3984), TOBN(0xab86e8bc, 0xebd14236), + TOBN(0xaa3e07f8, 0x57114ba7), TOBN(0x5ac71689, 0xab0ef4f2)}, + {TOBN(0x88fca384, 0x0139d9af), TOBN(0x72733f88, 0x76644af0), + TOBN(0xf122f72a, 0x65d74f4a), TOBN(0x13931577, 0xa5626c7a)}}, + {{TOBN(0xd5b5d9eb, 0x70f8d5a4), TOBN(0x375adde7, 0xd7bbb228), + TOBN(0x31e88b86, 0x0c1c0b32), TOBN(0xd1f568c4, 0x173edbaa)}, + {TOBN(0x1592fc83, 0x5459df02), TOBN(0x2beac0fb, 0x0fcd9a7e), + TOBN(0xb0a6fdb8, 0x1b473b0a), TOBN(0xe3224c6f, 0x0fe8fc48)}}, + {{TOBN(0x680bd00e, 0xe87edf5b), TOBN(0x30385f02, 0x20e77cf5), + TOBN(0xe9ab98c0, 0x4d42d1b2), TOBN(0x72d191d2, 0xd3816d77)}, + {TOBN(0x1564daca, 0x0917d9e5), TOBN(0x394eab59, 0x1f8fed7f), + TOBN(0xa209aa8d, 0x7fbb3896), TOBN(0x5564f3b9, 0xbe6ac98e)}}, + {{TOBN(0xead21d05, 0xd73654ef), TOBN(0x68d1a9c4, 0x13d78d74), + TOBN(0x61e01708, 0x6d4973a0), TOBN(0x83da3500, 0x46e6d32a)}, + {TOBN(0x6a3dfca4, 0x68ae0118), TOBN(0xa1b9a4c9, 0xd02da069), + TOBN(0x0b2ff9c7, 0xebab8302), TOBN(0x98af07c3, 0x944ba436)}}, + {{TOBN(0x85997326, 0x995f0f9f), TOBN(0x467fade0, 0x71b58bc6), + TOBN(0x47e4495a, 0xbd625a2b), TOBN(0xfdd2d01d, 0x33c3b8cd)}, + {TOBN(0x2c38ae28, 0xc693f9fa), TOBN(0x48622329, 0x348f7999), + TOBN(0x97bf738e, 0x2161f583), TOBN(0x15ee2fa7, 0x565e8cc9)}}, + {{TOBN(0xa1a5c845, 0x5777e189), TOBN(0xcc10bee0, 0x456f2829), + TOBN(0x8ad95c56, 0xda762bd5), TOBN(0x152e2214, 0xe9d91da8)}, + {TOBN(0x975b0e72, 0x7cb23c74), TOBN(0xfd5d7670, 0xa90c66df), + TOBN(0xb5b5b8ad, 0x225ffc53), TOBN(0xab6dff73, 0xfaded2ae)}}, + {{TOBN(0xebd56781, 0x6f4cbe9d), TOBN(0x0ed8b249, 0x6a574bd7), + TOBN(0x41c246fe, 0x81a881fa), TOBN(0x91564805, 0xc3db9c70)}, + {TOBN(0xd7c12b08, 0x5b862809), TOBN(0x1facd1f1, 0x55858d7b), + TOBN(0x7693747c, 0xaf09e92a), TOBN(0x3b69dcba, 0x189a425f)}}, + {{TOBN(0x0be28e9f, 0x967365ef), TOBN(0x57300eb2, 0xe801f5c9), + TOBN(0x93b8ac6a, 0xd583352f), TOBN(0xa2cf1f89, 0xcd05b2b7)}, + {TOBN(0x7c0c9b74, 0x4dcc40cc), TOBN(0xfee38c45, 0xada523fb), + TOBN(0xb49a4dec, 0x1099cc4d), TOBN(0x325c377f, 0x69f069c6)}}, + {{TOBN(0xe12458ce, 0x476cc9ff), TOBN(0x580e0b6c, 0xc6d4cb63), + TOBN(0xd561c8b7, 0x9072289b), TOBN(0x0377f264, 0xa619e6da)}, + {TOBN(0x26685362, 0x88e591a5), TOBN(0xa453a7bd, 0x7523ca2b), + TOBN(0x8a9536d2, 0xc1df4533), TOBN(0xc8e50f2f, 0xbe972f79)}}, + {{TOBN(0xd433e50f, 0x6d3549cf), TOBN(0x6f33696f, 0xfacd665e), + TOBN(0x695bfdac, 0xce11fcb4), TOBN(0x810ee252, 0xaf7c9860)}, + {TOBN(0x65450fe1, 0x7159bb2c), TOBN(0xf7dfbebe, 0x758b357b), + TOBN(0x2b057e74, 0xd69fea72), TOBN(0xd485717a, 0x92731745)}}}, + {{{TOBN(0x896c42e8, 0xee36860c), TOBN(0xdaf04dfd, 0x4113c22d), + TOBN(0x1adbb7b7, 0x44104213), TOBN(0xe5fd5fa1, 0x1fd394ea)}, + {TOBN(0x68235d94, 0x1a4e0551), TOBN(0x6772cfbe, 0x18d10151), + TOBN(0x276071e3, 0x09984523), TOBN(0xe4e879de, 0x5a56ba98)}}, + {{TOBN(0xaaafafb0, 0x285b9491), TOBN(0x01a0be88, 0x1e4c705e), + TOBN(0xff1d4f5d, 0x2ad9caab), TOBN(0x6e349a4a, 0xc37a233f)}, + {TOBN(0xcf1c1246, 0x4a1c6a16), TOBN(0xd99e6b66, 0x29383260), + TOBN(0xea3d4366, 0x5f6d5471), TOBN(0x36974d04, 0xff8cc89b)}}, + {{TOBN(0xc26c49a1, 0xcfe89d80), TOBN(0xb42c026d, 0xda9c8371), + TOBN(0xca6c013a, 0xdad066d2), TOBN(0xfb8f7228, 0x56a4f3ee)}, + {TOBN(0x08b579ec, 0xd850935b), TOBN(0x34c1a74c, 0xd631e1b3), + TOBN(0xcb5fe596, 0xac198534), TOBN(0x39ff21f6, 0xe1f24f25)}}, + {{TOBN(0x27f29e14, 0x8f929057), TOBN(0x7a64ae06, 0xc0c853df), + TOBN(0x256cd183, 0x58e9c5ce), TOBN(0x9d9cce82, 0xded092a5)}, + {TOBN(0xcc6e5979, 0x6e93b7c7), TOBN(0xe1e47092, 0x31bb9e27), + TOBN(0xb70b3083, 0xaa9e29a0), TOBN(0xbf181a75, 0x3785e644)}}, + {{TOBN(0xf53f2c65, 0x8ead09f7), TOBN(0x1335e1d5, 0x9780d14d), + TOBN(0x69cc20e0, 0xcd1b66bc), TOBN(0x9b670a37, 0xbbe0bfc8)}, + {TOBN(0xce53dc81, 0x28efbeed), TOBN(0x0c74e77c, 0x8326a6e5), + TOBN(0x3604e0d2, 0xb88e9a63), TOBN(0xbab38fca, 0x13dc2248)}}, + {{TOBN(0x8ed6e8c8, 0x5c0a3f1e), TOBN(0xbcad2492, 0x7c87c37f), + TOBN(0xfdfb62bb, 0x9ee3b78d), TOBN(0xeba8e477, 0xcbceba46)}, + {TOBN(0x37d38cb0, 0xeeaede4b), TOBN(0x0bc498e8, 0x7976deb6), + TOBN(0xb2944c04, 0x6b6147fb), TOBN(0x8b123f35, 0xf71f9609)}}, + {{TOBN(0xa155dcc7, 0xde79dc24), TOBN(0xf1168a32, 0x558f69cd), + TOBN(0xbac21595, 0x0d1850df), TOBN(0x15c8295b, 0xb204c848)}, + {TOBN(0xf661aa36, 0x7d8184ff), TOBN(0xc396228e, 0x30447bdb), + TOBN(0x11cd5143, 0xbde4a59e), TOBN(0xe3a26e3b, 0x6beab5e6)}}, + {{TOBN(0xd3b3a13f, 0x1402b9d0), TOBN(0x573441c3, 0x2c7bc863), + TOBN(0x4b301ec4, 0x578c3e6e), TOBN(0xc26fc9c4, 0x0adaf57e)}, + {TOBN(0x96e71bfd, 0x7493cea3), TOBN(0xd05d4b3f, 0x1af81456), + TOBN(0xdaca2a8a, 0x6a8c608f), TOBN(0x53ef07f6, 0x0725b276)}}, + {{TOBN(0x07a5fbd2, 0x7824fc56), TOBN(0x34675218, 0x13289077), + TOBN(0x5bf69fd5, 0xe0c48349), TOBN(0xa613ddd3, 0xb6aa7875)}, + {TOBN(0x7f78c19c, 0x5450d866), TOBN(0x46f4409c, 0x8f84a481), + TOBN(0x9f1d1928, 0x90fce239), TOBN(0x016c4168, 0xb2ce44b9)}}, + {{TOBN(0xbae023f0, 0xc7435978), TOBN(0xb152c888, 0x20e30e19), + TOBN(0x9c241645, 0xe3fa6faf), TOBN(0x735d95c1, 0x84823e60)}, + {TOBN(0x03197573, 0x03955317), TOBN(0x0b4b02a9, 0xf03b4995), + TOBN(0x076bf559, 0x70274600), TOBN(0x32c5cc53, 0xaaf57508)}}, + {{TOBN(0xe8af6d1f, 0x60624129), TOBN(0xb7bc5d64, 0x9a5e2b5e), + TOBN(0x3814b048, 0x5f082d72), TOBN(0x76f267f2, 0xce19677a)}, + {TOBN(0x626c630f, 0xb36eed93), TOBN(0x55230cd7, 0x3bf56803), + TOBN(0x78837949, 0xce2736a0), TOBN(0x0d792d60, 0xaa6c55f1)}}, + {{TOBN(0x0318dbfd, 0xd5c7c5d2), TOBN(0xb38f8da7, 0x072b342d), + TOBN(0x3569bddc, 0x7b8de38a), TOBN(0xf25b5887, 0xa1c94842)}, + {TOBN(0xb2d5b284, 0x2946ad60), TOBN(0x854f29ad, 0xe9d1707e), + TOBN(0xaa5159dc, 0x2c6a4509), TOBN(0x899f94c0, 0x57189837)}}, + {{TOBN(0xcf6adc51, 0xf4a55b03), TOBN(0x261762de, 0x35e3b2d5), + TOBN(0x4cc43012, 0x04827b51), TOBN(0xcd22a113, 0xc6021442)}, + {TOBN(0xce2fd61a, 0x247c9569), TOBN(0x59a50973, 0xd152beca), + TOBN(0x6c835a11, 0x63a716d4), TOBN(0xc26455ed, 0x187dedcf)}}, + {{TOBN(0x27f536e0, 0x49ce89e7), TOBN(0x18908539, 0xcc890cb5), + TOBN(0x308909ab, 0xd83c2aa1), TOBN(0xecd3142b, 0x1ab73bd3)}, + {TOBN(0x6a85bf59, 0xb3f5ab84), TOBN(0x3c320a68, 0xf2bea4c6), + TOBN(0xad8dc538, 0x6da4541f), TOBN(0xeaf34eb0, 0xb7c41186)}}, + {{TOBN(0x1c780129, 0x977c97c4), TOBN(0x5ff9beeb, 0xc57eb9fa), + TOBN(0xa24d0524, 0xc822c478), TOBN(0xfd8eec2a, 0x461cd415)}, + {TOBN(0xfbde194e, 0xf027458c), TOBN(0xb4ff5319, 0x1d1be115), + TOBN(0x63f874d9, 0x4866d6f4), TOBN(0x35c75015, 0xb21ad0c9)}}, + {{TOBN(0xa6b5c9d6, 0x46ac49d2), TOBN(0x42c77c0b, 0x83137aa9), + TOBN(0x24d000fc, 0x68225a38), TOBN(0x0f63cfc8, 0x2fe1e907)}, + {TOBN(0x22d1b01b, 0xc6441f95), TOBN(0x7d38f719, 0xec8e448f), + TOBN(0x9b33fa5f, 0x787fb1ba), TOBN(0x94dcfda1, 0x190158df)}}, + {{TOBN(0xc47cb339, 0x5f6d4a09), TOBN(0x6b4f355c, 0xee52b826), + TOBN(0x3d100f5d, 0xf51b930a), TOBN(0xf4512fac, 0x9f668f69)}, + {TOBN(0x546781d5, 0x206c4c74), TOBN(0xd021d4d4, 0xcb4d2e48), + TOBN(0x494a54c2, 0xca085c2d), TOBN(0xf1dbaca4, 0x520850a8)}}, + {{TOBN(0x63c79326, 0x490a1aca), TOBN(0xcb64dd9c, 0x41526b02), + TOBN(0xbb772591, 0xa2979258), TOBN(0x3f582970, 0x48d97846)}, + {TOBN(0xd66b70d1, 0x7c213ba7), TOBN(0xc28febb5, 0xe8a0ced4), + TOBN(0x6b911831, 0xc10338c1), TOBN(0x0d54e389, 0xbf0126f3)}}, + {{TOBN(0x7048d460, 0x4af206ee), TOBN(0x786c88f6, 0x77e97cb9), + TOBN(0xd4375ae1, 0xac64802e), TOBN(0x469bcfe1, 0xd53ec11c)}, + {TOBN(0xfc9b340d, 0x47062230), TOBN(0xe743bb57, 0xc5b4a3ac), + TOBN(0xfe00b4aa, 0x59ef45ac), TOBN(0x29a4ef23, 0x59edf188)}}, + {{TOBN(0x40242efe, 0xb483689b), TOBN(0x2575d3f6, 0x513ac262), + TOBN(0xf30037c8, 0x0ca6db72), TOBN(0xc9fcce82, 0x98864be2)}, + {TOBN(0x84a112ff, 0x0149362d), TOBN(0x95e57582, 0x1c4ae971), + TOBN(0x1fa4b1a8, 0x945cf86c), TOBN(0x4525a734, 0x0b024a2f)}}, + {{TOBN(0xe76c8b62, 0x8f338360), TOBN(0x483ff593, 0x28edf32b), + TOBN(0x67e8e90a, 0x298b1aec), TOBN(0x9caab338, 0x736d9a21)}, + {TOBN(0x5c09d2fd, 0x66892709), TOBN(0x2496b4dc, 0xb55a1d41), + TOBN(0x93f5fb1a, 0xe24a4394), TOBN(0x08c75049, 0x6fa8f6c1)}}, + {{TOBN(0xcaead1c2, 0xc905d85f), TOBN(0xe9d7f790, 0x0733ae57), + TOBN(0x24c9a65c, 0xf07cdd94), TOBN(0x7389359c, 0xa4b55931)}, + {TOBN(0xf58709b7, 0x367e45f7), TOBN(0x1f203067, 0xcb7e7adc), + TOBN(0x82444bff, 0xc7b72818), TOBN(0x07303b35, 0xbaac8033)}}, + {{TOBN(0x1e1ee4e4, 0xd13b7ea1), TOBN(0xe6489b24, 0xe0e74180), + TOBN(0xa5f2c610, 0x7e70ef70), TOBN(0xa1655412, 0xbdd10894)}, + {TOBN(0x555ebefb, 0x7af4194e), TOBN(0x533c1c3c, 0x8e89bd9c), + TOBN(0x735b9b57, 0x89895856), TOBN(0x15fb3cd2, 0x567f5c15)}}, + {{TOBN(0x057fed45, 0x526f09fd), TOBN(0xe8a4f10c, 0x8128240a), + TOBN(0x9332efc4, 0xff2bfd8d), TOBN(0x214e77a0, 0xbd35aa31)}, + {TOBN(0x32896d73, 0x14faa40e), TOBN(0x767867ec, 0x01e5f186), + TOBN(0xc9adf8f1, 0x17a1813e), TOBN(0xcb6cda78, 0x54741795)}}, + {{TOBN(0xb7521b6d, 0x349d51aa), TOBN(0xf56b5a9e, 0xe3c7b8e9), + TOBN(0xc6f1e5c9, 0x32a096df), TOBN(0x083667c4, 0xa3635024)}, + {TOBN(0x365ea135, 0x18087f2f), TOBN(0xf1b8eaac, 0xd136e45d), + TOBN(0xc8a0e484, 0x73aec989), TOBN(0xd75a324b, 0x142c9259)}}, + {{TOBN(0xb7b4d001, 0x01dae185), TOBN(0x45434e0b, 0x9b7a94bc), + TOBN(0xf54339af, 0xfbd8cb0b), TOBN(0xdcc4569e, 0xe98ef49e)}, + {TOBN(0x7789318a, 0x09a51299), TOBN(0x81b4d206, 0xb2b025d8), + TOBN(0xf64aa418, 0xfae85792), TOBN(0x3e50258f, 0xacd7baf7)}}, + {{TOBN(0xdce84cdb, 0x2996864b), TOBN(0xa2e67089, 0x1f485fa4), + TOBN(0xb28b2bb6, 0x534c6a5a), TOBN(0x31a7ec6b, 0xc94b9d39)}, + {TOBN(0x1d217766, 0xd6bc20da), TOBN(0x4acdb5ec, 0x86761190), + TOBN(0x68726328, 0x73701063), TOBN(0x4d24ee7c, 0x2128c29b)}}, + {{TOBN(0xc072ebd3, 0xa19fd868), TOBN(0x612e481c, 0xdb8ddd3b), + TOBN(0xb4e1d754, 0x1a64d852), TOBN(0x00ef95ac, 0xc4c6c4ab)}, + {TOBN(0x1536d2ed, 0xaa0a6c46), TOBN(0x61294086, 0x43774790), + TOBN(0x54af25e8, 0x343fda10), TOBN(0x9ff9d98d, 0xfd25d6f2)}}, + {{TOBN(0x0746af7c, 0x468b8835), TOBN(0x977a31cb, 0x730ecea7), + TOBN(0xa5096b80, 0xc2cf4a81), TOBN(0xaa986833, 0x6458c37a)}, + {TOBN(0x6af29bf3, 0xa6bd9d34), TOBN(0x6a62fe9b, 0x33c5d854), + TOBN(0x50e6c304, 0xb7133b5e), TOBN(0x04b60159, 0x7d6e6848)}}, + {{TOBN(0x4cd296df, 0x5579bea4), TOBN(0x10e35ac8, 0x5ceedaf1), + TOBN(0x04c4c5fd, 0xe3bcc5b1), TOBN(0x95f9ee8a, 0x89412cf9)}, + {TOBN(0x2c9459ee, 0x82b6eb0f), TOBN(0x2e845765, 0x95c2aadd), + TOBN(0x774a84ae, 0xd327fcfe), TOBN(0xd8c93722, 0x0368d476)}}, + {{TOBN(0x0dbd5748, 0xf83e8a3b), TOBN(0xa579aa96, 0x8d2495f3), + TOBN(0x535996a0, 0xae496e9b), TOBN(0x07afbfe9, 0xb7f9bcc2)}, + {TOBN(0x3ac1dc6d, 0x5b7bd293), TOBN(0x3b592cff, 0x7022323d), + TOBN(0xba0deb98, 0x9c0a3e76), TOBN(0x18e78e9f, 0x4b197acb)}}, + {{TOBN(0x211cde10, 0x296c36ef), TOBN(0x7ee89672, 0x82c4da77), + TOBN(0xb617d270, 0xa57836da), TOBN(0xf0cd9c31, 0x9cb7560b)}, + {TOBN(0x01fdcbf7, 0xe455fe90), TOBN(0x3fb53cbb, 0x7e7334f3), + TOBN(0x781e2ea4, 0x4e7de4ec), TOBN(0x8adab3ad, 0x0b384fd0)}}, + {{TOBN(0x129eee2f, 0x53d64829), TOBN(0x7a471e17, 0xa261492b), + TOBN(0xe4f9adb9, 0xe4cb4a2c), TOBN(0x3d359f6f, 0x97ba2c2d)}, + {TOBN(0x346c6786, 0x0aacd697), TOBN(0x92b444c3, 0x75c2f8a8), + TOBN(0xc79fa117, 0xd85df44e), TOBN(0x56782372, 0x398ddf31)}}, + {{TOBN(0x60e690f2, 0xbbbab3b8), TOBN(0x4851f8ae, 0x8b04816b), + TOBN(0xc72046ab, 0x9c92e4d2), TOBN(0x518c74a1, 0x7cf3136b)}, + {TOBN(0xff4eb50a, 0xf9877d4c), TOBN(0x14578d90, 0xa919cabb), + TOBN(0x8218f8c4, 0xac5eb2b6), TOBN(0xa3ccc547, 0x542016e4)}}, + {{TOBN(0x025bf48e, 0x327f8349), TOBN(0xf3e97346, 0xf43cb641), + TOBN(0xdc2bafdf, 0x500f1085), TOBN(0x57167876, 0x2f063055)}, + {TOBN(0x5bd914b9, 0x411925a6), TOBN(0x7c078d48, 0xa1123de5), + TOBN(0xee6bf835, 0x182b165d), TOBN(0xb11b5e5b, 0xba519727)}}, + {{TOBN(0xe33ea76c, 0x1eea7b85), TOBN(0x2352b461, 0x92d4f85e), + TOBN(0xf101d334, 0xafe115bb), TOBN(0xfabc1294, 0x889175a3)}, + {TOBN(0x7f6bcdc0, 0x5233f925), TOBN(0xe0a802db, 0xe77fec55), + TOBN(0xbdb47b75, 0x8069b659), TOBN(0x1c5e12de, 0xf98fbd74)}}, + {{TOBN(0x869c58c6, 0x4b8457ee), TOBN(0xa5360f69, 0x4f7ea9f7), + TOBN(0xe576c09f, 0xf460b38f), TOBN(0x6b70d548, 0x22b7fb36)}, + {TOBN(0x3fd237f1, 0x3bfae315), TOBN(0x33797852, 0xcbdff369), + TOBN(0x97df25f5, 0x25b516f9), TOBN(0x46f388f2, 0xba38ad2d)}}, + {{TOBN(0x656c4658, 0x89d8ddbb), TOBN(0x8830b26e, 0x70f38ee8), + TOBN(0x4320fd5c, 0xde1212b0), TOBN(0xc34f30cf, 0xe4a2edb2)}, + {TOBN(0xabb131a3, 0x56ab64b8), TOBN(0x7f77f0cc, 0xd99c5d26), + TOBN(0x66856a37, 0xbf981d94), TOBN(0x19e76d09, 0x738bd76e)}}, + {{TOBN(0xe76c8ac3, 0x96238f39), TOBN(0xc0a482be, 0xa830b366), + TOBN(0xb7b8eaff, 0x0b4eb499), TOBN(0x8ecd83bc, 0x4bfb4865)}, + {TOBN(0x971b2cb7, 0xa2f3776f), TOBN(0xb42176a4, 0xf4b88adf), + TOBN(0xb9617df5, 0xbe1fa446), TOBN(0x8b32d508, 0xcd031bd2)}}, + {{TOBN(0x1c6bd47d, 0x53b618c0), TOBN(0xc424f46c, 0x6a227923), + TOBN(0x7303ffde, 0xdd92d964), TOBN(0xe9712878, 0x71b5abf2)}, + {TOBN(0x8f48a632, 0xf815561d), TOBN(0x85f48ff5, 0xd3c055d1), + TOBN(0x222a1427, 0x7525684f), TOBN(0xd0d841a0, 0x67360cc3)}}, + {{TOBN(0x4245a926, 0x0b9267c6), TOBN(0xc78913f1, 0xcf07f863), + TOBN(0xaa844c8e, 0x4d0d9e24), TOBN(0xa42ad522, 0x3d5f9017)}, + {TOBN(0xbd371749, 0xa2c989d5), TOBN(0x928292df, 0xe1f5e78e), + TOBN(0x493b383e, 0x0a1ea6da), TOBN(0x5136fd8d, 0x13aee529)}}, + {{TOBN(0x860c44b1, 0xf2c34a99), TOBN(0x3b00aca4, 0xbf5855ac), + TOBN(0xabf6aaa0, 0xfaaf37be), TOBN(0x65f43682, 0x2a53ec08)}, + {TOBN(0x1d9a5801, 0xa11b12e1), TOBN(0x78a7ab2c, 0xe20ed475), + TOBN(0x0de1067e, 0x9a41e0d5), TOBN(0x30473f5f, 0x305023ea)}}, + {{TOBN(0xdd3ae09d, 0x169c7d97), TOBN(0x5cd5baa4, 0xcfaef9cd), + TOBN(0x5cd7440b, 0x65a44803), TOBN(0xdc13966a, 0x47f364de)}, + {TOBN(0x077b2be8, 0x2b8357c1), TOBN(0x0cb1b4c5, 0xe9d57c2a), + TOBN(0x7a4ceb32, 0x05ff363e), TOBN(0xf310fa4d, 0xca35a9ef)}}, + {{TOBN(0xdbb7b352, 0xf97f68c6), TOBN(0x0c773b50, 0x0b02cf58), + TOBN(0xea2e4821, 0x3c1f96d9), TOBN(0xffb357b0, 0xeee01815)}, + {TOBN(0xb9c924cd, 0xe0f28039), TOBN(0x0b36c95a, 0x46a3fbe4), + TOBN(0x1faaaea4, 0x5e46db6c), TOBN(0xcae575c3, 0x1928aaff)}}, + {{TOBN(0x7f671302, 0xa70dab86), TOBN(0xfcbd12a9, 0x71c58cfc), + TOBN(0xcbef9acf, 0xbee0cb92), TOBN(0x573da0b9, 0xf8c1b583)}, + {TOBN(0x4752fcfe, 0x0d41d550), TOBN(0xe7eec0e3, 0x2155cffe), + TOBN(0x0fc39fcb, 0x545ae248), TOBN(0x522cb8d1, 0x8065f44e)}}, + {{TOBN(0x263c962a, 0x70cbb96c), TOBN(0xe034362a, 0xbcd124a9), + TOBN(0xf120db28, 0x3c2ae58d), TOBN(0xb9a38d49, 0xfef6d507)}, + {TOBN(0xb1fd2a82, 0x1ff140fd), TOBN(0xbd162f30, 0x20aee7e0), + TOBN(0x4e17a5d4, 0xcb251949), TOBN(0x2aebcb83, 0x4f7e1c3d)}}, + {{TOBN(0x608eb25f, 0x937b0527), TOBN(0xf42e1e47, 0xeb7d9997), + TOBN(0xeba699c4, 0xb8a53a29), TOBN(0x1f921c71, 0xe091b536)}, + {TOBN(0xcce29e7b, 0x5b26bbd5), TOBN(0x7a8ef5ed, 0x3b61a680), + TOBN(0xe5ef8043, 0xba1f1c7e), TOBN(0x16ea8217, 0x18158dda)}}, + {{TOBN(0x01778a2b, 0x599ff0f9), TOBN(0x68a923d7, 0x8104fc6b), + TOBN(0x5bfa44df, 0xda694ff3), TOBN(0x4f7199db, 0xf7667f12)}, + {TOBN(0xc06d8ff6, 0xe46f2a79), TOBN(0x08b5dead, 0xe9f8131d), + TOBN(0x02519a59, 0xabb4ce7c), TOBN(0xc4f710bc, 0xb42aec3e)}}, + {{TOBN(0x3d77b057, 0x78bde41a), TOBN(0x6474bf80, 0xb4186b5a), + TOBN(0x048b3f67, 0x88c65741), TOBN(0xc64519de, 0x03c7c154)}, + {TOBN(0xdf073846, 0x0edfcc4f), TOBN(0x319aa737, 0x48f1aa6b), + TOBN(0x8b9f8a02, 0xca909f77), TOBN(0x90258139, 0x7580bfef)}}, + {{TOBN(0xd8bfd3ca, 0xc0c22719), TOBN(0xc60209e4, 0xc9ca151e), + TOBN(0x7a744ab5, 0xd9a1a69c), TOBN(0x6de5048b, 0x14937f8f)}, + {TOBN(0x171938d8, 0xe115ac04), TOBN(0x7df70940, 0x1c6b16d2), + TOBN(0xa6aeb663, 0x7f8e94e7), TOBN(0xc130388e, 0x2a2cf094)}}, + {{TOBN(0x1850be84, 0x77f54e6e), TOBN(0x9f258a72, 0x65d60fe5), + TOBN(0xff7ff0c0, 0x6c9146d6), TOBN(0x039aaf90, 0xe63a830b)}, + {TOBN(0x38f27a73, 0x9460342f), TOBN(0x4703148c, 0x3f795f8a), + TOBN(0x1bb5467b, 0x9681a97e), TOBN(0x00931ba5, 0xecaeb594)}}, + {{TOBN(0xcdb6719d, 0x786f337c), TOBN(0xd9c01cd2, 0xe704397d), + TOBN(0x0f4a3f20, 0x555c2fef), TOBN(0x00452509, 0x7c0af223)}, + {TOBN(0x54a58047, 0x84db8e76), TOBN(0x3bacf1aa, 0x93c8aa06), + TOBN(0x11ca957c, 0xf7919422), TOBN(0x50641053, 0x78cdaa40)}}, + {{TOBN(0x7a303874, 0x9f7144ae), TOBN(0x170c963f, 0x43d4acfd), + TOBN(0x5e148149, 0x58ddd3ef), TOBN(0xa7bde582, 0x9e72dba8)}, + {TOBN(0x0769da8b, 0x6fa68750), TOBN(0xfa64e532, 0x572e0249), + TOBN(0xfcaadf9d, 0x2619ad31), TOBN(0x87882daa, 0xa7b349cd)}}, + {{TOBN(0x9f6eb731, 0x6c67a775), TOBN(0xcb10471a, 0xefc5d0b1), + TOBN(0xb433750c, 0xe1b806b2), TOBN(0x19c5714d, 0x57b1ae7e)}, + {TOBN(0xc0dc8b7b, 0xed03fd3f), TOBN(0xdd03344f, 0x31bc194e), + TOBN(0xa66c52a7, 0x8c6320b5), TOBN(0x8bc82ce3, 0xd0b6fd93)}}, + {{TOBN(0xf8e13501, 0xb35f1341), TOBN(0xe53156dd, 0x25a43e42), + TOBN(0xd3adf27e, 0x4daeb85c), TOBN(0xb81d8379, 0xbbeddeb5)}, + {TOBN(0x1b0b546e, 0x2e435867), TOBN(0x9020eb94, 0xeba5dd60), + TOBN(0x37d91161, 0x8210cb9d), TOBN(0x4c596b31, 0x5c91f1cf)}}, + {{TOBN(0xb228a90f, 0x0e0b040d), TOBN(0xbaf02d82, 0x45ff897f), + TOBN(0x2aac79e6, 0x00fa6122), TOBN(0x24828817, 0x8e36f557)}, + {TOBN(0xb9521d31, 0x113ec356), TOBN(0x9e48861e, 0x15eff1f8), + TOBN(0x2aa1d412, 0xe0d41715), TOBN(0x71f86203, 0x53f131b8)}}, + {{TOBN(0xf60da8da, 0x3fd19408), TOBN(0x4aa716dc, 0x278d9d99), + TOBN(0x394531f7, 0xa8c51c90), TOBN(0xb560b0e8, 0xf59db51c)}, + {TOBN(0xa28fc992, 0xfa34bdad), TOBN(0xf024fa14, 0x9cd4f8bd), + TOBN(0x5cf530f7, 0x23a9d0d3), TOBN(0x615ca193, 0xe28c9b56)}}, + {{TOBN(0x6d2a483d, 0x6f73c51e), TOBN(0xa4cb2412, 0xea0dc2dd), + TOBN(0x50663c41, 0x1eb917ff), TOBN(0x3d3a74cf, 0xeade299e)}, + {TOBN(0x29b3990f, 0x4a7a9202), TOBN(0xa9bccf59, 0xa7b15c3d), + TOBN(0x66a3ccdc, 0xa5df9208), TOBN(0x48027c14, 0x43f2f929)}}, + {{TOBN(0xd385377c, 0x40b557f0), TOBN(0xe001c366, 0xcd684660), + TOBN(0x1b18ed6b, 0xe2183a27), TOBN(0x879738d8, 0x63210329)}, + {TOBN(0xa687c74b, 0xbda94882), TOBN(0xd1bbcc48, 0xa684b299), + TOBN(0xaf6f1112, 0x863b3724), TOBN(0x6943d1b4, 0x2c8ce9f8)}}, + {{TOBN(0xe044a3bb, 0x098cafb4), TOBN(0x27ed2310, 0x60d48caf), + TOBN(0x542b5675, 0x3a31b84d), TOBN(0xcbf3dd50, 0xfcddbed7)}, + {TOBN(0x25031f16, 0x41b1d830), TOBN(0xa7ec851d, 0xcb0c1e27), + TOBN(0xac1c8fe0, 0xb5ae75db), TOBN(0xb24c7557, 0x08c52120)}}, + {{TOBN(0x57f811dc, 0x1d4636c3), TOBN(0xf8436526, 0x681a9939), + TOBN(0x1f6bc6d9, 0x9c81adb3), TOBN(0x840f8ac3, 0x5b7d80d4)}, + {TOBN(0x731a9811, 0xf4387f1a), TOBN(0x7c501cd3, 0xb5156880), + TOBN(0xa5ca4a07, 0xdfe68867), TOBN(0xf123d8f0, 0x5fcea120)}}, + {{TOBN(0x1fbb0e71, 0xd607039e), TOBN(0x2b70e215, 0xcd3a4546), + TOBN(0x32d2f01d, 0x53324091), TOBN(0xb796ff08, 0x180ab19b)}, + {TOBN(0x32d87a86, 0x3c57c4aa), TOBN(0x2aed9caf, 0xb7c49a27), + TOBN(0x9fb35eac, 0x31630d98), TOBN(0x338e8cdf, 0x5c3e20a3)}}, + {{TOBN(0x80f16182, 0x66cde8db), TOBN(0x4e159980, 0x2d72fd36), + TOBN(0xd7b8f13b, 0x9b6e5072), TOBN(0xf5213907, 0x3b7b5dc1)}, + {TOBN(0x4d431f1d, 0x8ce4396e), TOBN(0x37a1a680, 0xa7ed2142), + TOBN(0xbf375696, 0xd01aaf6b), TOBN(0xaa1c0c54, 0xe63aab66)}}, + {{TOBN(0x3014368b, 0x4ed80940), TOBN(0x67e6d056, 0x7a6fcedd), + TOBN(0x7c208c49, 0xca97579f), TOBN(0xfe3d7a81, 0xa23597f6)}, + {TOBN(0x5e203202, 0x7e096ae2), TOBN(0xb1f3e1e7, 0x24b39366), + TOBN(0x26da26f3, 0x2fdcdffc), TOBN(0x79422f1d, 0x6097be83)}}}, + {{{TOBN(0x263a2cfb, 0x9db3b381), TOBN(0x9c3a2dee, 0xd4df0a4b), + TOBN(0x728d06e9, 0x7d04e61f), TOBN(0x8b1adfbc, 0x42449325)}, + {TOBN(0x6ec1d939, 0x7e053a1b), TOBN(0xee2be5c7, 0x66daf707), + TOBN(0x80ba1e14, 0x810ac7ab), TOBN(0xdd2ae778, 0xf530f174)}}, + {{TOBN(0x0435d97a, 0x205b9d8b), TOBN(0x6eb8f064, 0x056756d4), + TOBN(0xd5e88a8b, 0xb6f8210e), TOBN(0x070ef12d, 0xec9fd9ea)}, + {TOBN(0x4d849505, 0x3bcc876a), TOBN(0x12a75338, 0xa7404ce3), + TOBN(0xd22b49e1, 0xb8a1db5e), TOBN(0xec1f2051, 0x14bfa5ad)}}, + {{TOBN(0xadbaeb79, 0xb6828f36), TOBN(0x9d7a0258, 0x01bd5b9e), + TOBN(0xeda01e0d, 0x1e844b0c), TOBN(0x4b625175, 0x887edfc9)}, + {TOBN(0x14109fdd, 0x9669b621), TOBN(0x88a2ca56, 0xf6f87b98), + TOBN(0xfe2eb788, 0x170df6bc), TOBN(0x0cea06f4, 0xffa473f9)}}, + {{TOBN(0x43ed81b5, 0xc4e83d33), TOBN(0xd9f35879, 0x5efd488b), + TOBN(0x164a620f, 0x9deb4d0f), TOBN(0xc6927bdb, 0xac6a7394)}, + {TOBN(0x45c28df7, 0x9f9e0f03), TOBN(0x2868661e, 0xfcd7e1a9), + TOBN(0x7cf4e8d0, 0xffa348f1), TOBN(0x6bd4c284, 0x398538e0)}}, + {{TOBN(0x2618a091, 0x289a8619), TOBN(0xef796e60, 0x6671b173), + TOBN(0x664e46e5, 0x9090c632), TOBN(0xa38062d4, 0x1e66f8fb)}, + {TOBN(0x6c744a20, 0x0573274e), TOBN(0xd07b67e4, 0xa9271394), + TOBN(0x391223b2, 0x6bdc0e20), TOBN(0xbe2d93f1, 0xeb0a05a7)}}, + {{TOBN(0xf23e2e53, 0x3f36d141), TOBN(0xe84bb3d4, 0x4dfca442), + TOBN(0xb804a48d, 0x6b7c023a), TOBN(0x1e16a8fa, 0x76431c3b)}, + {TOBN(0x1b5452ad, 0xddd472e0), TOBN(0x7d405ee7, 0x0d1ee127), + TOBN(0x50fc6f1d, 0xffa27599), TOBN(0x351ac53c, 0xbf391b35)}}, + {{TOBN(0x7efa14b8, 0x4444896b), TOBN(0x64974d2f, 0xf94027fb), + TOBN(0xefdcd0e8, 0xde84487d), TOBN(0x8c45b260, 0x2b48989b)}, + {TOBN(0xa8fcbbc2, 0xd8463487), TOBN(0xd1b2b3f7, 0x3fbc476c), + TOBN(0x21d005b7, 0xc8f443c0), TOBN(0x518f2e67, 0x40c0139c)}}, + {{TOBN(0x56036e8c, 0x06d75fc1), TOBN(0x2dcf7bb7, 0x3249a89f), + TOBN(0x81dd1d3d, 0xe245e7dd), TOBN(0xf578dc4b, 0xebd6e2a7)}, + {TOBN(0x4c028903, 0xdf2ce7a0), TOBN(0xaee36288, 0x9c39afac), + TOBN(0xdc847c31, 0x146404ab), TOBN(0x6304c0d8, 0xa4e97818)}}, + {{TOBN(0xae51dca2, 0xa91f6791), TOBN(0x2abe4190, 0x9baa9efc), + TOBN(0xd9d2e2f4, 0x559c7ac1), TOBN(0xe82f4b51, 0xfc9f773a)}, + {TOBN(0xa7713027, 0x4073e81c), TOBN(0xc0276fac, 0xfbb596fc), + TOBN(0x1d819fc9, 0xa684f70c), TOBN(0x29b47fdd, 0xc9f7b1e0)}}, + {{TOBN(0x358de103, 0x459b1940), TOBN(0xec881c59, 0x5b013e93), + TOBN(0x51574c93, 0x49532ad3), TOBN(0x2db1d445, 0xb37b46de)}, + {TOBN(0xc6445b87, 0xdf239fd8), TOBN(0xc718af75, 0x151d24ee), + TOBN(0xaea1c4a4, 0xf43c6259), TOBN(0x40c0e5d7, 0x70be02f7)}}, + {{TOBN(0x6a4590f4, 0x721b33f2), TOBN(0x2124f1fb, 0xfedf04ea), + TOBN(0xf8e53cde, 0x9745efe7), TOBN(0xe7e10432, 0x65f046d9)}, + {TOBN(0xc3fca28e, 0xe4d0c7e6), TOBN(0x847e339a, 0x87253b1b), + TOBN(0x9b595348, 0x3743e643), TOBN(0xcb6a0a0b, 0x4fd12fc5)}}, + {{TOBN(0xfb6836c3, 0x27d02dcc), TOBN(0x5ad00982, 0x7a68bcc2), + TOBN(0x1b24b44c, 0x005e912d), TOBN(0xcc83d20f, 0x811fdcfe)}, + {TOBN(0x36527ec1, 0x666fba0c), TOBN(0x69948197, 0x14754635), + TOBN(0xfcdcb1a8, 0x556da9c2), TOBN(0xa5934267, 0x81a732b2)}}, + {{TOBN(0xec1214ed, 0xa714181d), TOBN(0x609ac13b, 0x6067b341), + TOBN(0xff4b4c97, 0xa545df1f), TOBN(0xa1240501, 0x34d2076b)}, + {TOBN(0x6efa0c23, 0x1409ca97), TOBN(0x254cc1a8, 0x20638c43), + TOBN(0xd4e363af, 0xdcfb46cd), TOBN(0x62c2adc3, 0x03942a27)}}, + {{TOBN(0xc67b9df0, 0x56e46483), TOBN(0xa55abb20, 0x63736356), + TOBN(0xab93c098, 0xc551bc52), TOBN(0x382b49f9, 0xb15fe64b)}, + {TOBN(0x9ec221ad, 0x4dff8d47), TOBN(0x79caf615, 0x437df4d6), + TOBN(0x5f13dc64, 0xbb456509), TOBN(0xe4c589d9, 0x191f0714)}}, + {{TOBN(0x27b6a8ab, 0x3fd40e09), TOBN(0xe455842e, 0x77313ea9), + TOBN(0x8b51d1e2, 0x1f55988b), TOBN(0x5716dd73, 0x062bbbfc)}, + {TOBN(0x633c11e5, 0x4e8bf3de), TOBN(0x9a0e77b6, 0x1b85be3b), + TOBN(0x56510729, 0x0911cca6), TOBN(0x27e76495, 0xefa6590f)}}, + {{TOBN(0xe4ac8b33, 0x070d3aab), TOBN(0x2643672b, 0x9a2cd5e5), + TOBN(0x52eff79b, 0x1cfc9173), TOBN(0x665ca49b, 0x90a7c13f)}, + {TOBN(0x5a8dda59, 0xb3efb998), TOBN(0x8a5b922d, 0x052f1341), + TOBN(0xae9ebbab, 0x3cf9a530), TOBN(0x35986e7b, 0xf56da4d7)}}, + {{TOBN(0x3a636b5c, 0xff3513cc), TOBN(0xbb0cf8ba, 0x3198f7dd), + TOBN(0xb8d40522, 0x41f16f86), TOBN(0x760575d8, 0xde13a7bf)}, + {TOBN(0x36f74e16, 0x9f7aa181), TOBN(0x163a3ecf, 0xf509ed1c), + TOBN(0x6aead61f, 0x3c40a491), TOBN(0x158c95fc, 0xdfe8fcaa)}}, + {{TOBN(0xa3991b6e, 0x13cda46f), TOBN(0x79482415, 0x342faed0), + TOBN(0xf3ba5bde, 0x666b5970), TOBN(0x1d52e6bc, 0xb26ab6dd)}, + {TOBN(0x768ba1e7, 0x8608dd3d), TOBN(0x4930db2a, 0xea076586), + TOBN(0xd9575714, 0xe7dc1afa), TOBN(0x1fc7bf7d, 0xf7c58817)}}, + {{TOBN(0x6b47accd, 0xd9eee96c), TOBN(0x0ca277fb, 0xe58cec37), + TOBN(0x113fe413, 0xe702c42a), TOBN(0xdd1764ee, 0xc47cbe51)}, + {TOBN(0x041e7cde, 0x7b3ed739), TOBN(0x50cb7459, 0x5ce9e1c0), + TOBN(0x35568513, 0x2925b212), TOBN(0x7cff95c4, 0x001b081c)}}, + {{TOBN(0x63ee4cbd, 0x8088b454), TOBN(0xdb7f32f7, 0x9a9e0c8a), + TOBN(0xb377d418, 0x6b2447cb), TOBN(0xe3e982aa, 0xd370219b)}, + {TOBN(0x06ccc1e4, 0xc2a2a593), TOBN(0x72c36865, 0x0773f24f), + TOBN(0xa13b4da7, 0x95859423), TOBN(0x8bbf1d33, 0x75040c8f)}}, + {{TOBN(0x726f0973, 0xda50c991), TOBN(0x48afcd5b, 0x822d6ee2), + TOBN(0xe5fc718b, 0x20fd7771), TOBN(0xb9e8e77d, 0xfd0807a1)}, + {TOBN(0x7f5e0f44, 0x99a7703d), TOBN(0x6972930e, 0x618e36f3), + TOBN(0x2b7c77b8, 0x23807bbe), TOBN(0xe5b82405, 0xcb27ff50)}}, + {{TOBN(0xba8b8be3, 0xbd379062), TOBN(0xd64b7a1d, 0x2dce4a92), + TOBN(0x040a73c5, 0xb2952e37), TOBN(0x0a9e252e, 0xd438aeca)}, + {TOBN(0xdd43956b, 0xc39d3bcb), TOBN(0x1a31ca00, 0xb32b2d63), + TOBN(0xd67133b8, 0x5c417a18), TOBN(0xd08e4790, 0x2ef442c8)}}, + {{TOBN(0x98cb1ae9, 0x255c0980), TOBN(0x4bd86381, 0x2b4a739f), + TOBN(0x5a5c31e1, 0x1e4a45a1), TOBN(0x1e5d55fe, 0x9cb0db2f)}, + {TOBN(0x74661b06, 0x8ff5cc29), TOBN(0x026b389f, 0x0eb8a4f4), + TOBN(0x536b21a4, 0x58848c24), TOBN(0x2e5bf8ec, 0x81dc72b0)}}, + {{TOBN(0x03c187d0, 0xad886aac), TOBN(0x5c16878a, 0xb771b645), + TOBN(0xb07dfc6f, 0xc74045ab), TOBN(0x2c6360bf, 0x7800caed)}, + {TOBN(0x24295bb5, 0xb9c972a3), TOBN(0xc9e6f88e, 0x7c9a6dba), + TOBN(0x90ffbf24, 0x92a79aa6), TOBN(0xde29d50a, 0x41c26ac2)}}, + {{TOBN(0x9f0af483, 0xd309cbe6), TOBN(0x5b020d8a, 0xe0bced4f), + TOBN(0x606e986d, 0xb38023e3), TOBN(0xad8f2c9d, 0x1abc6933)}, + {TOBN(0x19292e1d, 0xe7400e93), TOBN(0xfe3e18a9, 0x52be5e4d), + TOBN(0xe8e9771d, 0x2e0680bf), TOBN(0x8c5bec98, 0xc54db063)}}, + {{TOBN(0x2af9662a, 0x74a55d1f), TOBN(0xe3fbf28f, 0x046f66d8), + TOBN(0xa3a72ab4, 0xd4dc4794), TOBN(0x09779f45, 0x5c7c2dd8)}, + {TOBN(0xd893bdaf, 0xc3d19d8d), TOBN(0xd5a75094, 0x57d6a6df), + TOBN(0x8cf8fef9, 0x952e6255), TOBN(0x3da67cfb, 0xda9a8aff)}}, + {{TOBN(0x4c23f62a, 0x2c160dcd), TOBN(0x34e6c5e3, 0x8f90eaef), + TOBN(0x35865519, 0xa9a65d5a), TOBN(0x07c48aae, 0x8fd38a3d)}, + {TOBN(0xb7e7aeda, 0x50068527), TOBN(0x2c09ef23, 0x1c90936a), + TOBN(0x31ecfeb6, 0xe879324c), TOBN(0xa0871f6b, 0xfb0ec938)}}, + {{TOBN(0xb1f0fb68, 0xd84d835d), TOBN(0xc90caf39, 0x861dc1e6), + TOBN(0x12e5b046, 0x7594f8d7), TOBN(0x26897ae2, 0x65012b92)}, + {TOBN(0xbcf68a08, 0xa4d6755d), TOBN(0x403ee41c, 0x0991fbda), + TOBN(0x733e343e, 0x3bbf17e8), TOBN(0xd2c7980d, 0x679b3d65)}}, + {{TOBN(0x33056232, 0xd2e11305), TOBN(0x966be492, 0xf3c07a6f), + TOBN(0x6a8878ff, 0xbb15509d), TOBN(0xff221101, 0x0a9b59a4)}, + {TOBN(0x6c9f564a, 0xabe30129), TOBN(0xc6f2c940, 0x336e64cf), + TOBN(0x0fe75262, 0x8b0c8022), TOBN(0xbe0267e9, 0x6ae8db87)}}, + {{TOBN(0x22e192f1, 0x93bc042b), TOBN(0xf085b534, 0xb237c458), + TOBN(0xa0d192bd, 0x832c4168), TOBN(0x7a76e9e3, 0xbdf6271d)}, + {TOBN(0x52a882fa, 0xb88911b5), TOBN(0xc85345e4, 0xb4db0eb5), + TOBN(0xa3be02a6, 0x81a7c3ff), TOBN(0x51889c8c, 0xf0ec0469)}}, + {{TOBN(0x9d031369, 0xa5e829e5), TOBN(0xcbb4c6fc, 0x1607aa41), + TOBN(0x75ac59a6, 0x241d84c1), TOBN(0xc043f2bf, 0x8829e0ee)}, + {TOBN(0x82a38f75, 0x8ea5e185), TOBN(0x8bda40b9, 0xd87cbd9f), + TOBN(0x9e65e75e, 0x2d8fc601), TOBN(0x3d515f74, 0xa35690b3)}}, + {{TOBN(0x534acf4f, 0xda79e5ac), TOBN(0x68b83b3a, 0x8630215f), + TOBN(0x5c748b2e, 0xd085756e), TOBN(0xb0317258, 0xe5d37cb2)}, + {TOBN(0x6735841a, 0xc5ccc2c4), TOBN(0x7d7dc96b, 0x3d9d5069), + TOBN(0xa147e410, 0xfd1754bd), TOBN(0x65296e94, 0xd399ddd5)}}, + {{TOBN(0xf6b5b2d0, 0xbc8fa5bc), TOBN(0x8a5ead67, 0x500c277b), + TOBN(0x214625e6, 0xdfa08a5d), TOBN(0x51fdfedc, 0x959cf047)}, + {TOBN(0x6bc9430b, 0x289fca32), TOBN(0xe36ff0cf, 0x9d9bdc3f), + TOBN(0x2fe187cb, 0x58ea0ede), TOBN(0xed66af20, 0x5a900b3f)}}, + {{TOBN(0x00e0968b, 0x5fa9f4d6), TOBN(0x2d4066ce, 0x37a362e7), + TOBN(0xa99a9748, 0xbd07e772), TOBN(0x710989c0, 0x06a4f1d0)}, + {TOBN(0xd5dedf35, 0xce40cbd8), TOBN(0xab55c5f0, 0x1743293d), + TOBN(0x766f1144, 0x8aa24e2c), TOBN(0x94d874f8, 0x605fbcb4)}}, + {{TOBN(0xa365f0e8, 0xa518001b), TOBN(0xee605eb6, 0x9d04ef0f), + TOBN(0x5a3915cd, 0xba8d4d25), TOBN(0x44c0e1b8, 0xb5113472)}, + {TOBN(0xcbb024e8, 0x8b6740dc), TOBN(0x89087a53, 0xee1d4f0c), + TOBN(0xa88fa05c, 0x1fc4e372), TOBN(0x8bf395cb, 0xaf8b3af2)}}, + {{TOBN(0x1e71c9a1, 0xdeb8568b), TOBN(0xa35daea0, 0x80fb3d32), + TOBN(0xe8b6f266, 0x2cf8fb81), TOBN(0x6d51afe8, 0x9490696a)}, + {TOBN(0x81beac6e, 0x51803a19), TOBN(0xe3d24b7f, 0x86219080), + TOBN(0x727cfd9d, 0xdf6f463c), TOBN(0x8c6865ca, 0x72284ee8)}}, + {{TOBN(0x32c88b7d, 0xb743f4ef), TOBN(0x3793909b, 0xe7d11dce), + TOBN(0xd398f922, 0x2ff2ebe8), TOBN(0x2c70ca44, 0xe5e49796)}, + {TOBN(0xdf4d9929, 0xcb1131b1), TOBN(0x7826f298, 0x25888e79), + TOBN(0x4d3a112c, 0xf1d8740a), TOBN(0x00384cb6, 0x270afa8b)}}, + {{TOBN(0xcb64125b, 0x3ab48095), TOBN(0x3451c256, 0x62d05106), + TOBN(0xd73d577d, 0xa4955845), TOBN(0x39570c16, 0xbf9f4433)}, + {TOBN(0xd7dfaad3, 0xadecf263), TOBN(0xf1c3d8d1, 0xdc76e102), + TOBN(0x5e774a58, 0x54c6a836), TOBN(0xdad4b672, 0x3e92d47b)}}, + {{TOBN(0xbe7e990f, 0xf0d796a0), TOBN(0x5fc62478, 0xdf0e8b02), + TOBN(0x8aae8bf4, 0x030c00ad), TOBN(0x3d2db93b, 0x9004ba0f)}, + {TOBN(0xe48c8a79, 0xd85d5ddc), TOBN(0xe907caa7, 0x6bb07f34), + TOBN(0x58db343a, 0xa39eaed5), TOBN(0x0ea6e007, 0xadaf5724)}}, + {{TOBN(0xe00df169, 0xd23233f3), TOBN(0x3e322796, 0x77cb637f), + TOBN(0x1f897c0e, 0x1da0cf6c), TOBN(0xa651f5d8, 0x31d6bbdd)}, + {TOBN(0xdd61af19, 0x1a230c76), TOBN(0xbd527272, 0xcdaa5e4a), + TOBN(0xca753636, 0xd0abcd7e), TOBN(0x78bdd37c, 0x370bd8dc)}}, + {{TOBN(0xc23916c2, 0x17cd93fe), TOBN(0x65b97a4d, 0xdadce6e2), + TOBN(0xe04ed4eb, 0x174e42f8), TOBN(0x1491ccaa, 0xbb21480a)}, + {TOBN(0x145a8280, 0x23196332), TOBN(0x3c3862d7, 0x587b479a), + TOBN(0x9f4a88a3, 0x01dcd0ed), TOBN(0x4da2b7ef, 0x3ea12f1f)}}, + {{TOBN(0xf8e7ae33, 0xb126e48e), TOBN(0x404a0b32, 0xf494e237), + TOBN(0x9beac474, 0xc55acadb), TOBN(0x4ee5cf3b, 0xcbec9fd9)}, + {TOBN(0x336b33b9, 0x7df3c8c3), TOBN(0xbd905fe3, 0xb76808fd), + TOBN(0x8f436981, 0xaa45c16a), TOBN(0x255c5bfa, 0x3dd27b62)}}, + {{TOBN(0x71965cbf, 0xc3dd9b4d), TOBN(0xce23edbf, 0xfc068a87), + TOBN(0xb78d4725, 0x745b029b), TOBN(0x74610713, 0xcefdd9bd)}, + {TOBN(0x7116f75f, 0x1266bf52), TOBN(0x02046722, 0x18e49bb6), + TOBN(0xdf43df9f, 0x3d6f19e3), TOBN(0xef1bc7d0, 0xe685cb2f)}}, + {{TOBN(0xcddb27c1, 0x7078c432), TOBN(0xe1961b9c, 0xb77fedb7), + TOBN(0x1edc2f5c, 0xc2290570), TOBN(0x2c3fefca, 0x19cbd886)}, + {TOBN(0xcf880a36, 0xc2af389a), TOBN(0x96c610fd, 0xbda71cea), + TOBN(0xf03977a9, 0x32aa8463), TOBN(0x8eb7763f, 0x8586d90a)}}, + {{TOBN(0x3f342454, 0x2a296e77), TOBN(0xc8718683, 0x42837a35), + TOBN(0x7dc71090, 0x6a09c731), TOBN(0x54778ffb, 0x51b816db)}, + {TOBN(0x6b33bfec, 0xaf06defd), TOBN(0xfe3c105f, 0x8592b70b), + TOBN(0xf937fda4, 0x61da6114), TOBN(0x3c13e651, 0x4c266ad7)}}, + {{TOBN(0xe363a829, 0x855938e8), TOBN(0x2eeb5d9e, 0x9de54b72), + TOBN(0xbeb93b0e, 0x20ccfab9), TOBN(0x3dffbb5f, 0x25e61a25)}, + {TOBN(0x7f655e43, 0x1acc093d), TOBN(0x0cb6cc3d, 0x3964ce61), + TOBN(0x6ab283a1, 0xe5e9b460), TOBN(0x55d787c5, 0xa1c7e72d)}}, + {{TOBN(0x4d2efd47, 0xdeadbf02), TOBN(0x11e80219, 0xac459068), + TOBN(0x810c7626, 0x71f311f0), TOBN(0xfa17ef8d, 0x4ab6ef53)}, + {TOBN(0xaf47fd25, 0x93e43bff), TOBN(0x5cb5ff3f, 0x0be40632), + TOBN(0x54687106, 0x8ee61da3), TOBN(0x7764196e, 0xb08afd0f)}}, + {{TOBN(0x831ab3ed, 0xf0290a8f), TOBN(0xcae81966, 0xcb47c387), + TOBN(0xaad7dece, 0x184efb4f), TOBN(0xdcfc53b3, 0x4749110e)}, + {TOBN(0x6698f23c, 0x4cb632f9), TOBN(0xc42a1ad6, 0xb91f8067), + TOBN(0xb116a81d, 0x6284180a), TOBN(0xebedf5f8, 0xe901326f)}}, + {{TOBN(0xf2274c9f, 0x97e3e044), TOBN(0x42018520, 0x11d09fc9), + TOBN(0x56a65f17, 0xd18e6e23), TOBN(0x2ea61e2a, 0x352b683c)}, + {TOBN(0x27d291bc, 0x575eaa94), TOBN(0x9e7bc721, 0xb8ff522d), + TOBN(0x5f7268bf, 0xa7f04d6f), TOBN(0x5868c73f, 0xaba41748)}}, + {{TOBN(0x9f85c2db, 0x7be0eead), TOBN(0x511e7842, 0xff719135), + TOBN(0x5a06b1e9, 0xc5ea90d7), TOBN(0x0c19e283, 0x26fab631)}, + {TOBN(0x8af8f0cf, 0xe9206c55), TOBN(0x89389cb4, 0x3553c06a), + TOBN(0x39dbed97, 0xf65f8004), TOBN(0x0621b037, 0xc508991d)}}, + {{TOBN(0x1c52e635, 0x96e78cc4), TOBN(0x5385c8b2, 0x0c06b4a8), + TOBN(0xd84ddfdb, 0xb0e87d03), TOBN(0xc49dfb66, 0x934bafad)}, + {TOBN(0x7071e170, 0x59f70772), TOBN(0x3a073a84, 0x3a1db56b), + TOBN(0x03494903, 0x3b8af190), TOBN(0x7d882de3, 0xd32920f0)}}, + {{TOBN(0x91633f0a, 0xb2cf8940), TOBN(0x72b0b178, 0x6f948f51), + TOBN(0x2d28dc30, 0x782653c8), TOBN(0x88829849, 0xdb903a05)}, + {TOBN(0xb8095d0c, 0x6a19d2bb), TOBN(0x4b9e7f0c, 0x86f782cb), + TOBN(0x7af73988, 0x2d907064), TOBN(0xd12be0fe, 0x8b32643c)}}, + {{TOBN(0x358ed23d, 0x0e165dc3), TOBN(0x3d47ce62, 0x4e2378ce), + TOBN(0x7e2bb0b9, 0xfeb8a087), TOBN(0x3246e8ae, 0xe29e10b9)}, + {TOBN(0x459f4ec7, 0x03ce2b4d), TOBN(0xe9b4ca1b, 0xbbc077cf), + TOBN(0x2613b4f2, 0x0e9940c1), TOBN(0xfc598bb9, 0x047d1eb1)}}, + {{TOBN(0x9744c62b, 0x45036099), TOBN(0xa9dee742, 0x167c65d8), + TOBN(0x0c511525, 0xdabe1943), TOBN(0xda110554, 0x93c6c624)}, + {TOBN(0xae00a52c, 0x651a3be2), TOBN(0xcda5111d, 0x884449a6), + TOBN(0x063c06f4, 0xff33bed1), TOBN(0x73baaf9a, 0x0d3d76b4)}}, + {{TOBN(0x52fb0c9d, 0x7fc63668), TOBN(0x6886c9dd, 0x0c039cde), + TOBN(0x602bd599, 0x55b22351), TOBN(0xb00cab02, 0x360c7c13)}, + {TOBN(0x8cb616bc, 0x81b69442), TOBN(0x41486700, 0xb55c3cee), + TOBN(0x71093281, 0xf49ba278), TOBN(0xad956d9c, 0x64a50710)}}, + {{TOBN(0x9561f28b, 0x638a7e81), TOBN(0x54155cdf, 0x5980ddc3), + TOBN(0xb2db4a96, 0xd26f247a), TOBN(0x9d774e4e, 0x4787d100)}, + {TOBN(0x1a9e6e2e, 0x078637d2), TOBN(0x1c363e2d, 0x5e0ae06a), + TOBN(0x7493483e, 0xe9cfa354), TOBN(0x76843cb3, 0x7f74b98d)}}, + {{TOBN(0xbaca6591, 0xd4b66947), TOBN(0xb452ce98, 0x04460a8c), + TOBN(0x6830d246, 0x43768f55), TOBN(0xf4197ed8, 0x7dff12df)}, + {TOBN(0x6521b472, 0x400dd0f7), TOBN(0x59f5ca8f, 0x4b1e7093), + TOBN(0x6feff11b, 0x080338ae), TOBN(0x0ada31f6, 0xa29ca3c6)}}, + {{TOBN(0x24794eb6, 0x94a2c215), TOBN(0xd83a43ab, 0x05a57ab4), + TOBN(0x264a543a, 0x2a6f89fe), TOBN(0x2c2a3868, 0xdd5ec7c2)}, + {TOBN(0xd3373940, 0x8439d9b2), TOBN(0x715ea672, 0x0acd1f11), + TOBN(0x42c1d235, 0xe7e6cc19), TOBN(0x81ce6e96, 0xb990585c)}}, + {{TOBN(0x04e5dfe0, 0xd809c7bd), TOBN(0xd7b2580c, 0x8f1050ab), + TOBN(0x6d91ad78, 0xd8a4176f), TOBN(0x0af556ee, 0x4e2e897c)}, + {TOBN(0x162a8b73, 0x921de0ac), TOBN(0x52ac9c22, 0x7ea78400), + TOBN(0xee2a4eea, 0xefce2174), TOBN(0xbe61844e, 0x6d637f79)}}, + {{TOBN(0x0491f1bc, 0x789a283b), TOBN(0x72d3ac3d, 0x880836f4), + TOBN(0xaa1c5ea3, 0x88e5402d), TOBN(0x1b192421, 0xd5cc473d)}, + {TOBN(0x5c0b9998, 0x9dc84cac), TOBN(0xb0a8482d, 0x9c6e75b8), + TOBN(0x639961d0, 0x3a191ce2), TOBN(0xda3bc865, 0x6d837930)}}, + {{TOBN(0xca990653, 0x056e6f8f), TOBN(0x84861c41, 0x64d133a7), + TOBN(0x8b403276, 0x746abe40), TOBN(0xb7b4d51a, 0xebf8e303)}, + {TOBN(0x05b43211, 0x220a255d), TOBN(0xc997152c, 0x02419e6e), + TOBN(0x76ff47b6, 0x630c2fea), TOBN(0x50518677, 0x281fdade)}}, + {{TOBN(0x3283b8ba, 0xcf902b0b), TOBN(0x8d4b4eb5, 0x37db303b), + TOBN(0xcc89f42d, 0x755011bc), TOBN(0xb43d74bb, 0xdd09d19b)}, + {TOBN(0x65746bc9, 0x8adba350), TOBN(0x364eaf8c, 0xb51c1927), + TOBN(0x13c76596, 0x10ad72ec), TOBN(0x30045121, 0xf8d40c20)}}, + {{TOBN(0x6d2d99b7, 0xea7b979b), TOBN(0xcd78cd74, 0xe6fb3bcd), + TOBN(0x11e45a9e, 0x86cffbfe), TOBN(0x78a61cf4, 0x637024f6)}, + {TOBN(0xd06bc872, 0x3d502295), TOBN(0xf1376854, 0x458cb288), + TOBN(0xb9db26a1, 0x342f8586), TOBN(0xf33effcf, 0x4beee09e)}}, + {{TOBN(0xd7e0c4cd, 0xb30cfb3a), TOBN(0x6d09b8c1, 0x6c9db4c8), + TOBN(0x40ba1a42, 0x07c8d9df), TOBN(0x6fd495f7, 0x1c52c66d)}, + {TOBN(0xfb0e169f, 0x275264da), TOBN(0x80c2b746, 0xe57d8362), + TOBN(0xedd987f7, 0x49ad7222), TOBN(0xfdc229af, 0x4398ec7b)}}}, + {{{TOBN(0xb0d1ed84, 0x52666a58), TOBN(0x4bcb6e00, 0xe6a9c3c2), + TOBN(0x3c57411c, 0x26906408), TOBN(0xcfc20755, 0x13556400)}, + {TOBN(0xa08b1c50, 0x5294dba3), TOBN(0xa30ba286, 0x8b7dd31e), + TOBN(0xd70ba90e, 0x991eca74), TOBN(0x094e142c, 0xe762c2b9)}}, + {{TOBN(0xb81d783e, 0x979f3925), TOBN(0x1efd130a, 0xaf4c89a7), + TOBN(0x525c2144, 0xfd1bf7fa), TOBN(0x4b296904, 0x1b265a9e)}, + {TOBN(0xed8e9634, 0xb9db65b6), TOBN(0x35c82e32, 0x03599d8a), + TOBN(0xdaa7a54f, 0x403563f3), TOBN(0x9df088ad, 0x022c38ab)}}, + {{TOBN(0xe5cfb066, 0xbb3fd30a), TOBN(0x429169da, 0xeff0354e), + TOBN(0x809cf852, 0x3524e36c), TOBN(0x136f4fb3, 0x0155be1d)}, + {TOBN(0x4826af01, 0x1fbba712), TOBN(0x6ef0f0b4, 0x506ba1a1), + TOBN(0xd9928b31, 0x77aea73e), TOBN(0xe2bf6af2, 0x5eaa244e)}}, + {{TOBN(0x8d084f12, 0x4237b64b), TOBN(0x688ebe99, 0xe3ecfd07), + TOBN(0x57b8a70c, 0xf6845dd8), TOBN(0x808fc59c, 0x5da4a325)}, + {TOBN(0xa9032b2b, 0xa3585862), TOBN(0xb66825d5, 0xedf29386), + TOBN(0xb5a5a8db, 0x431ec29b), TOBN(0xbb143a98, 0x3a1e8dc8)}}, + {{TOBN(0x35ee94ce, 0x12ae381b), TOBN(0x3a7f176c, 0x86ccda90), + TOBN(0xc63a657e, 0x4606eaca), TOBN(0x9ae5a380, 0x43cd04df)}, + {TOBN(0x9bec8d15, 0xed251b46), TOBN(0x1f5d6d30, 0xcaca5e64), + TOBN(0x347b3b35, 0x9ff20f07), TOBN(0x4d65f034, 0xf7e4b286)}}, + {{TOBN(0x9e93ba24, 0xf111661e), TOBN(0xedced484, 0xb105eb04), + TOBN(0x96dc9ba1, 0xf424b578), TOBN(0xbf8f66b7, 0xe83e9069)}, + {TOBN(0x872d4df4, 0xd7ed8216), TOBN(0xbf07f377, 0x8e2cbecf), + TOBN(0x4281d899, 0x98e73754), TOBN(0xfec85fbb, 0x8aab8708)}}, + {{TOBN(0x9a3c0dee, 0xa5ba5b0b), TOBN(0xe6a116ce, 0x42d05299), + TOBN(0xae9775fe, 0xe9b02d42), TOBN(0x72b05200, 0xa1545cb6)}, + {TOBN(0xbc506f7d, 0x31a3b4ea), TOBN(0xe5893078, 0x8bbd9b32), + TOBN(0xc8bc5f37, 0xe4b12a97), TOBN(0x6b000c06, 0x4a73b671)}}, + {{TOBN(0x13b5bf22, 0x765fa7d0), TOBN(0x59805bf0, 0x1d6a5370), + TOBN(0x67a5e29d, 0x4280db98), TOBN(0x4f53916f, 0x776b1ce3)}, + {TOBN(0x714ff61f, 0x33ddf626), TOBN(0x4206238e, 0xa085d103), + TOBN(0x1c50d4b7, 0xe5809ee3), TOBN(0x999f450d, 0x85f8eb1d)}}, + {{TOBN(0x658a6051, 0xe4c79e9b), TOBN(0x1394cb73, 0xc66a9fea), + TOBN(0x27f31ed5, 0xc6be7b23), TOBN(0xf4c88f36, 0x5aa6f8fe)}, + {TOBN(0x0fb0721f, 0x4aaa499e), TOBN(0x68b3a7d5, 0xe3fb2a6b), + TOBN(0xa788097d, 0x3a92851d), TOBN(0x060e7f8a, 0xe96f4913)}}, + {{TOBN(0x82eebe73, 0x1a3a93bc), TOBN(0x42bbf465, 0xa21adc1a), + TOBN(0xc10b6fa4, 0xef030efd), TOBN(0x247aa4c7, 0x87b097bb)}, + {TOBN(0x8b8dc632, 0xf60c77da), TOBN(0x6ffbc26a, 0xc223523e), + TOBN(0xa4f6ff11, 0x344579cf), TOBN(0x5825653c, 0x980250f6)}}, + {{TOBN(0xb2dd097e, 0xbc1aa2b9), TOBN(0x07889393, 0x37a0333a), + TOBN(0x1cf55e71, 0x37a0db38), TOBN(0x2648487f, 0x792c1613)}, + {TOBN(0xdad01336, 0x3fcef261), TOBN(0x6239c81d, 0x0eabf129), + TOBN(0x8ee761de, 0x9d276be2), TOBN(0x406a7a34, 0x1eda6ad3)}}, + {{TOBN(0x4bf367ba, 0x4a493b31), TOBN(0x54f20a52, 0x9bf7f026), + TOBN(0xb696e062, 0x9795914b), TOBN(0xcddab96d, 0x8bf236ac)}, + {TOBN(0x4ff2c70a, 0xed25ea13), TOBN(0xfa1d09eb, 0x81cbbbe7), + TOBN(0x88fc8c87, 0x468544c5), TOBN(0x847a670d, 0x696b3317)}}, + {{TOBN(0xf133421e, 0x64bcb626), TOBN(0xaea638c8, 0x26dee0b5), + TOBN(0xd6e7680b, 0xb310346c), TOBN(0xe06f4097, 0xd5d4ced3)}, + {TOBN(0x09961452, 0x7512a30b), TOBN(0xf3d867fd, 0xe589a59a), + TOBN(0x2e73254f, 0x52d0c180), TOBN(0x9063d8a3, 0x333c74ac)}}, + {{TOBN(0xeda6c595, 0xd314e7bc), TOBN(0x2ee7464b, 0x467899ed), + TOBN(0x1cef423c, 0x0a1ed5d3), TOBN(0x217e76ea, 0x69cc7613)}, + {TOBN(0x27ccce1f, 0xe7cda917), TOBN(0x12d8016b, 0x8a893f16), + TOBN(0xbcd6de84, 0x9fc74f6b), TOBN(0xfa5817e2, 0xf3144e61)}}, + {{TOBN(0x1f354164, 0x0821ee4c), TOBN(0x1583eab4, 0x0bc61992), + TOBN(0x7490caf6, 0x1d72879f), TOBN(0x998ad9f3, 0xf76ae7b2)}, + {TOBN(0x1e181950, 0xa41157f7), TOBN(0xa9d7e1e6, 0xe8da3a7e), + TOBN(0x963784eb, 0x8426b95f), TOBN(0x0ee4ed6e, 0x542e2a10)}}, + {{TOBN(0xb79d4cc5, 0xac751e7b), TOBN(0x93f96472, 0xfd4211bd), + TOBN(0x8c72d3d2, 0xc8de4fc6), TOBN(0x7b69cbf5, 0xdf44f064)}, + {TOBN(0x3da90ca2, 0xf4bf94e1), TOBN(0x1a5325f8, 0xf12894e2), + TOBN(0x0a437f6c, 0x7917d60b), TOBN(0x9be70486, 0x96c9cb5d)}}, + {{TOBN(0xb4d880bf, 0xe1dc5c05), TOBN(0xd738adda, 0xeebeeb57), + TOBN(0x6f0119d3, 0xdf0fe6a3), TOBN(0x5c686e55, 0x66eaaf5a)}, + {TOBN(0x9cb10b50, 0xdfd0b7ec), TOBN(0xbdd0264b, 0x6a497c21), + TOBN(0xfc093514, 0x8c546c96), TOBN(0x58a947fa, 0x79dbf42a)}}, + {{TOBN(0xc0b48d4e, 0x49ccd6d7), TOBN(0xff8fb02c, 0x88bd5580), + TOBN(0xc75235e9, 0x07d473b2), TOBN(0x4fab1ac5, 0xa2188af3)}, + {TOBN(0x030fa3bc, 0x97576ec0), TOBN(0xe8c946e8, 0x0b7e7d2f), + TOBN(0x40a5c9cc, 0x70305600), TOBN(0x6d8260a9, 0xc8b013b4)}}, + {{TOBN(0x0368304f, 0x70bba85c), TOBN(0xad090da1, 0xa4a0d311), + TOBN(0x7170e870, 0x2415eec1), TOBN(0xbfba35fe, 0x8461ea47)}, + {TOBN(0x6279019a, 0xc1e91938), TOBN(0xa47638f3, 0x1afc415f), + TOBN(0x36c65cbb, 0xbcba0e0f), TOBN(0x02160efb, 0x034e2c48)}}, + {{TOBN(0xe6c51073, 0x615cd9e4), TOBN(0x498ec047, 0xf1243c06), + TOBN(0x3e5a8809, 0xb17b3d8c), TOBN(0x5cd99e61, 0x0cc565f1)}, + {TOBN(0x81e312df, 0x7851dafe), TOBN(0xf156f5ba, 0xa79061e2), + TOBN(0x80d62b71, 0x880c590e), TOBN(0xbec9746f, 0x0a39faa1)}}, + {{TOBN(0x1d98a9c1, 0xc8ed1f7a), TOBN(0x09e43bb5, 0xa81d5ff2), + TOBN(0xd5f00f68, 0x0da0794a), TOBN(0x412050d9, 0x661aa836)}, + {TOBN(0xa89f7c4e, 0x90747e40), TOBN(0x6dc05ebb, 0xb62a3686), + TOBN(0xdf4de847, 0x308e3353), TOBN(0x53868fbb, 0x9fb53bb9)}}, + {{TOBN(0x2b09d2c3, 0xcfdcf7dd), TOBN(0x41a9fce3, 0x723fcab4), + TOBN(0x73d905f7, 0x07f57ca3), TOBN(0x080f9fb1, 0xac8e1555)}, + {TOBN(0x7c088e84, 0x9ba7a531), TOBN(0x07d35586, 0xed9a147f), + TOBN(0x602846ab, 0xaf48c336), TOBN(0x7320fd32, 0x0ccf0e79)}}, + {{TOBN(0xaa780798, 0xb18bd1ff), TOBN(0x52c2e300, 0xafdd2905), + TOBN(0xf27ea3d6, 0x434267cd), TOBN(0x8b96d16d, 0x15605b5f)}, + {TOBN(0x7bb31049, 0x4b45706b), TOBN(0xe7f58b8e, 0x743d25f8), + TOBN(0xe9b5e45b, 0x87f30076), TOBN(0xd19448d6, 0x5d053d5a)}}, + {{TOBN(0x1ecc8cb9, 0xd3210a04), TOBN(0x6bc7d463, 0xdafb5269), + TOBN(0x3e59b10a, 0x67c3489f), TOBN(0x1769788c, 0x65641e1b)}, + {TOBN(0x8a53b82d, 0xbd6cb838), TOBN(0x7066d6e6, 0x236d5f22), + TOBN(0x03aa1c61, 0x6908536e), TOBN(0xc971da0d, 0x66ae9809)}}, + {{TOBN(0x01b3a86b, 0xc49a2fac), TOBN(0x3b8420c0, 0x3092e77a), + TOBN(0x02057300, 0x7d6fb556), TOBN(0x6941b2a1, 0xbff40a87)}, + {TOBN(0x140b6308, 0x0658ff2a), TOBN(0x87804363, 0x3424ab36), + TOBN(0x0253bd51, 0x5751e299), TOBN(0xc75bcd76, 0x449c3e3a)}}, + {{TOBN(0x92eb4090, 0x7f8f875d), TOBN(0x9c9d754e, 0x56c26bbf), + TOBN(0x158cea61, 0x8110bbe7), TOBN(0x62a6b802, 0x745f91ea)}, + {TOBN(0xa79c41aa, 0xc6e7394b), TOBN(0x445b6a83, 0xad57ef10), + TOBN(0x0c5277eb, 0x6ea6f40c), TOBN(0x319fe96b, 0x88633365)}}, + {{TOBN(0x0b0fc61f, 0x385f63cb), TOBN(0x41250c84, 0x22bdd127), + TOBN(0x67d153f1, 0x09e942c2), TOBN(0x60920d08, 0xc021ad5d)}, + {TOBN(0x229f5746, 0x724d81a5), TOBN(0xb7ffb892, 0x5bba3299), + TOBN(0x518c51a1, 0xde413032), TOBN(0x2a9bfe77, 0x3c2fd94c)}}, + {{TOBN(0xcbcde239, 0x3191f4fd), TOBN(0x43093e16, 0xd3d6ada1), + TOBN(0x184579f3, 0x58769606), TOBN(0x2c94a8b3, 0xd236625c)}, + {TOBN(0x6922b9c0, 0x5c437d8e), TOBN(0x3d4ae423, 0xd8d9f3c8), + TOBN(0xf72c31c1, 0x2e7090a2), TOBN(0x4ac3f5f3, 0xd76a55bd)}}, + {{TOBN(0x342508fc, 0x6b6af991), TOBN(0x0d527100, 0x1b5cebbd), + TOBN(0xb84740d0, 0xdd440dd7), TOBN(0x748ef841, 0x780162fd)}, + {TOBN(0xa8dbfe0e, 0xdfc6fafb), TOBN(0xeadfdf05, 0xf7300f27), + TOBN(0x7d06555f, 0xfeba4ec9), TOBN(0x12c56f83, 0x9e25fa97)}}, + {{TOBN(0x77f84203, 0xd39b8c34), TOBN(0xed8b1be6, 0x3125eddb), + TOBN(0x5bbf2441, 0xf6e39dc5), TOBN(0xb00f6ee6, 0x6a5d678a)}, + {TOBN(0xba456ecf, 0x57d0ea99), TOBN(0xdcae0f58, 0x17e06c43), + TOBN(0x01643de4, 0x0f5b4baa), TOBN(0x2c324341, 0xd161b9be)}}, + {{TOBN(0x80177f55, 0xe126d468), TOBN(0xed325f1f, 0x76748e09), + TOBN(0x6116004a, 0xcfa9bdc2), TOBN(0x2d8607e6, 0x3a9fb468)}, + {TOBN(0x0e573e27, 0x6009d660), TOBN(0x3a525d2e, 0x8d10c5a1), + TOBN(0xd26cb45c, 0x3b9009a0), TOBN(0xb6b0cdc0, 0xde9d7448)}}, + {{TOBN(0x949c9976, 0xe1337c26), TOBN(0x6faadebd, 0xd73d68e5), + TOBN(0x9e158614, 0xf1b768d9), TOBN(0x22dfa557, 0x9cc4f069)}, + {TOBN(0xccd6da17, 0xbe93c6d6), TOBN(0x24866c61, 0xa504f5b9), + TOBN(0x2121353c, 0x8d694da1), TOBN(0x1c6ca580, 0x0140b8c6)}}, + {{TOBN(0xc245ad8c, 0xe964021e), TOBN(0xb83bffba, 0x032b82b3), + TOBN(0xfaa220c6, 0x47ef9898), TOBN(0x7e8d3ac6, 0x982c948a)}, + {TOBN(0x1faa2091, 0xbc2d124a), TOBN(0xbd54c3dd, 0x05b15ff4), + TOBN(0x386bf3ab, 0xc87c6fb7), TOBN(0xfb2b0563, 0xfdeb6f66)}}, + {{TOBN(0x4e77c557, 0x5b45afb4), TOBN(0xe9ded649, 0xefb8912d), + TOBN(0x7ec9bbf5, 0x42f6e557), TOBN(0x2570dfff, 0x62671f00)}, + {TOBN(0x2b3bfb78, 0x88e084bd), TOBN(0xa024b238, 0xf37fe5b4), + TOBN(0x44e7dc04, 0x95649aee), TOBN(0x498ca255, 0x5e7ec1d8)}}, + {{TOBN(0x3bc766ea, 0xaaa07e86), TOBN(0x0db6facb, 0xf3608586), + TOBN(0xbadd2549, 0xbdc259c8), TOBN(0x95af3c6e, 0x041c649f)}, + {TOBN(0xb36a928c, 0x02e30afb), TOBN(0x9b5356ad, 0x008a88b8), + TOBN(0x4b67a5f1, 0xcf1d9e9d), TOBN(0xc6542e47, 0xa5d8d8ce)}}, + {{TOBN(0x73061fe8, 0x7adfb6cc), TOBN(0xcc826fd3, 0x98678141), + TOBN(0x00e758b1, 0x3c80515a), TOBN(0x6afe3247, 0x41485083)}, + {TOBN(0x0fcb08b9, 0xb6ae8a75), TOBN(0xb8cf388d, 0x4acf51e1), + TOBN(0x344a5560, 0x6961b9d6), TOBN(0x1a6778b8, 0x6a97fd0c)}}, + {{TOBN(0xd840fdc1, 0xecc4c7e3), TOBN(0xde9fe47d, 0x16db68cc), + TOBN(0xe95f89de, 0xa3e216aa), TOBN(0x84f1a6a4, 0x9594a8be)}, + {TOBN(0x7ddc7d72, 0x5a7b162b), TOBN(0xc5cfda19, 0xadc817a3), + TOBN(0x80a5d350, 0x78b58d46), TOBN(0x93365b13, 0x82978f19)}}, + {{TOBN(0x2e44d225, 0x26a1fc90), TOBN(0x0d6d10d2, 0x4d70705d), + TOBN(0xd94b6b10, 0xd70c45f4), TOBN(0x0f201022, 0xb216c079)}, + {TOBN(0xcec966c5, 0x658fde41), TOBN(0xa8d2bc7d, 0x7e27601d), + TOBN(0xbfcce3e1, 0xff230be7), TOBN(0x3394ff6b, 0x0033ffb5)}}, + {{TOBN(0xd890c509, 0x8132c9af), TOBN(0xaac4b0eb, 0x361e7868), + TOBN(0x5194ded3, 0xe82d15aa), TOBN(0x4550bd2e, 0x23ae6b7d)}, + {TOBN(0x3fda318e, 0xea5399d4), TOBN(0xd989bffa, 0x91638b80), + TOBN(0x5ea124d0, 0xa14aa12d), TOBN(0x1fb1b899, 0x3667b944)}}, + {{TOBN(0x95ec7969, 0x44c44d6a), TOBN(0x91df144a, 0x57e86137), + TOBN(0x915fd620, 0x73adac44), TOBN(0x8f01732d, 0x59a83801)}, + {TOBN(0xec579d25, 0x3aa0a633), TOBN(0x06de5e7c, 0xc9d6d59c), + TOBN(0xc132f958, 0xb1ef8010), TOBN(0x29476f96, 0xe65c1a02)}}, + {{TOBN(0x336a77c0, 0xd34c3565), TOBN(0xef1105b2, 0x1b9f1e9e), + TOBN(0x63e6d08b, 0xf9e08002), TOBN(0x9aff2f21, 0xc613809e)}, + {TOBN(0xb5754f85, 0x3a80e75d), TOBN(0xde71853e, 0x6bbda681), + TOBN(0x86f041df, 0x8197fd7a), TOBN(0x8b332e08, 0x127817fa)}}, + {{TOBN(0x05d99be8, 0xb9c20cda), TOBN(0x89f7aad5, 0xd5cd0c98), + TOBN(0x7ef936fe, 0x5bb94183), TOBN(0x92ca0753, 0xb05cd7f2)}, + {TOBN(0x9d65db11, 0x74a1e035), TOBN(0x02628cc8, 0x13eaea92), + TOBN(0xf2d9e242, 0x49e4fbf2), TOBN(0x94fdfd9b, 0xe384f8b7)}}, + {{TOBN(0x65f56054, 0x63428c6b), TOBN(0x2f7205b2, 0x90b409a5), + TOBN(0xf778bb78, 0xff45ae11), TOBN(0xa13045be, 0xc5ee53b2)}, + {TOBN(0xe00a14ff, 0x03ef77fe), TOBN(0x689cd59f, 0xffef8bef), + TOBN(0x3578f0ed, 0x1e9ade22), TOBN(0xe99f3ec0, 0x6268b6a8)}}, + {{TOBN(0xa2057d91, 0xea1b3c3e), TOBN(0x2d1a7053, 0xb8823a4a), + TOBN(0xabbb336a, 0x2cca451e), TOBN(0xcd2466e3, 0x2218bb5d)}, + {TOBN(0x3ac1f42f, 0xc8cb762d), TOBN(0x7e312aae, 0x7690211f), + TOBN(0xebb9bd73, 0x45d07450), TOBN(0x207c4b82, 0x46c2213f)}}, + {{TOBN(0x99d425c1, 0x375913ec), TOBN(0x94e45e96, 0x67908220), + TOBN(0xc08f3087, 0xcd67dbf6), TOBN(0xa5670fbe, 0xc0887056)}, + {TOBN(0x6717b64a, 0x66f5b8fc), TOBN(0xd5a56aea, 0x786fec28), + TOBN(0xa8c3f55f, 0xc0ff4952), TOBN(0xa77fefae, 0x457ac49b)}}, + {{TOBN(0x29882d7c, 0x98379d44), TOBN(0xd000bdfb, 0x509edc8a), + TOBN(0xc6f95979, 0xe66fe464), TOBN(0x504a6115, 0xfa61bde0)}, + {TOBN(0x56b3b871, 0xeffea31a), TOBN(0x2d3de26d, 0xf0c21a54), + TOBN(0x21dbff31, 0x834753bf), TOBN(0xe67ecf49, 0x69269d86)}}, + {{TOBN(0x7a176952, 0x151fe690), TOBN(0x03515804, 0x7f2adb5f), + TOBN(0xee794b15, 0xd1b62a8d), TOBN(0xf004ceec, 0xaae454e6)}, + {TOBN(0x0897ea7c, 0xf0386fac), TOBN(0x3b62ff12, 0xd1fca751), + TOBN(0x154181df, 0x1b7a04ec), TOBN(0x2008e04a, 0xfb5847ec)}}, + {{TOBN(0xd147148e, 0x41dbd772), TOBN(0x2b419f73, 0x22942654), + TOBN(0x669f30d3, 0xe9c544f7), TOBN(0x52a2c223, 0xc8540149)}, + {TOBN(0x5da9ee14, 0x634dfb02), TOBN(0x5f074ff0, 0xf47869f3), + TOBN(0x74ee878d, 0xa3933acc), TOBN(0xe6510651, 0x4fe35ed1)}}, + {{TOBN(0xb3eb9482, 0xf1012e7a), TOBN(0x51013cc0, 0xa8a566ae), + TOBN(0xdd5e9243, 0x47c00d3b), TOBN(0x7fde089d, 0x946bb0e5)}, + {TOBN(0x030754fe, 0xc731b4b3), TOBN(0x12a136a4, 0x99fda062), + TOBN(0x7c1064b8, 0x5a1a35bc), TOBN(0xbf1f5763, 0x446c84ef)}}, + {{TOBN(0xed29a56d, 0xa16d4b34), TOBN(0x7fba9d09, 0xdca21c4f), + TOBN(0x66d7ac00, 0x6d8de486), TOBN(0x60061987, 0x73a2a5e1)}, + {TOBN(0x8b400f86, 0x9da28ff0), TOBN(0x3133f708, 0x43c4599c), + TOBN(0x9911c9b8, 0xee28cb0d), TOBN(0xcd7e2874, 0x8e0af61d)}}, + {{TOBN(0x5a85f0f2, 0x72ed91fc), TOBN(0x85214f31, 0x9cd4a373), + TOBN(0x881fe5be, 0x1925253c), TOBN(0xd8dc98e0, 0x91e8bc76)}, + {TOBN(0x7120affe, 0x585cc3a2), TOBN(0x724952ed, 0x735bf97a), + TOBN(0x5581e7dc, 0x3eb34581), TOBN(0x5cbff4f2, 0xe52ee57d)}}, + {{TOBN(0x8d320a0e, 0x87d8cc7b), TOBN(0x9beaa7f3, 0xf1d280d0), + TOBN(0x7a0b9571, 0x9beec704), TOBN(0x9126332e, 0x5b7f0057)}, + {TOBN(0x01fbc1b4, 0x8ed3bd6d), TOBN(0x35bb2c12, 0xd945eb24), + TOBN(0x6404694e, 0x9a8ae255), TOBN(0xb6092eec, 0x8d6abfb3)}}, + {{TOBN(0x4d76143f, 0xcc058865), TOBN(0x7b0a5af2, 0x6e249922), + TOBN(0x8aef9440, 0x6a50d353), TOBN(0xe11e4bcc, 0x64f0e07a)}, + {TOBN(0x4472993a, 0xa14a90fa), TOBN(0x7706e20c, 0xba0c51d4), + TOBN(0xf403292f, 0x1532672d), TOBN(0x52573bfa, 0x21829382)}}, + {{TOBN(0x6a7bb6a9, 0x3b5bdb83), TOBN(0x08da65c0, 0xa4a72318), + TOBN(0xc58d22aa, 0x63eb065f), TOBN(0x1717596c, 0x1b15d685)}, + {TOBN(0x112df0d0, 0xb266d88b), TOBN(0xf688ae97, 0x5941945a), + TOBN(0x487386e3, 0x7c292cac), TOBN(0x42f3b50d, 0x57d6985c)}}, + {{TOBN(0x6da4f998, 0x6a90fc34), TOBN(0xc8f257d3, 0x65ca8a8d), + TOBN(0xc2feabca, 0x6951f762), TOBN(0xe1bc81d0, 0x74c323ac)}, + {TOBN(0x1bc68f67, 0x251a2a12), TOBN(0x10d86587, 0xbe8a70dc), + TOBN(0xd648af7f, 0xf0f84d2e), TOBN(0xf0aa9ebc, 0x6a43ac92)}}, + {{TOBN(0x69e3be04, 0x27596893), TOBN(0xb6bb02a6, 0x45bf452b), + TOBN(0x0875c11a, 0xf4c698c8), TOBN(0x6652b5c7, 0xbece3794)}, + {TOBN(0x7b3755fd, 0x4f5c0499), TOBN(0x6ea16558, 0xb5532b38), + TOBN(0xd1c69889, 0xa2e96ef7), TOBN(0x9c773c3a, 0x61ed8f48)}}, + {{TOBN(0x2b653a40, 0x9b323abc), TOBN(0xe26605e1, 0xf0e1d791), + TOBN(0x45d41064, 0x4a87157a), TOBN(0x8f9a78b7, 0xcbbce616)}, + {TOBN(0xcf1e44aa, 0xc407eddd), TOBN(0x81ddd1d8, 0xa35b964f), + TOBN(0x473e339e, 0xfd083999), TOBN(0x6c94bdde, 0x8e796802)}}, + {{TOBN(0x5a304ada, 0x8545d185), TOBN(0x82ae44ea, 0x738bb8cb), + TOBN(0x628a35e3, 0xdf87e10e), TOBN(0xd3624f3d, 0xa15b9fe3)}, + {TOBN(0xcc44209b, 0x14be4254), TOBN(0x7d0efcbc, 0xbdbc2ea5), + TOBN(0x1f603362, 0x04c37bbe), TOBN(0x21f363f5, 0x56a5852c)}}, + {{TOBN(0xa1503d1c, 0xa8501550), TOBN(0x2251e0e1, 0xd8ab10bb), + TOBN(0xde129c96, 0x6961c51c), TOBN(0x1f7246a4, 0x81910f68)}, + {TOBN(0x2eb744ee, 0x5f2591f2), TOBN(0x3c47d33f, 0x5e627157), + TOBN(0x4d6d62c9, 0x22f3bd68), TOBN(0x6120a64b, 0xcb8df856)}}, + {{TOBN(0x3a9ac6c0, 0x7b5d07df), TOBN(0xa92b9558, 0x7ef39783), + TOBN(0xe128a134, 0xab3a9b4f), TOBN(0x41c18807, 0xb1252f05)}, + {TOBN(0xfc7ed089, 0x80ba9b1c), TOBN(0xac8dc6de, 0xc532a9dd), + TOBN(0xbf829cef, 0x55246809), TOBN(0x101b784f, 0x5b4ee80f)}}, + {{TOBN(0xc09945bb, 0xb6f11603), TOBN(0x57b09dbe, 0x41d2801e), + TOBN(0xfba5202f, 0xa97534a8), TOBN(0x7fd8ae5f, 0xc17b9614)}, + {TOBN(0xa50ba666, 0x78308435), TOBN(0x9572f77c, 0xd3868c4d), + TOBN(0x0cef7bfd, 0x2dd7aab0), TOBN(0xe7958e08, 0x2c7c79ff)}}, + {{TOBN(0x81262e42, 0x25346689), TOBN(0x716da290, 0xb07c7004), + TOBN(0x35f911ea, 0xb7950ee3), TOBN(0x6fd72969, 0x261d21b5)}, + {TOBN(0x52389803, 0x08b640d3), TOBN(0x5b0026ee, 0x887f12a1), + TOBN(0x20e21660, 0x742e9311), TOBN(0x0ef6d541, 0x5ff77ff7)}}, + {{TOBN(0x969127f0, 0xf9c41135), TOBN(0xf21d60c9, 0x68a64993), + TOBN(0x656e5d0c, 0xe541875c), TOBN(0xf1e0f84e, 0xa1d3c233)}, + {TOBN(0x9bcca359, 0x06002d60), TOBN(0xbe2da60c, 0x06191552), + TOBN(0x5da8bbae, 0x61181ec3), TOBN(0x9f04b823, 0x65806f19)}}, + {{TOBN(0xf1604a7d, 0xd4b79bb8), TOBN(0xaee806fb, 0x52c878c8), + TOBN(0x34144f11, 0x8d47b8e8), TOBN(0x72edf52b, 0x949f9054)}, + {TOBN(0xebfca84e, 0x2127015a), TOBN(0x9051d0c0, 0x9cb7cef3), + TOBN(0x86e8fe58, 0x296deec8), TOBN(0x33b28188, 0x41010d74)}}}, + {{{TOBN(0x01079383, 0x171b445f), TOBN(0x9bcf21e3, 0x8131ad4c), + TOBN(0x8cdfe205, 0xc93987e8), TOBN(0xe63f4152, 0xc92e8c8f)}, + {TOBN(0x729462a9, 0x30add43d), TOBN(0x62ebb143, 0xc980f05a), + TOBN(0x4f3954e5, 0x3b06e968), TOBN(0xfe1d75ad, 0x242cf6b1)}}, + {{TOBN(0x5f95c6c7, 0xaf8685c8), TOBN(0xd4c1c8ce, 0x2f8f01aa), + TOBN(0xc44bbe32, 0x2574692a), TOBN(0xb8003478, 0xd4a4a068)}, + {TOBN(0x7c8fc6e5, 0x2eca3cdb), TOBN(0xea1db16b, 0xec04d399), + TOBN(0xb05bc82e, 0x8f2bc5cf), TOBN(0x763d517f, 0xf44793d2)}}, + {{TOBN(0x4451c1b8, 0x08bd98d0), TOBN(0x644b1cd4, 0x6575f240), + TOBN(0x6907eb33, 0x7375d270), TOBN(0x56c8bebd, 0xfa2286bd)}, + {TOBN(0xc713d2ac, 0xc4632b46), TOBN(0x17da427a, 0xafd60242), + TOBN(0x313065b7, 0xc95c7546), TOBN(0xf8239898, 0xbf17a3de)}}, + {{TOBN(0xf3b7963f, 0x4c830320), TOBN(0x842c7aa0, 0x903203e3), + TOBN(0xaf22ca0a, 0xe7327afb), TOBN(0x38e13092, 0x967609b6)}, + {TOBN(0x73b8fb62, 0x757558f1), TOBN(0x3cc3e831, 0xf7eca8c1), + TOBN(0xe4174474, 0xf6331627), TOBN(0xa77989ca, 0xc3c40234)}}, + {{TOBN(0xe5fd17a1, 0x44a081e0), TOBN(0xd797fb7d, 0xb70e296a), + TOBN(0x2b472b30, 0x481f719c), TOBN(0x0e632a98, 0xfe6f8c52)}, + {TOBN(0x89ccd116, 0xc5f0c284), TOBN(0xf51088af, 0x2d987c62), + TOBN(0x2a2bccda, 0x4c2de6cf), TOBN(0x810f9efe, 0xf679f0f9)}}, + {{TOBN(0xb0f394b9, 0x7ffe4b3e), TOBN(0x0b691d21, 0xe5fa5d21), + TOBN(0xb0bd7747, 0x9dfbbc75), TOBN(0xd2830fda, 0xfaf78b00)}, + {TOBN(0xf78c249c, 0x52434f57), TOBN(0x4b1f7545, 0x98096dab), + TOBN(0x73bf6f94, 0x8ff8c0b3), TOBN(0x34aef03d, 0x454e134c)}}, + {{TOBN(0xf8d151f4, 0xb7ac7ec5), TOBN(0xd6ceb95a, 0xe50da7d5), + TOBN(0xa1b492b0, 0xdc3a0eb8), TOBN(0x75157b69, 0xb3dd2863)}, + {TOBN(0xe2c4c74e, 0xc5413d62), TOBN(0xbe329ff7, 0xbc5fc4c7), + TOBN(0x835a2aea, 0x60fa9dda), TOBN(0xf117f5ad, 0x7445cb87)}}, + {{TOBN(0xae8317f4, 0xb0166f7a), TOBN(0xfbd3e3f7, 0xceec74e6), + TOBN(0xfdb516ac, 0xe0874bfd), TOBN(0x3d846019, 0xc681f3a3)}, + {TOBN(0x0b12ee5c, 0x7c1620b0), TOBN(0xba68b4dd, 0x2b63c501), + TOBN(0xac03cd32, 0x6668c51e), TOBN(0x2a6279f7, 0x4e0bcb5b)}}, + {{TOBN(0x17bd69b0, 0x6ae85c10), TOBN(0x72946979, 0x1dfdd3a6), + TOBN(0xd9a03268, 0x2c078bec), TOBN(0x41c6a658, 0xbfd68a52)}, + {TOBN(0xcdea1024, 0x0e023900), TOBN(0xbaeec121, 0xb10d144d), + TOBN(0x5a600e74, 0x058ab8dc), TOBN(0x1333af21, 0xbb89ccdd)}}, + {{TOBN(0xdf25eae0, 0x3aaba1f1), TOBN(0x2cada16e, 0x3b7144cf), + TOBN(0x657ee27d, 0x71ab98bc), TOBN(0x99088b4c, 0x7a6fc96e)}, + {TOBN(0x05d5c0a0, 0x3549dbd4), TOBN(0x42cbdf8f, 0xf158c3ac), + TOBN(0x3fb6b3b0, 0x87edd685), TOBN(0x22071cf6, 0x86f064d0)}}, + {{TOBN(0xd2d6721f, 0xff2811e5), TOBN(0xdb81b703, 0xfe7fae8c), + TOBN(0x3cfb74ef, 0xd3f1f7bb), TOBN(0x0cdbcd76, 0x16cdeb5d)}, + {TOBN(0x4f39642a, 0x566a808c), TOBN(0x02b74454, 0x340064d6), + TOBN(0xfabbadca, 0x0528fa6f), TOBN(0xe4c3074c, 0xd3fc0bb6)}}, + {{TOBN(0xb32cb8b0, 0xb796d219), TOBN(0xc3e95f4f, 0x34741dd9), + TOBN(0x87212125, 0x68edf6f5), TOBN(0x7a03aee4, 0xa2b9cb8e)}, + {TOBN(0x0cd3c376, 0xf53a89aa), TOBN(0x0d8af9b1, 0x948a28dc), + TOBN(0xcf86a3f4, 0x902ab04f), TOBN(0x8aacb62a, 0x7f42002d)}}, + {{TOBN(0x106985eb, 0xf62ffd52), TOBN(0xe670b54e, 0x5797bf10), + TOBN(0x4b405209, 0xc5e30aef), TOBN(0x12c97a20, 0x4365b5e9)}, + {TOBN(0x104646ce, 0x1fe32093), TOBN(0x13cb4ff6, 0x3907a8c9), + TOBN(0x8b9f30d1, 0xd46e726b), TOBN(0xe1985e21, 0xaba0f499)}}, + {{TOBN(0xc573dea9, 0x10a230cd), TOBN(0x24f46a93, 0xcd30f947), + TOBN(0xf2623fcf, 0xabe2010a), TOBN(0x3f278cb2, 0x73f00e4f)}, + {TOBN(0xed55c67d, 0x50b920eb), TOBN(0xf1cb9a2d, 0x8e760571), + TOBN(0x7c50d109, 0x0895b709), TOBN(0x4207cf07, 0x190d4369)}}, + {{TOBN(0x3b027e81, 0xc4127fe1), TOBN(0xa9f8b9ad, 0x3ae9c566), + TOBN(0x5ab10851, 0xacbfbba5), TOBN(0xa747d648, 0x569556f5)}, + {TOBN(0xcc172b5c, 0x2ba97bf7), TOBN(0x15e0f77d, 0xbcfa3324), + TOBN(0xa345b797, 0x7686279d), TOBN(0x5a723480, 0xe38003d3)}}, + {{TOBN(0xfd8e139f, 0x8f5fcda8), TOBN(0xf3e558c4, 0xbdee5bfd), + TOBN(0xd76cbaf4, 0xe33f9f77), TOBN(0x3a4c97a4, 0x71771969)}, + {TOBN(0xda27e84b, 0xf6dce6a7), TOBN(0xff373d96, 0x13e6c2d1), + TOBN(0xf115193c, 0xd759a6e9), TOBN(0x3f9b7025, 0x63d2262c)}}, + {{TOBN(0xd9764a31, 0x317cd062), TOBN(0x30779d8e, 0x199f8332), + TOBN(0xd8074106, 0x16b11b0b), TOBN(0x7917ab9f, 0x78aeaed8)}, + {TOBN(0xb67a9cbe, 0x28fb1d8e), TOBN(0x2e313563, 0x136eda33), + TOBN(0x010b7069, 0xa371a86c), TOBN(0x44d90fa2, 0x6744e6b7)}}, + {{TOBN(0x68190867, 0xd6b3e243), TOBN(0x9fe6cd9d, 0x59048c48), + TOBN(0xb900b028, 0x95731538), TOBN(0xa012062f, 0x32cae04f)}, + {TOBN(0x8107c8bc, 0x9399d082), TOBN(0x47e8c54a, 0x41df12e2), + TOBN(0x14ba5117, 0xb6ef3f73), TOBN(0x22260bea, 0x81362f0b)}}, + {{TOBN(0x90ea261e, 0x1a18cc20), TOBN(0x2192999f, 0x2321d636), + TOBN(0xef64d314, 0xe311b6a0), TOBN(0xd7401e4c, 0x3b54a1f5)}, + {TOBN(0x19019983, 0x6fbca2ba), TOBN(0x46ad3293, 0x8fbffc4b), + TOBN(0xa142d3f6, 0x3786bf40), TOBN(0xeb5cbc26, 0xb67039fc)}}, + {{TOBN(0x9cb0ae6c, 0x252bd479), TOBN(0x05e0f88a, 0x12b5848f), + TOBN(0x78f6d2b2, 0xa5c97663), TOBN(0x6f6e149b, 0xc162225c)}, + {TOBN(0xe602235c, 0xde601a89), TOBN(0xd17bbe98, 0xf373be1f), + TOBN(0xcaf49a5b, 0xa8471827), TOBN(0x7e1a0a85, 0x18aaa116)}}, + {{TOBN(0x6c833196, 0x270580c3), TOBN(0x1e233839, 0xf1c98a14), + TOBN(0x67b2f7b4, 0xae34e0a5), TOBN(0x47ac8745, 0xd8ce7289)}, + {TOBN(0x2b74779a, 0x100dd467), TOBN(0x274a4337, 0x4ee50d09), + TOBN(0x603dcf13, 0x83608bc9), TOBN(0xcd9da6c3, 0xc89e8388)}}, + {{TOBN(0x2660199f, 0x355116ac), TOBN(0xcc38bb59, 0xb6d18eed), + TOBN(0x3075f31f, 0x2f4bc071), TOBN(0x9774457f, 0x265dc57e)}, + {TOBN(0x06a6a9c8, 0xc6db88bb), TOBN(0x6429d07f, 0x4ec98e04), + TOBN(0x8d05e57b, 0x05ecaa8b), TOBN(0x20f140b1, 0x7872ea7b)}}, + {{TOBN(0xdf8c0f09, 0xca494693), TOBN(0x48d3a020, 0xf252e909), + TOBN(0x4c5c29af, 0x57b14b12), TOBN(0x7e6fa37d, 0xbf47ad1c)}, + {TOBN(0x66e7b506, 0x49a0c938), TOBN(0xb72c0d48, 0x6be5f41f), + TOBN(0x6a6242b8, 0xb2359412), TOBN(0xcd35c774, 0x8e859480)}}, + {{TOBN(0x12536fea, 0x87baa627), TOBN(0x58c1fec1, 0xf72aa680), + TOBN(0x6c29b637, 0x601e5dc9), TOBN(0x9e3c3c1c, 0xde9e01b9)}, + {TOBN(0xefc8127b, 0x2bcfe0b0), TOBN(0x35107102, 0x2a12f50d), + TOBN(0x6ccd6cb1, 0x4879b397), TOBN(0xf792f804, 0xf8a82f21)}}, + {{TOBN(0x509d4804, 0xa9b46402), TOBN(0xedddf85d, 0xc10f0850), + TOBN(0x928410dc, 0x4b6208aa), TOBN(0xf6229c46, 0x391012dc)}, + {TOBN(0xc5a7c41e, 0x7727b9b6), TOBN(0x289e4e4b, 0xaa444842), + TOBN(0x049ba1d9, 0xe9a947ea), TOBN(0x44f9e47f, 0x83c8debc)}}, + {{TOBN(0xfa77a1fe, 0x611f8b8e), TOBN(0xfd2e416a, 0xf518f427), + TOBN(0xc5fffa70, 0x114ebac3), TOBN(0xfe57c4e9, 0x5d89697b)}, + {TOBN(0xfdd053ac, 0xb1aaf613), TOBN(0x31df210f, 0xea585a45), + TOBN(0x318cc10e, 0x24985034), TOBN(0x1a38efd1, 0x5f1d6130)}}, + {{TOBN(0xbf86f237, 0x0b1e9e21), TOBN(0xb258514d, 0x1dbe88aa), + TOBN(0x1e38a588, 0x90c1baf9), TOBN(0x2936a01e, 0xbdb9b692)}, + {TOBN(0xd576de98, 0x6dd5b20c), TOBN(0xb586bf71, 0x70f98ecf), + TOBN(0xcccf0f12, 0xc42d2fd7), TOBN(0x8717e61c, 0xfb35bd7b)}}, + {{TOBN(0x8b1e5722, 0x35e6fc06), TOBN(0x3477728f, 0x0b3e13d5), + TOBN(0x150c294d, 0xaa8a7372), TOBN(0xc0291d43, 0x3bfa528a)}, + {TOBN(0xc6c8bc67, 0xcec5a196), TOBN(0xdeeb31e4, 0x5c2e8a7c), + TOBN(0xba93e244, 0xfb6e1c51), TOBN(0xb9f8b71b, 0x2e28e156)}}, + {{TOBN(0xce65a287, 0x968a2ab9), TOBN(0xe3c5ce69, 0x46bbcb1f), + TOBN(0xf8c835b9, 0xe7ae3f30), TOBN(0x16bbee26, 0xff72b82b)}, + {TOBN(0x665e2017, 0xfd42cd22), TOBN(0x1e139970, 0xf8b1d2a0), + TOBN(0x125cda29, 0x79204932), TOBN(0x7aee94a5, 0x49c3bee5)}}, + {{TOBN(0x68c70160, 0x89821a66), TOBN(0xf7c37678, 0x8f981669), + TOBN(0xd90829fc, 0x48cc3645), TOBN(0x346af049, 0xd70addfc)}, + {TOBN(0x2057b232, 0x370bf29c), TOBN(0xf90c73ce, 0x42e650ee), + TOBN(0xe03386ea, 0xa126ab90), TOBN(0x0e266e7e, 0x975a087b)}}, + {{TOBN(0x80578eb9, 0x0fca65d9), TOBN(0x7e2989ea, 0x16af45b8), + TOBN(0x7438212d, 0xcac75a4e), TOBN(0x38c7ca39, 0x4fef36b8)}, + {TOBN(0x8650c494, 0xd402676a), TOBN(0x26ab5a66, 0xf72c7c48), + TOBN(0x4e6cb426, 0xce3a464e), TOBN(0xf8f99896, 0x2b72f841)}}, + {{TOBN(0x8c318491, 0x1a335cc8), TOBN(0x563459ba, 0x6a5913e4), + TOBN(0x1b920d61, 0xc7b32919), TOBN(0x805ab8b6, 0xa02425ad)}, + {TOBN(0x2ac512da, 0x8d006086), TOBN(0x6ca4846a, 0xbcf5c0fd), + TOBN(0xafea51d8, 0xac2138d7), TOBN(0xcb647545, 0x344cd443)}}, + {{TOBN(0x0429ee8f, 0xbd7d9040), TOBN(0xee66a2de, 0x819b9c96), + TOBN(0x54f9ec25, 0xdea7d744), TOBN(0x2ffea642, 0x671721bb)}, + {TOBN(0x4f19dbd1, 0x114344ea), TOBN(0x04304536, 0xfd0dbc8b), + TOBN(0x014b50aa, 0x29ec7f91), TOBN(0xb5fc22fe, 0xbb06014d)}}, + {{TOBN(0x60d963a9, 0x1ee682e0), TOBN(0xdf48abc0, 0xfe85c727), + TOBN(0x0cadba13, 0x2e707c2d), TOBN(0xde608d3a, 0xa645aeff)}, + {TOBN(0x05f1c28b, 0xedafd883), TOBN(0x3c362ede, 0xbd94de1f), + TOBN(0x8dd0629d, 0x13593e41), TOBN(0x0a5e736f, 0x766d6eaf)}}, + {{TOBN(0xbfa92311, 0xf68cf9d1), TOBN(0xa4f9ef87, 0xc1797556), + TOBN(0x10d75a1f, 0x5601c209), TOBN(0x651c374c, 0x09b07361)}, + {TOBN(0x49950b58, 0x88b5cead), TOBN(0x0ef00058, 0x6fa9dbaa), + TOBN(0xf51ddc26, 0x4e15f33a), TOBN(0x1f8b5ca6, 0x2ef46140)}}, + {{TOBN(0x343ac0a3, 0xee9523f0), TOBN(0xbb75eab2, 0x975ea978), + TOBN(0x1bccf332, 0x107387f4), TOBN(0x790f9259, 0x9ab0062e)}, + {TOBN(0xf1a363ad, 0x1e4f6a5f), TOBN(0x06e08b84, 0x62519a50), + TOBN(0x60915187, 0x7265f1ee), TOBN(0x6a80ca34, 0x93ae985e)}}, + {{TOBN(0x81b29768, 0xaaba4864), TOBN(0xb13cabf2, 0x8d52a7d6), + TOBN(0xb5c36348, 0x8ead03f1), TOBN(0xc932ad95, 0x81c7c1c0)}, + {TOBN(0x5452708e, 0xcae1e27b), TOBN(0x9dac4269, 0x1b0df648), + TOBN(0x233e3f0c, 0xdfcdb8bc), TOBN(0xe6ceccdf, 0xec540174)}}, + {{TOBN(0xbd0d845e, 0x95081181), TOBN(0xcc8a7920, 0x699355d5), + TOBN(0x111c0f6d, 0xc3b375a8), TOBN(0xfd95bc6b, 0xfd51e0dc)}, + {TOBN(0x4a106a26, 0x6888523a), TOBN(0x4d142bd6, 0xcb01a06d), + TOBN(0x79bfd289, 0xadb9b397), TOBN(0x0bdbfb94, 0xe9863914)}}, + {{TOBN(0x29d8a229, 0x1660f6a6), TOBN(0x7f6abcd6, 0x551c042d), + TOBN(0x13039deb, 0x0ac3ffe8), TOBN(0xa01be628, 0xec8523fb)}, + {TOBN(0x6ea34103, 0x0ca1c328), TOBN(0xc74114bd, 0xb903928e), + TOBN(0x8aa4ff4e, 0x9e9144b0), TOBN(0x7064091f, 0x7f9a4b17)}}, + {{TOBN(0xa3f4f521, 0xe447f2c4), TOBN(0x81b8da7a, 0x604291f0), + TOBN(0xd680bc46, 0x7d5926de), TOBN(0x84f21fd5, 0x34a1202f)}, + {TOBN(0x1d1e3181, 0x4e9df3d8), TOBN(0x1ca4861a, 0x39ab8d34), + TOBN(0x809ddeec, 0x5b19aa4a), TOBN(0x59f72f7e, 0x4d329366)}}, + {{TOBN(0xa2f93f41, 0x386d5087), TOBN(0x40bf739c, 0xdd67d64f), + TOBN(0xb4494205, 0x66702158), TOBN(0xc33c65be, 0x73b1e178)}, + {TOBN(0xcdcd657c, 0x38ca6153), TOBN(0x97f4519a, 0xdc791976), + TOBN(0xcc7c7f29, 0xcd6e1f39), TOBN(0x38de9cfb, 0x7e3c3932)}}, + {{TOBN(0xe448eba3, 0x7b793f85), TOBN(0xe9f8dbf9, 0xf067e914), + TOBN(0xc0390266, 0xf114ae87), TOBN(0x39ed75a7, 0xcd6a8e2a)}, + {TOBN(0xadb14848, 0x7ffba390), TOBN(0x67f8cb8b, 0x6af9bc09), + TOBN(0x322c3848, 0x9c7476db), TOBN(0xa320fecf, 0x52a538d6)}}, + {{TOBN(0xe0493002, 0xb2aced2b), TOBN(0xdfba1809, 0x616bd430), + TOBN(0x531c4644, 0xc331be70), TOBN(0xbc04d32e, 0x90d2e450)}, + {TOBN(0x1805a0d1, 0x0f9f142d), TOBN(0x2c44a0c5, 0x47ee5a23), + TOBN(0x31875a43, 0x3989b4e3), TOBN(0x6b1949fd, 0x0c063481)}}, + {{TOBN(0x2dfb9e08, 0xbe0f4492), TOBN(0x3ff0da03, 0xe9d5e517), + TOBN(0x03dbe9a1, 0xf79466a8), TOBN(0x0b87bcd0, 0x15ea9932)}, + {TOBN(0xeb64fc83, 0xab1f58ab), TOBN(0x6d9598da, 0x817edc8a), + TOBN(0x699cff66, 0x1d3b67e5), TOBN(0x645c0f29, 0x92635853)}}, + {{TOBN(0x253cdd82, 0xeabaf21c), TOBN(0x82b9602a, 0x2241659e), + TOBN(0x2cae07ec, 0x2d9f7091), TOBN(0xbe4c720c, 0x8b48cd9b)}, + {TOBN(0x6ce5bc03, 0x6f08d6c9), TOBN(0x36e8a997, 0xaf10bf40), + TOBN(0x83422d21, 0x3e10ff12), TOBN(0x7b26d3eb, 0xbcc12494)}}, + {{TOBN(0xb240d2d0, 0xc9469ad6), TOBN(0xc4a11b4d, 0x30afa05b), + TOBN(0x4b604ace, 0xdd6ba286), TOBN(0x18486600, 0x3ee2864c)}, + {TOBN(0x5869d6ba, 0x8d9ce5be), TOBN(0x0d8f68c5, 0xff4bfb0d), + TOBN(0xb69f210b, 0x5700cf73), TOBN(0x61f6653a, 0x6d37c135)}}, + {{TOBN(0xff3d432b, 0x5aff5a48), TOBN(0x0d81c4b9, 0x72ba3a69), + TOBN(0xee879ae9, 0xfa1899ef), TOBN(0xbac7e2a0, 0x2d6acafd)}, + {TOBN(0xd6d93f6c, 0x1c664399), TOBN(0x4c288de1, 0x5bcb135d), + TOBN(0x83031dab, 0x9dab7cbf), TOBN(0xfe23feb0, 0x3abbf5f0)}}, + {{TOBN(0x9f1b2466, 0xcdedca85), TOBN(0x140bb710, 0x1a09538c), + TOBN(0xac8ae851, 0x5e11115d), TOBN(0x0d63ff67, 0x6f03f59e)}, + {TOBN(0x755e5551, 0x7d234afb), TOBN(0x61c2db4e, 0x7e208fc1), + TOBN(0xaa9859ce, 0xf28a4b5d), TOBN(0xbdd6d4fc, 0x34af030f)}}, + {{TOBN(0xd1c4a26d, 0x3be01cb1), TOBN(0x9ba14ffc, 0x243aa07c), + TOBN(0xf95cd3a9, 0xb2503502), TOBN(0xe379bc06, 0x7d2a93ab)}, + {TOBN(0x3efc18e9, 0xd4ca8d68), TOBN(0x083558ec, 0x80bb412a), + TOBN(0xd903b940, 0x9645a968), TOBN(0xa499f0b6, 0x9ba6054f)}}, + {{TOBN(0x208b573c, 0xb8349abe), TOBN(0x3baab3e5, 0x30b4fc1c), + TOBN(0x87e978ba, 0xcb524990), TOBN(0x3524194e, 0xccdf0e80)}, + {TOBN(0x62711725, 0x7d4bcc42), TOBN(0xe90a3d9b, 0xb90109ba), + TOBN(0x3b1bdd57, 0x1323e1e0), TOBN(0xb78e9bd5, 0x5eae1599)}}, + {{TOBN(0x0794b746, 0x9e03d278), TOBN(0x80178605, 0xd70e6297), + TOBN(0x171792f8, 0x99c97855), TOBN(0x11b393ee, 0xf5a86b5c)}, + {TOBN(0x48ef6582, 0xd8884f27), TOBN(0xbd44737a, 0xbf19ba5f), + TOBN(0x8698de4c, 0xa42062c6), TOBN(0x8975eb80, 0x61ce9c54)}}, + {{TOBN(0xd50e57c7, 0xd7fe71f3), TOBN(0x15342190, 0xbc97ce38), + TOBN(0x51bda2de, 0x4df07b63), TOBN(0xba12aeae, 0x200eb87d)}, + {TOBN(0xabe135d2, 0xa9b4f8f6), TOBN(0x04619d65, 0xfad6d99c), + TOBN(0x4a6683a7, 0x7994937c), TOBN(0x7a778c8b, 0x6f94f09a)}}, + {{TOBN(0x8c508623, 0x20a71b89), TOBN(0x241a2aed, 0x1c229165), + TOBN(0x352be595, 0xaaf83a99), TOBN(0x9fbfee7f, 0x1562bac8)}, + {TOBN(0xeaf658b9, 0x5c4017e3), TOBN(0x1dc7f9e0, 0x15120b86), + TOBN(0xd84f13dd, 0x4c034d6f), TOBN(0x283dd737, 0xeaea3038)}}, + {{TOBN(0x197f2609, 0xcd85d6a2), TOBN(0x6ebbc345, 0xfae60177), + TOBN(0xb80f031b, 0x4e12fede), TOBN(0xde55d0c2, 0x07a2186b)}, + {TOBN(0x1fb3e37f, 0x24dcdd5a), TOBN(0x8d602da5, 0x7ed191fb), + TOBN(0x108fb056, 0x76023e0d), TOBN(0x70178c71, 0x459c20c0)}}, + {{TOBN(0xfad5a386, 0x3fe54cf0), TOBN(0xa4a3ec4f, 0x02bbb475), + TOBN(0x1aa5ec20, 0x919d94d7), TOBN(0x5d3b63b5, 0xa81e4ab3)}, + {TOBN(0x7fa733d8, 0x5ad3d2af), TOBN(0xfbc586dd, 0xd1ac7a37), + TOBN(0x282925de, 0x40779614), TOBN(0xfe0ffffb, 0xe74a242a)}}, + {{TOBN(0x3f39e67f, 0x906151e5), TOBN(0xcea27f5f, 0x55e10649), + TOBN(0xdca1d4e1, 0xc17cf7b7), TOBN(0x0c326d12, 0x2fe2362d)}, + {TOBN(0x05f7ac33, 0x7dd35df3), TOBN(0x0c3b7639, 0xc396dbdf), + TOBN(0x0912f5ac, 0x03b7db1c), TOBN(0x9dea4b70, 0x5c9ed4a9)}}, + {{TOBN(0x475e6e53, 0xaae3f639), TOBN(0xfaba0e7c, 0xfc278bac), + TOBN(0x16f9e221, 0x9490375f), TOBN(0xaebf9746, 0xa5a7ed0a)}, + {TOBN(0x45f9af3f, 0xf41ad5d6), TOBN(0x03c4623c, 0xb2e99224), + TOBN(0x82c5bb5c, 0xb3cf56aa), TOBN(0x64311819, 0x34567ed3)}}, + {{TOBN(0xec57f211, 0x8be489ac), TOBN(0x2821895d, 0xb9a1104b), + TOBN(0x610dc875, 0x6064e007), TOBN(0x8e526f3f, 0x5b20d0fe)}, + {TOBN(0x6e71ca77, 0x5b645aee), TOBN(0x3d1dcb9f, 0x800e10ff), + TOBN(0x36b51162, 0x189cf6de), TOBN(0x2c5a3e30, 0x6bb17353)}}, + {{TOBN(0xc186cd3e, 0x2a6c6fbf), TOBN(0xa74516fa, 0x4bf97906), + TOBN(0x5b4b8f4b, 0x279d6901), TOBN(0x0c4e57b4, 0x2b573743)}, + {TOBN(0x75fdb229, 0xb6e386b6), TOBN(0xb46793fd, 0x99deac27), + TOBN(0xeeec47ea, 0xcf712629), TOBN(0xe965f3c4, 0xcbc3b2dd)}}, + {{TOBN(0x8dd1fb83, 0x425c6559), TOBN(0x7fc00ee6, 0x0af06fda), + TOBN(0xe98c9225, 0x33d956df), TOBN(0x0f1ef335, 0x4fbdc8a2)}, + {TOBN(0x2abb5145, 0xb79b8ea2), TOBN(0x40fd2945, 0xbdbff288), + TOBN(0x6a814ac4, 0xd7185db7), TOBN(0xc4329d6f, 0xc084609a)}}, + {{TOBN(0xc9ba7b52, 0xed1be45d), TOBN(0x891dd20d, 0xe4cd2c74), + TOBN(0x5a4d4a7f, 0x824139b1), TOBN(0x66c17716, 0xb873c710)}, + {TOBN(0x5e5bc141, 0x2843c4e0), TOBN(0xd5ac4817, 0xb97eb5bf), + TOBN(0xc0f8af54, 0x450c95c7), TOBN(0xc91b3fa0, 0x318406c5)}}, + {{TOBN(0x360c340a, 0xab9d97f8), TOBN(0xfb57bd07, 0x90a2d611), + TOBN(0x4339ae3c, 0xa6a6f7e5), TOBN(0x9c1fcd2a, 0x2feb8a10)}, + {TOBN(0x972bcca9, 0xc7ea7432), TOBN(0x1b0b924c, 0x308076f6), + TOBN(0x80b2814a, 0x2a5b4ca5), TOBN(0x2f78f55b, 0x61ef3b29)}}, + {{TOBN(0xf838744a, 0xc18a414f), TOBN(0xc611eaae, 0x903d0a86), + TOBN(0x94dabc16, 0x2a453f55), TOBN(0xe6f2e3da, 0x14efb279)}, + {TOBN(0x5b7a6017, 0x9320dc3c), TOBN(0x692e382f, 0x8df6b5a4), + TOBN(0x3f5e15e0, 0x2d40fa90), TOBN(0xc87883ae, 0x643dd318)}}, + {{TOBN(0x511053e4, 0x53544774), TOBN(0x834d0ecc, 0x3adba2bc), + TOBN(0x4215d7f7, 0xbae371f5), TOBN(0xfcfd57bf, 0x6c8663bc)}, + {TOBN(0xded2383d, 0xd6901b1d), TOBN(0x3b49fbb4, 0xb5587dc3), + TOBN(0xfd44a08d, 0x07625f62), TOBN(0x3ee4d65b, 0x9de9b762)}}}, + {{{TOBN(0x64e5137d, 0x0d63d1fa), TOBN(0x658fc052, 0x02a9d89f), + TOBN(0x48894874, 0x50436309), TOBN(0xe9ae30f8, 0xd598da61)}, + {TOBN(0x2ed710d1, 0x818baf91), TOBN(0xe27e9e06, 0x8b6a0c20), + TOBN(0x1e28dcfb, 0x1c1a6b44), TOBN(0x883acb64, 0xd6ac57dc)}}, + {{TOBN(0x8735728d, 0xc2c6ff70), TOBN(0x79d6122f, 0xc5dc2235), + TOBN(0x23f5d003, 0x19e277f9), TOBN(0x7ee84e25, 0xdded8cc7)}, + {TOBN(0x91a8afb0, 0x63cd880a), TOBN(0x3f3ea7c6, 0x3574af60), + TOBN(0x0cfcdc84, 0x02de7f42), TOBN(0x62d0792f, 0xb31aa152)}}, + {{TOBN(0x8e1b4e43, 0x8a5807ce), TOBN(0xad283893, 0xe4109a7e), + TOBN(0xc30cc9cb, 0xafd59dda), TOBN(0xf65f36c6, 0x3d8d8093)}, + {TOBN(0xdf31469e, 0xa60d32b2), TOBN(0xee93df4b, 0x3e8191c8), + TOBN(0x9c1017c5, 0x355bdeb5), TOBN(0xd2623185, 0x8616aa28)}}, + {{TOBN(0xb02c83f9, 0xdec31a21), TOBN(0x988c8b23, 0x6ad9d573), + TOBN(0x53e983ae, 0xa57be365), TOBN(0xe968734d, 0x646f834e)}, + {TOBN(0x9137ea8f, 0x5da6309b), TOBN(0x10f3a624, 0xc1f1ce16), + TOBN(0x782a9ea2, 0xca440921), TOBN(0xdf94739e, 0x5b46f1b5)}}, + {{TOBN(0x9f9be006, 0xcce85c9b), TOBN(0x360e70d6, 0xa4c7c2d3), + TOBN(0x2cd5beea, 0xaefa1e60), TOBN(0x64cf63c0, 0x8c3d2b6d)}, + {TOBN(0xfb107fa3, 0xe1cf6f90), TOBN(0xb7e937c6, 0xd5e044e6), + TOBN(0x74e8ca78, 0xce34db9f), TOBN(0x4f8b36c1, 0x3e210bd0)}}, + {{TOBN(0x1df165a4, 0x34a35ea8), TOBN(0x3418e0f7, 0x4d4412f6), + TOBN(0x5af1f8af, 0x518836c3), TOBN(0x42ceef4d, 0x130e1965)}, + {TOBN(0x5560ca0b, 0x543a1957), TOBN(0xc33761e5, 0x886cb123), + TOBN(0x66624b1f, 0xfe98ed30), TOBN(0xf772f4bf, 0x1090997d)}}, + {{TOBN(0xf4e540bb, 0x4885d410), TOBN(0x7287f810, 0x9ba5f8d7), + TOBN(0x22d0d865, 0xde98dfb1), TOBN(0x49ff51a1, 0xbcfbb8a3)}, + {TOBN(0xb6b6fa53, 0x6bc3012e), TOBN(0x3d31fd72, 0x170d541d), + TOBN(0x8018724f, 0x4b0f4966), TOBN(0x79e7399f, 0x87dbde07)}}, + {{TOBN(0x56f8410e, 0xf4f8b16a), TOBN(0x97241afe, 0xc47b266a), + TOBN(0x0a406b8e, 0x6d9c87c1), TOBN(0x803f3e02, 0xcd42ab1b)}, + {TOBN(0x7f0309a8, 0x04dbec69), TOBN(0xa83b85f7, 0x3bbad05f), + TOBN(0xc6097273, 0xad8e197f), TOBN(0xc097440e, 0x5067adc1)}}, + {{TOBN(0x730eafb6, 0x3524ff16), TOBN(0xd7f9b51e, 0x823fc6ce), + TOBN(0x27bd0d32, 0x443e4ac0), TOBN(0x40c59ad9, 0x4d66f217)}, + {TOBN(0x6c33136f, 0x17c387a4), TOBN(0x5043b8d5, 0xeb86804d), + TOBN(0x74970312, 0x675a73c9), TOBN(0x838fdb31, 0xf16669b6)}}, + {{TOBN(0xc507b6dd, 0x418e7ddd), TOBN(0x39888d93, 0x472f19d6), + TOBN(0x7eae26be, 0x0c27eb4d), TOBN(0x17b53ed3, 0xfbabb884)}, + {TOBN(0xfc27021b, 0x2b01ae4f), TOBN(0x88462e87, 0xcf488682), + TOBN(0xbee096ec, 0x215e2d87), TOBN(0xeb2fea9a, 0xd242e29b)}}, + {{TOBN(0x5d985b5f, 0xb821fc28), TOBN(0x89d2e197, 0xdc1e2ad2), + TOBN(0x55b566b8, 0x9030ba62), TOBN(0xe3fd41b5, 0x4f41b1c6)}, + {TOBN(0xb738ac2e, 0xb9a96d61), TOBN(0x7f8567ca, 0x369443f4), + TOBN(0x8698622d, 0xf803a440), TOBN(0x2b586236, 0x8fe2f4dc)}}, + {{TOBN(0xbbcc00c7, 0x56b95bce), TOBN(0x5ec03906, 0x616da680), + TOBN(0x79162ee6, 0x72214252), TOBN(0x43132b63, 0x86a892d2)}, + {TOBN(0x4bdd3ff2, 0x2f3263bf), TOBN(0xd5b3733c, 0x9cd0a142), + TOBN(0x592eaa82, 0x44415ccb), TOBN(0x663e8924, 0x8d5474ea)}}, + {{TOBN(0x8058a25e, 0x5236344e), TOBN(0x82e8df9d, 0xbda76ee6), + TOBN(0xdcf6efd8, 0x11cc3d22), TOBN(0x00089cda, 0x3b4ab529)}, + {TOBN(0x91d3a071, 0xbd38a3db), TOBN(0x4ea97fc0, 0xef72b925), + TOBN(0x0c9fc15b, 0xea3edf75), TOBN(0x5a6297cd, 0xa4348ed3)}}, + {{TOBN(0x0d38ab35, 0xce7c42d4), TOBN(0x9fd493ef, 0x82feab10), + TOBN(0x46056b6d, 0x82111b45), TOBN(0xda11dae1, 0x73efc5c3)}, + {TOBN(0xdc740278, 0x5545a7fb), TOBN(0xbdb2601c, 0x40d507e6), + TOBN(0x121dfeeb, 0x7066fa58), TOBN(0x214369a8, 0x39ae8c2a)}}, + {{TOBN(0x195709cb, 0x06e0956c), TOBN(0x4c9d254f, 0x010cd34b), + TOBN(0xf51e13f7, 0x0471a532), TOBN(0xe19d6791, 0x1e73054d)}, + {TOBN(0xf702a628, 0xdb5c7be3), TOBN(0xc7141218, 0xb24dde05), + TOBN(0xdc18233c, 0xf29b2e2e), TOBN(0x3a6bd1e8, 0x85342dba)}}, + {{TOBN(0x3f747fa0, 0xb311898c), TOBN(0xe2a272e4, 0xcd0eac65), + TOBN(0x4bba5851, 0xf914d0bc), TOBN(0x7a1a9660, 0xc4a43ee3)}, + {TOBN(0xe5a367ce, 0xa1c8cde9), TOBN(0x9d958ba9, 0x7271abe3), + TOBN(0xf3ff7eb6, 0x3d1615cd), TOBN(0xa2280dce, 0xf5ae20b0)}}, + {{TOBN(0x56dba5c1, 0xcf640147), TOBN(0xea5a2e3d, 0x5e83d118), + TOBN(0x04cd6b6d, 0xda24c511), TOBN(0x1c0f4671, 0xe854d214)}, + {TOBN(0x91a6b7a9, 0x69565381), TOBN(0xdc966240, 0xdecf1f5b), + TOBN(0x1b22d21c, 0xfcf5d009), TOBN(0x2a05f641, 0x9021dbd5)}}, + {{TOBN(0x8c0ed566, 0xd4312483), TOBN(0x5179a95d, 0x643e216f), + TOBN(0xcc185fec, 0x17044493), TOBN(0xb3063339, 0x54991a21)}, + {TOBN(0xd801ecdb, 0x0081a726), TOBN(0x0149b0c6, 0x4fa89bbb), + TOBN(0xafe9065a, 0x4391b6b9), TOBN(0xedc92786, 0xd633f3a3)}}, + {{TOBN(0xe408c24a, 0xae6a8e13), TOBN(0x85833fde, 0x9f3897ab), + TOBN(0x43800e7e, 0xd81a0715), TOBN(0xde08e346, 0xb44ffc5f)}, + {TOBN(0x7094184c, 0xcdeff2e0), TOBN(0x49f9387b, 0x165eaed1), + TOBN(0x635d6129, 0x777c468a), TOBN(0x8c0dcfd1, 0x538c2dd8)}}, + {{TOBN(0xd6d9d9e3, 0x7a6a308b), TOBN(0x62375830, 0x4c2767d3), + TOBN(0x874a8bc6, 0xf38cbeb6), TOBN(0xd94d3f1a, 0xccb6fd9e)}, + {TOBN(0x92a9735b, 0xba21f248), TOBN(0x272ad0e5, 0x6cd1efb0), + TOBN(0x7437b69c, 0x05b03284), TOBN(0xe7f04702, 0x6948c225)}}, + {{TOBN(0x8a56c04a, 0xcba2ecec), TOBN(0x0c181270, 0xe3a73e41), + TOBN(0x6cb34e9d, 0x03e93725), TOBN(0xf77c8713, 0x496521a9)}, + {TOBN(0x94569183, 0xfa7f9f90), TOBN(0xf2e7aa4c, 0x8c9707ad), + TOBN(0xced2c9ba, 0x26c1c9a3), TOBN(0x9109fe96, 0x40197507)}}, + {{TOBN(0x9ae868a9, 0xe9adfe1c), TOBN(0x3984403d, 0x314e39bb), + TOBN(0xb5875720, 0xf2fe378f), TOBN(0x33f901e0, 0xba44a628)}, + {TOBN(0xea1125fe, 0x3652438c), TOBN(0xae9ec4e6, 0x9dd1f20b), + TOBN(0x1e740d9e, 0xbebf7fbd), TOBN(0x6dbd3ddc, 0x42dbe79c)}}, + {{TOBN(0x62082aec, 0xedd36776), TOBN(0xf612c478, 0xe9859039), + TOBN(0xa493b201, 0x032f7065), TOBN(0xebd4d8f2, 0x4ff9b211)}, + {TOBN(0x3f23a0aa, 0xaac4cb32), TOBN(0xea3aadb7, 0x15ed4005), + TOBN(0xacf17ea4, 0xafa27e63), TOBN(0x56125c1a, 0xc11fd66c)}}, + {{TOBN(0x266344a4, 0x3794f8dc), TOBN(0xdcca923a, 0x483c5c36), + TOBN(0x2d6b6bbf, 0x3f9d10a0), TOBN(0xb320c5ca, 0x81d9bdf3)}, + {TOBN(0x620e28ff, 0x47b50a95), TOBN(0x933e3b01, 0xcef03371), + TOBN(0xf081bf85, 0x99100153), TOBN(0x183be9a0, 0xc3a8c8d6)}}, + {{TOBN(0x4e3ddc5a, 0xd6bbe24d), TOBN(0xc6c74630, 0x53843795), + TOBN(0x78193dd7, 0x65ec2d4c), TOBN(0xb8df26cc, 0xcd3c89b2)}, + {TOBN(0x98dbe399, 0x5a483f8d), TOBN(0x72d8a957, 0x7dd3313a), + TOBN(0x65087294, 0xab0bd375), TOBN(0xfcd89248, 0x7c259d16)}}, + {{TOBN(0x8a9443d7, 0x7613aa81), TOBN(0x80100800, 0x85fe6584), + TOBN(0x70fc4dbc, 0x7fb10288), TOBN(0xf58280d3, 0xe86beee8)}, + {TOBN(0x14fdd82f, 0x7c978c38), TOBN(0xdf1204c1, 0x0de44d7b), + TOBN(0xa08a1c84, 0x4160252f), TOBN(0x591554ca, 0xc17646a5)}}, + {{TOBN(0x214a37d6, 0xa05bd525), TOBN(0x48d5f09b, 0x07957b3c), + TOBN(0x0247cdcb, 0xd7109bc9), TOBN(0x40f9e4bb, 0x30599ce7)}, + {TOBN(0xc325fa03, 0xf46ad2ec), TOBN(0x00f766cf, 0xc3e3f9ee), + TOBN(0xab556668, 0xd43a4577), TOBN(0x68d30a61, 0x3ee03b93)}}, + {{TOBN(0x7ddc81ea, 0x77b46a08), TOBN(0xcf5a6477, 0xc7480699), + TOBN(0x43a8cb34, 0x6633f683), TOBN(0x1b867e6b, 0x92363c60)}, + {TOBN(0x43921114, 0x1f60558e), TOBN(0xcdbcdd63, 0x2f41450e), + TOBN(0x7fc04601, 0xcc630e8b), TOBN(0xea7c66d5, 0x97038b43)}}, + {{TOBN(0x7259b8a5, 0x04e99fd8), TOBN(0x98a8dd12, 0x4785549a), + TOBN(0x0e459a7c, 0x840552e1), TOBN(0xcdfcf4d0, 0x4bb0909e)}, + {TOBN(0x34a86db2, 0x53758da7), TOBN(0xe643bb83, 0xeac997e1), + TOBN(0x96400bd7, 0x530c5b7e), TOBN(0x9f97af87, 0xb41c8b52)}}, + {{TOBN(0x34fc8820, 0xfbeee3f9), TOBN(0x93e53490, 0x49091afd), + TOBN(0x764b9be5, 0x9a31f35c), TOBN(0x71f37864, 0x57e3d924)}, + {TOBN(0x02fb34e0, 0x943aa75e), TOBN(0xa18c9c58, 0xab8ff6e4), + TOBN(0x080f31b1, 0x33cf0d19), TOBN(0x5c9682db, 0x083518a7)}}, + {{TOBN(0x873d4ca6, 0xb709c3de), TOBN(0x64a84262, 0x3575b8f0), + TOBN(0x6275da1f, 0x020154bb), TOBN(0x97678caa, 0xd17cf1ab)}, + {TOBN(0x8779795f, 0x951a95c3), TOBN(0xdd35b163, 0x50fccc08), + TOBN(0x32709627, 0x33d8f031), TOBN(0x3c5ab10a, 0x498dd85c)}}, + {{TOBN(0xb6c185c3, 0x41dca566), TOBN(0x7de7feda, 0xd8622aa3), + TOBN(0x99e84d92, 0x901b6dfb), TOBN(0x30a02b0e, 0x7c4ad288)}, + {TOBN(0xc7c81daa, 0x2fd3cf36), TOBN(0xd1319547, 0xdf89e59f), + TOBN(0xb2be8184, 0xcd496733), TOBN(0xd5f449eb, 0x93d3412b)}}, + {{TOBN(0x7ea41b1b, 0x25fe531d), TOBN(0xf9797432, 0x6a1d5646), + TOBN(0x86067f72, 0x2bde501a), TOBN(0xf91481c0, 0x0c85e89c)}, + {TOBN(0xca8ee465, 0xf8b05bc6), TOBN(0x1844e1cf, 0x02e83cda), + TOBN(0xca82114a, 0xb4dbe33b), TOBN(0x0f9f8769, 0x4eabfde2)}}, + {{TOBN(0x4936b1c0, 0x38b27fe2), TOBN(0x63b6359b, 0xaba402df), + TOBN(0x40c0ea2f, 0x656bdbab), TOBN(0x9c992a89, 0x6580c39c)}, + {TOBN(0x600e8f15, 0x2a60aed1), TOBN(0xeb089ca4, 0xe0bf49df), + TOBN(0x9c233d7d, 0x2d42d99a), TOBN(0x648d3f95, 0x4c6bc2fa)}}, + {{TOBN(0xdcc383a8, 0xe1add3f3), TOBN(0xf42c0c6a, 0x4f64a348), + TOBN(0x2abd176f, 0x0030dbdb), TOBN(0x4de501a3, 0x7d6c215e)}, + {TOBN(0x4a107c1f, 0x4b9a64bc), TOBN(0xa77f0ad3, 0x2496cd59), + TOBN(0xfb78ac62, 0x7688dffb), TOBN(0x7025a2ca, 0x67937d8e)}}, + {{TOBN(0xfde8b2d1, 0xd1a8f4e7), TOBN(0xf5b3da47, 0x7354927c), + TOBN(0xe48606a3, 0xd9205735), TOBN(0xac477cc6, 0xe177b917)}, + {TOBN(0xfb1f73d2, 0xa883239a), TOBN(0xe12572f6, 0xcc8b8357), + TOBN(0x9d355e9c, 0xfb1f4f86), TOBN(0x89b795f8, 0xd9f3ec6e)}}, + {{TOBN(0x27be56f1, 0xb54398dc), TOBN(0x1890efd7, 0x3fedeed5), + TOBN(0x62f77f1f, 0x9c6d0140), TOBN(0x7ef0e314, 0x596f0ee4)}, + {TOBN(0x50ca6631, 0xcc61dab3), TOBN(0x4a39801d, 0xf4866e4f), + TOBN(0x66c8d032, 0xae363b39), TOBN(0x22c591e5, 0x2ead66aa)}}, + {{TOBN(0x954ba308, 0xde02a53e), TOBN(0x2a6c060f, 0xd389f357), + TOBN(0xe6cfcde8, 0xfbf40b66), TOBN(0x8e02fc56, 0xc6340ce1)}, + {TOBN(0xe4957795, 0x73adb4ba), TOBN(0x7b86122c, 0xa7b03805), + TOBN(0x63f83512, 0x0c8e6fa6), TOBN(0x83660ea0, 0x057d7804)}}, + {{TOBN(0xbad79105, 0x21ba473c), TOBN(0xb6c50bee, 0xded5389d), + TOBN(0xee2caf4d, 0xaa7c9bc0), TOBN(0xd97b8de4, 0x8c4e98a7)}, + {TOBN(0xa9f63e70, 0xab3bbddb), TOBN(0x3898aabf, 0x2597815a), + TOBN(0x7659af89, 0xac15b3d9), TOBN(0xedf7725b, 0x703ce784)}}, + {{TOBN(0x25470fab, 0xe085116b), TOBN(0x04a43375, 0x87285310), + TOBN(0x4e39187e, 0xe2bfd52f), TOBN(0x36166b44, 0x7d9ebc74)}, + {TOBN(0x92ad433c, 0xfd4b322c), TOBN(0x726aa817, 0xba79ab51), + TOBN(0xf96eacd8, 0xc1db15eb), TOBN(0xfaf71e91, 0x0476be63)}}, + {{TOBN(0xdd69a640, 0x641fad98), TOBN(0xb7995918, 0x29622559), + TOBN(0x03c6daa5, 0xde4199dc), TOBN(0x92cadc97, 0xad545eb4)}, + {TOBN(0x1028238b, 0x256534e4), TOBN(0x73e80ce6, 0x8595409a), + TOBN(0x690d4c66, 0xd05dc59b), TOBN(0xc95f7b8f, 0x981dee80)}}, + {{TOBN(0xf4337014, 0xd856ac25), TOBN(0x441bd9dd, 0xac524dca), + TOBN(0x640b3d85, 0x5f0499f5), TOBN(0x39cf84a9, 0xd5fda182)}, + {TOBN(0x04e7b055, 0xb2aa95a0), TOBN(0x29e33f0a, 0x0ddf1860), + TOBN(0x082e74b5, 0x423f6b43), TOBN(0x217edeb9, 0x0aaa2b0f)}}, + {{TOBN(0x58b83f35, 0x83cbea55), TOBN(0xc485ee4d, 0xbc185d70), + TOBN(0x833ff03b, 0x1e5f6992), TOBN(0xb5b9b9cc, 0xcf0c0dd5)}, + {TOBN(0x7caaee8e, 0x4e9e8a50), TOBN(0x462e907b, 0x6269dafd), + TOBN(0x6ed5cee9, 0xfbe791c6), TOBN(0x68ca3259, 0xed430790)}}, + {{TOBN(0x2b72bdf2, 0x13b5ba88), TOBN(0x60294c8a, 0x35ef0ac4), + TOBN(0x9c3230ed, 0x19b99b08), TOBN(0x560fff17, 0x6c2589aa)}, + {TOBN(0x552b8487, 0xd6770374), TOBN(0xa373202d, 0x9a56f685), + TOBN(0xd3e7f907, 0x45f175d9), TOBN(0x3c2f315f, 0xd080d810)}}, + {{TOBN(0x1130e9dd, 0x7b9520e8), TOBN(0xc078f9e2, 0x0af037b5), + TOBN(0x38cd2ec7, 0x1e9c104c), TOBN(0x0f684368, 0xc472fe92)}, + {TOBN(0xd3f1b5ed, 0x6247e7ef), TOBN(0xb32d33a9, 0x396dfe21), + TOBN(0x46f59cf4, 0x4a9aa2c2), TOBN(0x69cd5168, 0xff0f7e41)}}, + {{TOBN(0x3f59da0f, 0x4b3234da), TOBN(0xcf0b0235, 0xb4579ebe), + TOBN(0x6d1cbb25, 0x6d2476c7), TOBN(0x4f0837e6, 0x9dc30f08)}, + {TOBN(0x9a4075bb, 0x906f6e98), TOBN(0x253bb434, 0xc761e7d1), + TOBN(0xde2e645f, 0x6e73af10), TOBN(0xb89a4060, 0x0c5f131c)}}, + {{TOBN(0xd12840c5, 0xb8cc037f), TOBN(0x3d093a5b, 0x7405bb47), + TOBN(0x6202c253, 0x206348b8), TOBN(0xbf5d57fc, 0xc55a3ca7)}, + {TOBN(0x89f6c90c, 0x8c3bef48), TOBN(0x23ac7623, 0x5a0a960a), + TOBN(0xdfbd3d6b, 0x552b42ab), TOBN(0x3ef22458, 0x132061f6)}}, + {{TOBN(0xd74e9bda, 0xc97e6516), TOBN(0x88779360, 0xc230f49e), + TOBN(0xa6ec1de3, 0x1e74ea49), TOBN(0x581dcee5, 0x3fb645a2)}, + {TOBN(0xbaef2391, 0x8f483f14), TOBN(0x6d2dddfc, 0xd137d13b), + TOBN(0x54cde50e, 0xd2743a42), TOBN(0x89a34fc5, 0xe4d97e67)}}, + {{TOBN(0x13f1f5b3, 0x12e08ce5), TOBN(0xa80540b8, 0xa7f0b2ca), + TOBN(0x854bcf77, 0x01982805), TOBN(0xb8653ffd, 0x233bea04)}, + {TOBN(0x8e7b8787, 0x02b0b4c9), TOBN(0x2675261f, 0x9acb170a), + TOBN(0x061a9d90, 0x930c14e5), TOBN(0xb59b30e0, 0xdef0abea)}}, + {{TOBN(0x1dc19ea6, 0x0200ec7d), TOBN(0xb6f4a3f9, 0x0bce132b), + TOBN(0xb8d5de90, 0xf13e27e0), TOBN(0xbaee5ef0, 0x1fade16f)}, + {TOBN(0x6f406aaa, 0xe4c6cf38), TOBN(0xab4cfe06, 0xd1369815), + TOBN(0x0dcffe87, 0xefd550c6), TOBN(0x9d4f59c7, 0x75ff7d39)}}, + {{TOBN(0xb02553b1, 0x51deb6ad), TOBN(0x812399a4, 0xb1877749), + TOBN(0xce90f71f, 0xca6006e1), TOBN(0xc32363a6, 0xb02b6e77)}, + {TOBN(0x02284fbe, 0xdc36c64d), TOBN(0x86c81e31, 0xa7e1ae61), + TOBN(0x2576c7e5, 0xb909d94a), TOBN(0x8b6f7d02, 0x818b2bb0)}}, + {{TOBN(0xeca3ed07, 0x56faa38a), TOBN(0xa3790e6c, 0x9305bb54), + TOBN(0xd784eeda, 0x7bc73061), TOBN(0xbd56d369, 0x6dd50614)}, + {TOBN(0xd6575949, 0x229a8aa9), TOBN(0xdcca8f47, 0x4595ec28), + TOBN(0x814305c1, 0x06ab4fe6), TOBN(0xc8c39768, 0x24f43f16)}}, + {{TOBN(0xe2a45f36, 0x523f2b36), TOBN(0x995c6493, 0x920d93bb), + TOBN(0xf8afdab7, 0x90f1632b), TOBN(0x79ebbecd, 0x1c295954)}, + {TOBN(0xc7bb3ddb, 0x79592f48), TOBN(0x67216a7b, 0x5f88e998), + TOBN(0xd91f098b, 0xbc01193e), TOBN(0xf7d928a5, 0xb1db83fc)}}, + {{TOBN(0x55e38417, 0xe991f600), TOBN(0x2a91113e, 0x2981a934), + TOBN(0xcbc9d648, 0x06b13bde), TOBN(0xb011b6ac, 0x0755ff44)}, + {TOBN(0x6f4cb518, 0x045ec613), TOBN(0x522d2d31, 0xc2f5930a), + TOBN(0x5acae1af, 0x382e65de), TOBN(0x57643067, 0x27bc966f)}}, + {{TOBN(0x5e12705d, 0x1c7193f0), TOBN(0xf0f32f47, 0x3be8858e), + TOBN(0x785c3d7d, 0x96c6dfc7), TOBN(0xd75b4a20, 0xbf31795d)}, + {TOBN(0x91acf17b, 0x342659d4), TOBN(0xe596ea34, 0x44f0378f), + TOBN(0x4515708f, 0xce52129d), TOBN(0x17387e1e, 0x79f2f585)}}, + {{TOBN(0x72cfd2e9, 0x49dee168), TOBN(0x1ae05223, 0x3e2af239), + TOBN(0x009e75be, 0x1d94066a), TOBN(0x6cca31c7, 0x38abf413)}, + {TOBN(0xb50bd61d, 0x9bc49908), TOBN(0x4a9b4a8c, 0xf5e2bc1e), + TOBN(0xeb6cc5f7, 0x946f83ac), TOBN(0x27da93fc, 0xebffab28)}}, + {{TOBN(0xea314c96, 0x4821c8c5), TOBN(0x8de49ded, 0xa83c15f4), + TOBN(0x7a64cf20, 0x7af33004), TOBN(0x45f1bfeb, 0xc9627e10)}, + {TOBN(0x878b0626, 0x54b9df60), TOBN(0x5e4fdc3c, 0xa95c0b33), + TOBN(0xe54a37ca, 0xc2035d8e), TOBN(0x9087cda9, 0x80f20b8c)}}, + {{TOBN(0x36f61c23, 0x8319ade4), TOBN(0x766f287a, 0xde8cfdf8), + TOBN(0x48821948, 0x346f3705), TOBN(0x49a7b853, 0x16e4f4a2)}, + {TOBN(0xb9b3f8a7, 0x5cedadfd), TOBN(0x8f562815, 0x8db2a815), + TOBN(0xc0b7d554, 0x01f68f95), TOBN(0x12971e27, 0x688a208e)}}, + {{TOBN(0xc9f8b696, 0xd0ff34fc), TOBN(0x20824de2, 0x1222718c), + TOBN(0x7213cf9f, 0x0c95284d), TOBN(0xe2ad741b, 0xdc158240)}, + {TOBN(0x0ee3a6df, 0x54043ccf), TOBN(0x16ff479b, 0xd84412b3), + TOBN(0xf6c74ee0, 0xdfc98af0), TOBN(0xa78a169f, 0x52fcd2fb)}}, + {{TOBN(0xd8ae8746, 0x99c930e9), TOBN(0x1d33e858, 0x49e117a5), + TOBN(0x7581fcb4, 0x6624759f), TOBN(0xde50644f, 0x5bedc01d)}, + {TOBN(0xbeec5d00, 0xcaf3155e), TOBN(0x672d66ac, 0xbc73e75f), + TOBN(0x86b9d8c6, 0x270b01db), TOBN(0xd249ef83, 0x50f55b79)}}, + {{TOBN(0x6131d6d4, 0x73978fe3), TOBN(0xcc4e4542, 0x754b00a1), + TOBN(0x4e05df05, 0x57dfcfe9), TOBN(0x94b29cdd, 0x51ef6bf0)}, + {TOBN(0xe4530cff, 0x9bc7edf2), TOBN(0x8ac236fd, 0xd3da65f3), + TOBN(0x0faf7d5f, 0xc8eb0b48), TOBN(0x4d2de14c, 0x660eb039)}}, + {{TOBN(0xc006bba7, 0x60430e54), TOBN(0x10a2d0d6, 0xda3289ab), + TOBN(0x9c037a5d, 0xd7979c59), TOBN(0x04d1f3d3, 0xa116d944)}, + {TOBN(0x9ff22473, 0x8a0983cd), TOBN(0x28e25b38, 0xc883cabb), + TOBN(0xe968dba5, 0x47a58995), TOBN(0x2c80b505, 0x774eebdf)}}, + {{TOBN(0xee763b71, 0x4a953beb), TOBN(0x502e223f, 0x1642e7f6), + TOBN(0x6fe4b641, 0x61d5e722), TOBN(0x9d37c5b0, 0xdbef5316)}, + {TOBN(0x0115ed70, 0xf8330bc7), TOBN(0x139850e6, 0x75a72789), + TOBN(0x27d7faec, 0xffceccc2), TOBN(0x3016a860, 0x4fd9f7f6)}}, + {{TOBN(0xc492ec64, 0x4cd8f64c), TOBN(0x58a2d790, 0x279d7b51), + TOBN(0x0ced1fc5, 0x1fc75256), TOBN(0x3e658aed, 0x8f433017)}, + {TOBN(0x0b61942e, 0x05da59eb), TOBN(0xba3d60a3, 0x0ddc3722), + TOBN(0x7c311cd1, 0x742e7f87), TOBN(0x6473ffee, 0xf6b01b6e)}}}, + {{{TOBN(0x8303604f, 0x692ac542), TOBN(0xf079ffe1, 0x227b91d3), + TOBN(0x19f63e63, 0x15aaf9bd), TOBN(0xf99ee565, 0xf1f344fb)}, + {TOBN(0x8a1d661f, 0xd6219199), TOBN(0x8c883bc6, 0xd48ce41c), + TOBN(0x1065118f, 0x3c74d904), TOBN(0x713889ee, 0x0faf8b1b)}}, + {{TOBN(0x972b3f8f, 0x81a1b3be), TOBN(0x4f3ce145, 0xce2764a0), + TOBN(0xe2d0f1cc, 0x28c4f5f7), TOBN(0xdeee0c0d, 0xc7f3985b)}, + {TOBN(0x7df4adc0, 0xd39e25c3), TOBN(0x40619820, 0xc467a080), + TOBN(0x440ebc93, 0x61cf5a58), TOBN(0x527729a6, 0x422ad600)}}, + {{TOBN(0xca6c0937, 0xb1b76ba6), TOBN(0x1a2eab85, 0x4d2026dc), + TOBN(0xb1715e15, 0x19d9ae0a), TOBN(0xf1ad9199, 0xbac4a026)}, + {TOBN(0x35b3dfb8, 0x07ea7b0e), TOBN(0xedf5496f, 0x3ed9eb89), + TOBN(0x8932e5ff, 0x2d6d08ab), TOBN(0xf314874e, 0x25bd2731)}}, + {{TOBN(0xefb26a75, 0x3f73f449), TOBN(0x1d1c94f8, 0x8d44fc79), + TOBN(0x49f0fbc5, 0x3bc0dc4d), TOBN(0xb747ea0b, 0x3698a0d0)}, + {TOBN(0x5218c3fe, 0x228d291e), TOBN(0x35b804b5, 0x43c129d6), + TOBN(0xfac859b8, 0xd1acc516), TOBN(0x6c10697d, 0x95d6e668)}}, + {{TOBN(0xc38e438f, 0x0876fd4e), TOBN(0x45f0c307, 0x83d2f383), + TOBN(0x203cc2ec, 0xb10934cb), TOBN(0x6a8f2439, 0x2c9d46ee)}, + {TOBN(0xf16b431b, 0x65ccde7b), TOBN(0x41e2cd18, 0x27e76a6f), + TOBN(0xb9c8cf8f, 0x4e3484d7), TOBN(0x64426efd, 0x8315244a)}}, + {{TOBN(0x1c0a8e44, 0xfc94dea3), TOBN(0x34c8cdbf, 0xdad6a0b0), + TOBN(0x919c3840, 0x04113cef), TOBN(0xfd32fba4, 0x15490ffa)}, + {TOBN(0x58d190f6, 0x795dcfb7), TOBN(0xfef01b03, 0x83588baf), + TOBN(0x9e6d1d63, 0xca1fc1c0), TOBN(0x53173f96, 0xf0a41ac9)}}, + {{TOBN(0x2b1d402a, 0xba16f73b), TOBN(0x2fb31014, 0x8cf9b9fc), + TOBN(0x2d51e60e, 0x446ef7bf), TOBN(0xc731021b, 0xb91e1745)}, + {TOBN(0x9d3b4724, 0x4fee99d4), TOBN(0x4bca48b6, 0xfac5c1ea), + TOBN(0x70f5f514, 0xbbea9af7), TOBN(0x751f55a5, 0x974c283a)}}, + {{TOBN(0x6e30251a, 0xcb452fdb), TOBN(0x31ee6965, 0x50f30650), + TOBN(0xb0b3e508, 0x933548d9), TOBN(0xb8949a4f, 0xf4b0ef5b)}, + {TOBN(0x208b8326, 0x3c88f3bd), TOBN(0xab147c30, 0xdb1d9989), + TOBN(0xed6515fd, 0x44d4df03), TOBN(0x17a12f75, 0xe72eb0c5)}}, + {{TOBN(0x3b59796d, 0x36cf69db), TOBN(0x1219eee9, 0x56670c18), + TOBN(0xfe3341f7, 0x7a070d8e), TOBN(0x9b70130b, 0xa327f90c)}, + {TOBN(0x36a32462, 0x0ae18e0e), TOBN(0x2021a623, 0x46c0a638), + TOBN(0x251b5817, 0xc62eb0d4), TOBN(0x87bfbcdf, 0x4c762293)}}, + {{TOBN(0xf78ab505, 0xcdd61d64), TOBN(0x8c7a53fc, 0xc8c18857), + TOBN(0xa653ce6f, 0x16147515), TOBN(0x9c923aa5, 0xea7d52d5)}, + {TOBN(0xc24709cb, 0x5c18871f), TOBN(0x7d53bec8, 0x73b3cc74), + TOBN(0x59264aff, 0xfdd1d4c4), TOBN(0x5555917e, 0x240da582)}}, + {{TOBN(0xcae8bbda, 0x548f5a0e), TOBN(0x1910eaba, 0x3bbfbbe1), + TOBN(0xae579685, 0x7677afc3), TOBN(0x49ea61f1, 0x73ff0b5c)}, + {TOBN(0x78655478, 0x4f7c3922), TOBN(0x95d337cd, 0x20c68eef), + TOBN(0x68f1e1e5, 0xdf779ab9), TOBN(0x14b491b0, 0xb5cf69a8)}}, + {{TOBN(0x7a6cbbe0, 0x28e3fe89), TOBN(0xe7e1fee4, 0xc5aac0eb), + TOBN(0x7f47eda5, 0x697e5140), TOBN(0x4f450137, 0xb454921f)}, + {TOBN(0xdb625f84, 0x95cd8185), TOBN(0x74be0ba1, 0xcdb2e583), + TOBN(0xaee4fd7c, 0xdd5e6de4), TOBN(0x4251437d, 0xe8101739)}}, + {{TOBN(0x686d72a0, 0xac620366), TOBN(0x4be3fb9c, 0xb6d59344), + TOBN(0x6e8b44e7, 0xa1eb75b9), TOBN(0x84e39da3, 0x91a5c10c)}, + {TOBN(0x37cc1490, 0xb38f0409), TOBN(0x02951943, 0x2c2ade82), + TOBN(0x9b688783, 0x1190a2d8), TOBN(0x25627d14, 0x231182ba)}}, + {{TOBN(0x6eb550aa, 0x658a6d87), TOBN(0x1405aaa7, 0xcf9c7325), + TOBN(0xd147142e, 0x5c8748c9), TOBN(0x7f637e4f, 0x53ede0e0)}, + {TOBN(0xf8ca2776, 0x14ffad2c), TOBN(0xe58fb1bd, 0xbafb6791), + TOBN(0x17158c23, 0xbf8f93fc), TOBN(0x7f15b373, 0x0a4a4655)}}, + {{TOBN(0x39d4add2, 0xd842ca72), TOBN(0xa71e4391, 0x3ed96305), + TOBN(0x5bb09cbe, 0x6700be14), TOBN(0x68d69d54, 0xd8befcf6)}, + {TOBN(0xa45f5367, 0x37183bcf), TOBN(0x7152b7bb, 0x3370dff7), + TOBN(0xcf887baa, 0xbf12525b), TOBN(0xe7ac7bdd, 0xd6d1e3cd)}}, + {{TOBN(0x25914f78, 0x81fdad90), TOBN(0xcf638f56, 0x0d2cf6ab), + TOBN(0xb90bc03f, 0xcc054de5), TOBN(0x932811a7, 0x18b06350)}, + {TOBN(0x2f00b330, 0x9bbd11ff), TOBN(0x76108a6f, 0xb4044974), + TOBN(0x801bb9e0, 0xa851d266), TOBN(0x0dd099be, 0xbf8990c1)}}, + {{TOBN(0x58c5aaaa, 0xabe32986), TOBN(0x0fe9dd2a, 0x50d59c27), + TOBN(0x84951ff4, 0x8d307305), TOBN(0x6c23f829, 0x86529b78)}, + {TOBN(0x50bb2218, 0x0b136a79), TOBN(0x7e2174de, 0x77a20996), + TOBN(0x6f00a4b9, 0xc0bb4da6), TOBN(0x89a25a17, 0xefdde8da)}}, + {{TOBN(0xf728a27e, 0xc11ee01d), TOBN(0xf900553a, 0xe5f10dfb), + TOBN(0x189a83c8, 0x02ec893c), TOBN(0x3ca5bdc1, 0x23f66d77)}, + {TOBN(0x98781537, 0x97eada9f), TOBN(0x59c50ab3, 0x10256230), + TOBN(0x346042d9, 0x323c69b3), TOBN(0x1b715a6d, 0x2c460449)}}, + {{TOBN(0xa41dd476, 0x6ae06e0b), TOBN(0xcdd7888e, 0x9d42e25f), + TOBN(0x0f395f74, 0x56b25a20), TOBN(0xeadfe0ae, 0x8700e27e)}, + {TOBN(0xb09d52a9, 0x69950093), TOBN(0x3525d9cb, 0x327f8d40), + TOBN(0xb8235a94, 0x67df886a), TOBN(0x77e4b0dd, 0x035faec2)}}, + {{TOBN(0x115eb20a, 0x517d7061), TOBN(0x77fe3433, 0x6c2df683), + TOBN(0x6870ddc7, 0xcdc6fc67), TOBN(0xb1610588, 0x0b87de83)}, + {TOBN(0x343584ca, 0xd9c4ddbe), TOBN(0xb3164f1c, 0x3d754be2), + TOBN(0x0731ed3a, 0xc1e6c894), TOBN(0x26327dec, 0x4f6b904c)}}, + {{TOBN(0x9d49c6de, 0x97b5cd32), TOBN(0x40835dae, 0xb5eceecd), + TOBN(0xc66350ed, 0xd9ded7fe), TOBN(0x8aeebb5c, 0x7a678804)}, + {TOBN(0x51d42fb7, 0x5b8ee9ec), TOBN(0xd7a17bdd, 0x8e3ca118), + TOBN(0x40d7511a, 0x2ef4400e), TOBN(0xc48990ac, 0x875a66f4)}}, + {{TOBN(0x8de07d2a, 0x2199e347), TOBN(0xbee75556, 0x2a39e051), + TOBN(0x56918786, 0x916e51dc), TOBN(0xeb191313, 0x4a2d89ec)}, + {TOBN(0x6679610d, 0x37d341ed), TOBN(0x434fbb41, 0x56d51c2b), + TOBN(0xe54b7ee7, 0xd7492dba), TOBN(0xaa33a79a, 0x59021493)}}, + {{TOBN(0x49fc5054, 0xe4bd6d3d), TOBN(0x09540f04, 0x5ab551d0), + TOBN(0x8acc9085, 0x4942d3a6), TOBN(0x231af02f, 0x2d28323b)}, + {TOBN(0x93458cac, 0x0992c163), TOBN(0x1fef8e71, 0x888e3bb4), + TOBN(0x27578da5, 0xbe8c268c), TOBN(0xcc8be792, 0xe805ec00)}}, + {{TOBN(0x29267bae, 0xc61c3855), TOBN(0xebff429d, 0x58c1fd3b), + TOBN(0x22d886c0, 0x8c0b93b8), TOBN(0xca5e00b2, 0x2ddb8953)}, + {TOBN(0xcf330117, 0xc3fed8b7), TOBN(0xd49ac6fa, 0x819c01f6), + TOBN(0x6ddaa6bd, 0x3c0fbd54), TOBN(0x91743068, 0x8049a2cf)}}, + {{TOBN(0xd67f981e, 0xaff2ef81), TOBN(0xc3654d35, 0x2818ae80), + TOBN(0x81d05044, 0x1b2aa892), TOBN(0x2db067bf, 0x3d099328)}, + {TOBN(0xe7c79e86, 0x703dcc97), TOBN(0xe66f9b37, 0xe133e215), + TOBN(0xcdf119a6, 0xe39a7a5c), TOBN(0x47c60de3, 0x876f1b61)}}, + {{TOBN(0x6e405939, 0xd860f1b2), TOBN(0x3e9a1dbc, 0xf5ed4d4a), + TOBN(0x3f23619e, 0xc9b6bcbd), TOBN(0x5ee790cf, 0x734e4497)}, + {TOBN(0xf0a834b1, 0x5bdaf9bb), TOBN(0x02cedda7, 0x4ca295f0), + TOBN(0x4619aa2b, 0xcb8e378c), TOBN(0xe5613244, 0xcc987ea4)}}, + {{TOBN(0x0bc022cc, 0x76b23a50), TOBN(0x4a2793ad, 0x0a6c21ce), + TOBN(0x38328780, 0x89cac3f5), TOBN(0x29176f1b, 0xcba26d56)}, + {TOBN(0x06296187, 0x4f6f59eb), TOBN(0x86e9bca9, 0x8bdc658e), + TOBN(0x2ca9c4d3, 0x57e30402), TOBN(0x5438b216, 0x516a09bb)}}, + {{TOBN(0x0a6a063c, 0x7672765a), TOBN(0x37a3ce64, 0x0547b9bf), + TOBN(0x42c099c8, 0x98b1a633), TOBN(0xb5ab800d, 0x05ee6961)}, + {TOBN(0xf1963f59, 0x11a5acd6), TOBN(0xbaee6157, 0x46201063), + TOBN(0x36d9a649, 0xa596210a), TOBN(0xaed04363, 0x1ba7138c)}}, + {{TOBN(0xcf817d1c, 0xa4a82b76), TOBN(0x5586960e, 0xf3806be9), + TOBN(0x7ab67c89, 0x09dc6bb5), TOBN(0x52ace7a0, 0x114fe7eb)}, + {TOBN(0xcd987618, 0xcbbc9b70), TOBN(0x4f06fd5a, 0x604ca5e1), + TOBN(0x90af14ca, 0x6dbde133), TOBN(0x1afe4322, 0x948a3264)}}, + {{TOBN(0xa70d2ca6, 0xc44b2c6c), TOBN(0xab726799, 0x0ef87dfe), + TOBN(0x310f64dc, 0x2e696377), TOBN(0x49b42e68, 0x4c8126a0)}, + {TOBN(0x0ea444c3, 0xcea0b176), TOBN(0x53a8ddf7, 0xcb269182), + TOBN(0xf3e674eb, 0xbbba9dcb), TOBN(0x0d2878a8, 0xd8669d33)}}, + {{TOBN(0x04b935d5, 0xd019b6a3), TOBN(0xbb5cf88e, 0x406f1e46), + TOBN(0xa1912d16, 0x5b57c111), TOBN(0x9803fc21, 0x19ebfd78)}, + {TOBN(0x4f231c9e, 0xc07764a9), TOBN(0xd93286ee, 0xb75bd055), + TOBN(0x83a9457d, 0x8ee6c9de), TOBN(0x04695915, 0x6087ec90)}}, + {{TOBN(0x14c6dd8a, 0x58d6cd46), TOBN(0x9cb633b5, 0x8e6634d2), + TOBN(0xc1305047, 0xf81bc328), TOBN(0x12ede0e2, 0x26a177e5)}, + {TOBN(0x332cca62, 0x065a6f4f), TOBN(0xc3a47ecd, 0x67be487b), + TOBN(0x741eb187, 0x0f47ed1c), TOBN(0x99e66e58, 0xe7598b14)}}, + {{TOBN(0x6f0544ca, 0x63d0ff12), TOBN(0xe5efc784, 0xb610a05f), + TOBN(0xf72917b1, 0x7cad7b47), TOBN(0x3ff6ea20, 0xf2cac0c0)}, + {TOBN(0xcc23791b, 0xf21db8b7), TOBN(0x7dac70b1, 0xd7d93565), + TOBN(0x682cda1d, 0x694bdaad), TOBN(0xeb88bb8c, 0x1023516d)}}, + {{TOBN(0xc4c634b4, 0xdfdbeb1b), TOBN(0x22f5ca72, 0xb4ee4dea), + TOBN(0x1045a368, 0xe6524821), TOBN(0xed9e8a3f, 0x052b18b2)}, + {TOBN(0x9b7f2cb1, 0xb961f49a), TOBN(0x7fee2ec1, 0x7b009670), + TOBN(0x350d8754, 0x22507a6d), TOBN(0x561bd711, 0x4db55f1d)}}, + {{TOBN(0x4c189ccc, 0x320bbcaf), TOBN(0x568434cf, 0xdf1de48c), + TOBN(0x6af1b00e, 0x0fa8f128), TOBN(0xf0ba9d02, 0x8907583c)}, + {TOBN(0x735a4004, 0x32ff9f60), TOBN(0x3dd8e4b6, 0xc25dcf33), + TOBN(0xf2230f16, 0x42c74cef), TOBN(0xd8117623, 0x013fa8ad)}}, + {{TOBN(0x36822876, 0xf51fe76e), TOBN(0x8a6811cc, 0x11d62589), + TOBN(0xc3fc7e65, 0x46225718), TOBN(0xb7df2c9f, 0xc82fdbcd)}, + {TOBN(0x3b1d4e52, 0xdd7b205b), TOBN(0xb6959478, 0x47a2e414), + TOBN(0x05e4d793, 0xefa91148), TOBN(0xb47ed446, 0xfd2e9675)}}, + {{TOBN(0x1a7098b9, 0x04c9d9bf), TOBN(0x661e2881, 0x1b793048), + TOBN(0xb1a16966, 0xb01ee461), TOBN(0xbc521308, 0x2954746f)}, + {TOBN(0xc909a0fc, 0x2477de50), TOBN(0xd80bb41c, 0x7dbd51ef), + TOBN(0xa85be7ec, 0x53294905), TOBN(0x6d465b18, 0x83958f97)}}, + {{TOBN(0x16f6f330, 0xfb6840fd), TOBN(0xfaaeb214, 0x3401e6c8), + TOBN(0xaf83d30f, 0xccb5b4f8), TOBN(0x22885739, 0x266dec4b)}, + {TOBN(0x51b4367c, 0x7bc467df), TOBN(0x926562e3, 0xd842d27a), + TOBN(0xdfcb6614, 0x0fea14a6), TOBN(0xeb394dae, 0xf2734cd9)}}, + {{TOBN(0x3eeae5d2, 0x11c0be98), TOBN(0xb1e6ed11, 0x814e8165), + TOBN(0x191086bc, 0xe52bce1c), TOBN(0x14b74cc6, 0xa75a04da)}, + {TOBN(0x63cf1186, 0x8c060985), TOBN(0x071047de, 0x2dbd7f7c), + TOBN(0x4e433b8b, 0xce0942ca), TOBN(0xecbac447, 0xd8fec61d)}}, + {{TOBN(0x8f0ed0e2, 0xebf3232f), TOBN(0xfff80f9e, 0xc52a2edd), + TOBN(0xad9ab433, 0x75b55fdb), TOBN(0x73ca7820, 0xe42e0c11)}, + {TOBN(0x6dace0a0, 0xe6251b46), TOBN(0x89bc6b5c, 0x4c0d932d), + TOBN(0x3438cd77, 0x095da19a), TOBN(0x2f24a939, 0x8d48bdfb)}}, + {{TOBN(0x99b47e46, 0x766561b7), TOBN(0x736600e6, 0x0ed0322a), + TOBN(0x06a47cb1, 0x638e1865), TOBN(0x927c1c2d, 0xcb136000)}, + {TOBN(0x29542337, 0x0cc5df69), TOBN(0x99b37c02, 0x09d649a9), + TOBN(0xc5f0043c, 0x6aefdb27), TOBN(0x6cdd9987, 0x1be95c27)}}, + {{TOBN(0x69850931, 0x390420d2), TOBN(0x299c40ac, 0x0983efa4), + TOBN(0x3a05e778, 0xaf39aead), TOBN(0x84274408, 0x43a45193)}, + {TOBN(0x6bcd0fb9, 0x91a711a0), TOBN(0x461592c8, 0x9f52ab17), + TOBN(0xb49302b4, 0xda3c6ed6), TOBN(0xc51fddc7, 0x330d7067)}}, + {{TOBN(0x94babeb6, 0xda50d531), TOBN(0x521b840d, 0xa6a7b9da), + TOBN(0x5305151e, 0x404bdc89), TOBN(0x1bcde201, 0xd0d07449)}, + {TOBN(0xf427a78b, 0x3b76a59a), TOBN(0xf84841ce, 0x07791a1b), + TOBN(0xebd314be, 0xbf91ed1c), TOBN(0x8e61d34c, 0xbf172943)}}, + {{TOBN(0x1d5dc451, 0x5541b892), TOBN(0xb186ee41, 0xfc9d9e54), + TOBN(0x9d9f345e, 0xd5bf610d), TOBN(0x3e7ba65d, 0xf6acca9f)}, + {TOBN(0x9dda787a, 0xa8369486), TOBN(0x09f9dab7, 0x8eb5ba53), + TOBN(0x5afb2033, 0xd6481bc3), TOBN(0x76f4ce30, 0xafa62104)}}, + {{TOBN(0xa8fa00cf, 0xf4f066b5), TOBN(0x89ab5143, 0x461dafc2), + TOBN(0x44339ed7, 0xa3389998), TOBN(0x2ff862f1, 0xbc214903)}, + {TOBN(0x2c88f985, 0xb05556e3), TOBN(0xcd96058e, 0x3467081e), + TOBN(0x7d6a4176, 0xedc637ea), TOBN(0xe1743d09, 0x36a5acdc)}}, + {{TOBN(0x66fd72e2, 0x7eb37726), TOBN(0xf7fa264e, 0x1481a037), + TOBN(0x9fbd3bde, 0x45f4aa79), TOBN(0xed1e0147, 0x767c3e22)}, + {TOBN(0x7621f979, 0x82e7abe2), TOBN(0x19eedc72, 0x45f633f8), + TOBN(0xe69b155e, 0x6137bf3a), TOBN(0xa0ad13ce, 0x414ee94e)}}, + {{TOBN(0x93e3d524, 0x1c0e651a), TOBN(0xab1a6e2a, 0x02ce227e), + TOBN(0xe7af1797, 0x4ab27eca), TOBN(0x245446de, 0xbd444f39)}, + {TOBN(0x59e22a21, 0x56c07613), TOBN(0x43deafce, 0xf4275498), + TOBN(0x10834ccb, 0x67fd0946), TOBN(0xa75841e5, 0x47406edf)}}, + {{TOBN(0xebd6a677, 0x7b0ac93d), TOBN(0xa6e37b0d, 0x78f5e0d7), + TOBN(0x2516c096, 0x76f5492b), TOBN(0x1e4bf888, 0x9ac05f3a)}, + {TOBN(0xcdb42ce0, 0x4df0ba2b), TOBN(0x935d5cfd, 0x5062341b), + TOBN(0x8a303333, 0x82acac20), TOBN(0x429438c4, 0x5198b00e)}}, + {{TOBN(0x1d083bc9, 0x049d33fa), TOBN(0x58b82dda, 0x946f67ff), + TOBN(0xac3e2db8, 0x67a1d6a3), TOBN(0x62e6bead, 0x1798aac8)}, + {TOBN(0xfc85980f, 0xde46c58c), TOBN(0xa7f69379, 0x69c8d7be), + TOBN(0x23557927, 0x837b35ec), TOBN(0x06a933d8, 0xe0790c0c)}}, + {{TOBN(0x827c0e9b, 0x077ff55d), TOBN(0x53977798, 0xbb26e680), + TOBN(0x59530874, 0x1d9cb54f), TOBN(0xcca3f449, 0x4aac53ef)}, + {TOBN(0x11dc5c87, 0xa07eda0f), TOBN(0xc138bccf, 0xfd6400c8), + TOBN(0x549680d3, 0x13e5da72), TOBN(0xc93eed82, 0x4540617e)}}, + {{TOBN(0xfd3db157, 0x4d0b75c0), TOBN(0x9716eb42, 0x6386075b), + TOBN(0x0639605c, 0x817b2c16), TOBN(0x09915109, 0xf1e4f201)}, + {TOBN(0x35c9a928, 0x5cca6c3b), TOBN(0xb25f7d1a, 0x3505c900), + TOBN(0xeb9f7d20, 0x630480c4), TOBN(0xc3c7b8c6, 0x2a1a501c)}}, + {{TOBN(0x3f99183c, 0x5a1f8e24), TOBN(0xfdb118fa, 0x9dd255f0), + TOBN(0xb9b18b90, 0xc27f62a6), TOBN(0xe8f732f7, 0x396ec191)}, + {TOBN(0x524a2d91, 0x0be786ab), TOBN(0x5d32adef, 0x0ac5a0f5), + TOBN(0x9b53d4d6, 0x9725f694), TOBN(0x032a76c6, 0x0510ba89)}}, + {{TOBN(0x840391a3, 0xebeb1544), TOBN(0x44b7b88c, 0x3ed73ac3), + TOBN(0xd24bae7a, 0x256cb8b3), TOBN(0x7ceb151a, 0xe394cb12)}, + {TOBN(0xbd6b66d0, 0x5bc1e6a8), TOBN(0xec70cecb, 0x090f07bf), + TOBN(0x270644ed, 0x7d937589), TOBN(0xee9e1a3d, 0x5f1dccfe)}}, + {{TOBN(0xb0d40a84, 0x745b98d2), TOBN(0xda429a21, 0x2556ed40), + TOBN(0xf676eced, 0x85148cb9), TOBN(0x5a22d40c, 0xded18936)}, + {TOBN(0x3bc4b9e5, 0x70e8a4ce), TOBN(0xbfd1445b, 0x9eae0379), + TOBN(0xf23f2c0c, 0x1a0bd47e), TOBN(0xa9c0bb31, 0xe1845531)}}, + {{TOBN(0x9ddc4d60, 0x0a4c3f6b), TOBN(0xbdfaad79, 0x2c15ef44), + TOBN(0xce55a236, 0x7f484acc), TOBN(0x08653ca7, 0x055b1f15)}, + {TOBN(0x2efa8724, 0x538873a3), TOBN(0x09299e5d, 0xace1c7e7), + TOBN(0x07afab66, 0xade332ba), TOBN(0x9be1fdf6, 0x92dd71b7)}}, + {{TOBN(0xa49b5d59, 0x5758b11c), TOBN(0x0b852893, 0xc8654f40), + TOBN(0xb63ef6f4, 0x52379447), TOBN(0xd4957d29, 0x105e690c)}, + {TOBN(0x7d484363, 0x646559b0), TOBN(0xf4a8273c, 0x49788a8e), + TOBN(0xee406cb8, 0x34ce54a9), TOBN(0x1e1c260f, 0xf86fda9b)}}, + {{TOBN(0xe150e228, 0xcf6a4a81), TOBN(0x1fa3b6a3, 0x1b488772), + TOBN(0x1e6ff110, 0xc5a9c15b), TOBN(0xc6133b91, 0x8ad6aa47)}, + {TOBN(0x8ac5d55c, 0x9dffa978), TOBN(0xba1d1c1d, 0x5f3965f2), + TOBN(0xf969f4e0, 0x7732b52f), TOBN(0xfceecdb5, 0xa5172a07)}}, + {{TOBN(0xb0120a5f, 0x10f2b8f5), TOBN(0xc83a6cdf, 0x5c4c2f63), + TOBN(0x4d47a491, 0xf8f9c213), TOBN(0xd9e1cce5, 0xd3f1bbd5)}, + {TOBN(0x0d91bc7c, 0xaba7e372), TOBN(0xfcdc74c8, 0xdfd1a2db), + TOBN(0x05efa800, 0x374618e5), TOBN(0x11216969, 0x15a7925e)}}, + {{TOBN(0xd4c89823, 0xf6021c5d), TOBN(0x880d5e84, 0xeff14423), + TOBN(0x6523bc5a, 0x6dcd1396), TOBN(0xd1acfdfc, 0x113c978b)}, + {TOBN(0xb0c164e8, 0xbbb66840), TOBN(0xf7f4301e, 0x72b58459), + TOBN(0xc29ad4a6, 0xa638e8ec), TOBN(0xf5ab8961, 0x46b78699)}}, + {{TOBN(0x9dbd7974, 0x0e954750), TOBN(0x0121de88, 0x64f9d2c6), + TOBN(0x2e597b42, 0xd985232e), TOBN(0x55b6c3c5, 0x53451777)}, + {TOBN(0xbb53e547, 0x519cb9fb), TOBN(0xf134019f, 0x8428600d), + TOBN(0x5a473176, 0xe081791a), TOBN(0x2f3e2263, 0x35fb0c08)}}, + {{TOBN(0xb28c3017, 0x73d273b0), TOBN(0xccd21076, 0x7721ef9a), + TOBN(0x054cc292, 0xb650dc39), TOBN(0x662246de, 0x6188045e)}, + {TOBN(0x904b52fa, 0x6b83c0d1), TOBN(0xa72df267, 0x97e9cd46), + TOBN(0x886b43cd, 0x899725e4), TOBN(0x2b651688, 0xd849ff22)}}, + {{TOBN(0x60479b79, 0x02f34533), TOBN(0x5e354c14, 0x0c77c148), + TOBN(0xb4bb7581, 0xa8537c78), TOBN(0x188043d7, 0xefe1495f)}, + {TOBN(0x9ba12f42, 0x8c1d5026), TOBN(0x2e0c8a26, 0x93d4aaab), + TOBN(0xbdba7b8b, 0xaa57c450), TOBN(0x140c9ad6, 0x9bbdafef)}}, + {{TOBN(0x2067aa42, 0x25ac0f18), TOBN(0xf7b1295b, 0x04d1fbf3), + TOBN(0x14829111, 0xa4b04824), TOBN(0x2ce3f192, 0x33bd5e91)}, + {TOBN(0x9c7a1d55, 0x8f2e1b72), TOBN(0xfe932286, 0x302aa243), + TOBN(0x497ca7b4, 0xd4be9554), TOBN(0xb8e821b8, 0xe0547a6e)}}, + {{TOBN(0xfb2838be, 0x67e573e0), TOBN(0x05891db9, 0x4084c44b), + TOBN(0x91311373, 0x96c1c2c5), TOBN(0x6aebfa3f, 0xd958444b)}, + {TOBN(0xac9cdce9, 0xe56e55c1), TOBN(0x7148ced3, 0x2caa46d0), + TOBN(0x2e10c7ef, 0xb61fe8eb), TOBN(0x9fd835da, 0xff97cf4d)}}}, + {{{TOBN(0xa36da109, 0x081e9387), TOBN(0xfb9780d7, 0x8c935828), + TOBN(0xd5940332, 0xe540b015), TOBN(0xc9d7b51b, 0xe0f466fa)}, + {TOBN(0xfaadcd41, 0xd6d9f671), TOBN(0xba6c1e28, 0xb1a2ac17), + TOBN(0x066a7833, 0xed201e5f), TOBN(0x19d99719, 0xf90f462b)}}, + {{TOBN(0xf431f462, 0x060b5f61), TOBN(0xa56f46b4, 0x7bd057c2), + TOBN(0x348dca6c, 0x47e1bf65), TOBN(0x9a38783e, 0x41bcf1ff)}, + {TOBN(0x7a5d33a9, 0xda710718), TOBN(0x5a779987, 0x2e0aeaf6), + TOBN(0xca87314d, 0x2d29d187), TOBN(0xfa0edc3e, 0xc687d733)}}, + {{TOBN(0x9df33621, 0x6a31e09b), TOBN(0xde89e44d, 0xc1350e35), + TOBN(0x29214871, 0x4ca0cf52), TOBN(0xdf379672, 0x0b88a538)}, + {TOBN(0xc92a510a, 0x2591d61b), TOBN(0x79aa87d7, 0x585b447b), + TOBN(0xf67db604, 0xe5287f77), TOBN(0x1697c8bf, 0x5efe7a80)}}, + {{TOBN(0x1c894849, 0xcb198ac7), TOBN(0xa884a93d, 0x0f264665), + TOBN(0x2da964ef, 0x9b200678), TOBN(0x3c351b87, 0x009834e6)}, + {TOBN(0xafb2ef9f, 0xe2c4b44b), TOBN(0x580f6c47, 0x3326790c), + TOBN(0xb8480521, 0x0b02264a), TOBN(0x8ba6f9e2, 0x42a194e2)}}, + {{TOBN(0xfc87975f, 0x8fb54738), TOBN(0x35160788, 0x27c3ead3), + TOBN(0x834116d2, 0xb74a085a), TOBN(0x53c99a73, 0xa62fe996)}, + {TOBN(0x87585be0, 0x5b81c51b), TOBN(0x925bafa8, 0xbe0852b7), + TOBN(0x76a4fafd, 0xa84d19a7), TOBN(0x39a45982, 0x585206d4)}}, + {{TOBN(0x499b6ab6, 0x5eb03c0e), TOBN(0xf19b7954, 0x72bc3fde), + TOBN(0xa86b5b9c, 0x6e3a80d2), TOBN(0xe4377508, 0x6d42819f)}, + {TOBN(0xc1663650, 0xbb3ee8a3), TOBN(0x75eb14fc, 0xb132075f), + TOBN(0xa8ccc906, 0x7ad834f6), TOBN(0xea6a2474, 0xe6e92ffd)}}, + {{TOBN(0x9d72fd95, 0x0f8d6758), TOBN(0xcb84e101, 0x408c07dd), + TOBN(0xb9114bfd, 0xa5e23221), TOBN(0x358b5fe2, 0xe94e742c)}, + {TOBN(0x1c0577ec, 0x95f40e75), TOBN(0xf0155451, 0x3d73f3d6), + TOBN(0x9d55cd67, 0xbd1b9b66), TOBN(0x63e86e78, 0xaf8d63c7)}}, + {{TOBN(0x39d934ab, 0xd3c095f1), TOBN(0x04b261be, 0xe4b76d71), + TOBN(0x1d2e6970, 0xe73e6984), TOBN(0x879fb23b, 0x5e5fcb11)}, + {TOBN(0x11506c72, 0xdfd75490), TOBN(0x3a97d085, 0x61bcf1c1), + TOBN(0x43201d82, 0xbf5e7007), TOBN(0x7f0ac52f, 0x798232a7)}}, + {{TOBN(0x2715cbc4, 0x6eb564d4), TOBN(0x8d6c752c, 0x9e570e29), + TOBN(0xf80247c8, 0x9ef5fd5d), TOBN(0xc3c66b46, 0xd53eb514)}, + {TOBN(0x9666b401, 0x0f87de56), TOBN(0xce62c06f, 0xc6c603b5), + TOBN(0xae7b4c60, 0x7e4fc942), TOBN(0x38ac0b77, 0x663a9c19)}}, + {{TOBN(0xcb4d20ee, 0x4b049136), TOBN(0x8b63bf12, 0x356a4613), + TOBN(0x1221aef6, 0x70e08128), TOBN(0xe62d8c51, 0x4acb6b16)}, + {TOBN(0x71f64a67, 0x379e7896), TOBN(0xb25237a2, 0xcafd7fa5), + TOBN(0xf077bd98, 0x3841ba6a), TOBN(0xc4ac0244, 0x3cd16e7e)}}, + {{TOBN(0x548ba869, 0x21fea4ca), TOBN(0xd36d0817, 0xf3dfdac1), + TOBN(0x09d8d71f, 0xf4685faf), TOBN(0x8eff66be, 0xc52c459a)}, + {TOBN(0x182faee7, 0x0b57235e), TOBN(0xee3c39b1, 0x0106712b), + TOBN(0x5107331f, 0xc0fcdcb0), TOBN(0x669fb9dc, 0xa51054ba)}}, + {{TOBN(0xb25101fb, 0x319d7682), TOBN(0xb0293129, 0x0a982fee), + TOBN(0x51c1c9b9, 0x0261b344), TOBN(0x0e008c5b, 0xbfd371fa)}, + {TOBN(0xd866dd1c, 0x0278ca33), TOBN(0x666f76a6, 0xe5aa53b1), + TOBN(0xe5cfb779, 0x6013a2cf), TOBN(0x1d3a1aad, 0xa3521836)}}, + {{TOBN(0xcedd2531, 0x73faa485), TOBN(0xc8ee6c4f, 0xc0a76878), + TOBN(0xddbccfc9, 0x2a11667d), TOBN(0x1a418ea9, 0x1c2f695a)}, + {TOBN(0xdb11bd92, 0x51f73971), TOBN(0x3e4b3c82, 0xda2ed89f), + TOBN(0x9a44f3f4, 0xe73e0319), TOBN(0xd1e3de0f, 0x303431af)}}, + {{TOBN(0x3c5604ff, 0x50f75f9c), TOBN(0x1d8eddf3, 0x7e752b22), + TOBN(0x0ef074dd, 0x3c9a1118), TOBN(0xd0ffc172, 0xccb86d7b)}, + {TOBN(0xabd1ece3, 0x037d90f2), TOBN(0xe3f307d6, 0x6055856c), + TOBN(0x422f9328, 0x7e4c6daf), TOBN(0x902aac66, 0x334879a0)}}, + {{TOBN(0xb6a1e7bf, 0x94cdfade), TOBN(0x6c97e1ed, 0x7fc6d634), + TOBN(0x662ad24d, 0xa2fb63f8), TOBN(0xf81be1b9, 0xa5928405)}, + {TOBN(0x86d765e4, 0xd14b4206), TOBN(0xbecc2e0e, 0x8fa0db65), + TOBN(0xa28838e0, 0xb17fc76c), TOBN(0xe49a602a, 0xe37cf24e)}}, + {{TOBN(0x76b4131a, 0x567193ec), TOBN(0xaf3c305a, 0xe5f6e70b), + TOBN(0x9587bd39, 0x031eebdd), TOBN(0x5709def8, 0x71bbe831)}, + {TOBN(0x57059983, 0x0eb2b669), TOBN(0x4d80ce1b, 0x875b7029), + TOBN(0x838a7da8, 0x0364ac16), TOBN(0x2f431d23, 0xbe1c83ab)}}, + {{TOBN(0xe56812a6, 0xf9294dd3), TOBN(0xb448d01f, 0x9b4b0d77), + TOBN(0xf3ae6061, 0x04e8305c), TOBN(0x2bead645, 0x94d8c63e)}, + {TOBN(0x0a85434d, 0x84fd8b07), TOBN(0x537b983f, 0xf7a9dee5), + TOBN(0xedcc5f18, 0xef55bd85), TOBN(0x2041af62, 0x21c6cf8b)}}, + {{TOBN(0x8e52874c, 0xb940c71e), TOBN(0x211935a9, 0xdb5f4b3a), + TOBN(0x94350492, 0x301b1dc3), TOBN(0x33d2646d, 0x29958620)}, + {TOBN(0x16b0d64b, 0xef911404), TOBN(0x9d1f25ea, 0x9a3c5ef4), + TOBN(0x20f200eb, 0x4a352c78), TOBN(0x43929f2c, 0x4bd0b428)}}, + {{TOBN(0xa5656667, 0xc7196e29), TOBN(0x7992c2f0, 0x9391be48), + TOBN(0xaaa97cbd, 0x9ee0cd6e), TOBN(0x51b0310c, 0x3dc8c9bf)}, + {TOBN(0x237f8acf, 0xdd9f22cb), TOBN(0xbb1d81a1, 0xb585d584), + TOBN(0x8d5d85f5, 0x8c416388), TOBN(0x0d6e5a5a, 0x42fe474f)}}, + {{TOBN(0xe7812766, 0x38235d4e), TOBN(0x1c62bd67, 0x496e3298), + TOBN(0x8378660c, 0x3f175bc8), TOBN(0x4d04e189, 0x17afdd4d)}, + {TOBN(0x32a81601, 0x85a8068c), TOBN(0xdb58e4e1, 0x92b29a85), + TOBN(0xe8a65b86, 0xc70d8a3b), TOBN(0x5f0e6f4e, 0x98a0403b)}}, + {{TOBN(0x08129684, 0x69ed2370), TOBN(0x34dc30bd, 0x0871ee26), + TOBN(0x3a5ce948, 0x7c9c5b05), TOBN(0x7d487b80, 0x43a90c87)}, + {TOBN(0x4089ba37, 0xdd0e7179), TOBN(0x45f80191, 0xb4041811), + TOBN(0x1c3e1058, 0x98747ba5), TOBN(0x98c4e13a, 0x6e1ae592)}}, + {{TOBN(0xd44636e6, 0xe82c9f9e), TOBN(0x711db87c, 0xc33a1043), + TOBN(0x6f431263, 0xaa8aec05), TOBN(0x43ff120d, 0x2744a4aa)}, + {TOBN(0xd3bd892f, 0xae77779b), TOBN(0xf0fe0cc9, 0x8cdc9f82), + TOBN(0xca5f7fe6, 0xf1c5b1bc), TOBN(0xcc63a682, 0x44929a72)}}, + {{TOBN(0xc7eaba0c, 0x09dbe19a), TOBN(0x2f3585ad, 0x6b5c73c2), + TOBN(0x8ab8924b, 0x0ae50c30), TOBN(0x17fcd27a, 0x638b30ba)}, + {TOBN(0xaf414d34, 0x10b3d5a5), TOBN(0x09c107d2, 0x2a9accf1), + TOBN(0x15dac49f, 0x946a6242), TOBN(0xaec3df2a, 0xd707d642)}}, + {{TOBN(0x2c2492b7, 0x3f894ae0), TOBN(0xf59df3e5, 0xb75f18ce), + TOBN(0x7cb740d2, 0x8f53cad0), TOBN(0x3eb585fb, 0xc4f01294)}, + {TOBN(0x17da0c86, 0x32c7f717), TOBN(0xeb8c795b, 0xaf943f4c), + TOBN(0x4ee23fb5, 0xf67c51d2), TOBN(0xef187575, 0x68889949)}}, + {{TOBN(0xa6b4bdb2, 0x0389168b), TOBN(0xc4ecd258, 0xea577d03), + TOBN(0x3a63782b, 0x55743082), TOBN(0x6f678f4c, 0xc72f08cd)}, + {TOBN(0x553511cf, 0x65e58dd8), TOBN(0xd53b4e3e, 0xd402c0cd), + TOBN(0x37de3e29, 0xa037c14c), TOBN(0x86b6c516, 0xc05712aa)}}, + {{TOBN(0x2834da3e, 0xb38dff6f), TOBN(0xbe012c52, 0xea636be8), + TOBN(0x292d238c, 0x61dd37f8), TOBN(0x0e54523f, 0x8f8142db)}, + {TOBN(0xe31eb436, 0x036a05d8), TOBN(0x83e3cdff, 0x1e93c0ff), + TOBN(0x3fd2fe0f, 0x50821ddf), TOBN(0xc8e19b0d, 0xff9eb33b)}}, + {{TOBN(0xc8cc943f, 0xb569a5fe), TOBN(0xad0090d4, 0xd4342d75), + TOBN(0x82090b4b, 0xcaeca000), TOBN(0xca39687f, 0x1bd410eb)}, + {TOBN(0xe7bb0df7, 0x65959d77), TOBN(0x39d78218, 0x9c964999), + TOBN(0xd87f62e8, 0xb2415451), TOBN(0xe5efb774, 0xbed76108)}}, + {{TOBN(0x3ea011a4, 0xe822f0d0), TOBN(0xbc647ad1, 0x5a8704f8), + TOBN(0xbb315b35, 0x50c6820f), TOBN(0x863dec3d, 0xb7e76bec)}, + {TOBN(0x01ff5d3a, 0xf017bfc7), TOBN(0x20054439, 0x976b8229), + TOBN(0x067fca37, 0x0bbd0d3b), TOBN(0xf63dde64, 0x7f5e3d0f)}}, + {{TOBN(0x22dbefb3, 0x2a4c94e9), TOBN(0xafbff0fe, 0x96f8278a), + TOBN(0x80aea0b1, 0x3503793d), TOBN(0xb2238029, 0x5f06cd29)}, + {TOBN(0x65703e57, 0x8ec3feca), TOBN(0x06c38314, 0x393e7053), + TOBN(0xa0b751eb, 0x7c6734c4), TOBN(0xd2e8a435, 0xc59f0f1e)}}, + {{TOBN(0x147d9052, 0x5e9ca895), TOBN(0x2f4dd31e, 0x972072df), + TOBN(0xa16fda8e, 0xe6c6755c), TOBN(0xc66826ff, 0xcf196558)}, + {TOBN(0x1f1a76a3, 0x0cf43895), TOBN(0xa9d604e0, 0x83c3097b), + TOBN(0xe1908309, 0x66390e0e), TOBN(0xa50bf753, 0xb3c85eff)}}, + {{TOBN(0x0696bdde, 0xf6a70251), TOBN(0x548b801b, 0x3c6ab16a), + TOBN(0x37fcf704, 0xa4d08762), TOBN(0x090b3def, 0xdff76c4e)}, + {TOBN(0x87e8cb89, 0x69cb9158), TOBN(0x44a90744, 0x995ece43), + TOBN(0xf85395f4, 0x0ad9fbf5), TOBN(0x49b0f6c5, 0x4fb0c82d)}}, + {{TOBN(0x75d9bc15, 0xadf7cccf), TOBN(0x81a3e5d6, 0xdfa1e1b0), + TOBN(0x8c39e444, 0x249bc17e), TOBN(0xf37dccb2, 0x8ea7fd43)}, + {TOBN(0xda654873, 0x907fba12), TOBN(0x35daa6da, 0x4a372904), + TOBN(0x0564cfc6, 0x6283a6c5), TOBN(0xd09fa4f6, 0x4a9395bf)}}, + {{TOBN(0x688e9ec9, 0xaeb19a36), TOBN(0xd913f1ce, 0xc7bfbfb4), + TOBN(0x797b9a3c, 0x61c2faa6), TOBN(0x2f979bec, 0x6a0a9c12)}, + {TOBN(0xb5969d0f, 0x359679ec), TOBN(0xebcf523d, 0x079b0460), + TOBN(0xfd6b0008, 0x10fab870), TOBN(0x3f2edcda, 0x9373a39c)}}, + {{TOBN(0x0d64f9a7, 0x6f568431), TOBN(0xf848c27c, 0x02f8898c), + TOBN(0xf418ade1, 0x260b5bd5), TOBN(0xc1f3e323, 0x6973dee8)}, + {TOBN(0x46e9319c, 0x26c185dd), TOBN(0x6d85b7d8, 0x546f0ac4), + TOBN(0x427965f2, 0x247f9d57), TOBN(0xb519b636, 0xb0035f48)}}, + {{TOBN(0x6b6163a9, 0xab87d59c), TOBN(0xff9f58c3, 0x39caaa11), + TOBN(0x4ac39cde, 0x3177387b), TOBN(0x5f6557c2, 0x873e77f9)}, + {TOBN(0x67504006, 0x36a83041), TOBN(0x9b1c96ca, 0x75ef196c), + TOBN(0xf34283de, 0xb08c7940), TOBN(0x7ea09644, 0x1128c316)}}, + {{TOBN(0xb510b3b5, 0x6aa39dff), TOBN(0x59b43da2, 0x9f8e4d8c), + TOBN(0xa8ce31fd, 0x9e4c4b9f), TOBN(0x0e20be26, 0xc1303c01)}, + {TOBN(0x18187182, 0xe8ee47c9), TOBN(0xd9687cdb, 0x7db98101), + TOBN(0x7a520e4d, 0xa1e14ff6), TOBN(0x429808ba, 0x8836d572)}}, + {{TOBN(0xa37ca60d, 0x4944b663), TOBN(0xf901f7a9, 0xa3f91ae5), + TOBN(0xe4e3e76e, 0x9e36e3b1), TOBN(0x9aa219cf, 0x29d93250)}, + {TOBN(0x347fe275, 0x056a2512), TOBN(0xa4d643d9, 0xde65d95c), + TOBN(0x9669d396, 0x699fc3ed), TOBN(0xb598dee2, 0xcf8c6bbe)}}, + {{TOBN(0x682ac1e5, 0xdda9e5c6), TOBN(0x4e0d3c72, 0xcaa9fc95), + TOBN(0x17faaade, 0x772bea44), TOBN(0x5ef8428c, 0xab0009c8)}, + {TOBN(0xcc4ce47a, 0x460ff016), TOBN(0xda6d12bf, 0x725281cb), + TOBN(0x44c67848, 0x0223aad2), TOBN(0x6e342afa, 0x36256e28)}}, + {{TOBN(0x1400bb0b, 0x93a37c04), TOBN(0x62b1bc9b, 0xdd10bd96), + TOBN(0x7251adeb, 0x0dac46b7), TOBN(0x7d33b92e, 0x7be4ef51)}, + {TOBN(0x28b2a94b, 0xe61fa29a), TOBN(0x4b2be13f, 0x06422233), + TOBN(0x36d6d062, 0x330d8d37), TOBN(0x5ef80e1e, 0xb28ca005)}}, + {{TOBN(0x174d4699, 0x6d16768e), TOBN(0x9fc4ff6a, 0x628bf217), + TOBN(0x77705a94, 0x154e490d), TOBN(0x9d96dd28, 0x8d2d997a)}, + {TOBN(0x77e2d9d8, 0xce5d72c4), TOBN(0x9d06c5a4, 0xc11c714f), + TOBN(0x02aa5136, 0x79e4a03e), TOBN(0x1386b3c2, 0x030ff28b)}}, + {{TOBN(0xfe82e8a6, 0xfb283f61), TOBN(0x7df203e5, 0xf3abc3fb), + TOBN(0xeec7c351, 0x3a4d3622), TOBN(0xf7d17dbf, 0xdf762761)}, + {TOBN(0xc3956e44, 0x522055f0), TOBN(0xde3012db, 0x8fa748db), + TOBN(0xca9fcb63, 0xbf1dcc14), TOBN(0xa56d9dcf, 0xbe4e2f3a)}}, + {{TOBN(0xb86186b6, 0x8bcec9c2), TOBN(0x7cf24df9, 0x680b9f06), + TOBN(0xc46b45ea, 0xc0d29281), TOBN(0xfff42bc5, 0x07b10e12)}, + {TOBN(0x12263c40, 0x4d289427), TOBN(0x3d5f1899, 0xb4848ec4), + TOBN(0x11f97010, 0xd040800c), TOBN(0xb4c5f529, 0x300feb20)}}, + {{TOBN(0xcc543f8f, 0xde94fdcb), TOBN(0xe96af739, 0xc7c2f05e), + TOBN(0xaa5e0036, 0x882692e1), TOBN(0x09c75b68, 0x950d4ae9)}, + {TOBN(0x62f63df2, 0xb5932a7a), TOBN(0x2658252e, 0xde0979ad), + TOBN(0x2a19343f, 0xb5e69631), TOBN(0x718c7501, 0x525b666b)}}, + {{TOBN(0x26a42d69, 0xea40dc3a), TOBN(0xdc84ad22, 0xaecc018f), + TOBN(0x25c36c7b, 0x3270f04a), TOBN(0x46ba6d47, 0x50fa72ed)}, + {TOBN(0x6c37d1c5, 0x93e58a8e), TOBN(0xa2394731, 0x120c088c), + TOBN(0xc3be4263, 0xcb6e86da), TOBN(0x2c417d36, 0x7126d038)}}, + {{TOBN(0x5b70f9c5, 0x8b6f8efa), TOBN(0x671a2faa, 0x37718536), + TOBN(0xd3ced3c6, 0xb539c92b), TOBN(0xe56f1bd9, 0xa31203c2)}, + {TOBN(0x8b096ec4, 0x9ff3c8eb), TOBN(0x2deae432, 0x43491cea), + TOBN(0x2465c6eb, 0x17943794), TOBN(0x5d267e66, 0x20586843)}}, + {{TOBN(0x9d3d116d, 0xb07159d0), TOBN(0xae07a67f, 0xc1896210), + TOBN(0x8fc84d87, 0xbb961579), TOBN(0x30009e49, 0x1c1f8dd6)}, + {TOBN(0x8a8caf22, 0xe3132819), TOBN(0xcffa197c, 0xf23ab4ff), + TOBN(0x58103a44, 0x205dd687), TOBN(0x57b796c3, 0x0ded67a2)}}, + {{TOBN(0x0b9c3a6c, 0xa1779ad7), TOBN(0xa33cfe2e, 0x357c09c5), + TOBN(0x2ea29315, 0x3db4a57e), TOBN(0x91959695, 0x8ebeb52e)}, + {TOBN(0x118db9a6, 0xe546c879), TOBN(0x8e996df4, 0x6295c8d6), + TOBN(0xdd990484, 0x55ec806b), TOBN(0x24f291ca, 0x165c1035)}}, + {{TOBN(0xcca523bb, 0x440e2229), TOBN(0x324673a2, 0x73ef4d04), + TOBN(0xaf3adf34, 0x3e11ec39), TOBN(0x6136d7f1, 0xdc5968d3)}, + {TOBN(0x7a7b2899, 0xb053a927), TOBN(0x3eaa2661, 0xae067ecd), + TOBN(0x8549b9c8, 0x02779cd9), TOBN(0x061d7940, 0xc53385ea)}}, + {{TOBN(0x3e0ba883, 0xf06d18bd), TOBN(0x4ba6de53, 0xb2700843), + TOBN(0xb966b668, 0x591a9e4d), TOBN(0x93f67567, 0x7f4fa0ed)}, + {TOBN(0x5a02711b, 0x4347237b), TOBN(0xbc041e2f, 0xe794608e), + TOBN(0x55af10f5, 0x70f73d8c), TOBN(0xd2d4d4f7, 0xbb7564f7)}}, + {{TOBN(0xd7d27a89, 0xb3e93ce7), TOBN(0xf7b5a875, 0x5d3a2c1b), + TOBN(0xb29e68a0, 0x255b218a), TOBN(0xb533837e, 0x8af76754)}, + {TOBN(0xd1b05a73, 0x579fab2e), TOBN(0xb41055a1, 0xecd74385), + TOBN(0xb2369274, 0x445e9115), TOBN(0x2972a7c4, 0xf520274e)}}, + {{TOBN(0x6c08334e, 0xf678e68a), TOBN(0x4e4160f0, 0x99b057ed), + TOBN(0x3cfe11b8, 0x52ccb69a), TOBN(0x2fd1823a, 0x21c8f772)}, + {TOBN(0xdf7f072f, 0x3298f055), TOBN(0x8c0566f9, 0xfec74a6e), + TOBN(0xe549e019, 0x5bb4d041), TOBN(0x7c3930ba, 0x9208d850)}}, + {{TOBN(0xe07141fc, 0xaaa2902b), TOBN(0x539ad799, 0xe4f69ad3), + TOBN(0xa6453f94, 0x813f9ffd), TOBN(0xc58d3c48, 0x375bc2f7)}, + {TOBN(0xb3326fad, 0x5dc64e96), TOBN(0x3aafcaa9, 0xb240e354), + TOBN(0x1d1b0903, 0xaca1e7a9), TOBN(0x4ceb9767, 0x1211b8a0)}}, + {{TOBN(0xeca83e49, 0xe32a858e), TOBN(0x4c32892e, 0xae907bad), + TOBN(0xd5b42ab6, 0x2eb9b494), TOBN(0x7fde3ee2, 0x1eabae1b)}, + {TOBN(0x13b5ab09, 0xcaf54957), TOBN(0xbfb028be, 0xe5f5d5d5), + TOBN(0x928a0650, 0x2003e2c0), TOBN(0x90793aac, 0x67476843)}}, + {{TOBN(0x5e942e79, 0xc81710a0), TOBN(0x557e4a36, 0x27ccadd4), + TOBN(0x72a2bc56, 0x4bcf6d0c), TOBN(0x09ee5f43, 0x26d7b80c)}, + {TOBN(0x6b70dbe9, 0xd4292f19), TOBN(0x56f74c26, 0x63f16b18), + TOBN(0xc23db0f7, 0x35fbb42a), TOBN(0xb606bdf6, 0x6ae10040)}}, + {{TOBN(0x1eb15d4d, 0x044573ac), TOBN(0x7dc3cf86, 0x556b0ba4), + TOBN(0x97af9a33, 0xc60df6f7), TOBN(0x0b1ef85c, 0xa716ce8c)}, + {TOBN(0x2922f884, 0xc96958be), TOBN(0x7c32fa94, 0x35690963), + TOBN(0x2d7f667c, 0xeaa00061), TOBN(0xeaaf7c17, 0x3547365c)}}, + {{TOBN(0x1eb4de46, 0x87032d58), TOBN(0xc54f3d83, 0x5e2c79e0), + TOBN(0x07818df4, 0x5d04ef23), TOBN(0x55faa9c8, 0x673d41b4)}, + {TOBN(0xced64f6f, 0x89b95355), TOBN(0x4860d2ea, 0xb7415c84), + TOBN(0x5fdb9bd2, 0x050ebad3), TOBN(0xdb53e0cc, 0x6685a5bf)}}, + {{TOBN(0xb830c031, 0x9feb6593), TOBN(0xdd87f310, 0x6accff17), + TOBN(0x2303ebab, 0x9f555c10), TOBN(0x94603695, 0x287e7065)}, + {TOBN(0xf88311c3, 0x2e83358c), TOBN(0x508dd9b4, 0xeefb0178), + TOBN(0x7ca23706, 0x2dba8652), TOBN(0x62aac5a3, 0x0047abe5)}}, + {{TOBN(0x9a61d2a0, 0x8b1ea7b3), TOBN(0xd495ab63, 0xae8b1485), + TOBN(0x38740f84, 0x87052f99), TOBN(0x178ebe5b, 0xb2974eea)}, + {TOBN(0x030bbcca, 0x5b36d17f), TOBN(0xb5e4cce3, 0xaaf86eea), + TOBN(0xb51a0220, 0x68f8e9e0), TOBN(0xa4348796, 0x09eb3e75)}}, + {{TOBN(0xbe592309, 0xeef1a752), TOBN(0x5d7162d7, 0x6f2aa1ed), + TOBN(0xaebfb5ed, 0x0f007dd2), TOBN(0x255e14b2, 0xc89edd22)}, + {TOBN(0xba85e072, 0x0303b697), TOBN(0xc5d17e25, 0xf05720ff), + TOBN(0x02b58d6e, 0x5128ebb6), TOBN(0x2c80242d, 0xd754e113)}}, + {{TOBN(0x919fca5f, 0xabfae1ca), TOBN(0x937afaac, 0x1a21459b), + TOBN(0x9e0ca91c, 0x1f66a4d2), TOBN(0x194cc7f3, 0x23ec1331)}, + {TOBN(0xad25143a, 0x8aa11690), TOBN(0xbe40ad8d, 0x09b59e08), + TOBN(0x37d60d9b, 0xe750860a), TOBN(0x6c53b008, 0xc6bf434c)}}, + {{TOBN(0xb572415d, 0x1356eb80), TOBN(0xb8bf9da3, 0x9578ded8), + TOBN(0x22658e36, 0x5e8fb38b), TOBN(0x9b70ce22, 0x5af8cb22)}, + {TOBN(0x7c00018a, 0x829a8180), TOBN(0x84329f93, 0xb81ed295), + TOBN(0x7c343ea2, 0x5f3cea83), TOBN(0x38f8655f, 0x67586536)}}, + {{TOBN(0xa661a0d0, 0x1d3ec517), TOBN(0x98744652, 0x512321ae), + TOBN(0x084ca591, 0xeca92598), TOBN(0xa9bb9dc9, 0x1dcb3feb)}, + {TOBN(0x14c54355, 0x78b4c240), TOBN(0x5ed62a3b, 0x610cafdc), + TOBN(0x07512f37, 0x1b38846b), TOBN(0x571bb70a, 0xb0e38161)}}, + {{TOBN(0xb556b95b, 0x2da705d2), TOBN(0x3ef8ada6, 0xb1a08f98), + TOBN(0x85302ca7, 0xddecfbe5), TOBN(0x0e530573, 0x943105cd)}, + {TOBN(0x60554d55, 0x21a9255d), TOBN(0x63a32fa1, 0xf2f3802a), + TOBN(0x35c8c5b0, 0xcd477875), TOBN(0x97f458ea, 0x6ad42da1)}}, + {{TOBN(0x832d7080, 0xeb6b242d), TOBN(0xd30bd023, 0x3b71e246), + TOBN(0x7027991b, 0xbe31139d), TOBN(0x68797e91, 0x462e4e53)}, + {TOBN(0x423fe20a, 0x6b4e185a), TOBN(0x82f2c67e, 0x42d9b707), + TOBN(0x25c81768, 0x4cf7811b), TOBN(0xbd53005e, 0x045bb95d)}}}, + {{{TOBN(0xe5f649be, 0x9d8e68fd), TOBN(0xdb0f0533, 0x1b044320), + TOBN(0xf6fde9b3, 0xe0c33398), TOBN(0x92f4209b, 0x66c8cfae)}, + {TOBN(0xe9d1afcc, 0x1a739d4b), TOBN(0x09aea75f, 0xa28ab8de), + TOBN(0x14375fb5, 0xeac6f1d0), TOBN(0x6420b560, 0x708f7aa5)}}, + {{TOBN(0x9eae499c, 0x6254dc41), TOBN(0x7e293924, 0x7a837e7e), + TOBN(0x74aec08c, 0x090524a7), TOBN(0xf82b9219, 0x8d6f55f2)}, + {TOBN(0x493c962e, 0x1402cec5), TOBN(0x9f17ca17, 0xfa2f30e7), + TOBN(0xbcd783e8, 0xe9b879cb), TOBN(0xea3d8c14, 0x5a6f145f)}}, + {{TOBN(0xdede15e7, 0x5e0dee6e), TOBN(0x74f24872, 0xdc628aa2), + TOBN(0xd3e9c4fe, 0x7861bb93), TOBN(0x56d4822a, 0x6187b2e0)}, + {TOBN(0xb66417cf, 0xc59826f9), TOBN(0xca260969, 0x2408169e), + TOBN(0xedf69d06, 0xc79ef885), TOBN(0x00031f8a, 0xdc7d138f)}}, + {{TOBN(0x103c46e6, 0x0ebcf726), TOBN(0x4482b831, 0x6231470e), + TOBN(0x6f6dfaca, 0x487c2109), TOBN(0x2e0ace97, 0x62e666ef)}, + {TOBN(0x3246a9d3, 0x1f8d1f42), TOBN(0x1b1e83f1, 0x574944d2), + TOBN(0x13dfa63a, 0xa57f334b), TOBN(0x0cf8daed, 0x9f025d81)}}, + {{TOBN(0x30d78ea8, 0x00ee11c1), TOBN(0xeb053cd4, 0xb5e3dd75), + TOBN(0x9b65b13e, 0xd58c43c5), TOBN(0xc3ad49bd, 0xbd151663)}, + {TOBN(0x99fd8e41, 0xb6427990), TOBN(0x12cf15bd, 0x707eae1e), + TOBN(0x29ad4f1b, 0x1aabb71e), TOBN(0x5143e74d, 0x07545d0e)}}, + {{TOBN(0x30266336, 0xc88bdee1), TOBN(0x25f29306, 0x5876767c), + TOBN(0x9c078571, 0xc6731996), TOBN(0xc88690b2, 0xed552951)}, + {TOBN(0x274f2c2d, 0x852705b4), TOBN(0xb0bf8d44, 0x4e09552d), + TOBN(0x7628beeb, 0x986575d1), TOBN(0x407be238, 0x7f864651)}}, + {{TOBN(0x0e5e3049, 0xa639fc6b), TOBN(0xe75c35d9, 0x86003625), + TOBN(0x0cf35bd8, 0x5dcc1646), TOBN(0x8bcaced2, 0x6c26273a)}, + {TOBN(0xe22ecf1d, 0xb5536742), TOBN(0x013dd897, 0x1a9e068b), + TOBN(0x17f411cb, 0x8a7909c5), TOBN(0x5757ac98, 0x861dd506)}}, + {{TOBN(0x85de1f0d, 0x1e935abb), TOBN(0xdefd10b4, 0x154de37a), + TOBN(0xb8d9e392, 0x369cebb5), TOBN(0x54d5ef9b, 0x761324be)}, + {TOBN(0x4d6341ba, 0x74f17e26), TOBN(0xc0a0e3c8, 0x78c1dde4), + TOBN(0xa6d77581, 0x87d918fd), TOBN(0x66876015, 0x02ca3a13)}}, + {{TOBN(0xc7313e9c, 0xf36658f0), TOBN(0xc433ef1c, 0x71f8057e), + TOBN(0x85326246, 0x1b6a835a), TOBN(0xc8f05398, 0x7c86394c)}, + {TOBN(0xff398cdf, 0xe983c4a1), TOBN(0xbf5e8162, 0x03b7b931), + TOBN(0x93193c46, 0xb7b9045b), TOBN(0x1e4ebf5d, 0xa4a6e46b)}}, + {{TOBN(0xf9942a60, 0x43a24fe7), TOBN(0x29c1191e, 0xffb3492b), + TOBN(0x9f662449, 0x902fde05), TOBN(0xc792a7ac, 0x6713c32d)}, + {TOBN(0x2fd88ad8, 0xb737982c), TOBN(0x7e3a0319, 0xa21e60e3), + TOBN(0x09b0de44, 0x7383591a), TOBN(0x6df141ee, 0x8310a456)}}, + {{TOBN(0xaec1a039, 0xe6d6f471), TOBN(0x14b2ba0f, 0x1198d12e), + TOBN(0xebc1a160, 0x3aeee5ac), TOBN(0x401f4836, 0xe0b964ce)}, + {TOBN(0x2ee43796, 0x4fd03f66), TOBN(0x3fdb4e49, 0xdd8f3f12), + TOBN(0x6ef267f6, 0x29380f18), TOBN(0x3e8e9670, 0x8da64d16)}}, + {{TOBN(0xbc19180c, 0x207674f1), TOBN(0x112e09a7, 0x33ae8fdb), + TOBN(0x99667554, 0x6aaeb71e), TOBN(0x79432af1, 0xe101b1c7)}, + {TOBN(0xd5eb558f, 0xde2ddec6), TOBN(0x81392d1f, 0x5357753f), + TOBN(0xa7a76b97, 0x3ae1158a), TOBN(0x416fbbff, 0x4a899991)}}, + {{TOBN(0x9e65fdfd, 0x0d4a9dcf), TOBN(0x7bc29e48, 0x944ddf12), + TOBN(0xbc1a92d9, 0x3c856866), TOBN(0x273c6905, 0x6e98dfe2)}, + {TOBN(0x69fce418, 0xcdfaa6b8), TOBN(0x606bd823, 0x5061c69f), + TOBN(0x42d495a0, 0x6af75e27), TOBN(0x8ed3d505, 0x6d873a1f)}}, + {{TOBN(0xaf552841, 0x6ab25b6a), TOBN(0xc6c0ffc7, 0x2b1a4523), + TOBN(0xab18827b, 0x21c99e03), TOBN(0x060e8648, 0x9034691b)}, + {TOBN(0x5207f90f, 0x93c7f398), TOBN(0x9f4a96cb, 0x82f8d10b), + TOBN(0xdd71cd79, 0x3ad0f9e3), TOBN(0x84f435d2, 0xfc3a54f5)}}, + {{TOBN(0x4b03c55b, 0x8e33787f), TOBN(0xef42f975, 0xa6384673), + TOBN(0xff7304f7, 0x5051b9f0), TOBN(0x18aca1dc, 0x741c87c2)}, + {TOBN(0x56f120a7, 0x2d4bfe80), TOBN(0xfd823b3d, 0x053e732c), + TOBN(0x11bccfe4, 0x7537ca16), TOBN(0xdf6c9c74, 0x1b5a996b)}}, + {{TOBN(0xee7332c7, 0x904fc3fa), TOBN(0x14a23f45, 0xc7e3636a), + TOBN(0xc38659c3, 0xf091d9aa), TOBN(0x4a995e5d, 0xb12d8540)}, + {TOBN(0x20a53bec, 0xf3a5598a), TOBN(0x56534b17, 0xb1eaa995), + TOBN(0x9ed3dca4, 0xbf04e03c), TOBN(0x716c563a, 0xd8d56268)}}, + {{TOBN(0x27ba77a4, 0x1d6178e7), TOBN(0xe4c80c40, 0x68a1ff8e), + TOBN(0x75011099, 0x0a13f63d), TOBN(0x7bf33521, 0xa61d46f3)}, + {TOBN(0x0aff218e, 0x10b365bb), TOBN(0x81021804, 0x0fd7ea75), + TOBN(0x05a3fd8a, 0xa4b3a925), TOBN(0xb829e75f, 0x9b3db4e6)}}, + {{TOBN(0x6bdc75a5, 0x4d53e5fb), TOBN(0x04a5dc02, 0xd52717e3), + TOBN(0x86af502f, 0xe9a42ec2), TOBN(0x8867e8fb, 0x2630e382)}, + {TOBN(0xbf845c6e, 0xbec9889b), TOBN(0x54f491f2, 0xcb47c98d), + TOBN(0xa3091fba, 0x790c2a12), TOBN(0xd7f6fd78, 0xc20f708b)}}, + {{TOBN(0xa569ac30, 0xacde5e17), TOBN(0xd0f996d0, 0x6852b4d7), + TOBN(0xe51d4bb5, 0x4609ae54), TOBN(0x3fa37d17, 0x0daed061)}, + {TOBN(0x62a88684, 0x34b8fb41), TOBN(0x99a2acbd, 0x9efb64f1), + TOBN(0xb75c1a5e, 0x6448e1f2), TOBN(0xfa99951a, 0x42b5a069)}}, + {{TOBN(0x6d956e89, 0x2f3b26e7), TOBN(0xf4709860, 0xda875247), + TOBN(0x3ad15179, 0x2482dda3), TOBN(0xd64110e3, 0x017d82f0)}, + {TOBN(0x14928d2c, 0xfad414e4), TOBN(0x2b155f58, 0x2ed02b24), + TOBN(0x481a141b, 0xcb821bf1), TOBN(0x12e3c770, 0x4f81f5da)}}, + {{TOBN(0xe49c5de5, 0x9fff8381), TOBN(0x11053232, 0x5bbec894), + TOBN(0xa0d051cc, 0x454d88c4), TOBN(0x4f6db89c, 0x1f8e531b)}, + {TOBN(0x34fe3fd6, 0xca563a44), TOBN(0x7f5c2215, 0x58da8ab9), + TOBN(0x8445016d, 0x9474f0a1), TOBN(0x17d34d61, 0xcb7d8a0a)}}, + {{TOBN(0x8e9d3910, 0x1c474019), TOBN(0xcaff2629, 0xd52ceefb), + TOBN(0xf9cf3e32, 0xc1622c2b), TOBN(0xd4b95e3c, 0xe9071a05)}, + {TOBN(0xfbbca61f, 0x1594438c), TOBN(0x1eb6e6a6, 0x04aadedf), + TOBN(0x853027f4, 0x68e14940), TOBN(0x221d322a, 0xdfabda9c)}}, + {{TOBN(0xed8ea9f6, 0xb7cb179a), TOBN(0xdc7b764d, 0xb7934dcc), + TOBN(0xfcb13940, 0x5e09180d), TOBN(0x6629a6bf, 0xb47dc2dd)}, + {TOBN(0xbfc55e4e, 0x9f5a915e), TOBN(0xb1db9d37, 0x6204441e), + TOBN(0xf82d68cf, 0x930c5f53), TOBN(0x17d3a142, 0xcbb605b1)}}, + {{TOBN(0xdd5944ea, 0x308780f2), TOBN(0xdc8de761, 0x3845f5e4), + TOBN(0x6beaba7d, 0x7624d7a3), TOBN(0x1e709afd, 0x304df11e)}, + {TOBN(0x95364376, 0x02170456), TOBN(0xbf204b3a, 0xc8f94b64), + TOBN(0x4e53af7c, 0x5680ca68), TOBN(0x0526074a, 0xe0c67574)}}, + {{TOBN(0x95d8cef8, 0xecd92af6), TOBN(0xe6b9fa7a, 0x6cd1745a), + TOBN(0x3d546d3d, 0xa325c3e4), TOBN(0x1f57691d, 0x9ae93aae)}, + {TOBN(0xe891f3fe, 0x9d2e1a33), TOBN(0xd430093f, 0xac063d35), + TOBN(0xeda59b12, 0x5513a327), TOBN(0xdc2134f3, 0x5536f18f)}}, + {{TOBN(0xaa51fe2c, 0x5c210286), TOBN(0x3f68aaee, 0x1cab658c), + TOBN(0x5a23a00b, 0xf9357292), TOBN(0x9a626f39, 0x7efdabed)}, + {TOBN(0xfe2b3bf3, 0x199d78e3), TOBN(0xb7a2af77, 0x71bbc345), + TOBN(0x3d19827a, 0x1e59802c), TOBN(0x823bbc15, 0xb487a51c)}}, + {{TOBN(0x856139f2, 0x99d0a422), TOBN(0x9ac3df65, 0xf456c6fb), + TOBN(0xaddf65c6, 0x701f8bd6), TOBN(0x149f321e, 0x3758df87)}, + {TOBN(0xb1ecf714, 0x721b7eba), TOBN(0xe17df098, 0x31a3312a), + TOBN(0xdb2fd6ec, 0xd5c4d581), TOBN(0xfd02996f, 0x8fcea1b3)}}, + {{TOBN(0xe29fa63e, 0x7882f14f), TOBN(0xc9f6dc35, 0x07c6cadc), + TOBN(0x46f22d6f, 0xb882bed0), TOBN(0x1a45755b, 0xd118e52c)}, + {TOBN(0x9f2c7c27, 0x7c4608cf), TOBN(0x7ccbdf32, 0x568012c2), + TOBN(0xfcb0aedd, 0x61729b0e), TOBN(0x7ca2ca9e, 0xf7d75dbf)}}, + {{TOBN(0xf58fecb1, 0x6f640f62), TOBN(0xe274b92b, 0x39f51946), + TOBN(0x7f4dfc04, 0x6288af44), TOBN(0x0a91f32a, 0xeac329e5)}, + {TOBN(0x43ad274b, 0xd6aaba31), TOBN(0x719a1640, 0x0f6884f9), + TOBN(0x685d29f6, 0xdaf91e20), TOBN(0x5ec1cc33, 0x27e49d52)}}, + {{TOBN(0x38f4de96, 0x3b54a059), TOBN(0x0e0015e5, 0xefbcfdb3), + TOBN(0x177d23d9, 0x4dbb8da6), TOBN(0x98724aa2, 0x97a617ad)}, + {TOBN(0x30f0885b, 0xfdb6558e), TOBN(0xf9f7a28a, 0xc7899a96), + TOBN(0xd2ae8ac8, 0x872dc112), TOBN(0xfa0642ca, 0x73c3c459)}}, + {{TOBN(0x15296981, 0xe7dfc8d6), TOBN(0x67cd4450, 0x1fb5b94a), + TOBN(0x0ec71cf1, 0x0eddfd37), TOBN(0xc7e5eeb3, 0x9a8eddc7)}, + {TOBN(0x02ac8e3d, 0x81d95028), TOBN(0x0088f172, 0x70b0e35d), + TOBN(0xec041fab, 0xe1881fe3), TOBN(0x62cf71b8, 0xd99e7faa)}}, + {{TOBN(0x5043dea7, 0xe0f222c2), TOBN(0x309d42ac, 0x72e65142), + TOBN(0x94fe9ddd, 0x9216cd30), TOBN(0xd6539c7d, 0x0f87feec)}, + {TOBN(0x03c5a57c, 0x432ac7d7), TOBN(0x72692cf0, 0x327fda10), + TOBN(0xec28c85f, 0x280698de), TOBN(0x2331fb46, 0x7ec283b1)}}, + {{TOBN(0xd34bfa32, 0x2867e633), TOBN(0x78709a82, 0x0a9cc815), + TOBN(0xb7fe6964, 0x875e2fa5), TOBN(0x25cc064f, 0x9e98bfb5)}, + {TOBN(0x9eb0151c, 0x493a65c5), TOBN(0x5fb5d941, 0x53182464), + TOBN(0x69e6f130, 0xf04618e2), TOBN(0xa8ecec22, 0xf89c8ab6)}}, + {{TOBN(0xcd6ac88b, 0xb96209bd), TOBN(0x65fa8cdb, 0xb3e1c9e0), + TOBN(0xa47d22f5, 0x4a8d8eac), TOBN(0x83895cdf, 0x8d33f963)}, + {TOBN(0xa8adca59, 0xb56cd3d1), TOBN(0x10c8350b, 0xdaf38232), + TOBN(0x2b161fb3, 0xa5080a9f), TOBN(0xbe7f5c64, 0x3af65b3a)}}, + {{TOBN(0x2c754039, 0x97403a11), TOBN(0x94626cf7, 0x121b96af), + TOBN(0x431de7c4, 0x6a983ec2), TOBN(0x3780dd3a, 0x52cc3df7)}, + {TOBN(0xe28a0e46, 0x2baf8e3b), TOBN(0xabe68aad, 0x51d299ae), + TOBN(0x603eb8f9, 0x647a2408), TOBN(0x14c61ed6, 0x5c750981)}}, + {{TOBN(0x88b34414, 0xc53352e7), TOBN(0x5a34889c, 0x1337d46e), + TOBN(0x612c1560, 0xf95f2bc8), TOBN(0x8a3f8441, 0xd4807a3a)}, + {TOBN(0x680d9e97, 0x5224da68), TOBN(0x60cd6e88, 0xc3eb00e9), + TOBN(0x3875a98e, 0x9a6bc375), TOBN(0xdc80f924, 0x4fd554c2)}}, + {{TOBN(0x6c4b3415, 0x6ac77407), TOBN(0xa1e5ea8f, 0x25420681), + TOBN(0x541bfa14, 0x4607a458), TOBN(0x5dbc7e7a, 0x96d7fbf9)}, + {TOBN(0x646a851b, 0x31590a47), TOBN(0x039e85ba, 0x15ee6df8), + TOBN(0xd19fa231, 0xd7b43fc0), TOBN(0x84bc8be8, 0x299a0e04)}}, + {{TOBN(0x2b9d2936, 0xf20df03a), TOBN(0x24054382, 0x8608d472), + TOBN(0x76b6ba04, 0x9149202a), TOBN(0xb21c3831, 0x3670e7b7)}, + {TOBN(0xddd93059, 0xd6fdee10), TOBN(0x9da47ad3, 0x78488e71), + TOBN(0x99cc1dfd, 0xa0fcfb25), TOBN(0x42abde10, 0x64696954)}}, + {{TOBN(0x14cc15fc, 0x17eab9fe), TOBN(0xd6e863e4, 0xd3e70972), + TOBN(0x29a7765c, 0x6432112c), TOBN(0x88660001, 0x5b0774d8)}, + {TOBN(0x3729175a, 0x2c088eae), TOBN(0x13afbcae, 0x8230b8d4), + TOBN(0x44768151, 0x915f4379), TOBN(0xf086431a, 0xd8d22812)}}, + {{TOBN(0x37461955, 0xc298b974), TOBN(0x905fb5f0, 0xf8711e04), + TOBN(0x787abf3a, 0xfe969d18), TOBN(0x392167c2, 0x6f6a494e)}, + {TOBN(0xfc7a0d2d, 0x28c511da), TOBN(0xf127c7dc, 0xb66a262d), + TOBN(0xf9c4bb95, 0xfd63fdf0), TOBN(0x90016589, 0x3913ef46)}}, + {{TOBN(0x74d2a73c, 0x11aa600d), TOBN(0x2f5379bd, 0x9fb5ab52), + TOBN(0xe49e53a4, 0x7fb70068), TOBN(0x68dd39e5, 0x404aa9a7)}, + {TOBN(0xb9b0cf57, 0x2ecaa9c3), TOBN(0xba0e103b, 0xe824826b), + TOBN(0x60c2198b, 0x4631a3c4), TOBN(0xc5ff84ab, 0xfa8966a2)}}, + {{TOBN(0x2d6ebe22, 0xac95aff8), TOBN(0x1c9bb6db, 0xb5a46d09), + TOBN(0x419062da, 0x53ee4f8d), TOBN(0x7b9042d0, 0xbb97efef)}, + {TOBN(0x0f87f080, 0x830cf6bd), TOBN(0x4861d19a, 0x6ec8a6c6), + TOBN(0xd3a0daa1, 0x202f01aa), TOBN(0xb0111674, 0xf25afbd5)}}, + {{TOBN(0x6d00d6cf, 0x1afb20d9), TOBN(0x13695000, 0x40671bc5), + TOBN(0x913ab0dc, 0x2485ea9b), TOBN(0x1f2bed06, 0x9eef61ac)}, + {TOBN(0x850c8217, 0x6d799e20), TOBN(0x93415f37, 0x3271c2de), + TOBN(0x5afb06e9, 0x6c4f5910), TOBN(0x688a52df, 0xc4e9e421)}}, + {{TOBN(0x30495ba3, 0xe2a9a6db), TOBN(0x4601303d, 0x58f9268b), + TOBN(0xbe3b0dad, 0x7eb0f04f), TOBN(0x4ea47250, 0x4456936d)}, + {TOBN(0x8caf8798, 0xd33fd3e7), TOBN(0x1ccd8a89, 0xeb433708), + TOBN(0x9effe3e8, 0x87fd50ad), TOBN(0xbe240a56, 0x6b29c4df)}}, + {{TOBN(0xec4ffd98, 0xca0e7ebd), TOBN(0xf586783a, 0xe748616e), + TOBN(0xa5b00d8f, 0xc77baa99), TOBN(0x0acada29, 0xb4f34c9c)}, + {TOBN(0x36dad67d, 0x0fe723ac), TOBN(0x1d8e53a5, 0x39c36c1e), + TOBN(0xe4dd342d, 0x1f4bea41), TOBN(0x64fd5e35, 0xebc9e4e0)}}, + {{TOBN(0x96f01f90, 0x57908805), TOBN(0xb5b9ea3d, 0x5ed480dd), + TOBN(0x366c5dc2, 0x3efd2dd0), TOBN(0xed2fe305, 0x6e9dfa27)}, + {TOBN(0x4575e892, 0x6e9197e2), TOBN(0x11719c09, 0xab502a5d), + TOBN(0x264c7bec, 0xe81f213f), TOBN(0x741b9241, 0x55f5c457)}}, + {{TOBN(0x78ac7b68, 0x49a5f4f4), TOBN(0xf91d70a2, 0x9fc45b7d), + TOBN(0x39b05544, 0xb0f5f355), TOBN(0x11f06bce, 0xeef930d9)}, + {TOBN(0xdb84d25d, 0x038d05e1), TOBN(0x04838ee5, 0xbacc1d51), + TOBN(0x9da3ce86, 0x9e8ee00b), TOBN(0xc3412057, 0xc36eda1f)}}, + {{TOBN(0xae80b913, 0x64d9c2f4), TOBN(0x7468bac3, 0xa010a8ff), + TOBN(0xdfd20037, 0x37359d41), TOBN(0x1a0f5ab8, 0x15efeacc)}, + {TOBN(0x7c25ad2f, 0x659d0ce0), TOBN(0x4011bcbb, 0x6785cff1), + TOBN(0x128b9912, 0x7e2192c7), TOBN(0xa549d8e1, 0x13ccb0e8)}}, + {{TOBN(0x805588d8, 0xc85438b1), TOBN(0x5680332d, 0xbc25cb27), + TOBN(0xdcd1bc96, 0x1a4bfdf4), TOBN(0x779ff428, 0x706f6566)}, + {TOBN(0x8bbee998, 0xf059987a), TOBN(0xf6ce8cf2, 0xcc686de7), + TOBN(0xf8ad3c4a, 0x953cfdb2), TOBN(0xd1d426d9, 0x2205da36)}}, + {{TOBN(0xb3c0f13f, 0xc781a241), TOBN(0x3e89360e, 0xd75362a8), + TOBN(0xccd05863, 0xc8a91184), TOBN(0x9bd0c9b7, 0xefa8a7f4)}, + {TOBN(0x97ee4d53, 0x8a912a4b), TOBN(0xde5e15f8, 0xbcf518fd), + TOBN(0x6a055bf8, 0xc467e1e0), TOBN(0x10be4b4b, 0x1587e256)}}, + {{TOBN(0xd90c14f2, 0x668621c9), TOBN(0xd5518f51, 0xab9c92c1), + TOBN(0x8e6a0100, 0xd6d47b3c), TOBN(0xcbe980dd, 0x66716175)}, + {TOBN(0x500d3f10, 0xddd83683), TOBN(0x3b6cb35d, 0x99cac73c), + TOBN(0x53730c8b, 0x6083d550), TOBN(0xcf159767, 0xdf0a1987)}}, + {{TOBN(0x84bfcf53, 0x43ad73b3), TOBN(0x1b528c20, 0x4f035a94), + TOBN(0x4294edf7, 0x33eeac69), TOBN(0xb6283e83, 0x817f3240)}, + {TOBN(0xc3fdc959, 0x0a5f25b1), TOBN(0xefaf8aa5, 0x5844ee22), + TOBN(0xde269ba5, 0xdbdde4de), TOBN(0xe3347160, 0xc56133bf)}}, + {{TOBN(0xc1184219, 0x8d9ea9f8), TOBN(0x090de5db, 0xf3fc1ab5), + TOBN(0x404c37b1, 0x0bf22cda), TOBN(0x7de20ec8, 0xf5618894)}, + {TOBN(0x754c588e, 0xecdaecab), TOBN(0x6ca4b0ed, 0x88342743), + TOBN(0x76f08bdd, 0xf4a938ec), TOBN(0xd182de89, 0x91493ccb)}}, + {{TOBN(0xd652c53e, 0xc8a4186a), TOBN(0xb3e878db, 0x946d8e33), + TOBN(0x088453c0, 0x5f37663c), TOBN(0x5cd9daaa, 0xb407748b)}, + {TOBN(0xa1f5197f, 0x586d5e72), TOBN(0x47500be8, 0xc443ca59), + TOBN(0x78ef35b2, 0xe2652424), TOBN(0x09c5d26f, 0x6dd7767d)}}, + {{TOBN(0x7175a79a, 0xa74d3f7b), TOBN(0x0428fd8d, 0xcf5ea459), + TOBN(0x511cb97c, 0xa5d1746d), TOBN(0x36363939, 0xe71d1278)}, + {TOBN(0xcf2df955, 0x10350bf4), TOBN(0xb3817439, 0x60aae782), + TOBN(0xa748c0e4, 0x3e688809), TOBN(0x98021fbf, 0xd7a5a006)}}, + {{TOBN(0x9076a70c, 0x0e367a98), TOBN(0xbea1bc15, 0x0f62b7c2), + TOBN(0x2645a68c, 0x30fe0343), TOBN(0xacaffa78, 0x699dc14f)}, + {TOBN(0xf4469964, 0x457bf9c4), TOBN(0x0db6407b, 0x0d2ead83), + TOBN(0x68d56cad, 0xb2c6f3eb), TOBN(0x3b512e73, 0xf376356c)}}, + {{TOBN(0xe43b0e1f, 0xfce10408), TOBN(0x89ddc003, 0x5a5e257d), + TOBN(0xb0ae0d12, 0x0362e5b3), TOBN(0x07f983c7, 0xb0519161)}, + {TOBN(0xc2e94d15, 0x5d5231e7), TOBN(0xcff22aed, 0x0b4f9513), + TOBN(0xb02588dd, 0x6ad0b0b5), TOBN(0xb967d1ac, 0x11d0dcd5)}}, + {{TOBN(0x8dac6bc6, 0xcf777b6c), TOBN(0x0062bdbd, 0x4c6d1959), + TOBN(0x53da71b5, 0x0ef5cc85), TOBN(0x07012c7d, 0x4006f14f)}, + {TOBN(0x4617f962, 0xac47800d), TOBN(0x53365f2b, 0xc102ed75), + TOBN(0xb422efcb, 0x4ab8c9d3), TOBN(0x195cb26b, 0x34af31c9)}}, + {{TOBN(0x3a926e29, 0x05f2c4ce), TOBN(0xbd2bdecb, 0x9856966c), + TOBN(0x5d16ab3a, 0x85527015), TOBN(0x9f81609e, 0x4486c231)}, + {TOBN(0xd8b96b2c, 0xda350002), TOBN(0xbd054690, 0xfa1b7d36), + TOBN(0xdc90ebf5, 0xe71d79bc), TOBN(0xf241b6f9, 0x08964e4e)}}, + {{TOBN(0x7c838643, 0x2fe3cd4c), TOBN(0xe0f33acb, 0xb4bc633c), + TOBN(0xb4a9ecec, 0x3d139f1f), TOBN(0x05ce69cd, 0xdc4a1f49)}, + {TOBN(0xa19d1b16, 0xf5f98aaf), TOBN(0x45bb71d6, 0x6f23e0ef), + TOBN(0x33789fcd, 0x46cdfdd3), TOBN(0x9b8e2978, 0xcee040ca)}}, + {{TOBN(0x9c69b246, 0xae0a6828), TOBN(0xba533d24, 0x7078d5aa), + TOBN(0x7a2e42c0, 0x7bb4fbdb), TOBN(0xcfb4879a, 0x7035385c)}, + {TOBN(0x8c3dd30b, 0x3281705b), TOBN(0x7e361c6c, 0x404fe081), + TOBN(0x7b21649c, 0x3f604edf), TOBN(0x5dbf6a3f, 0xe52ffe47)}}, + {{TOBN(0xc41b7c23, 0x4b54d9bf), TOBN(0x1374e681, 0x3511c3d9), + TOBN(0x1863bf16, 0xc1b2b758), TOBN(0x90e78507, 0x1e9e6a96)}, + {TOBN(0xab4bf98d, 0x5d86f174), TOBN(0xd74e0bd3, 0x85e96fe4), + TOBN(0x8afde39f, 0xcac5d344), TOBN(0x90946dbc, 0xbd91b847)}}, + {{TOBN(0xf5b42358, 0xfe1a838c), TOBN(0x05aae6c5, 0x620ac9d8), + TOBN(0x8e193bd8, 0xa1ce5a0b), TOBN(0x8f710571, 0x4dabfd72)}, + {TOBN(0x8d8fdd48, 0x182caaac), TOBN(0x8c4aeefa, 0x040745cf), + TOBN(0x73c6c30a, 0xf3b93e6d), TOBN(0x991241f3, 0x16f42011)}}, + {{TOBN(0xa0158eea, 0xe457a477), TOBN(0xd19857db, 0xee6ddc05), + TOBN(0xb3265224, 0x18c41671), TOBN(0x3ffdfc7e, 0x3c2c0d58)}, + {TOBN(0x3a3a5254, 0x26ee7cda), TOBN(0x341b0869, 0xdf02c3a8), + TOBN(0xa023bf42, 0x723bbfc8), TOBN(0x3d15002a, 0x14452691)}}}, + {{{TOBN(0x5ef7324c, 0x85edfa30), TOBN(0x25976554, 0x87d4f3da), + TOBN(0x352f5bc0, 0xdcb50c86), TOBN(0x8f6927b0, 0x4832a96c)}, + {TOBN(0xd08ee1ba, 0x55f2f94c), TOBN(0x6a996f99, 0x344b45fa), + TOBN(0xe133cb8d, 0xa8aa455d), TOBN(0x5d0721ec, 0x758dc1f7)}}, + {{TOBN(0x6ba7a920, 0x79e5fb67), TOBN(0xe1331feb, 0x70aa725e), + TOBN(0x5080ccf5, 0x7df5d837), TOBN(0xe4cae01d, 0x7ff72e21)}, + {TOBN(0xd9243ee6, 0x0412a77d), TOBN(0x06ff7cac, 0xdf449025), + TOBN(0xbe75f7cd, 0x23ef5a31), TOBN(0xbc957822, 0x0ddef7a8)}}, + {{TOBN(0x8cf7230c, 0xb0ce1c55), TOBN(0x5b534d05, 0x0bbfb607), + TOBN(0xee1ef113, 0x0e16363b), TOBN(0x27e0aa7a, 0xb4999e82)}, + {TOBN(0xce1dac2d, 0x79362c41), TOBN(0x67920c90, 0x91bb6cb0), + TOBN(0x1e648d63, 0x2223df24), TOBN(0x0f7d9eef, 0xe32e8f28)}}, + {{TOBN(0x6943f39a, 0xfa833834), TOBN(0x22951722, 0xa6328562), + TOBN(0x81d63dd5, 0x4170fc10), TOBN(0x9f5fa58f, 0xaecc2e6d)}, + {TOBN(0xb66c8725, 0xe77d9a3b), TOBN(0x11235cea, 0x6384ebe0), + TOBN(0x06a8c118, 0x5845e24a), TOBN(0x0137b286, 0xebd093b1)}}, + {{TOBN(0xc589e1ce, 0x44ace150), TOBN(0xe0f8d3d9, 0x4381e97c), + TOBN(0x59e99b11, 0x62c5a4b8), TOBN(0x90d262f7, 0xfd0ec9f9)}, + {TOBN(0xfbc854c9, 0x283e13c9), TOBN(0x2d04fde7, 0xaedc7085), + TOBN(0x057d7765, 0x47dcbecb), TOBN(0x8dbdf591, 0x9a76fa5f)}}, + {{TOBN(0xd0150695, 0x0de1e578), TOBN(0x2e1463e7, 0xe9f72bc6), + TOBN(0xffa68441, 0x1b39eca5), TOBN(0x673c8530, 0x7c037f2f)}, + {TOBN(0xd0d6a600, 0x747f91da), TOBN(0xb08d43e1, 0xc9cb78e9), + TOBN(0x0fc0c644, 0x27b5cef5), TOBN(0x5c1d160a, 0xa60a2fd6)}}, + {{TOBN(0xf98cae53, 0x28c8e13b), TOBN(0x375f10c4, 0xb2eddcd1), + TOBN(0xd4eb8b7f, 0x5cce06ad), TOBN(0xb4669f45, 0x80a2e1ef)}, + {TOBN(0xd593f9d0, 0x5bbd8699), TOBN(0x5528a4c9, 0xe7976d13), + TOBN(0x3923e095, 0x1c7e28d3), TOBN(0xb9293790, 0x3f6bb577)}}, + {{TOBN(0xdb567d6a, 0xc42bd6d2), TOBN(0x6df86468, 0xbb1f96ae), + TOBN(0x0efe5b1a, 0x4843b28e), TOBN(0x961bbb05, 0x6379b240)}, + {TOBN(0xb6caf5f0, 0x70a6a26b), TOBN(0x70686c0d, 0x328e6e39), + TOBN(0x80da06cf, 0x895fc8d3), TOBN(0x804d8810, 0xb363fdc9)}}, + {{TOBN(0xbe22877b, 0x207f1670), TOBN(0x9b0dd188, 0x4e615291), + TOBN(0x625ae8dc, 0x97a3c2bf), TOBN(0x08584ef7, 0x439b86e8)}, + {TOBN(0xde7190a5, 0xdcd898ff), TOBN(0x26286c40, 0x2058ee3d), + TOBN(0x3db0b217, 0x5f87b1c1), TOBN(0xcc334771, 0x102a6db5)}}, + {{TOBN(0xd99de954, 0x2f770fb1), TOBN(0x97c1c620, 0x4cd7535e), + TOBN(0xd3b6c448, 0x3f09cefc), TOBN(0xd725af15, 0x5a63b4f8)}, + {TOBN(0x0c95d24f, 0xc01e20ec), TOBN(0xdfd37494, 0x9ae7121f), + TOBN(0x7d6ddb72, 0xec77b7ec), TOBN(0xfe079d3b, 0x0353a4ae)}}, + {{TOBN(0x3066e70a, 0x2e6ac8d2), TOBN(0x9c6b5a43, 0x106e5c05), + TOBN(0x52d3c6f5, 0xede59b8c), TOBN(0x30d6a5c3, 0xfccec9ae)}, + {TOBN(0xedec7c22, 0x4fc0a9ef), TOBN(0x190ff083, 0x95c16ced), + TOBN(0xbe12ec8f, 0x94de0fde), TOBN(0x0d131ab8, 0x852d3433)}}, + {{TOBN(0x42ace07e, 0x85701291), TOBN(0x94793ed9, 0x194061a8), + TOBN(0x30e83ed6, 0xd7f4a485), TOBN(0x9eec7269, 0xf9eeff4d)}, + {TOBN(0x90acba59, 0x0c9d8005), TOBN(0x5feca458, 0x1e79b9d1), + TOBN(0x8fbe5427, 0x1d506a1e), TOBN(0xa32b2c8e, 0x2439cfa7)}}, + {{TOBN(0x1671c173, 0x73dd0b4e), TOBN(0x37a28214, 0x44a054c6), + TOBN(0x81760a1b, 0x4e8b53f1), TOBN(0xa6c04224, 0xf9f93b9e)}, + {TOBN(0x18784b34, 0xcf671e3c), TOBN(0x81bbecd2, 0xcda9b994), + TOBN(0x38831979, 0xb2ab3848), TOBN(0xef54feb7, 0xf2e03c2d)}}, + {{TOBN(0xcf197ca7, 0xfb8088fa), TOBN(0x01427247, 0x4ddc96c5), + TOBN(0xa2d2550a, 0x30777176), TOBN(0x53469898, 0x4d0cf71d)}, + {TOBN(0x6ce937b8, 0x3a2aaac6), TOBN(0xe9f91dc3, 0x5af38d9b), + TOBN(0x2598ad83, 0xc8bf2899), TOBN(0x8e706ac9, 0xb5536c16)}}, + {{TOBN(0x40dc7495, 0xf688dc98), TOBN(0x26490cd7, 0x124c4afc), + TOBN(0xe651ec84, 0x1f18775c), TOBN(0x393ea6c3, 0xb4fdaf4a)}, + {TOBN(0x1e1f3343, 0x7f338e0d), TOBN(0x39fb832b, 0x6053e7b5), + TOBN(0x46e702da, 0x619e14d5), TOBN(0x859cacd1, 0xcdeef6e0)}}, + {{TOBN(0x63b99ce7, 0x4462007d), TOBN(0xb8ab48a5, 0x4cb5f5b7), + TOBN(0x9ec673d2, 0xf55edde7), TOBN(0xd1567f74, 0x8cfaefda)}, + {TOBN(0x46381b6b, 0x0887bcec), TOBN(0x694497ce, 0xe178f3c2), + TOBN(0x5e6525e3, 0x1e6266cb), TOBN(0x5931de26, 0x697d6413)}}, + {{TOBN(0x87f8df7c, 0x0e58d493), TOBN(0xb1ae5ed0, 0x58b73f12), + TOBN(0xc368f784, 0xdea0c34d), TOBN(0x9bd0a120, 0x859a91a0)}, + {TOBN(0xb00d88b7, 0xcc863c68), TOBN(0x3a1cc11e, 0x3d1f4d65), + TOBN(0xea38e0e7, 0x0aa85593), TOBN(0x37f13e98, 0x7dc4aee8)}}, + {{TOBN(0x10d38667, 0xbc947bad), TOBN(0x738e07ce, 0x2a36ee2e), + TOBN(0xc93470cd, 0xc577fcac), TOBN(0xdee1b616, 0x2782470d)}, + {TOBN(0x36a25e67, 0x2e793d12), TOBN(0xd6aa6cae, 0xe0f186da), + TOBN(0x474d0fd9, 0x80e07af7), TOBN(0xf7cdc47d, 0xba8a5cd4)}}, + {{TOBN(0x28af6d9d, 0xab15247f), TOBN(0x7c789c10, 0x493a537f), + TOBN(0x7ac9b110, 0x23a334e7), TOBN(0x0236ac09, 0x12c9c277)}, + {TOBN(0xa7e5bd25, 0x1d7a5144), TOBN(0x098b9c2a, 0xf13ec4ec), + TOBN(0x3639daca, 0xd3f0abca), TOBN(0x642da81a, 0xa23960f9)}}, + {{TOBN(0x7d2e5c05, 0x4f7269b1), TOBN(0xfcf30777, 0xe287c385), + TOBN(0x10edc84f, 0xf2a46f21), TOBN(0x35441757, 0x4f43fa36)}, + {TOBN(0xf1327899, 0xfd703431), TOBN(0xa438d7a6, 0x16dd587a), + TOBN(0x65c34c57, 0xe9c8352d), TOBN(0xa728edab, 0x5cc5a24e)}}, + {{TOBN(0xaed78abc, 0x42531689), TOBN(0x0a51a0e8, 0x010963ef), + TOBN(0x5776fa0a, 0xd717d9b3), TOBN(0xf356c239, 0x7dd3428b)}, + {TOBN(0x29903fff, 0x8d3a3dac), TOBN(0x409597fa, 0x3d94491f), + TOBN(0x4cd7a5ff, 0xbf4a56a4), TOBN(0xe5096474, 0x8adab462)}}, + {{TOBN(0xa97b5126, 0x5c3427b0), TOBN(0x6401405c, 0xd282c9bd), + TOBN(0x3629f8d7, 0x222c5c45), TOBN(0xb1c02c16, 0xe8d50aed)}, + {TOBN(0xbea2ed75, 0xd9635bc9), TOBN(0x226790c7, 0x6e24552f), + TOBN(0x3c33f2a3, 0x65f1d066), TOBN(0x2a43463e, 0x6dfccc2e)}}, + {{TOBN(0x8cc3453a, 0xdb483761), TOBN(0xe7cc6085, 0x65d5672b), + TOBN(0x277ed6cb, 0xde3efc87), TOBN(0x19f2f368, 0x69234eaf)}, + {TOBN(0x9aaf4317, 0x5c0b800b), TOBN(0x1f1e7c89, 0x8b6da6e2), + TOBN(0x6cfb4715, 0xb94ec75e), TOBN(0xd590dd5f, 0x453118c2)}}, + {{TOBN(0x14e49da1, 0x1f17a34c), TOBN(0x5420ab39, 0x235a1456), + TOBN(0xb7637241, 0x2f50363b), TOBN(0x7b15d623, 0xc3fabb6e)}, + {TOBN(0xa0ef40b1, 0xe274e49c), TOBN(0x5cf50744, 0x96b1860a), + TOBN(0xd6583fbf, 0x66afe5a4), TOBN(0x44240510, 0xf47e3e9a)}}, + {{TOBN(0x99254343, 0x11b2d595), TOBN(0xf1367499, 0xeec8df57), + TOBN(0x3cb12c61, 0x3e73dd05), TOBN(0xd248c033, 0x7dac102a)}, + {TOBN(0xcf154f13, 0xa77739f5), TOBN(0xbf4288cb, 0x23d2af42), + TOBN(0xaa64c9b6, 0x32e4a1cf), TOBN(0xee8c07a8, 0xc8a208f3)}}, + {{TOBN(0xe10d4999, 0x6fe8393f), TOBN(0x0f809a3f, 0xe91f3a32), + TOBN(0x61096d1c, 0x802f63c8), TOBN(0x289e1462, 0x57750d3d)}, + {TOBN(0xed06167e, 0x9889feea), TOBN(0xd5c9c0e2, 0xe0993909), + TOBN(0x46fca0d8, 0x56508ac6), TOBN(0x91826047, 0x4f1b8e83)}}, + {{TOBN(0x4f2c877a, 0x9a4a2751), TOBN(0x71bd0072, 0xcae6fead), + TOBN(0x38df8dcc, 0x06aa1941), TOBN(0x5a074b4c, 0x63beeaa8)}, + {TOBN(0xd6d65934, 0xc1cec8ed), TOBN(0xa6ecb49e, 0xaabc03bd), + TOBN(0xaade91c2, 0xde8a8415), TOBN(0xcfb0efdf, 0x691136e0)}}, + {{TOBN(0x11af45ee, 0x23ab3495), TOBN(0xa132df88, 0x0b77463d), + TOBN(0x8923c15c, 0x815d06f4), TOBN(0xc3ceb3f5, 0x0d61a436)}, + {TOBN(0xaf52291d, 0xe88fb1da), TOBN(0xea057974, 0x1da12179), + TOBN(0xb0d7218c, 0xd2fef720), TOBN(0x6c0899c9, 0x8e1d8845)}}, + {{TOBN(0x98157504, 0x752ddad7), TOBN(0xd60bd74f, 0xa1a68a97), + TOBN(0x7047a3a9, 0xf658fb99), TOBN(0x1f5d86d6, 0x5f8511e4)}, + {TOBN(0xb8a4bc42, 0x4b5a6d88), TOBN(0x69eb2c33, 0x1abefa7d), + TOBN(0x95bf39e8, 0x13c9c510), TOBN(0xf571960a, 0xd48aab43)}}, + {{TOBN(0x7e8cfbcf, 0x704e23c6), TOBN(0xc71b7d22, 0x28aaa65b), + TOBN(0xa041b2bd, 0x245e3c83), TOBN(0x69b98834, 0xd21854ff)}, + {TOBN(0x89d227a3, 0x963bfeec), TOBN(0x99947aaa, 0xde7da7cb), + TOBN(0x1d9ee9db, 0xee68a9b1), TOBN(0x0a08f003, 0x698ec368)}}, + {{TOBN(0xe9ea4094, 0x78ef2487), TOBN(0xc8d2d415, 0x02cfec26), + TOBN(0xc52f9a6e, 0xb7dcf328), TOBN(0x0ed489e3, 0x85b6a937)}, + {TOBN(0x9b94986b, 0xbef3366e), TOBN(0x0de59c70, 0xedddddb8), + TOBN(0xffdb748c, 0xeadddbe2), TOBN(0x9b9784bb, 0x8266ea40)}}, + {{TOBN(0x142b5502, 0x1a93507a), TOBN(0xb4cd1187, 0x8d3c06cf), + TOBN(0xdf70e76a, 0x91ec3f40), TOBN(0x484e81ad, 0x4e7553c2)}, + {TOBN(0x830f87b5, 0x272e9d6e), TOBN(0xea1c93e5, 0xc6ff514a), + TOBN(0x67cc2adc, 0xc4192a8e), TOBN(0xc77e27e2, 0x42f4535a)}}, + {{TOBN(0x9cdbab36, 0xd2b713c5), TOBN(0x86274ea0, 0xcf7b0cd3), + TOBN(0x784680f3, 0x09af826b), TOBN(0xbfcc837a, 0x0c72dea3)}, + {TOBN(0xa8bdfe9d, 0xd6529b73), TOBN(0x708aa228, 0x63a88002), + TOBN(0x6c7a9a54, 0xc91d45b9), TOBN(0xdf1a38bb, 0xfd004f56)}}, + {{TOBN(0x2e8c9a26, 0xb8bad853), TOBN(0x2d52cea3, 0x3723eae7), + TOBN(0x054d6d81, 0x56ca2830), TOBN(0xa3317d14, 0x9a8dc411)}, + {TOBN(0xa08662fe, 0xfd4ddeda), TOBN(0xed2a153a, 0xb55d792b), + TOBN(0x7035c16a, 0xbfc6e944), TOBN(0xb6bc5834, 0x00171cf3)}}, + {{TOBN(0xe27152b3, 0x83d102b6), TOBN(0xfe695a47, 0x0646b848), + TOBN(0xa5bb09d8, 0x916e6d37), TOBN(0xb4269d64, 0x0d17015e)}, + {TOBN(0x8d8156a1, 0x0a1d2285), TOBN(0xfeef6c51, 0x46d26d72), + TOBN(0x9dac57c8, 0x4c5434a7), TOBN(0x0282e5be, 0x59d39e31)}}, + {{TOBN(0xedfff181, 0x721c486d), TOBN(0x301baf10, 0xbc58824e), + TOBN(0x8136a6aa, 0x00570031), TOBN(0x55aaf78c, 0x1cddde68)}, + {TOBN(0x26829371, 0x59c63952), TOBN(0x3a3bd274, 0x8bc25baf), + TOBN(0xecdf8657, 0xb7e52dc3), TOBN(0x2dd8c087, 0xfd78e6c8)}}, + {{TOBN(0x20553274, 0xf5531461), TOBN(0x8b4a1281, 0x5d95499b), + TOBN(0xe2c8763a, 0x1a80f9d2), TOBN(0xd1dbe32b, 0x4ddec758)}, + {TOBN(0xaf12210d, 0x30c34169), TOBN(0xba74a953, 0x78baa533), + TOBN(0x3d133c6e, 0xa438f254), TOBN(0xa431531a, 0x201bef5b)}}, + {{TOBN(0x15295e22, 0xf669d7ec), TOBN(0xca374f64, 0x357fb515), + TOBN(0x8a8406ff, 0xeaa3fdb3), TOBN(0x106ae448, 0xdf3f2da8)}, + {TOBN(0x8f9b0a90, 0x33c8e9a1), TOBN(0x234645e2, 0x71ad5885), + TOBN(0x3d083224, 0x1c0aed14), TOBN(0xf10a7d3e, 0x7a942d46)}}, + {{TOBN(0x7c11deee, 0x40d5c9be), TOBN(0xb2bae7ff, 0xba84ed98), + TOBN(0x93e97139, 0xaad58ddd), TOBN(0x3d872796, 0x3f6d1fa3)}, + {TOBN(0x483aca81, 0x8569ff13), TOBN(0x8b89a5fb, 0x9a600f72), + TOBN(0x4cbc27c3, 0xc06f2b86), TOBN(0x22130713, 0x63ad9c0b)}}, + {{TOBN(0xb5358b1e, 0x48ac2840), TOBN(0x18311294, 0xecba9477), + TOBN(0xda58f990, 0xa6946b43), TOBN(0x3098baf9, 0x9ab41819)}, + {TOBN(0x66c4c158, 0x4198da52), TOBN(0xab4fc17c, 0x146bfd1b), + TOBN(0x2f0a4c3c, 0xbf36a908), TOBN(0x2ae9e34b, 0x58cf7838)}}, + {{TOBN(0xf411529e, 0x3fa11b1f), TOBN(0x21e43677, 0x974af2b4), + TOBN(0x7c20958e, 0xc230793b), TOBN(0x710ea885, 0x16e840f3)}, + {TOBN(0xfc0b21fc, 0xc5dc67cf), TOBN(0x08d51647, 0x88405718), + TOBN(0xd955c21f, 0xcfe49eb7), TOBN(0x9722a5d5, 0x56dd4a1f)}}, + {{TOBN(0xc9ef50e2, 0xc861baa5), TOBN(0xc0c21a5d, 0x9505ac3e), + TOBN(0xaf6b9a33, 0x8b7c063f), TOBN(0xc6370339, 0x2f4779c1)}, + {TOBN(0x22df99c7, 0x638167c3), TOBN(0xfe6ffe76, 0x795db30c), + TOBN(0x2b822d33, 0xa4854989), TOBN(0xfef031dd, 0x30563aa5)}}, + {{TOBN(0x16b09f82, 0xd57c667f), TOBN(0xc70312ce, 0xcc0b76f1), + TOBN(0xbf04a9e6, 0xc9118aec), TOBN(0x82fcb419, 0x3409d133)}, + {TOBN(0x1a8ab385, 0xab45d44d), TOBN(0xfba07222, 0x617b83a3), + TOBN(0xb05f50dd, 0x58e81b52), TOBN(0x1d8db553, 0x21ce5aff)}}, + {{TOBN(0x3097b8d4, 0xe344a873), TOBN(0x7d8d116d, 0xfe36d53e), + TOBN(0x6db22f58, 0x7875e750), TOBN(0x2dc5e373, 0x43e144ea)}, + {TOBN(0xc05f32e6, 0xe799eb95), TOBN(0xe9e5f4df, 0x6899e6ec), + TOBN(0xbdc3bd68, 0x1fab23d5), TOBN(0xb72b8ab7, 0x73af60e6)}}, + {{TOBN(0x8db27ae0, 0x2cecc84a), TOBN(0x600016d8, 0x7bdb871c), + TOBN(0x42a44b13, 0xd7c46f58), TOBN(0xb8919727, 0xc3a77d39)}, + {TOBN(0xcfc6bbbd, 0xdafd6088), TOBN(0x1a740146, 0x6bd20d39), + TOBN(0x8c747abd, 0x98c41072), TOBN(0x4c91e765, 0xbdf68ea1)}}, + {{TOBN(0x7c95e5ca, 0x08819a78), TOBN(0xcf48b729, 0xc9587921), + TOBN(0x091c7c5f, 0xdebbcc7d), TOBN(0x6f287404, 0xf0e05149)}, + {TOBN(0xf83b5ac2, 0x26cd44ec), TOBN(0x88ae32a6, 0xcfea250e), + TOBN(0x6ac5047a, 0x1d06ebc5), TOBN(0xc7e550b4, 0xd434f781)}}, + {{TOBN(0x61ab1cf2, 0x5c727bd2), TOBN(0x2e4badb1, 0x1cf915b0), + TOBN(0x1b4dadec, 0xf69d3920), TOBN(0xe61b1ca6, 0xf14c1dfe)}, + {TOBN(0x90b479cc, 0xbd6bd51f), TOBN(0x8024e401, 0x8045ec30), + TOBN(0xcab29ca3, 0x25ef0e62), TOBN(0x4f2e9416, 0x49e4ebc0)}}, + {{TOBN(0x45eb40ec, 0x0ccced58), TOBN(0x25cd4b9c, 0x0da44f98), + TOBN(0x43e06458, 0x871812c6), TOBN(0x99f80d55, 0x16cef651)}, + {TOBN(0x571340c9, 0xce6dc153), TOBN(0x138d5117, 0xd8665521), + TOBN(0xacdb45bc, 0x4e07014d), TOBN(0x2f34bb38, 0x84b60b91)}}, + {{TOBN(0xf44a4fd2, 0x2ae8921e), TOBN(0xb039288e, 0x892ba1e2), + TOBN(0x9da50174, 0xb1c180b2), TOBN(0x6b70ab66, 0x1693dc87)}, + {TOBN(0x7e9babc9, 0xe7057481), TOBN(0x4581ddef, 0x9c80dc41), + TOBN(0x0c890da9, 0x51294682), TOBN(0x0b5629d3, 0x3f4736e5)}}, + {{TOBN(0x2340c79e, 0xb06f5b41), TOBN(0xa42e84ce, 0x4e243469), + TOBN(0xf9a20135, 0x045a71a9), TOBN(0xefbfb415, 0xd27b6fb6)}, + {TOBN(0x25ebea23, 0x9d33cd6f), TOBN(0x9caedb88, 0xaa6c0af8), + TOBN(0x53dc7e9a, 0xd9ce6f96), TOBN(0x3897f9fd, 0x51e0b15a)}}, + {{TOBN(0xf51cb1f8, 0x8e5d788e), TOBN(0x1aec7ba8, 0xe1d490ee), + TOBN(0x265991e0, 0xcc58cb3c), TOBN(0x9f306e8c, 0x9fc3ad31)}, + {TOBN(0x5fed006e, 0x5040a0ac), TOBN(0xca9d5043, 0xfb476f2e), + TOBN(0xa19c06e8, 0xbeea7a23), TOBN(0xd2865801, 0x0edabb63)}}, + {{TOBN(0xdb92293f, 0x6967469a), TOBN(0x2894d839, 0x8d8a8ed8), + TOBN(0x87c9e406, 0xbbc77122), TOBN(0x8671c6f1, 0x2ea3a26a)}, + {TOBN(0xe42df8d6, 0xd7de9853), TOBN(0x2e3ce346, 0xb1f2bcc7), + TOBN(0xda601dfc, 0x899d50cf), TOBN(0xbfc913de, 0xfb1b598f)}}, + {{TOBN(0x81c4909f, 0xe61f7908), TOBN(0x192e304f, 0x9bbc7b29), + TOBN(0xc3ed8738, 0xc104b338), TOBN(0xedbe9e47, 0x783f5d61)}, + {TOBN(0x0c06e9be, 0x2db30660), TOBN(0xda3e613f, 0xc0eb7d8e), + TOBN(0xd8fa3e97, 0x322e096e), TOBN(0xfebd91e8, 0xd336e247)}}, + {{TOBN(0x8f13ccc4, 0xdf655a49), TOBN(0xa9e00dfc, 0x5eb20210), + TOBN(0x84631d0f, 0xc656b6ea), TOBN(0x93a058cd, 0xd8c0d947)}, + {TOBN(0x6846904a, 0x67bd3448), TOBN(0x4a3d4e1a, 0xf394fd5c), + TOBN(0xc102c1a5, 0xdb225f52), TOBN(0xe3455bba, 0xfc4f5e9a)}}, + {{TOBN(0x6b36985b, 0x4b9ad1ce), TOBN(0xa9818536, 0x5bb7f793), + TOBN(0x6c25e1d0, 0x48b1a416), TOBN(0x1381dd53, 0x3c81bee7)}, + {TOBN(0xd2a30d61, 0x7a4a7620), TOBN(0xc8412926, 0x39b8944c), + TOBN(0x3c1c6fbe, 0x7a97c33a), TOBN(0x941e541d, 0x938664e7)}}, + {{TOBN(0x417499e8, 0x4a34f239), TOBN(0x15fdb83c, 0xb90402d5), + TOBN(0xb75f46bf, 0x433aa832), TOBN(0xb61e15af, 0x63215db1)}, + {TOBN(0xaabe59d4, 0xa127f89a), TOBN(0x5d541e0c, 0x07e816da), + TOBN(0xaaba0659, 0xa618b692), TOBN(0x55327733, 0x17266026)}}, + {{TOBN(0xaf53a0fc, 0x95f57552), TOBN(0x32947650, 0x6cacb0c9), + TOBN(0x253ff58d, 0xc821be01), TOBN(0xb0309531, 0xa06f1146)}, + {TOBN(0x59bbbdf5, 0x05c2e54d), TOBN(0x158f27ad, 0x26e8dd22), + TOBN(0xcc5b7ffb, 0x397e1e53), TOBN(0xae03f65b, 0x7fc1e50d)}}, + {{TOBN(0xa9784ebd, 0x9c95f0f9), TOBN(0x5ed9deb2, 0x24640771), + TOBN(0x31244af7, 0x035561c4), TOBN(0x87332f3a, 0x7ee857de)}, + {TOBN(0x09e16e9e, 0x2b9e0d88), TOBN(0x52d910f4, 0x56a06049), + TOBN(0x507ed477, 0xa9592f48), TOBN(0x85cb917b, 0x2365d678)}}, + {{TOBN(0xf8511c93, 0x4c8998d1), TOBN(0x2186a3f1, 0x730ea58f), + TOBN(0x50189626, 0xb2029db0), TOBN(0x9137a6d9, 0x02ceb75a)}, + {TOBN(0x2fe17f37, 0x748bc82c), TOBN(0x87c2e931, 0x80469f8c), + TOBN(0x850f71cd, 0xbf891aa2), TOBN(0x0ca1b89b, 0x75ec3d8d)}}, + {{TOBN(0x516c43aa, 0x5e1cd3cd), TOBN(0x89397808, 0x9a887c28), + TOBN(0x0059c699, 0xddea1f9f), TOBN(0x7737d6fa, 0x8e6868f7)}, + {TOBN(0x6d93746a, 0x60f1524b), TOBN(0x36985e55, 0xba052aa7), + TOBN(0x41b1d322, 0xed923ea5), TOBN(0x3429759f, 0x25852a11)}}, + {{TOBN(0xbeca6ec3, 0x092e9f41), TOBN(0x3a238c66, 0x62256bbd), + TOBN(0xd82958ea, 0x70ad487d), TOBN(0x4ac8aaf9, 0x65610d93)}, + {TOBN(0x3fa101b1, 0x5e4ccab0), TOBN(0x9bf430f2, 0x9de14bfb), + TOBN(0xa10f5cc6, 0x6531899d), TOBN(0x590005fb, 0xea8ce17d)}}, + {{TOBN(0xc437912f, 0x24544cb6), TOBN(0x9987b71a, 0xd79ac2e3), + TOBN(0x13e3d9dd, 0xc058a212), TOBN(0x00075aac, 0xd2de9606)}, + {TOBN(0x80ab508b, 0x6cac8369), TOBN(0x87842be7, 0xf54f6c89), + TOBN(0xa7ad663d, 0x6bc532a4), TOBN(0x67813de7, 0x78a91bc8)}}, + {{TOBN(0x5dcb61ce, 0xc3427239), TOBN(0x5f3c7cf0, 0xc56934d9), + TOBN(0xc079e0fb, 0xe3191591), TOBN(0xe40896bd, 0xb01aada7)}, + {TOBN(0x8d466791, 0x0492d25f), TOBN(0x8aeb30c9, 0xe7408276), + TOBN(0xe9437495, 0x9287aacc), TOBN(0x23d4708d, 0x79fe03d4)}}, + {{TOBN(0x8cda9cf2, 0xd0c05199), TOBN(0x502fbc22, 0xfae78454), + TOBN(0xc0bda9df, 0xf572a182), TOBN(0x5f9b71b8, 0x6158b372)}, + {TOBN(0xe0f33a59, 0x2b82dd07), TOBN(0x76302735, 0x9523032e), + TOBN(0x7fe1a721, 0xc4505a32), TOBN(0x7b6e3e82, 0xf796409f)}}}, + {{{TOBN(0xe3417bc0, 0x35d0b34a), TOBN(0x440b386b, 0x8327c0a7), + TOBN(0x8fb7262d, 0xac0362d1), TOBN(0x2c41114c, 0xe0cdf943)}, + {TOBN(0x2ba5cef1, 0xad95a0b1), TOBN(0xc09b37a8, 0x67d54362), + TOBN(0x26d6cdd2, 0x01e486c9), TOBN(0x20477abf, 0x42ff9297)}}, + {{TOBN(0xa004dcb3, 0x292a9287), TOBN(0xddc15cf6, 0x77b092c7), + TOBN(0x083a8464, 0x806c0605), TOBN(0x4a68df70, 0x3db997b0)}, + {TOBN(0x9c134e45, 0x05bf7dd0), TOBN(0xa4e63d39, 0x8ccf7f8c), + TOBN(0xa6e6517f, 0x41b5f8af), TOBN(0xaa8b9342, 0xad7bc1cc)}}, + {{TOBN(0x126f35b5, 0x1e706ad9), TOBN(0xb99cebb4, 0xc3a9ebdf), + TOBN(0xa75389af, 0xbf608d90), TOBN(0x76113c4f, 0xc6c89858)}, + {TOBN(0x80de8eb0, 0x97e2b5aa), TOBN(0x7e1022cc, 0x63b91304), + TOBN(0x3bdab605, 0x6ccc066c), TOBN(0x33cbb144, 0xb2edf900)}}, + {{TOBN(0xc4176471, 0x7af715d2), TOBN(0xe2f7f594, 0xd0134a96), + TOBN(0x2c1873ef, 0xa41ec956), TOBN(0xe4e7b4f6, 0x77821304)}, + {TOBN(0xe5c8ff97, 0x88d5374a), TOBN(0x2b915e63, 0x80823d5b), + TOBN(0xea6bc755, 0xb2ee8fe2), TOBN(0x6657624c, 0xe7112651)}}, + {{TOBN(0x157af101, 0xdace5aca), TOBN(0xc4fdbcf2, 0x11a6a267), + TOBN(0xdaddf340, 0xc49c8609), TOBN(0x97e49f52, 0xe9604a65)}, + {TOBN(0x9be8e790, 0x937e2ad5), TOBN(0x846e2508, 0x326e17f1), + TOBN(0x3f38007a, 0x0bbbc0dc), TOBN(0xcf03603f, 0xb11e16d6)}}, + {{TOBN(0xd6f800e0, 0x7442f1d5), TOBN(0x475607d1, 0x66e0e3ab), + TOBN(0x82807f16, 0xb7c64047), TOBN(0x8858e1e3, 0xa749883d)}, + {TOBN(0x5859120b, 0x8231ee10), TOBN(0x1b80e7eb, 0x638a1ece), + TOBN(0xcb72525a, 0xc6aa73a4), TOBN(0xa7cdea3d, 0x844423ac)}}, + {{TOBN(0x5ed0c007, 0xf8ae7c38), TOBN(0x6db07a5c, 0x3d740192), + TOBN(0xbe5e9c2a, 0x5fe36db3), TOBN(0xd5b9d57a, 0x76e95046)}, + {TOBN(0x54ac32e7, 0x8eba20f2), TOBN(0xef11ca8f, 0x71b9a352), + TOBN(0x305e373e, 0xff98a658), TOBN(0xffe5a100, 0x823eb667)}}, + {{TOBN(0x57477b11, 0xe51732d2), TOBN(0xdfd6eb28, 0x2538fc0e), + TOBN(0x5c43b0cc, 0x3b39eec5), TOBN(0x6af12778, 0xcb36cc57)}, + {TOBN(0x70b0852d, 0x06c425ae), TOBN(0x6df92f8c, 0x5c221b9b), + TOBN(0x6c8d4f9e, 0xce826d9c), TOBN(0xf59aba7b, 0xb49359c3)}}, + {{TOBN(0x5c8ed8d5, 0xda64309d), TOBN(0x61a6de56, 0x91b30704), + TOBN(0xd6b52f6a, 0x2f9b5808), TOBN(0x0eee4194, 0x98c958a7)}, + {TOBN(0xcddd9aab, 0x771e4caa), TOBN(0x83965dfd, 0x78bc21be), + TOBN(0x02affce3, 0xb3b504f5), TOBN(0x30847a21, 0x561c8291)}}, + {{TOBN(0xd2eb2cf1, 0x52bfda05), TOBN(0xe0e4c4e9, 0x6197b98c), + TOBN(0x1d35076c, 0xf8a1726f), TOBN(0x6c06085b, 0x2db11e3d)}, + {TOBN(0x15c0c4d7, 0x4463ba14), TOBN(0x9d292f83, 0x0030238c), + TOBN(0x1311ee8b, 0x3727536d), TOBN(0xfeea86ef, 0xbeaedc1e)}}, + {{TOBN(0xb9d18cd3, 0x66131e2e), TOBN(0xf31d974f, 0x80fe2682), + TOBN(0xb6e49e0f, 0xe4160289), TOBN(0x7c48ec0b, 0x08e92799)}, + {TOBN(0x818111d8, 0xd1989aa7), TOBN(0xb34fa0aa, 0xebf926f9), + TOBN(0xdb5fe2f5, 0xa245474a), TOBN(0xf80a6ebb, 0x3c7ca756)}}, + {{TOBN(0xa7f96054, 0xafa05dd8), TOBN(0x26dfcf21, 0xfcaf119e), + TOBN(0xe20ef2e3, 0x0564bb59), TOBN(0xef4dca50, 0x61cb02b8)}, + {TOBN(0xcda7838a, 0x65d30672), TOBN(0x8b08d534, 0xfd657e86), + TOBN(0x4c5b4395, 0x46d595c8), TOBN(0x39b58725, 0x425cb836)}}, + {{TOBN(0x8ea61059, 0x3de9abe3), TOBN(0x40434881, 0x9cdc03be), + TOBN(0x9b261245, 0xcfedce8c), TOBN(0x78c318b4, 0xcf5234a1)}, + {TOBN(0x510bcf16, 0xfde24c99), TOBN(0x2a77cb75, 0xa2c2ff5d), + TOBN(0x9c895c2b, 0x27960fb4), TOBN(0xd30ce975, 0xb0eda42b)}}, + {{TOBN(0xfda85393, 0x1a62cc26), TOBN(0x23c69b96, 0x50c0e052), + TOBN(0xa227df15, 0xbfc633f3), TOBN(0x2ac78848, 0x1bae7d48)}, + {TOBN(0x487878f9, 0x187d073d), TOBN(0x6c2be919, 0x967f807d), + TOBN(0x765861d8, 0x336e6d8f), TOBN(0x88b8974c, 0xce528a43)}}, + {{TOBN(0x09521177, 0xff57d051), TOBN(0x2ff38037, 0xfb6a1961), + TOBN(0xfc0aba74, 0xa3d76ad4), TOBN(0x7c764803, 0x25a7ec17)}, + {TOBN(0x7532d75f, 0x48879bc8), TOBN(0xea7eacc0, 0x58ce6bc1), + TOBN(0xc82176b4, 0x8e896c16), TOBN(0x9a30e0b2, 0x2c750fed)}}, + {{TOBN(0xc37e2c2e, 0x421d3aa4), TOBN(0xf926407c, 0xe84fa840), + TOBN(0x18abc03d, 0x1454e41c), TOBN(0x26605ecd, 0x3f7af644)}, + {TOBN(0x242341a6, 0xd6a5eabf), TOBN(0x1edb84f4, 0x216b668e), + TOBN(0xd836edb8, 0x04010102), TOBN(0x5b337ce7, 0x945e1d8c)}}, + {{TOBN(0xd2075c77, 0xc055dc14), TOBN(0x2a0ffa25, 0x81d89cdf), + TOBN(0x8ce815ea, 0x6ffdcbaf), TOBN(0xa3428878, 0xfb648867)}, + {TOBN(0x277699cf, 0x884655fb), TOBN(0xfa5b5bd6, 0x364d3e41), + TOBN(0x01f680c6, 0x441e1cb7), TOBN(0x3fd61e66, 0xb70a7d67)}}, + {{TOBN(0x666ba2dc, 0xcc78cf66), TOBN(0xb3018174, 0x6fdbff77), + TOBN(0x8d4dd0db, 0x168d4668), TOBN(0x259455d0, 0x1dab3a2a)}, + {TOBN(0xf58564c5, 0xcde3acec), TOBN(0x77141925, 0x13adb276), + TOBN(0x527d725d, 0x8a303f65), TOBN(0x55deb6c9, 0xe6f38f7b)}}, + {{TOBN(0xfd5bb657, 0xb1fa70fb), TOBN(0xfa07f50f, 0xd8073a00), + TOBN(0xf72e3aa7, 0xbca02500), TOBN(0xf68f895d, 0x9975740d)}, + {TOBN(0x30112060, 0x5cae2a6a), TOBN(0x01bd7218, 0x02874842), + TOBN(0x3d423891, 0x7ce47bd3), TOBN(0xa66663c1, 0x789544f6)}}, + {{TOBN(0x864d05d7, 0x3272d838), TOBN(0xe22924f9, 0xfa6295c5), + TOBN(0x8189593f, 0x6c2fda32), TOBN(0x330d7189, 0xb184b544)}, + {TOBN(0x79efa62c, 0xbde1f714), TOBN(0x35771c94, 0xe5cb1a63), + TOBN(0x2f4826b8, 0x641c8332), TOBN(0x00a894fb, 0xc8cee854)}}, + {{TOBN(0xb4b9a39b, 0x36194d40), TOBN(0xe857a7c5, 0x77612601), + TOBN(0xf4209dd2, 0x4ecf2f58), TOBN(0x82b9e66d, 0x5a033487)}, + {TOBN(0xc1e36934, 0xe4e8b9dd), TOBN(0xd2372c9d, 0xa42377d7), + TOBN(0x51dc94c7, 0x0e3ae43b), TOBN(0x4c57761e, 0x04474f6f)}}, + {{TOBN(0xdcdacd0a, 0x1058a318), TOBN(0x369cf3f5, 0x78053a9a), + TOBN(0xc6c3de50, 0x31c68de2), TOBN(0x4653a576, 0x3c4b6d9f)}, + {TOBN(0x1688dd5a, 0xaa4e5c97), TOBN(0x5be80aa1, 0xb7ab3c74), + TOBN(0x70cefe7c, 0xbc65c283), TOBN(0x57f95f13, 0x06867091)}}, + {{TOBN(0xa39114e2, 0x4415503b), TOBN(0xc08ff7c6, 0x4cbb17e9), + TOBN(0x1eff674d, 0xd7dec966), TOBN(0x6d4690af, 0x53376f63)}, + {TOBN(0xff6fe32e, 0xea74237b), TOBN(0xc436d17e, 0xcd57508e), + TOBN(0x15aa28e1, 0xedcc40fe), TOBN(0x0d769c04, 0x581bbb44)}}, + {{TOBN(0xc240b6de, 0x34eaacda), TOBN(0xd9e116e8, 0x2ba0f1de), + TOBN(0xcbe45ec7, 0x79438e55), TOBN(0x91787c9d, 0x96f752d7)}, + {TOBN(0x897f532b, 0xf129ac2f), TOBN(0xd307b7c8, 0x5a36e22c), + TOBN(0x91940675, 0x749fb8f3), TOBN(0xd14f95d0, 0x157fdb28)}}, + {{TOBN(0xfe51d029, 0x6ae55043), TOBN(0x8931e98f, 0x44a87de1), + TOBN(0xe57f1cc6, 0x09e4fee2), TOBN(0x0d063b67, 0x4e072d92)}, + {TOBN(0x70a998b9, 0xed0e4316), TOBN(0xe74a736b, 0x306aca46), + TOBN(0xecf0fbf2, 0x4fda97c7), TOBN(0xa40f65cb, 0x3e178d93)}}, + {{TOBN(0x16253604, 0x16df4285), TOBN(0xb0c9babb, 0xd0c56ae2), + TOBN(0x73032b19, 0xcfc5cfc3), TOBN(0xe497e5c3, 0x09752056)}, + {TOBN(0x12096bb4, 0x164bda96), TOBN(0x1ee42419, 0xa0b74da1), + TOBN(0x8fc36243, 0x403826ba), TOBN(0x0c8f0069, 0xdc09e660)}}, + {{TOBN(0x8667e981, 0xc27253c9), TOBN(0x05a6aefb, 0x92b36a45), + TOBN(0xa62c4b36, 0x9cb7bb46), TOBN(0x8394f375, 0x11f7027b)}, + {TOBN(0x747bc79c, 0x5f109d0f), TOBN(0xcad88a76, 0x5b8cc60a), + TOBN(0x80c5a66b, 0x58f09e68), TOBN(0xe753d451, 0xf6127eac)}}, + {{TOBN(0xc44b74a1, 0x5b0ec6f5), TOBN(0x47989fe4, 0x5289b2b8), + TOBN(0x745f8484, 0x58d6fc73), TOBN(0xec362a6f, 0xf61c70ab)}, + {TOBN(0x070c98a7, 0xb3a8ad41), TOBN(0x73a20fc0, 0x7b63db51), + TOBN(0xed2c2173, 0xf44c35f4), TOBN(0x8a56149d, 0x9acc9dca)}}, + {{TOBN(0x98f17881, 0x9ac6e0f4), TOBN(0x360fdeaf, 0xa413b5ed), + TOBN(0x0625b8f4, 0xa300b0fd), TOBN(0xf1f4d76a, 0x5b3222d3)}, + {TOBN(0x9d6f5109, 0x587f76b8), TOBN(0x8b4ee08d, 0x2317fdb5), + TOBN(0x88089bb7, 0x8c68b095), TOBN(0x95570e9a, 0x5808d9b9)}}, + {{TOBN(0xa395c36f, 0x35d33ae7), TOBN(0x200ea123, 0x50bb5a94), + TOBN(0x20c789bd, 0x0bafe84b), TOBN(0x243ef52d, 0x0919276a)}, + {TOBN(0x3934c577, 0xe23ae233), TOBN(0xb93807af, 0xa460d1ec), + TOBN(0xb72a53b1, 0xf8fa76a4), TOBN(0xd8914cb0, 0xc3ca4491)}}, + {{TOBN(0x2e128494, 0x3fb42622), TOBN(0x3b2700ac, 0x500907d5), + TOBN(0xf370fb09, 0x1a95ec63), TOBN(0xf8f30be2, 0x31b6dfbd)}, + {TOBN(0xf2b2f8d2, 0x69e55f15), TOBN(0x1fead851, 0xcc1323e9), + TOBN(0xfa366010, 0xd9e5eef6), TOBN(0x64d487b0, 0xe316107e)}}, + {{TOBN(0x4c076b86, 0xd23ddc82), TOBN(0x03fd344c, 0x7e0143f0), + TOBN(0xa95362ff, 0x317af2c5), TOBN(0x0add3db7, 0xe18b7a4f)}, + {TOBN(0x9c673e3f, 0x8260e01b), TOBN(0xfbeb49e5, 0x54a1cc91), + TOBN(0x91351bf2, 0x92f2e433), TOBN(0xc755e7ec, 0x851141eb)}}, + {{TOBN(0xc9a95139, 0x29607745), TOBN(0x0ca07420, 0xa26f2b28), + TOBN(0xcb2790e7, 0x4bc6f9dd), TOBN(0x345bbb58, 0xadcaffc0)}, + {TOBN(0xc65ea38c, 0xbe0f27a2), TOBN(0x67c24d7c, 0x641fcb56), + TOBN(0x2c25f0a7, 0xa9e2c757), TOBN(0x93f5cdb0, 0x16f16c49)}}, + {{TOBN(0x2ca5a9d7, 0xc5ee30a1), TOBN(0xd1593635, 0xb909b729), + TOBN(0x804ce9f3, 0xdadeff48), TOBN(0xec464751, 0xb07c30c3)}, + {TOBN(0x89d65ff3, 0x9e49af6a), TOBN(0xf2d6238a, 0x6f3d01bc), + TOBN(0x1095561e, 0x0bced843), TOBN(0x51789e12, 0xc8a13fd8)}}, + {{TOBN(0xd633f929, 0x763231df), TOBN(0x46df9f7d, 0xe7cbddef), + TOBN(0x01c889c0, 0xcb265da8), TOBN(0xfce1ad10, 0xaf4336d2)}, + {TOBN(0x8d110df6, 0xfc6a0a7e), TOBN(0xdd431b98, 0x6da425dc), + TOBN(0xcdc4aeab, 0x1834aabe), TOBN(0x84deb124, 0x8439b7fc)}}, + {{TOBN(0x8796f169, 0x3c2a5998), TOBN(0x9b9247b4, 0x7947190d), + TOBN(0x55b9d9a5, 0x11597014), TOBN(0x7e9dd70d, 0x7b1566ee)}, + {TOBN(0x94ad78f7, 0xcbcd5e64), TOBN(0x0359ac17, 0x9bd4c032), + TOBN(0x3b11baaf, 0x7cc222ae), TOBN(0xa6a6e284, 0xba78e812)}}, + {{TOBN(0x8392053f, 0x24cea1a0), TOBN(0xc97bce4a, 0x33621491), + TOBN(0x7eb1db34, 0x35399ee9), TOBN(0x473f78ef, 0xece81ad1)}, + {TOBN(0x41d72fe0, 0xf63d3d0d), TOBN(0xe620b880, 0xafab62fc), + TOBN(0x92096bc9, 0x93158383), TOBN(0x41a21357, 0x8f896f6c)}}, + {{TOBN(0x1b5ee2fa, 0xc7dcfcab), TOBN(0x650acfde, 0x9546e007), + TOBN(0xc081b749, 0xb1b02e07), TOBN(0xda9e41a0, 0xf9eca03d)}, + {TOBN(0x013ba727, 0x175a54ab), TOBN(0xca0cd190, 0xea5d8d10), + TOBN(0x85ea52c0, 0x95fd96a9), TOBN(0x2c591b9f, 0xbc5c3940)}}, + {{TOBN(0x6fb4d4e4, 0x2bad4d5f), TOBN(0xfa4c3590, 0xfef0059b), + TOBN(0x6a10218a, 0xf5122294), TOBN(0x9a78a81a, 0xa85751d1)}, + {TOBN(0x04f20579, 0xa98e84e7), TOBN(0xfe1242c0, 0x4997e5b5), + TOBN(0xe77a273b, 0xca21e1e4), TOBN(0xfcc8b1ef, 0x9411939d)}}, + {{TOBN(0xe20ea302, 0x92d0487a), TOBN(0x1442dbec, 0x294b91fe), + TOBN(0x1f7a4afe, 0xbb6b0e8f), TOBN(0x1700ef74, 0x6889c318)}, + {TOBN(0xf5bbffc3, 0x70f1fc62), TOBN(0x3b31d4b6, 0x69c79cca), + TOBN(0xe8bc2aab, 0xa7f6340d), TOBN(0xb0b08ab4, 0xa725e10a)}}, + {{TOBN(0x44f05701, 0xae340050), TOBN(0xba4b3016, 0x1cf0c569), + TOBN(0x5aa29f83, 0xfbe19a51), TOBN(0x1b9ed428, 0xb71d752e)}, + {TOBN(0x1666e54e, 0xeb4819f5), TOBN(0x616cdfed, 0x9e18b75b), + TOBN(0x112ed5be, 0x3ee27b0b), TOBN(0xfbf28319, 0x44c7de4d)}}, + {{TOBN(0xd685ec85, 0xe0e60d84), TOBN(0x68037e30, 0x1db7ee78), + TOBN(0x5b65bdcd, 0x003c4d6e), TOBN(0x33e7363a, 0x93e29a6a)}, + {TOBN(0x995b3a61, 0x08d0756c), TOBN(0xd727f85c, 0x2faf134b), + TOBN(0xfac6edf7, 0x1d337823), TOBN(0x99b9aa50, 0x0439b8b4)}}, + {{TOBN(0x722eb104, 0xe2b4e075), TOBN(0x49987295, 0x437c4926), + TOBN(0xb1e4c0e4, 0x46a9b82d), TOBN(0xd0cb3197, 0x57a006f5)}, + {TOBN(0xf3de0f7d, 0xd7808c56), TOBN(0xb5c54d8f, 0x51f89772), + TOBN(0x500a114a, 0xadbd31aa), TOBN(0x9afaaaa6, 0x295f6cab)}}, + {{TOBN(0x94705e21, 0x04cf667a), TOBN(0xfc2a811b, 0x9d3935d7), + TOBN(0x560b0280, 0x6d09267c), TOBN(0xf19ed119, 0xf780e53b)}, + {TOBN(0xf0227c09, 0x067b6269), TOBN(0x967b8533, 0x5caef599), + TOBN(0x155b9243, 0x68efeebc), TOBN(0xcd6d34f5, 0xc497bae6)}}, + {{TOBN(0x1dd8d5d3, 0x6cceb370), TOBN(0x2aeac579, 0xa78d7bf9), + TOBN(0x5d65017d, 0x70b67a62), TOBN(0x70c8e44f, 0x17c53f67)}, + {TOBN(0xd1fc0950, 0x86a34d09), TOBN(0xe0fca256, 0xe7134907), + TOBN(0xe24fa29c, 0x80fdd315), TOBN(0x2c4acd03, 0xd87499ad)}}, + {{TOBN(0xbaaf7517, 0x3b5a9ba6), TOBN(0xb9cbe1f6, 0x12e51a51), + TOBN(0xd88edae3, 0x5e154897), TOBN(0xe4309c3c, 0x77b66ca0)}, + {TOBN(0xf5555805, 0xf67f3746), TOBN(0x85fc37ba, 0xa36401ff), + TOBN(0xdf86e2ca, 0xd9499a53), TOBN(0x6270b2a3, 0xecbc955b)}}, + {{TOBN(0xafae64f5, 0x974ad33b), TOBN(0x04d85977, 0xfe7b2df1), + TOBN(0x2a3db3ff, 0x4ab03f73), TOBN(0x0b87878a, 0x8702740a)}, + {TOBN(0x6d263f01, 0x5a061732), TOBN(0xc25430ce, 0xa32a1901), + TOBN(0xf7ebab3d, 0xdb155018), TOBN(0x3a86f693, 0x63a9b78e)}}, + {{TOBN(0x349ae368, 0xda9f3804), TOBN(0x470f07fe, 0xa164349c), + TOBN(0xd52f4cc9, 0x8562baa5), TOBN(0xc74a9e86, 0x2b290df3)}, + {TOBN(0xd3a1aa35, 0x43471a24), TOBN(0x239446be, 0xb8194511), + TOBN(0xbec2dd00, 0x81dcd44d), TOBN(0xca3d7f0f, 0xc42ac82d)}}, + {{TOBN(0x1f3db085, 0xfdaf4520), TOBN(0xbb6d3e80, 0x4549daf2), + TOBN(0xf5969d8a, 0x19ad5c42), TOBN(0x7052b13d, 0xdbfd1511)}, + {TOBN(0x11890d1b, 0x682b9060), TOBN(0xa71d3883, 0xac34452c), + TOBN(0xa438055b, 0x783805b4), TOBN(0x43241277, 0x4725b23e)}}, + {{TOBN(0xf20cf96e, 0x4901bbed), TOBN(0x6419c710, 0xf432a2bb), + TOBN(0x57a0fbb9, 0xdfa9cd7d), TOBN(0x589111e4, 0x00daa249)}, + {TOBN(0x19809a33, 0x7b60554e), TOBN(0xea5f8887, 0xede283a4), + TOBN(0x2d713802, 0x503bfd35), TOBN(0x151bb0af, 0x585d2a53)}}, + {{TOBN(0x40b08f74, 0x43b30ca8), TOBN(0xe10b5bba, 0xd9934583), + TOBN(0xe8a546d6, 0xb51110ad), TOBN(0x1dd50e66, 0x28e0b6c5)}, + {TOBN(0x292e9d54, 0xcff2b821), TOBN(0x3882555d, 0x47281760), + TOBN(0x134838f8, 0x3724d6e3), TOBN(0xf2c679e0, 0x22ddcda1)}}, + {{TOBN(0x40ee8815, 0x6d2a5768), TOBN(0x7f227bd2, 0x1c1e7e2d), + TOBN(0x487ba134, 0xd04ff443), TOBN(0x76e2ff3d, 0xc614e54b)}, + {TOBN(0x36b88d6f, 0xa3177ec7), TOBN(0xbf731d51, 0x2328fff5), + TOBN(0x758caea2, 0x49ba158e), TOBN(0x5ab8ff4c, 0x02938188)}}, + {{TOBN(0x33e16056, 0x35edc56d), TOBN(0x5a69d349, 0x7e940d79), + TOBN(0x6c4fd001, 0x03866dcb), TOBN(0x20a38f57, 0x4893cdef)}, + {TOBN(0xfbf3e790, 0xfac3a15b), TOBN(0x6ed7ea2e, 0x7a4f8e6b), + TOBN(0xa663eb4f, 0xbc3aca86), TOBN(0x22061ea5, 0x080d53f7)}}, + {{TOBN(0x2480dfe6, 0xf546783f), TOBN(0xd38bc6da, 0x5a0a641e), + TOBN(0xfb093cd1, 0x2ede8965), TOBN(0x89654db4, 0xacb455cf)}, + {TOBN(0x413cbf9a, 0x26e1adee), TOBN(0x291f3764, 0x373294d4), + TOBN(0x00797257, 0x648083fe), TOBN(0x25f504d3, 0x208cc341)}}, + {{TOBN(0x635a8e5e, 0xc3a0ee43), TOBN(0x70aaebca, 0x679898ff), + TOBN(0x9ee9f547, 0x5dc63d56), TOBN(0xce987966, 0xffb34d00)}, + {TOBN(0xf9f86b19, 0x5e26310a), TOBN(0x9e435484, 0x382a8ca8), + TOBN(0x253bcb81, 0xc2352fe4), TOBN(0xa4eac8b0, 0x4474b571)}}, + {{TOBN(0xc1b97512, 0xc1ad8cf8), TOBN(0x193b4e9e, 0x99e0b697), + TOBN(0x939d2716, 0x01e85df0), TOBN(0x4fb265b3, 0xcd44eafd)}, + {TOBN(0x321e7dcd, 0xe51e1ae2), TOBN(0x8e3a8ca6, 0xe3d8b096), + TOBN(0x8de46cb0, 0x52604998), TOBN(0x91099ad8, 0x39072aa7)}}, + {{TOBN(0x2617f91c, 0x93aa96b8), TOBN(0x0fc8716b, 0x7fca2e13), + TOBN(0xa7106f5e, 0x95328723), TOBN(0xd1c9c40b, 0x262e6522)}, + {TOBN(0xb9bafe86, 0x42b7c094), TOBN(0x1873439d, 0x1543c021), + TOBN(0xe1baa5de, 0x5cbefd5d), TOBN(0xa363fc5e, 0x521e8aff)}}, + {{TOBN(0xefe6320d, 0xf862eaac), TOBN(0x14419c63, 0x22c647dc), + TOBN(0x0e06707c, 0x4e46d428), TOBN(0xcb6c834f, 0x4a178f8f)}, + {TOBN(0x0f993a45, 0xd30f917c), TOBN(0xd4c4b049, 0x9879afee), + TOBN(0xb6142a1e, 0x70500063), TOBN(0x7c9b41c3, 0xa5d9d605)}}, + {{TOBN(0xbc00fc2f, 0x2f8ba2c7), TOBN(0x0966eb2f, 0x7c67aa28), + TOBN(0x13f7b516, 0x5a786972), TOBN(0x3bfb7557, 0x8a2fbba0)}, + {TOBN(0x131c4f23, 0x5a2b9620), TOBN(0xbff3ed27, 0x6faf46be), + TOBN(0x9b4473d1, 0x7e172323), TOBN(0x421e8878, 0x339f6246)}}, + {{TOBN(0x0fa8587a, 0x25a41632), TOBN(0xc0814124, 0xa35b6c93), + TOBN(0x2b18a9f5, 0x59ebb8db), TOBN(0x264e3357, 0x76edb29c)}, + {TOBN(0xaf245ccd, 0xc87c51e2), TOBN(0x16b3015b, 0x501e6214), + TOBN(0xbb31c560, 0x0a3882ce), TOBN(0x6961bb94, 0xfec11e04)}}, + {{TOBN(0x3b825b8d, 0xeff7a3a0), TOBN(0xbec33738, 0xb1df7326), + TOBN(0x68ad747c, 0x99604a1f), TOBN(0xd154c934, 0x9a3bd499)}, + {TOBN(0xac33506f, 0x1cc7a906), TOBN(0x73bb5392, 0x6c560e8f), + TOBN(0x6428fcbe, 0x263e3944), TOBN(0xc11828d5, 0x1c387434)}}, + {{TOBN(0x3cd04be1, 0x3e4b12ff), TOBN(0xc3aad9f9, 0x2d88667c), + TOBN(0xc52ddcf8, 0x248120cf), TOBN(0x985a892e, 0x2a389532)}, + {TOBN(0xfbb4b21b, 0x3bb85fa0), TOBN(0xf95375e0, 0x8dfc6269), + TOBN(0xfb4fb06c, 0x7ee2acea), TOBN(0x6785426e, 0x309c4d1f)}}, + {{TOBN(0x659b17c8, 0xd8ceb147), TOBN(0x9b649eee, 0xb70a5554), + TOBN(0x6b7fa0b5, 0xac6bc634), TOBN(0xd99fe2c7, 0x1d6e732f)}, + {TOBN(0x30e6e762, 0x8d3abba2), TOBN(0x18fee6e7, 0xa797b799), + TOBN(0x5c9d360d, 0xc696464d), TOBN(0xe3baeb48, 0x27bfde12)}}, + {{TOBN(0x2bf5db47, 0xf23206d5), TOBN(0x2f6d3420, 0x1d260152), + TOBN(0x17b87653, 0x3f8ff89a), TOBN(0x5157c30c, 0x378fa458)}, + {TOBN(0x7517c5c5, 0x2d4fb936), TOBN(0xef22f7ac, 0xe6518cdc), + TOBN(0xdeb483e6, 0xbf847a64), TOBN(0xf5084558, 0x92e0fa89)}}}, + {{{TOBN(0xab9659d8, 0xdf7304d4), TOBN(0xb71bcf1b, 0xff210e8e), + TOBN(0xa9a2438b, 0xd73fbd60), TOBN(0x4595cd1f, 0x5d11b4de)}, + {TOBN(0x9c0d329a, 0x4835859d), TOBN(0x4a0f0d2d, 0x7dbb6e56), + TOBN(0xc6038e5e, 0xdf928a4e), TOBN(0xc9429621, 0x8f5ad154)}}, + {{TOBN(0x91213462, 0xf23f2d92), TOBN(0x6cab71bd, 0x60b94078), + TOBN(0x6bdd0a63, 0x176cde20), TOBN(0x54c9b20c, 0xee4d54bc)}, + {TOBN(0x3cd2d8aa, 0x9f2ac02f), TOBN(0x03f8e617, 0x206eedb0), + TOBN(0xc7f68e16, 0x93086434), TOBN(0x831469c5, 0x92dd3db9)}}, + {{TOBN(0x8521df24, 0x8f981354), TOBN(0x587e23ec, 0x3588a259), + TOBN(0xcbedf281, 0xd7a0992c), TOBN(0x06930a55, 0x38961407)}, + {TOBN(0x09320deb, 0xbe5bbe21), TOBN(0xa7ffa5b5, 0x2491817f), + TOBN(0xe6c8b4d9, 0x09065160), TOBN(0xac4f3992, 0xfff6d2a9)}}, + {{TOBN(0x7aa7a158, 0x3ae9c1bd), TOBN(0xe0af6d98, 0xe37ce240), + TOBN(0xe54342d9, 0x28ab38b4), TOBN(0xe8b75007, 0x0a1c98ca)}, + {TOBN(0xefce86af, 0xe02358f2), TOBN(0x31b8b856, 0xea921228), + TOBN(0x052a1912, 0x0a1c67fc), TOBN(0xb4069ea4, 0xe3aead59)}}, + {{TOBN(0x3232d6e2, 0x7fa03cb3), TOBN(0xdb938e5b, 0x0fdd7d88), + TOBN(0x04c1d2cd, 0x2ccbfc5d), TOBN(0xd2f45c12, 0xaf3a580f)}, + {TOBN(0x592620b5, 0x7883e614), TOBN(0x5fd27e68, 0xbe7c5f26), + TOBN(0x139e45a9, 0x1567e1e3), TOBN(0x2cc71d2d, 0x44d8aaaf)}}, + {{TOBN(0x4a9090cd, 0xe36d0757), TOBN(0xf722d7b1, 0xd9a29382), + TOBN(0xfb7fb04c, 0x04b48ddf), TOBN(0x628ad2a7, 0xebe16f43)}, + {TOBN(0xcd3fbfb5, 0x20226040), TOBN(0x6c34ecb1, 0x5104b6c4), + TOBN(0x30c0754e, 0xc903c188), TOBN(0xec336b08, 0x2d23cab0)}}, + {{TOBN(0x473d62a2, 0x1e206ee5), TOBN(0xf1e27480, 0x8c49a633), + TOBN(0x87ab956c, 0xe9f6b2c3), TOBN(0x61830b48, 0x62b606ea)}, + {TOBN(0x67cd6846, 0xe78e815f), TOBN(0xfe40139f, 0x4c02082a), + TOBN(0x52bbbfcb, 0x952ec365), TOBN(0x74c11642, 0x6b9836ab)}}, + {{TOBN(0x9f51439e, 0x558df019), TOBN(0x230da4ba, 0xac712b27), + TOBN(0x518919e3, 0x55185a24), TOBN(0x4dcefcdd, 0x84b78f50)}, + {TOBN(0xa7d90fb2, 0xa47d4c5a), TOBN(0x55ac9abf, 0xb30e009e), + TOBN(0xfd2fc359, 0x74eed273), TOBN(0xb72d824c, 0xdbea8faf)}}, + {{TOBN(0xce721a74, 0x4513e2ca), TOBN(0x0b418612, 0x38240b2c), + TOBN(0x05199968, 0xd5baa450), TOBN(0xeb1757ed, 0x2b0e8c25)}, + {TOBN(0x6ebc3e28, 0x3dfac6d5), TOBN(0xb2431e2e, 0x48a237f5), + TOBN(0x2acb5e23, 0x52f61499), TOBN(0x5558a2a7, 0xe06c936b)}}, + {{TOBN(0xd213f923, 0xcbb13d1b), TOBN(0x98799f42, 0x5bfb9bfe), + TOBN(0x1ae8ddc9, 0x701144a9), TOBN(0x0b8b3bb6, 0x4c5595ee)}, + {TOBN(0x0ea9ef2e, 0x3ecebb21), TOBN(0x17cb6c4b, 0x3671f9a7), + TOBN(0x47ef464f, 0x726f1d1f), TOBN(0x171b9484, 0x6943a276)}}, + {{TOBN(0x51a4ae2d, 0x7ef0329c), TOBN(0x08509222, 0x91c4402a), + TOBN(0x64a61d35, 0xafd45bbc), TOBN(0x38f096fe, 0x3035a851)}, + {TOBN(0xc7468b74, 0xa1dec027), TOBN(0xe8cf10e7, 0x4fc7dcba), + TOBN(0xea35ff40, 0xf4a06353), TOBN(0x0b4c0dfa, 0x8b77dd66)}}, + {{TOBN(0x779b8552, 0xde7e5c19), TOBN(0xfab28609, 0xc1c0256c), + TOBN(0x64f58eee, 0xabd4743d), TOBN(0x4e8ef838, 0x7b6cc93b)}, + {TOBN(0xee650d26, 0x4cb1bf3d), TOBN(0x4c1f9d09, 0x73dedf61), + TOBN(0xaef7c9d7, 0xbfb70ced), TOBN(0x1ec0507e, 0x1641de1e)}}, + {{TOBN(0xcd7e5cc7, 0xcde45079), TOBN(0xde173c9a, 0x516ac9e4), + TOBN(0x517a8494, 0xc170315c), TOBN(0x438fd905, 0x91d8e8fb)}, + {TOBN(0x5145c506, 0xc7d9630b), TOBN(0x6457a87b, 0xf47d4d75), + TOBN(0xd31646bf, 0x0d9a80e8), TOBN(0x453add2b, 0xcef3aabe)}}, + {{TOBN(0xc9941109, 0xa607419d), TOBN(0xfaa71e62, 0xbb6bca80), + TOBN(0x34158c13, 0x07c431f3), TOBN(0x594abebc, 0x992bc47a)}, + {TOBN(0x6dfea691, 0xeb78399f), TOBN(0x48aafb35, 0x3f42cba4), + TOBN(0xedcd65af, 0x077c04f0), TOBN(0x1a29a366, 0xe884491a)}}, + {{TOBN(0x023a40e5, 0x1c21f2bf), TOBN(0xf99a513c, 0xa5057aee), + TOBN(0xa3fe7e25, 0xbcab072e), TOBN(0x8568d2e1, 0x40e32bcf)}, + {TOBN(0x904594eb, 0xd3f69d9f), TOBN(0x181a9733, 0x07affab1), + TOBN(0xe4d68d76, 0xb6e330f4), TOBN(0x87a6dafb, 0xc75a7fc1)}}, + {{TOBN(0x549db2b5, 0xef7d9289), TOBN(0x2480d4a8, 0x197f015a), + TOBN(0x61d5590b, 0xc40493b6), TOBN(0x3a55b52e, 0x6f780331)}, + {TOBN(0x40eb8115, 0x309eadb0), TOBN(0xdea7de5a, 0x92e5c625), + TOBN(0x64d631f0, 0xcc6a3d5a), TOBN(0x9d5e9d7c, 0x93e8dd61)}}, + {{TOBN(0xf297bef5, 0x206d3ffc), TOBN(0x23d5e033, 0x7d808bd4), + TOBN(0x4a4f6912, 0xd24cf5ba), TOBN(0xe4d8163b, 0x09cdaa8a)}, + {TOBN(0x0e0de9ef, 0xd3082e8e), TOBN(0x4fe1246c, 0x0192f360), + TOBN(0x1f900150, 0x4b8eee0a), TOBN(0x5219da81, 0xf1da391b)}}, + {{TOBN(0x7bf6a5c1, 0xf7ea25aa), TOBN(0xd165e6bf, 0xfbb07d5f), + TOBN(0xe3539361, 0x89e78671), TOBN(0xa3fcac89, 0x2bac4219)}, + {TOBN(0xdfab6fd4, 0xf0baa8ab), TOBN(0x5a4adac1, 0xe2c1c2e5), + TOBN(0x6cd75e31, 0x40d85849), TOBN(0xce263fea, 0x19b39181)}}, + {{TOBN(0xcb6803d3, 0x07032c72), TOBN(0x7f40d5ce, 0x790968c8), + TOBN(0xa6de86bd, 0xdce978f0), TOBN(0x25547c4f, 0x368f751c)}, + {TOBN(0xb1e685fd, 0x65fb2a9e), TOBN(0xce69336f, 0x1eb9179c), + TOBN(0xb15d1c27, 0x12504442), TOBN(0xb7df465c, 0xb911a06b)}}, + {{TOBN(0xb8d804a3, 0x315980cd), TOBN(0x693bc492, 0xfa3bebf7), + TOBN(0x3578aeee, 0x2253c504), TOBN(0x158de498, 0xcd2474a2)}, + {TOBN(0x1331f5c7, 0xcfda8368), TOBN(0xd2d7bbb3, 0x78d7177e), + TOBN(0xdf61133a, 0xf3c1e46e), TOBN(0x5836ce7d, 0xd30e7be8)}}, + {{TOBN(0x83084f19, 0x94f834cb), TOBN(0xd35653d4, 0x429ed782), + TOBN(0xa542f16f, 0x59e58243), TOBN(0xc2b52f65, 0x0470a22d)}, + {TOBN(0xe3b6221b, 0x18f23d96), TOBN(0xcb05abac, 0x3f5252b4), + TOBN(0xca00938b, 0x87d61402), TOBN(0x2f186cdd, 0x411933e4)}}, + {{TOBN(0xe042ece5, 0x9a29a5c5), TOBN(0xb19b3c07, 0x3b6c8402), + TOBN(0xc97667c7, 0x19d92684), TOBN(0xb5624622, 0xebc66372)}, + {TOBN(0x0cb96e65, 0x3c04fa02), TOBN(0x83a7176c, 0x8eaa39aa), + TOBN(0x2033561d, 0xeaa1633f), TOBN(0x45a9d086, 0x4533df73)}}, + {{TOBN(0xe0542c1d, 0x3dc090bc), TOBN(0x82c996ef, 0xaa59c167), + TOBN(0xe3f735e8, 0x0ee7fc4d), TOBN(0x7b179393, 0x7c35db79)}, + {TOBN(0xb6419e25, 0xf8c5dbfd), TOBN(0x4d9d7a1e, 0x1f327b04), + TOBN(0x979f6f9b, 0x298dfca8), TOBN(0xc7c5dff1, 0x8de9366a)}}, + {{TOBN(0x1b7a588d, 0x04c82bdd), TOBN(0x68005534, 0xf8319dfd), + TOBN(0xde8a55b5, 0xd8eb9580), TOBN(0x5ea886da, 0x8d5bca81)}, + {TOBN(0xe8530a01, 0x252a0b4d), TOBN(0x1bffb4fe, 0x35eaa0a1), + TOBN(0x2ad828b1, 0xd8e99563), TOBN(0x7de96ef5, 0x95f9cd87)}}, + {{TOBN(0x4abb2d0c, 0xd77d970c), TOBN(0x03cfb933, 0xd33ef9cb), + TOBN(0xb0547c01, 0x8b211fe9), TOBN(0x2fe64809, 0xa56ed1c6)}, + {TOBN(0xcb7d5624, 0xc2ac98cc), TOBN(0x2a1372c0, 0x1a393e33), + TOBN(0xc8d1ec1c, 0x29660521), TOBN(0xf3d31b04, 0xb37ac3e9)}}, + {{TOBN(0xa29ae9df, 0x5ece6e7c), TOBN(0x0603ac8f, 0x0facfb55), + TOBN(0xcfe85b7a, 0xdda233a5), TOBN(0xe618919f, 0xbd75f0b8)}, + {TOBN(0xf555a3d2, 0x99bf1603), TOBN(0x1f43afc9, 0xf184255a), + TOBN(0xdcdaf341, 0x319a3e02), TOBN(0xd3b117ef, 0x03903a39)}}, + {{TOBN(0xe095da13, 0x65d1d131), TOBN(0x86f16367, 0xc37ad03e), + TOBN(0x5f37389e, 0x462cd8dd), TOBN(0xc103fa04, 0xd67a60e6)}, + {TOBN(0x57c34344, 0xf4b478f0), TOBN(0xce91edd8, 0xe117c98d), + TOBN(0x001777b0, 0x231fc12e), TOBN(0x11ae47f2, 0xb207bccb)}}, + {{TOBN(0xd983cf8d, 0x20f8a242), TOBN(0x7aff5b1d, 0xf22e1ad8), + TOBN(0x68fd11d0, 0x7fc4feb3), TOBN(0x5d53ae90, 0xb0f1c3e1)}, + {TOBN(0x50fb7905, 0xec041803), TOBN(0x85e3c977, 0x14404888), + TOBN(0x0e67faed, 0xac628d8f), TOBN(0x2e865150, 0x6668532c)}}, + {{TOBN(0x15acaaa4, 0x6a67a6b0), TOBN(0xf4cdee25, 0xb25cec41), + TOBN(0x49ee565a, 0xe4c6701e), TOBN(0x2a04ca66, 0xfc7d63d8)}, + {TOBN(0xeb105018, 0xef0543fb), TOBN(0xf709a4f5, 0xd1b0d81d), + TOBN(0x5b906ee6, 0x2915d333), TOBN(0xf4a87412, 0x96f1f0ab)}}, + {{TOBN(0xb6b82fa7, 0x4d82f4c2), TOBN(0x90725a60, 0x6804efb3), + TOBN(0xbc82ec46, 0xadc3425e), TOBN(0xb7b80581, 0x2787843e)}, + {TOBN(0xdf46d91c, 0xdd1fc74c), TOBN(0xdc1c62cb, 0xe783a6c4), + TOBN(0x59d1b9f3, 0x1a04cbba), TOBN(0xd87f6f72, 0x95e40764)}}, + {{TOBN(0x02b4cfc1, 0x317f4a76), TOBN(0x8d2703eb, 0x91036bce), + TOBN(0x98206cc6, 0xa5e72a56), TOBN(0x57be9ed1, 0xcf53fb0f)}, + {TOBN(0x09374571, 0xef0b17ac), TOBN(0x74b2655e, 0xd9181b38), + TOBN(0xc8f80ea8, 0x89935d0e), TOBN(0xc0d9e942, 0x91529936)}}, + {{TOBN(0x19686041, 0x1e84e0e5), TOBN(0xa5db84d3, 0xaea34c93), + TOBN(0xf9d5bb19, 0x7073a732), TOBN(0xb8d2fe56, 0x6bcfd7c0)}, + {TOBN(0x45775f36, 0xf3eb82fa), TOBN(0x8cb20ccc, 0xfdff8b58), + TOBN(0x1659b65f, 0x8374c110), TOBN(0xb8b4a422, 0x330c789a)}}, + {{TOBN(0x75e3c3ea, 0x6fe8208b), TOBN(0xbd74b9e4, 0x286e78fe), + TOBN(0x0be2e81b, 0xd7d93a1a), TOBN(0x7ed06e27, 0xdd0a5aae)}, + {TOBN(0x721f5a58, 0x6be8b800), TOBN(0x428299d1, 0xd846db28), + TOBN(0x95cb8e6b, 0x5be88ed3), TOBN(0xc3186b23, 0x1c034e11)}}, + {{TOBN(0xa6312c9e, 0x8977d99b), TOBN(0xbe944331, 0x83f531e7), + TOBN(0x8232c0c2, 0x18d3b1d4), TOBN(0x617aae8b, 0xe1247b73)}, + {TOBN(0x40153fc4, 0x282aec3b), TOBN(0xc6063d2f, 0xf7b8f823), + TOBN(0x68f10e58, 0x3304f94c), TOBN(0x31efae74, 0xee676346)}}, + {{TOBN(0xbadb6c6d, 0x40a9b97c), TOBN(0x14702c63, 0x4f666256), + TOBN(0xdeb954f1, 0x5184b2e3), TOBN(0x5184a526, 0x94b6ca40)}, + {TOBN(0xfff05337, 0x003c32ea), TOBN(0x5aa374dd, 0x205974c7), + TOBN(0x9a763854, 0x4b0dd71a), TOBN(0x459cd27f, 0xdeb947ec)}}, + {{TOBN(0xa6e28161, 0x459c2b92), TOBN(0x2f020fa8, 0x75ee8ef5), + TOBN(0xb132ec2d, 0x30b06310), TOBN(0xc3e15899, 0xbc6a4530)}, + {TOBN(0xdc5f53fe, 0xaa3f451a), TOBN(0x3a3c7f23, 0xc2d9acac), + TOBN(0x2ec2f892, 0x6b27e58b), TOBN(0x68466ee7, 0xd742799f)}}, + {{TOBN(0x98324dd4, 0x1fa26613), TOBN(0xa2dc6dab, 0xbdc29d63), + TOBN(0xf9675faa, 0xd712d657), TOBN(0x813994be, 0x21fd8d15)}, + {TOBN(0x5ccbb722, 0xfd4f7553), TOBN(0x5135ff8b, 0xf3a36b20), + TOBN(0x44be28af, 0x69559df5), TOBN(0x40b65bed, 0x9d41bf30)}}, + {{TOBN(0xd98bf2a4, 0x3734e520), TOBN(0x5e3abbe3, 0x209bdcba), + TOBN(0x77c76553, 0xbc945b35), TOBN(0x5331c093, 0xc6ef14aa)}, + {TOBN(0x518ffe29, 0x76b60c80), TOBN(0x2285593b, 0x7ace16f8), + TOBN(0xab1f64cc, 0xbe2b9784), TOBN(0xe8f2c0d9, 0xab2421b6)}}, + {{TOBN(0x617d7174, 0xc1df065c), TOBN(0xafeeb5ab, 0x5f6578fa), + TOBN(0x16ff1329, 0x263b54a8), TOBN(0x45c55808, 0xc990dce3)}, + {TOBN(0x42eab6c0, 0xecc8c177), TOBN(0x799ea9b5, 0x5982ecaa), + TOBN(0xf65da244, 0xb607ef8e), TOBN(0x8ab226ce, 0x32a3fc2c)}}, + {{TOBN(0x745741e5, 0x7ea973dc), TOBN(0x5c00ca70, 0x20888f2e), + TOBN(0x7cdce3cf, 0x45fd9cf1), TOBN(0x8a741ef1, 0x5507f872)}, + {TOBN(0x47c51c2f, 0x196b4cec), TOBN(0x70d08e43, 0xc97ea618), + TOBN(0x930da15c, 0x15b18a2b), TOBN(0x33b6c678, 0x2f610514)}}, + {{TOBN(0xc662e4f8, 0x07ac9794), TOBN(0x1eccf050, 0xba06cb79), + TOBN(0x1ff08623, 0xe7d954e5), TOBN(0x6ef2c5fb, 0x24cf71c3)}, + {TOBN(0xb2c063d2, 0x67978453), TOBN(0xa0cf3796, 0x1d654af8), + TOBN(0x7cb242ea, 0x7ebdaa37), TOBN(0x206e0b10, 0xb86747e0)}}, + {{TOBN(0x481dae5f, 0xd5ecfefc), TOBN(0x07084fd8, 0xc2bff8fc), + TOBN(0x8040a01a, 0xea324596), TOBN(0x4c646980, 0xd4de4036)}, + {TOBN(0x9eb8ab4e, 0xd65abfc3), TOBN(0xe01cb91f, 0x13541ec7), + TOBN(0x8f029adb, 0xfd695012), TOBN(0x9ae28483, 0x3c7569ec)}}, + {{TOBN(0xa5614c9e, 0xa66d80a1), TOBN(0x680a3e44, 0x75f5f911), + TOBN(0x0c07b14d, 0xceba4fc1), TOBN(0x891c285b, 0xa13071c1)}, + {TOBN(0xcac67ceb, 0x799ece3c), TOBN(0x29b910a9, 0x41e07e27), + TOBN(0x66bdb409, 0xf2e43123), TOBN(0x06f8b137, 0x7ac9ecbe)}}, + {{TOBN(0x5981fafd, 0x38547090), TOBN(0x19ab8b9f, 0x85e3415d), + TOBN(0xfc28c194, 0xc7e31b27), TOBN(0x843be0aa, 0x6fbcbb42)}, + {TOBN(0xf3b1ed43, 0xa6db836c), TOBN(0x2a1330e4, 0x01a45c05), + TOBN(0x4f19f3c5, 0x95c1a377), TOBN(0xa85f39d0, 0x44b5ee33)}}, + {{TOBN(0x3da18e6d, 0x4ae52834), TOBN(0x5a403b39, 0x7423dcb0), + TOBN(0xbb555e0a, 0xf2374aef), TOBN(0x2ad599c4, 0x1e8ca111)}, + {TOBN(0x1b3a2fb9, 0x014b3bf8), TOBN(0x73092684, 0xf66d5007), + TOBN(0x079f1426, 0xc4340102), TOBN(0x1827cf81, 0x8fddf4de)}}, + {{TOBN(0xc83605f6, 0xf10ff927), TOBN(0xd3871451, 0x23739fc6), + TOBN(0x6d163450, 0xcac1c2cc), TOBN(0x6b521296, 0xa2ec1ac5)}, + {TOBN(0x0606c4f9, 0x6e3cb4a5), TOBN(0xe47d3f41, 0x778abff7), + TOBN(0x425a8d5e, 0xbe8e3a45), TOBN(0x53ea9e97, 0xa6102160)}}, + {{TOBN(0x477a106e, 0x39cbb688), TOBN(0x532401d2, 0xf3386d32), + TOBN(0x8e564f64, 0xb1b9b421), TOBN(0xca9b8388, 0x81dad33f)}, + {TOBN(0xb1422b4e, 0x2093913e), TOBN(0x533d2f92, 0x69bc8112), + TOBN(0x3fa017be, 0xebe7b2c7), TOBN(0xb2767c4a, 0xcaf197c6)}}, + {{TOBN(0xc925ff87, 0xaedbae9f), TOBN(0x7daf0eb9, 0x36880a54), + TOBN(0x9284ddf5, 0x9c4d0e71), TOBN(0x1581cf93, 0x316f8cf5)}, + {TOBN(0x3eeca887, 0x3ac1f452), TOBN(0xb417fce9, 0xfb6aeffe), + TOBN(0xa5918046, 0xeefb8dc3), TOBN(0x73d318ac, 0x02209400)}}, + {{TOBN(0xe800400f, 0x728693e5), TOBN(0xe87d814b, 0x339927ed), + TOBN(0x93e94d3b, 0x57ea9910), TOBN(0xff8a35b6, 0x2245fb69)}, + {TOBN(0x043853d7, 0x7f200d34), TOBN(0x470f1e68, 0x0f653ce1), + TOBN(0x81ac05bd, 0x59a06379), TOBN(0xa14052c2, 0x03930c29)}}, + {{TOBN(0x6b72fab5, 0x26bc2797), TOBN(0x13670d16, 0x99f16771), + TOBN(0x00170052, 0x1e3e48d1), TOBN(0x978fe401, 0xb7adf678)}, + {TOBN(0x55ecfb92, 0xd41c5dd4), TOBN(0x5ff8e247, 0xc7b27da5), + TOBN(0xe7518272, 0x013fb606), TOBN(0x5768d7e5, 0x2f547a3c)}}, + {{TOBN(0xbb24eaa3, 0x60017a5f), TOBN(0x6b18e6e4, 0x9c64ce9b), + TOBN(0xc225c655, 0x103dde07), TOBN(0xfc3672ae, 0x7592f7ea)}, + {TOBN(0x9606ad77, 0xd06283a1), TOBN(0x542fc650, 0xe4d59d99), + TOBN(0xabb57c49, 0x2a40e7c2), TOBN(0xac948f13, 0xa8db9f55)}}, + {{TOBN(0x6d4c9682, 0xb04465c3), TOBN(0xe3d062fa, 0x6468bd15), + TOBN(0xa51729ac, 0x5f318d7e), TOBN(0x1fc87df6, 0x9eb6fc95)}, + {TOBN(0x63d146a8, 0x0591f652), TOBN(0xa861b8f7, 0x589621aa), + TOBN(0x59f5f15a, 0xce31348c), TOBN(0x8f663391, 0x440da6da)}}, + {{TOBN(0xcfa778ac, 0xb591ffa3), TOBN(0x027ca9c5, 0x4cdfebce), + TOBN(0xbe8e05a5, 0x444ea6b3), TOBN(0x8aab4e69, 0xa78d8254)}, + {TOBN(0x2437f04f, 0xb474d6b8), TOBN(0x6597ffd4, 0x045b3855), + TOBN(0xbb0aea4e, 0xca47ecaa), TOBN(0x568aae83, 0x85c7ebfc)}}, + {{TOBN(0x0e966e64, 0xc73b2383), TOBN(0x49eb3447, 0xd17d8762), + TOBN(0xde107821, 0x8da05dab), TOBN(0x443d8baa, 0x016b7236)}, + {TOBN(0x163b63a5, 0xea7610d6), TOBN(0xe47e4185, 0xce1ca979), + TOBN(0xae648b65, 0x80baa132), TOBN(0xebf53de2, 0x0e0d5b64)}}, + {{TOBN(0x8d3bfcb4, 0xd3c8c1ca), TOBN(0x0d914ef3, 0x5d04b309), + TOBN(0x55ef6415, 0x3de7d395), TOBN(0xbde1666f, 0x26b850e8)}, + {TOBN(0xdbe1ca6e, 0xd449ab19), TOBN(0x8902b322, 0xe89a2672), + TOBN(0xb1674b7e, 0xdacb7a53), TOBN(0x8e9faf6e, 0xf52523ff)}}, + {{TOBN(0x6ba535da, 0x9a85788b), TOBN(0xd21f03ae, 0xbd0626d4), + TOBN(0x099f8c47, 0xe873dc64), TOBN(0xcda8564d, 0x018ec97e)}, + {TOBN(0x3e8d7a5c, 0xde92c68c), TOBN(0x78e035a1, 0x73323cc4), + TOBN(0x3ef26275, 0xf880ff7c), TOBN(0xa4ee3dff, 0x273eedaa)}}, + {{TOBN(0x58823507, 0xaf4e18f8), TOBN(0x967ec9b5, 0x0672f328), + TOBN(0x9ded19d9, 0x559d3186), TOBN(0x5e2ab3de, 0x6cdce39c)}, + {TOBN(0xabad6e4d, 0x11c226df), TOBN(0xf9783f43, 0x87723014), + TOBN(0x9a49a0cf, 0x1a885719), TOBN(0xfc0c1a5a, 0x90da9dbf)}}, + {{TOBN(0x8bbaec49, 0x571d92ac), TOBN(0x569e85fe, 0x4692517f), + TOBN(0x8333b014, 0xa14ea4af), TOBN(0x32f2a62f, 0x12e5c5ad)}, + {TOBN(0x98c2ce3a, 0x06d89b85), TOBN(0xb90741aa, 0x2ff77a08), + TOBN(0x2530defc, 0x01f795a2), TOBN(0xd6e5ba0b, 0x84b3c199)}}, + {{TOBN(0x7d8e8451, 0x12e4c936), TOBN(0xae419f7d, 0xbd0be17b), + TOBN(0xa583fc8c, 0x22262bc9), TOBN(0x6b842ac7, 0x91bfe2bd)}, + {TOBN(0x33cef4e9, 0x440d6827), TOBN(0x5f69f4de, 0xef81fb14), + TOBN(0xf16cf6f6, 0x234fbb92), TOBN(0x76ae3fc3, 0xd9e7e158)}}, + {{TOBN(0x4e89f6c2, 0xe9740b33), TOBN(0x677bc85d, 0x4962d6a1), + TOBN(0x6c6d8a7f, 0x68d10d15), TOBN(0x5f9a7224, 0x0257b1cd)}, + {TOBN(0x7096b916, 0x4ad85961), TOBN(0x5f8c47f7, 0xe657ab4a), + TOBN(0xde57d7d0, 0xf7461d7e), TOBN(0x7eb6094d, 0x80ce5ee2)}}, + {{TOBN(0x0b1e1dfd, 0x34190547), TOBN(0x8a394f43, 0xf05dd150), + TOBN(0x0a9eb24d, 0x97df44e6), TOBN(0x78ca06bf, 0x87675719)}, + {TOBN(0x6f0b3462, 0x6ffeec22), TOBN(0x9d91bcea, 0x36cdd8fb), + TOBN(0xac83363c, 0xa105be47), TOBN(0x81ba76c1, 0x069710e3)}}, + {{TOBN(0x3d1b24cb, 0x28c682c6), TOBN(0x27f25228, 0x8612575b), + TOBN(0xb587c779, 0xe8e66e98), TOBN(0x7b0c03e9, 0x405eb1fe)}, + {TOBN(0xfdf0d030, 0x15b548e7), TOBN(0xa8be76e0, 0x38b36af7), + TOBN(0x4cdab04a, 0x4f310c40), TOBN(0x6287223e, 0xf47ecaec)}}, + {{TOBN(0x678e6055, 0x8b399320), TOBN(0x61fe3fa6, 0xc01e4646), + TOBN(0xc482866b, 0x03261a5e), TOBN(0xdfcf45b8, 0x5c2f244a)}, + {TOBN(0x8fab9a51, 0x2f684b43), TOBN(0xf796c654, 0xc7220a66), + TOBN(0x1d90707e, 0xf5afa58f), TOBN(0x2c421d97, 0x4fdbe0de)}}, + {{TOBN(0xc4f4cda3, 0xaf2ebc2f), TOBN(0xa0af843d, 0xcb4efe24), + TOBN(0x53b857c1, 0x9ccd10b1), TOBN(0xddc9d1eb, 0x914d3e04)}, + {TOBN(0x7bdec8bb, 0x62771deb), TOBN(0x829277aa, 0x91c5aa81), + TOBN(0x7af18dd6, 0x832391ae), TOBN(0x1740f316, 0xc71a84ca)}}}, + {{{TOBN(0x8928e99a, 0xeeaf8c49), TOBN(0xee7aa73d, 0x6e24d728), + TOBN(0x4c5007c2, 0xe72b156c), TOBN(0x5fcf57c5, 0xed408a1d)}, + {TOBN(0x9f719e39, 0xb6057604), TOBN(0x7d343c01, 0xc2868bbf), + TOBN(0x2cca254b, 0x7e103e2d), TOBN(0xe6eb38a9, 0xf131bea2)}}, + {{TOBN(0xb33e624f, 0x8be762b4), TOBN(0x2a9ee4d1, 0x058e3413), + TOBN(0x968e6369, 0x67d805fa), TOBN(0x9848949b, 0x7db8bfd7)}, + {TOBN(0x5308d7e5, 0xd23a8417), TOBN(0x892f3b1d, 0xf3e29da5), + TOBN(0xc95c139e, 0x3dee471f), TOBN(0x8631594d, 0xd757e089)}}, + {{TOBN(0xe0c82a3c, 0xde918dcc), TOBN(0x2e7b5994, 0x26fdcf4b), + TOBN(0x82c50249, 0x32cb1b2d), TOBN(0xea613a9d, 0x7657ae07)}, + {TOBN(0xc2eb5f6c, 0xf1fdc9f7), TOBN(0xb6eae8b8, 0x879fe682), + TOBN(0x253dfee0, 0x591cbc7f), TOBN(0x000da713, 0x3e1290e6)}}, + {{TOBN(0x1083e2ea, 0x1f095615), TOBN(0x0a28ad77, 0x14e68c33), + TOBN(0x6bfc0252, 0x3d8818be), TOBN(0xb585113a, 0xf35850cd)}, + {TOBN(0x7d935f0b, 0x30df8aa1), TOBN(0xaddda07c, 0x4ab7e3ac), + TOBN(0x92c34299, 0x552f00cb), TOBN(0xc33ed1de, 0x2909df6c)}}, + {{TOBN(0x22c2195d, 0x80e87766), TOBN(0x9e99e6d8, 0x9ddf4ac0), + TOBN(0x09642e4e, 0x65e74934), TOBN(0x2610ffa2, 0xff1ff241)}, + {TOBN(0x4d1d47d4, 0x751c8159), TOBN(0x697b4985, 0xaf3a9363), + TOBN(0x0318ca46, 0x87477c33), TOBN(0xa90cb565, 0x9441eff3)}}, + {{TOBN(0x58bb3848, 0x36f024cb), TOBN(0x85be1f77, 0x36016168), + TOBN(0x6c59587c, 0xdc7e07f1), TOBN(0x191be071, 0xaf1d8f02)}, + {TOBN(0xbf169fa5, 0xcca5e55c), TOBN(0x3864ba3c, 0xf7d04eac), + TOBN(0x915e367f, 0x8d7d05db), TOBN(0xb48a876d, 0xa6549e5d)}}, + {{TOBN(0xef89c656, 0x580e40a2), TOBN(0xf194ed8c, 0x728068bc), + TOBN(0x74528045, 0xa47990c9), TOBN(0xf53fc7d7, 0x5e1a4649)}, + {TOBN(0xbec5ae9b, 0x78593e7d), TOBN(0x2cac4ee3, 0x41db65d7), + TOBN(0xa8c1eb24, 0x04a3d39b), TOBN(0x53b7d634, 0x03f8f3ef)}}, + {{TOBN(0x2dc40d48, 0x3e07113c), TOBN(0x6e4a5d39, 0x7d8b63ae), + TOBN(0x5582a94b, 0x79684c2b), TOBN(0x932b33d4, 0x622da26c)}, + {TOBN(0xf534f651, 0x0dbbf08d), TOBN(0x211d07c9, 0x64c23a52), + TOBN(0x0eeece0f, 0xee5bdc9b), TOBN(0xdf178168, 0xf7015558)}}, + {{TOBN(0xd4294635, 0x0a712229), TOBN(0x93cbe448, 0x09273f8c), + TOBN(0x00b095ef, 0x8f13bc83), TOBN(0xbb741972, 0x8798978c)}, + {TOBN(0x9d7309a2, 0x56dbe6e7), TOBN(0xe578ec56, 0x5a5d39ec), + TOBN(0x3961151b, 0x851f9a31), TOBN(0x2da7715d, 0xe5709eb4)}}, + {{TOBN(0x867f3017, 0x53dfabf0), TOBN(0x728d2078, 0xb8e39259), + TOBN(0x5c75a0cd, 0x815d9958), TOBN(0xf84867a6, 0x16603be1)}, + {TOBN(0xc865b13d, 0x70e35b1c), TOBN(0x02414468, 0x19b03e2c), + TOBN(0xe46041da, 0xac1f3121), TOBN(0x7c9017ad, 0x6f028a7c)}}, + {{TOBN(0xabc96de9, 0x0a482873), TOBN(0x4265d6b1, 0xb77e54d4), + TOBN(0x68c38e79, 0xa57d88e7), TOBN(0xd461d766, 0x9ce82de3)}, + {TOBN(0x817a9ec5, 0x64a7e489), TOBN(0xcc5675cd, 0xa0def5f2), + TOBN(0x9a00e785, 0x985d494e), TOBN(0xc626833f, 0x1b03514a)}}, + {{TOBN(0xabe7905a, 0x83cdd60e), TOBN(0x50602fb5, 0xa1170184), + TOBN(0x689886cd, 0xb023642a), TOBN(0xd568d090, 0xa6e1fb00)}, + {TOBN(0x5b1922c7, 0x0259217f), TOBN(0x93831cd9, 0xc43141e4), + TOBN(0xdfca3587, 0x0c95f86e), TOBN(0xdec2057a, 0x568ae828)}}, + {{TOBN(0xc44ea599, 0xf98a759a), TOBN(0x55a0a7a2, 0xf7c23c1d), + TOBN(0xd5ffb6e6, 0x94c4f687), TOBN(0x3563cce2, 0x12848478)}, + {TOBN(0x812b3517, 0xe7b1fbe1), TOBN(0x8a7dc979, 0x4f7338e0), + TOBN(0x211ecee9, 0x52d048db), TOBN(0x2eea4056, 0xc86ea3b8)}}, + {{TOBN(0xd8cb68a7, 0xba772b34), TOBN(0xe16ed341, 0x5f4e2541), + TOBN(0x9b32f6a6, 0x0fec14db), TOBN(0xeee376f7, 0x391698be)}, + {TOBN(0xe9a7aa17, 0x83674c02), TOBN(0x65832f97, 0x5843022a), + TOBN(0x29f3a8da, 0x5ba4990f), TOBN(0x79a59c3a, 0xfb8e3216)}}, + {{TOBN(0x9cdc4d2e, 0xbd19bb16), TOBN(0xc6c7cfd0, 0xb3262d86), + TOBN(0xd4ce14d0, 0x969c0b47), TOBN(0x1fa352b7, 0x13e56128)}, + {TOBN(0x383d55b8, 0x973db6d3), TOBN(0x71836850, 0xe8e5b7bf), + TOBN(0xc7714596, 0xe6bb571f), TOBN(0x259df31f, 0x2d5b2dd2)}}, + {{TOBN(0x568f8925, 0x913cc16d), TOBN(0x18bc5b6d, 0xe1a26f5a), + TOBN(0xdfa413be, 0xf5f499ae), TOBN(0xf8835dec, 0xc3f0ae84)}, + {TOBN(0xb6e60bd8, 0x65a40ab0), TOBN(0x65596439, 0x194b377e), + TOBN(0xbcd85625, 0x92084a69), TOBN(0x5ce433b9, 0x4f23ede0)}}, + {{TOBN(0xe8e8f04f, 0x6ad65143), TOBN(0x11511827, 0xd6e14af6), + TOBN(0x3d390a10, 0x8295c0c7), TOBN(0x71e29ee4, 0x621eba16)}, + {TOBN(0xa588fc09, 0x63717b46), TOBN(0x02be02fe, 0xe06ad4a2), + TOBN(0x931558c6, 0x04c22b22), TOBN(0xbb4d4bd6, 0x12f3c849)}}, + {{TOBN(0x54a4f496, 0x20efd662), TOBN(0x92ba6d20, 0xc5952d14), + TOBN(0x2db8ea1e, 0xcc9784c2), TOBN(0x81cc10ca, 0x4b353644)}, + {TOBN(0x40b570ad, 0x4b4d7f6c), TOBN(0x5c9f1d96, 0x84a1dcd2), + TOBN(0x01379f81, 0x3147e797), TOBN(0xe5c6097b, 0x2bd499f5)}}, + {{TOBN(0x40dcafa6, 0x328e5e20), TOBN(0xf7b5244a, 0x54815550), + TOBN(0xb9a4f118, 0x47bfc978), TOBN(0x0ea0e79f, 0xd25825b1)}, + {TOBN(0xa50f96eb, 0x646c7ecf), TOBN(0xeb811493, 0x446dea9d), + TOBN(0x2af04677, 0xdfabcf69), TOBN(0xbe3a068f, 0xc713f6e8)}}, + {{TOBN(0x860d523d, 0x42e06189), TOBN(0xbf077941, 0x4e3aff13), + TOBN(0x0b616dca, 0xc1b20650), TOBN(0xe66dd6d1, 0x2131300d)}, + {TOBN(0xd4a0fd67, 0xff99abde), TOBN(0xc9903550, 0xc7aac50d), + TOBN(0x022ecf8b, 0x7c46b2d7), TOBN(0x3333b1e8, 0x3abf92af)}}, + {{TOBN(0x11cc113c, 0x6c491c14), TOBN(0x05976688, 0x80dd3f88), + TOBN(0xf5b4d9e7, 0x29d932ed), TOBN(0xe982aad8, 0xa2c38b6d)}, + {TOBN(0x6f925347, 0x8be0dcf0), TOBN(0x700080ae, 0x65ca53f2), + TOBN(0xd8131156, 0x443ca77f), TOBN(0xe92d6942, 0xec51f984)}}, + {{TOBN(0xd2a08af8, 0x85dfe9ae), TOBN(0xd825d9a5, 0x4d2a86ca), + TOBN(0x2c53988d, 0x39dff020), TOBN(0xf38b135a, 0x430cdc40)}, + {TOBN(0x0c918ae0, 0x62a7150b), TOBN(0xf31fd8de, 0x0c340e9b), + TOBN(0xafa0e7ae, 0x4dbbf02e), TOBN(0x5847fb2a, 0x5eba6239)}}, + {{TOBN(0x6b1647dc, 0xdccbac8b), TOBN(0xb642aa78, 0x06f485c8), + TOBN(0x873f3765, 0x7038ecdf), TOBN(0x2ce5e865, 0xfa49d3fe)}, + {TOBN(0xea223788, 0xc98c4400), TOBN(0x8104a8cd, 0xf1fa5279), + TOBN(0xbcf7cc7a, 0x06becfd7), TOBN(0x49424316, 0xc8f974ae)}}, + {{TOBN(0xc0da65e7, 0x84d6365d), TOBN(0xbcb7443f, 0x8f759fb8), + TOBN(0x35c712b1, 0x7ae81930), TOBN(0x80428dff, 0x4c6e08ab)}, + {TOBN(0xf19dafef, 0xa4faf843), TOBN(0xced8538d, 0xffa9855f), + TOBN(0x20ac409c, 0xbe3ac7ce), TOBN(0x358c1fb6, 0x882da71e)}}, + {{TOBN(0xafa9c0e5, 0xfd349961), TOBN(0x2b2cfa51, 0x8421c2fc), + TOBN(0x2a80db17, 0xf3a28d38), TOBN(0xa8aba539, 0x5d138e7e)}, + {TOBN(0x52012d1d, 0x6e96eb8d), TOBN(0x65d8dea0, 0xcbaf9622), + TOBN(0x57735447, 0xb264f56c), TOBN(0xbeebef3f, 0x1b6c8da2)}}, + {{TOBN(0xfc346d98, 0xce785254), TOBN(0xd50e8d72, 0xbb64a161), + TOBN(0xc03567c7, 0x49794add), TOBN(0x15a76065, 0x752c7ef6)}, + {TOBN(0x59f3a222, 0x961f23d6), TOBN(0x378e4438, 0x73ecc0b0), + TOBN(0xc74be434, 0x5a82fde4), TOBN(0xae509af2, 0xd8b9cf34)}}, + {{TOBN(0x4a61ee46, 0x577f44a1), TOBN(0xe09b748c, 0xb611deeb), + TOBN(0xc0481b2c, 0xf5f7b884), TOBN(0x35626678, 0x61acfa6b)}, + {TOBN(0x37f4c518, 0xbf8d21e6), TOBN(0x22d96531, 0xb205a76d), + TOBN(0x37fb85e1, 0x954073c0), TOBN(0xbceafe4f, 0x65b3a567)}}, + {{TOBN(0xefecdef7, 0xbe42a582), TOBN(0xd3fc6080, 0x65046be6), + TOBN(0xc9af13c8, 0x09e8dba9), TOBN(0x1e6c9847, 0x641491ff)}, + {TOBN(0x3b574925, 0xd30c31f7), TOBN(0xb7eb72ba, 0xac2a2122), + TOBN(0x776a0dac, 0xef0859e7), TOBN(0x06fec314, 0x21900942)}}, + {{TOBN(0x2464bc10, 0xf8c22049), TOBN(0x9bfbcce7, 0x875ebf69), + TOBN(0xd7a88e2a, 0x4336326b), TOBN(0xda05261c, 0x5bc2acfa)}, + {TOBN(0xc29f5bdc, 0xeba7efc8), TOBN(0x471237ca, 0x25dbbf2e), + TOBN(0xa72773f2, 0x2975f127), TOBN(0xdc744e8e, 0x04d0b326)}}, + {{TOBN(0x38a7ed16, 0xa56edb73), TOBN(0x64357e37, 0x2c007e70), + TOBN(0xa167d15b, 0x5080b400), TOBN(0x07b41164, 0x23de4be1)}, + {TOBN(0xb2d91e32, 0x74c89883), TOBN(0x3c162821, 0x2882e7ed), + TOBN(0xad6b36ba, 0x7503e482), TOBN(0x48434e8e, 0x0ea34331)}}, + {{TOBN(0x79f4f24f, 0x2c7ae0b9), TOBN(0xc46fbf81, 0x1939b44a), + TOBN(0x76fefae8, 0x56595eb1), TOBN(0x417b66ab, 0xcd5f29c7)}, + {TOBN(0x5f2332b2, 0xc5ceec20), TOBN(0xd69661ff, 0xe1a1cae2), + TOBN(0x5ede7e52, 0x9b0286e6), TOBN(0x9d062529, 0xe276b993)}}, + {{TOBN(0x324794b0, 0x7e50122b), TOBN(0xdd744f8b, 0x4af07ca5), + TOBN(0x30a12f08, 0xd63fc97b), TOBN(0x39650f1a, 0x76626d9d)}, + {TOBN(0x101b47f7, 0x1fa38477), TOBN(0x3d815f19, 0xd4dc124f), + TOBN(0x1569ae95, 0xb26eb58a), TOBN(0xc3cde188, 0x95fb1887)}}, + {{TOBN(0x54e9f37b, 0xf9539a48), TOBN(0xb0100e06, 0x7408c1a5), + TOBN(0x821d9811, 0xea580cbb), TOBN(0x8af52d35, 0x86e50c56)}, + {TOBN(0xdfbd9d47, 0xdbbf698b), TOBN(0x2961a1ea, 0x03dc1c73), + TOBN(0x203d38f8, 0xe76a5df8), TOBN(0x08a53a68, 0x6def707a)}}, + {{TOBN(0x26eefb48, 0x1bee45d4), TOBN(0xb3cee346, 0x3c688036), + TOBN(0x463c5315, 0xc42f2469), TOBN(0x19d84d2e, 0x81378162)}, + {TOBN(0x22d7c3c5, 0x1c4d349f), TOBN(0x65965844, 0x163d59c5), + TOBN(0xcf198c56, 0xb8abceae), TOBN(0x6fb1fb1b, 0x628559d5)}}, + {{TOBN(0x8bbffd06, 0x07bf8fe3), TOBN(0x46259c58, 0x3467734b), + TOBN(0xd8953cea, 0x35f7f0d3), TOBN(0x1f0bece2, 0xd65b0ff1)}, + {TOBN(0xf7d5b4b3, 0xf3c72914), TOBN(0x29e8ea95, 0x3cb53389), + TOBN(0x4a365626, 0x836b6d46), TOBN(0xe849f910, 0xea174fde)}}, + {{TOBN(0x7ec62fbb, 0xf4737f21), TOBN(0xd8dba5ab, 0x6209f5ac), + TOBN(0x24b5d7a9, 0xa5f9adbe), TOBN(0x707d28f7, 0xa61dc768)}, + {TOBN(0x7711460b, 0xcaa999ea), TOBN(0xba7b174d, 0x1c92e4cc), + TOBN(0x3c4bab66, 0x18d4bf2d), TOBN(0xb8f0c980, 0xeb8bd279)}}, + {{TOBN(0x024bea9a, 0x324b4737), TOBN(0xfba9e423, 0x32a83bca), + TOBN(0x6e635643, 0xa232dced), TOBN(0x99619367, 0x2571c8ba)}, + {TOBN(0xe8c9f357, 0x54b7032b), TOBN(0xf936b3ba, 0x2442d54a), + TOBN(0x2263f0f0, 0x8290c65a), TOBN(0x48989780, 0xee2c7fdb)}}, + {{TOBN(0xadc5d55a, 0x13d4f95e), TOBN(0x737cff85, 0xad9b8500), + TOBN(0x271c557b, 0x8a73f43d), TOBN(0xbed617a4, 0xe18bc476)}, + {TOBN(0x66245401, 0x7dfd8ab2), TOBN(0xae7b89ae, 0x3a2870aa), + TOBN(0x1b555f53, 0x23a7e545), TOBN(0x6791e247, 0xbe057e4c)}}, + {{TOBN(0x860136ad, 0x324fa34d), TOBN(0xea111447, 0x4cbeae28), + TOBN(0x023a4270, 0xbedd3299), TOBN(0x3d5c3a7f, 0xc1c35c34)}, + {TOBN(0xb0f6db67, 0x8d0412d2), TOBN(0xd92625e2, 0xfcdc6b9a), + TOBN(0x92ae5ccc, 0x4e28a982), TOBN(0xea251c36, 0x47a3ce7e)}}, + {{TOBN(0x9d658932, 0x790691bf), TOBN(0xed610589, 0x06b736ae), + TOBN(0x712c2f04, 0xc0d63b6e), TOBN(0x5cf06fd5, 0xc63d488f)}, + {TOBN(0x97363fac, 0xd9588e41), TOBN(0x1f9bf762, 0x2b93257e), + TOBN(0xa9d1ffc4, 0x667acace), TOBN(0x1cf4a1aa, 0x0a061ecf)}}, + {{TOBN(0x40e48a49, 0xdc1818d0), TOBN(0x0643ff39, 0xa3621ab0), + TOBN(0x5768640c, 0xe39ef639), TOBN(0x1fc099ea, 0x04d86854)}, + {TOBN(0x9130b9c3, 0xeccd28fd), TOBN(0xd743cbd2, 0x7eec54ab), + TOBN(0x052b146f, 0xe5b475b6), TOBN(0x058d9a82, 0x900a7d1f)}}, + {{TOBN(0x65e02292, 0x91262b72), TOBN(0x96f924f9, 0xbb0edf03), + TOBN(0x5cfa59c8, 0xfe206842), TOBN(0xf6037004, 0x5eafa720)}, + {TOBN(0x5f30699e, 0x18d7dd96), TOBN(0x381e8782, 0xcbab2495), + TOBN(0x91669b46, 0xdd8be949), TOBN(0xb40606f5, 0x26aae8ef)}}, + {{TOBN(0x2812b839, 0xfc6751a4), TOBN(0x16196214, 0xfba800ef), + TOBN(0x4398d5ca, 0x4c1a2875), TOBN(0x720c00ee, 0x653d8349)}, + {TOBN(0xc2699eb0, 0xd820007c), TOBN(0x880ee660, 0xa39b5825), + TOBN(0x70694694, 0x471f6984), TOBN(0xf7d16ea8, 0xe3dda99a)}}, + {{TOBN(0x28d675b2, 0xc0519a23), TOBN(0x9ebf94fe, 0x4f6952e3), + TOBN(0xf28bb767, 0xa2294a8a), TOBN(0x85512b4d, 0xfe0af3f5)}, + {TOBN(0x18958ba8, 0x99b16a0d), TOBN(0x95c2430c, 0xba7548a7), + TOBN(0xb30d1b10, 0xa16be615), TOBN(0xe3ebbb97, 0x85bfb74c)}}, + {{TOBN(0xa3273cfe, 0x18549fdb), TOBN(0xf6e200bf, 0x4fcdb792), + TOBN(0x54a76e18, 0x83aba56c), TOBN(0x73ec66f6, 0x89ef6aa2)}, + {TOBN(0x8d17add7, 0xd1b9a305), TOBN(0xa959c5b9, 0xb7ae1b9d), + TOBN(0x88643522, 0x6bcc094a), TOBN(0xcc5616c4, 0xd7d429b9)}}, + {{TOBN(0xa6dada01, 0xe6a33f7c), TOBN(0xc6217a07, 0x9d4e70ad), + TOBN(0xd619a818, 0x09c15b7c), TOBN(0xea06b329, 0x0e80c854)}, + {TOBN(0x174811ce, 0xa5f5e7b9), TOBN(0x66dfc310, 0x787c65f4), + TOBN(0x4ea7bd69, 0x3316ab54), TOBN(0xc12c4acb, 0x1dcc0f70)}}, + {{TOBN(0xe4308d1a, 0x1e407dd9), TOBN(0xe8a3587c, 0x91afa997), + TOBN(0xea296c12, 0xab77b7a5), TOBN(0xb5ad49e4, 0x673c0d52)}, + {TOBN(0x40f9b2b2, 0x7006085a), TOBN(0xa88ff340, 0x87bf6ec2), + TOBN(0x978603b1, 0x4e3066a6), TOBN(0xb3f99fc2, 0xb5e486e2)}}, + {{TOBN(0x07b53f5e, 0xb2e63645), TOBN(0xbe57e547, 0x84c84232), + TOBN(0xd779c216, 0x7214d5cf), TOBN(0x617969cd, 0x029a3aca)}, + {TOBN(0xd17668cd, 0x8a7017a0), TOBN(0x77b4d19a, 0xbe9b7ee8), + TOBN(0x58fd0e93, 0x9c161776), TOBN(0xa8c4f4ef, 0xd5968a72)}}, + {{TOBN(0x296071cc, 0x67b3de77), TOBN(0xae3c0b8e, 0x634f7905), + TOBN(0x67e440c2, 0x8a7100c9), TOBN(0xbb8c3c1b, 0xeb4b9b42)}, + {TOBN(0x6d71e8ea, 0xc51b3583), TOBN(0x7591f5af, 0x9525e642), + TOBN(0xf73a2f7b, 0x13f509f3), TOBN(0x618487aa, 0x5619ac9b)}}, + {{TOBN(0x3a72e5f7, 0x9d61718a), TOBN(0x00413bcc, 0x7592d28c), + TOBN(0x7d9b11d3, 0x963c35cf), TOBN(0x77623bcf, 0xb90a46ed)}, + {TOBN(0xdeef273b, 0xdcdd2a50), TOBN(0x4a741f9b, 0x0601846e), + TOBN(0x33b89e51, 0x0ec6e929), TOBN(0xcb02319f, 0x8b7f22cd)}}, + {{TOBN(0xbbe1500d, 0x084bae24), TOBN(0x2f0ae8d7, 0x343d2693), + TOBN(0xacffb5f2, 0x7cdef811), TOBN(0xaa0c030a, 0x263fb94f)}, + {TOBN(0x6eef0d61, 0xa0f442de), TOBN(0xf92e1817, 0x27b139d3), + TOBN(0x1ae6deb7, 0x0ad8bc28), TOBN(0xa89e38dc, 0xc0514130)}}, + {{TOBN(0x81eeb865, 0xd2fdca23), TOBN(0x5a15ee08, 0xcc8ef895), + TOBN(0x768fa10a, 0x01905614), TOBN(0xeff5b8ef, 0x880ee19b)}, + {TOBN(0xf0c0cabb, 0xcb1c8a0e), TOBN(0x2e1ee9cd, 0xb8c838f9), + TOBN(0x0587d8b8, 0x8a4a14c0), TOBN(0xf6f27896, 0x2ff698e5)}}, + {{TOBN(0xed38ef1c, 0x89ee6256), TOBN(0xf44ee1fe, 0x6b353b45), + TOBN(0x9115c0c7, 0x70e903b3), TOBN(0xc78ec0a1, 0x818f31df)}, + {TOBN(0x6c003324, 0xb7dccbc6), TOBN(0xd96dd1f3, 0x163bbc25), + TOBN(0x33aa82dd, 0x5cedd805), TOBN(0x123aae4f, 0x7f7eb2f1)}}, + {{TOBN(0x1723fcf5, 0xa26262cd), TOBN(0x1f7f4d5d, 0x0060ebd5), + TOBN(0xf19c5c01, 0xb2eaa3af), TOBN(0x2ccb9b14, 0x9790accf)}, + {TOBN(0x1f9c1cad, 0x52324aa6), TOBN(0x63200526, 0x7247df54), + TOBN(0x5732fe42, 0xbac96f82), TOBN(0x52fe771f, 0x01a1c384)}}, + {{TOBN(0x546ca13d, 0xb1001684), TOBN(0xb56b4eee, 0xa1709f75), + TOBN(0x266545a9, 0xd5db8672), TOBN(0xed971c90, 0x1e8f3cfb)}, + {TOBN(0x4e7d8691, 0xe3a07b29), TOBN(0x7570d9ec, 0xe4b696b9), + TOBN(0xdc5fa067, 0x7bc7e9ae), TOBN(0x68b44caf, 0xc82c4844)}}, + {{TOBN(0x519d34b3, 0xbf44da80), TOBN(0x283834f9, 0x5ab32e66), + TOBN(0x6e608797, 0x6278a000), TOBN(0x1e62960e, 0x627312f6)}, + {TOBN(0x9b87b27b, 0xe6901c55), TOBN(0x80e78538, 0x24fdbc1f), + TOBN(0xbbbc0951, 0x2facc27d), TOBN(0x06394239, 0xac143b5a)}}, + {{TOBN(0x35bb4a40, 0x376c1944), TOBN(0x7cb62694, 0x63da1511), + TOBN(0xafd29161, 0xb7148a3b), TOBN(0xa6f9d9ed, 0x4e2ea2ee)}, + {TOBN(0x15dc2ca2, 0x880dd212), TOBN(0x903c3813, 0xa61139a9), + TOBN(0x2aa7b46d, 0x6c0f8785), TOBN(0x36ce2871, 0x901c60ff)}}, + {{TOBN(0xc683b028, 0xe10d9c12), TOBN(0x7573baa2, 0x032f33d3), + TOBN(0x87a9b1f6, 0x67a31b58), TOBN(0xfd3ed11a, 0xf4ffae12)}, + {TOBN(0x83dcaa9a, 0x0cb2748e), TOBN(0x8239f018, 0x5d6fdf16), + TOBN(0xba67b49c, 0x72753941), TOBN(0x2beec455, 0xc321cb36)}}, + {{TOBN(0x88015606, 0x3f8b84ce), TOBN(0x76417083, 0x8d38c86f), + TOBN(0x054f1ca7, 0x598953dd), TOBN(0xc939e110, 0x4e8e7429)}, + {TOBN(0x9b1ac2b3, 0x5a914f2f), TOBN(0x39e35ed3, 0xe74b8f9c), + TOBN(0xd0debdb2, 0x781b2fb0), TOBN(0x1585638f, 0x2d997ba2)}}, + {{TOBN(0x9c4b646e, 0x9e2fce99), TOBN(0x68a21081, 0x1e80857f), + TOBN(0x06d54e44, 0x3643b52a), TOBN(0xde8d6d63, 0x0d8eb843)}, + {TOBN(0x70321563, 0x42146a0a), TOBN(0x8ba826f2, 0x5eaa3622), + TOBN(0x227a58bd, 0x86138787), TOBN(0x43b6c03c, 0x10281d37)}}, + {{TOBN(0x6326afbb, 0xb54dde39), TOBN(0x744e5e8a, 0xdb6f2d5f), + TOBN(0x48b2a99a, 0xcff158e1), TOBN(0xa93c8fa0, 0xef87918f)}, + {TOBN(0x2182f956, 0xde058c5c), TOBN(0x216235d2, 0x936f9e7a), + TOBN(0xace0c0db, 0xd2e31e67), TOBN(0xc96449bf, 0xf23ac3e7)}}, + {{TOBN(0x7e9a2874, 0x170693bd), TOBN(0xa28e14fd, 0xa45e6335), + TOBN(0x5757f6b3, 0x56427344), TOBN(0x822e4556, 0xacf8edf9)}, + {TOBN(0x2b7a6ee2, 0xe6a285cd), TOBN(0x5866f211, 0xa9df3af0), + TOBN(0x40dde2dd, 0xf845b844), TOBN(0x986c3726, 0x110e5e49)}}, + {{TOBN(0x73680c2a, 0xf7172277), TOBN(0x57b94f0f, 0x0cccb244), + TOBN(0xbdff7267, 0x2d438ca7), TOBN(0xbad1ce11, 0xcf4663fd)}, + {TOBN(0x9813ed9d, 0xd8f71cae), TOBN(0xf43272a6, 0x961fdaa6), + TOBN(0xbeff0119, 0xbd6d1637), TOBN(0xfebc4f91, 0x30361978)}}, + {{TOBN(0x02b37a95, 0x2f41deff), TOBN(0x0e44a59a, 0xe63b89b7), + TOBN(0x673257dc, 0x143ff951), TOBN(0x19c02205, 0xd752baf4)}, + {TOBN(0x46c23069, 0xc4b7d692), TOBN(0x2e6392c3, 0xfd1502ac), + TOBN(0x6057b1a2, 0x1b220846), TOBN(0xe51ff946, 0x0c1b5b63)}}}, + {{{TOBN(0x6e85cb51, 0x566c5c43), TOBN(0xcff9c919, 0x3597f046), + TOBN(0x9354e90c, 0x4994d94a), TOBN(0xe0a39332, 0x2147927d)}, + {TOBN(0x8427fac1, 0x0dc1eb2b), TOBN(0x88cfd8c2, 0x2ff319fa), + TOBN(0xe2d4e684, 0x01965274), TOBN(0xfa2e067d, 0x67aaa746)}}, + {{TOBN(0xb6d92a7f, 0x3e5f9f11), TOBN(0x9afe153a, 0xd6cb3b8e), + TOBN(0x4d1a6dd7, 0xddf800bd), TOBN(0xf6c13cc0, 0xcaf17e19)}, + {TOBN(0x15f6c58e, 0x325fc3ee), TOBN(0x71095400, 0xa31dc3b2), + TOBN(0x168e7c07, 0xafa3d3e7), TOBN(0x3f8417a1, 0x94c7ae2d)}}, + {{TOBN(0xec234772, 0x813b230d), TOBN(0x634d0f5f, 0x17344427), + TOBN(0x11548ab1, 0xd77fc56a), TOBN(0x7fab1750, 0xce06af77)}, + {TOBN(0xb62c10a7, 0x4f7c4f83), TOBN(0xa7d2edc4, 0x220a67d9), + TOBN(0x1c404170, 0x921209a0), TOBN(0x0b9815a0, 0xface59f0)}}, + {{TOBN(0x2842589b, 0x319540c3), TOBN(0x18490f59, 0xa283d6f8), + TOBN(0xa2731f84, 0xdaae9fcb), TOBN(0x3db6d960, 0xc3683ba0)}, + {TOBN(0xc85c63bb, 0x14611069), TOBN(0xb19436af, 0x0788bf05), + TOBN(0x905459df, 0x347460d2), TOBN(0x73f6e094, 0xe11a7db1)}}, + {{TOBN(0xdc7f938e, 0xb6357f37), TOBN(0xc5d00f79, 0x2bd8aa62), + TOBN(0xc878dcb9, 0x2ca979fc), TOBN(0x37e83ed9, 0xeb023a99)}, + {TOBN(0x6b23e273, 0x1560bf3d), TOBN(0x1086e459, 0x1d0fae61), + TOBN(0x78248316, 0x9a9414bd), TOBN(0x1b956bc0, 0xf0ea9ea1)}}, + {{TOBN(0x7b85bb91, 0xc31b9c38), TOBN(0x0c5aa90b, 0x48ef57b5), + TOBN(0xdedeb169, 0xaf3bab6f), TOBN(0xe610ad73, 0x2d373685)}, + {TOBN(0xf13870df, 0x02ba8e15), TOBN(0x0337edb6, 0x8ca7f771), + TOBN(0xe4acf747, 0xb62c036c), TOBN(0xd921d576, 0xb6b94e81)}}, + {{TOBN(0xdbc86439, 0x2c422f7a), TOBN(0xfb635362, 0xed348898), + TOBN(0x83084668, 0xc45bfcd1), TOBN(0xc357c9e3, 0x2b315e11)}, + {TOBN(0xb173b540, 0x5b2e5b8c), TOBN(0x7e946931, 0xe102b9a4), + TOBN(0x17c890eb, 0x7b0fb199), TOBN(0xec225a83, 0xd61b662b)}}, + {{TOBN(0xf306a3c8, 0xee3c76cb), TOBN(0x3cf11623, 0xd32a1f6e), + TOBN(0xe6d5ab64, 0x6863e956), TOBN(0x3b8a4cbe, 0x5c005c26)}, + {TOBN(0xdcd529a5, 0x9ce6bb27), TOBN(0xc4afaa52, 0x04d4b16f), + TOBN(0xb0624a26, 0x7923798d), TOBN(0x85e56df6, 0x6b307fab)}}, + {{TOBN(0x0281893c, 0x2bf29698), TOBN(0x91fc19a4, 0xd7ce7603), + TOBN(0x75a5dca3, 0xad9a558f), TOBN(0x40ceb3fa, 0x4d50bf77)}, + {TOBN(0x1baf6060, 0xbc9ba369), TOBN(0x927e1037, 0x597888c2), + TOBN(0xd936bf19, 0x86a34c07), TOBN(0xd4cf10c1, 0xc34ae980)}}, + {{TOBN(0x3a3e5334, 0x859dd614), TOBN(0x9c475b5b, 0x18d0c8ee), + TOBN(0x63080d1f, 0x07cd51d5), TOBN(0xc9c0d0a6, 0xb88b4326)}, + {TOBN(0x1ac98691, 0xc234296f), TOBN(0x2a0a83a4, 0x94887fb6), + TOBN(0x56511427, 0x0cea9cf2), TOBN(0x5230a6e8, 0xa24802f5)}}, + {{TOBN(0xf7a2bf0f, 0x72e3d5c1), TOBN(0x37717446, 0x4f21439e), + TOBN(0xfedcbf25, 0x9ce30334), TOBN(0xe0030a78, 0x7ce202f9)}, + {TOBN(0x6f2d9ebf, 0x1202e9ca), TOBN(0xe79dde6c, 0x75e6e591), + TOBN(0xf52072af, 0xf1dac4f8), TOBN(0x6c8d087e, 0xbb9b404d)}}, + {{TOBN(0xad0fc73d, 0xbce913af), TOBN(0x909e587b, 0x458a07cb), + TOBN(0x1300da84, 0xd4f00c8a), TOBN(0x425cd048, 0xb54466ac)}, + {TOBN(0xb59cb9be, 0x90e9d8bf), TOBN(0x991616db, 0x3e431b0e), + TOBN(0xd3aa117a, 0x531aecff), TOBN(0x91af92d3, 0x59f4dc3b)}}, + {{TOBN(0x9b1ec292, 0xe93fda29), TOBN(0x76bb6c17, 0xe97d91bc), + TOBN(0x7509d95f, 0xaface1e6), TOBN(0x3653fe47, 0xbe855ae3)}, + {TOBN(0x73180b28, 0x0f680e75), TOBN(0x75eefd1b, 0xeeb6c26c), + TOBN(0xa4cdf29f, 0xb66d4236), TOBN(0x2d70a997, 0x6b5821d8)}}, + {{TOBN(0x7a3ee207, 0x20445c36), TOBN(0x71d1ac82, 0x59877174), + TOBN(0x0fc539f7, 0x949f73e9), TOBN(0xd05cf3d7, 0x982e3081)}, + {TOBN(0x8758e20b, 0x7b1c7129), TOBN(0xffadcc20, 0x569e61f2), + TOBN(0xb05d3a2f, 0x59544c2d), TOBN(0xbe16f5c1, 0x9fff5e53)}}, + {{TOBN(0x73cf65b8, 0xaad58135), TOBN(0x622c2119, 0x037aa5be), + TOBN(0x79373b3f, 0x646fd6a0), TOBN(0x0e029db5, 0x0d3978cf)}, + {TOBN(0x8bdfc437, 0x94fba037), TOBN(0xaefbd687, 0x620797a6), + TOBN(0x3fa5382b, 0xbd30d38e), TOBN(0x7627cfbf, 0x585d7464)}}, + {{TOBN(0xb2330fef, 0x4e4ca463), TOBN(0xbcef7287, 0x3566cc63), + TOBN(0xd161d2ca, 0xcf780900), TOBN(0x135dc539, 0x5b54827d)}, + {TOBN(0x638f052e, 0x27bf1bc6), TOBN(0x10a224f0, 0x07dfa06c), + TOBN(0xe973586d, 0x6d3321da), TOBN(0x8b0c5738, 0x26152c8f)}}, + {{TOBN(0x07ef4f2a, 0x34606074), TOBN(0x80fe7fe8, 0xa0f7047a), + TOBN(0x3d1a8152, 0xe1a0e306), TOBN(0x32cf43d8, 0x88da5222)}, + {TOBN(0xbf89a95f, 0x5f02ffe6), TOBN(0x3d9eb9a4, 0x806ad3ea), + TOBN(0x012c17bb, 0x79c8e55e), TOBN(0xfdcd1a74, 0x99c81dac)}}, + {{TOBN(0x7043178b, 0xb9556098), TOBN(0x4090a1df, 0x801c3886), + TOBN(0x759800ff, 0x9b67b912), TOBN(0x3e5c0304, 0x232620c8)}, + {TOBN(0x4b9d3c4b, 0x70dceeca), TOBN(0xbb2d3c15, 0x181f648e), + TOBN(0xf981d837, 0x6e33345c), TOBN(0xb626289b, 0x0cf2297a)}}, + {{TOBN(0x766ac659, 0x8baebdcf), TOBN(0x1a28ae09, 0x75df01e5), + TOBN(0xb71283da, 0x375876d8), TOBN(0x4865a96d, 0x607b9800)}, + {TOBN(0x25dd1bcd, 0x237936b2), TOBN(0x332f4f4b, 0x60417494), + TOBN(0xd0923d68, 0x370a2147), TOBN(0x497f5dfb, 0xdc842203)}}, + {{TOBN(0x9dc74cbd, 0x32be5e0f), TOBN(0x7475bcb7, 0x17a01375), + TOBN(0x438477c9, 0x50d872b1), TOBN(0xcec67879, 0xffe1d63d)}, + {TOBN(0x9b006014, 0xd8578c70), TOBN(0xc9ad99a8, 0x78bb6b8b), + TOBN(0x6799008e, 0x11fb3806), TOBN(0xcfe81435, 0xcd44cab3)}}, + {{TOBN(0xa2ee1582, 0x2f4fb344), TOBN(0xb8823450, 0x483fa6eb), + TOBN(0x622d323d, 0x652c7749), TOBN(0xd8474a98, 0xbeb0a15b)}, + {TOBN(0xe43c154d, 0x5d1c00d0), TOBN(0x7fd581d9, 0x0e3e7aac), + TOBN(0x2b44c619, 0x2525ddf8), TOBN(0x67a033eb, 0xb8ae9739)}}, + {{TOBN(0x113ffec1, 0x9ef2d2e4), TOBN(0x1bf6767e, 0xd5a0ea7f), + TOBN(0x57fff75e, 0x03714c0a), TOBN(0xa23c422e, 0x0a23e9ee)}, + {TOBN(0xdd5f6b2d, 0x540f83af), TOBN(0xc2c2c27e, 0x55ea46a7), + TOBN(0xeb6b4246, 0x672a1208), TOBN(0xd13599f7, 0xae634f7a)}}, + {{TOBN(0xcf914b5c, 0xd7b32c6e), TOBN(0x61a5a640, 0xeaf61814), + TOBN(0x8dc3df8b, 0x208a1bbb), TOBN(0xef627fd6, 0xb6d79aa5)}, + {TOBN(0x44232ffc, 0xc4c86bc8), TOBN(0xe6f9231b, 0x061539fe), + TOBN(0x1d04f25a, 0x958b9533), TOBN(0x180cf934, 0x49e8c885)}}, + {{TOBN(0x89689595, 0x9884aaf7), TOBN(0xb1959be3, 0x07b348a6), + TOBN(0x96250e57, 0x3c147c87), TOBN(0xae0efb3a, 0xdd0c61f8)}, + {TOBN(0xed00745e, 0xca8c325e), TOBN(0x3c911696, 0xecff3f70), + TOBN(0x73acbc65, 0x319ad41d), TOBN(0x7b01a020, 0xf0b1c7ef)}}, + {{TOBN(0xea32b293, 0x63a1483f), TOBN(0x89eabe71, 0x7a248f96), + TOBN(0x9c6231d3, 0x343157e5), TOBN(0x93a375e5, 0xdf3c546d)}, + {TOBN(0xe76e9343, 0x6a2afe69), TOBN(0xc4f89100, 0xe166c88e), + TOBN(0x248efd0d, 0x4f872093), TOBN(0xae0eb3ea, 0x8fe0ea61)}}, + {{TOBN(0xaf89790d, 0x9d79046e), TOBN(0x4d650f2d, 0x6cee0976), + TOBN(0xa3935d9a, 0x43071eca), TOBN(0x66fcd2c9, 0x283b0bfe)}, + {TOBN(0x0e665eb5, 0x696605f1), TOBN(0xe77e5d07, 0xa54cd38d), + TOBN(0x90ee050a, 0x43d950cf), TOBN(0x86ddebda, 0xd32e69b5)}}, + {{TOBN(0x6ad94a3d, 0xfddf7415), TOBN(0xf7fa1309, 0x3f6e8d5a), + TOBN(0xc4831d1d, 0xe9957f75), TOBN(0x7de28501, 0xd5817447)}, + {TOBN(0x6f1d7078, 0x9e2aeb6b), TOBN(0xba2b9ff4, 0xf67a53c2), + TOBN(0x36963767, 0xdf9defc3), TOBN(0x479deed3, 0x0d38022c)}}, + {{TOBN(0xd2edb89b, 0x3a8631e8), TOBN(0x8de855de, 0x7a213746), + TOBN(0xb2056cb7, 0xb00c5f11), TOBN(0xdeaefbd0, 0x2c9b85e4)}, + {TOBN(0x03f39a8d, 0xd150892d), TOBN(0x37b84686, 0x218b7985), + TOBN(0x36296dd8, 0xb7375f1a), TOBN(0x472cd4b1, 0xb78e898e)}}, + {{TOBN(0x15dff651, 0xe9f05de9), TOBN(0xd4045069, 0x2ce98ba9), + TOBN(0x8466a7ae, 0x9b38024c), TOBN(0xb910e700, 0xe5a6b5ef)}, + {TOBN(0xae1c56ea, 0xb3aa8f0d), TOBN(0xbab2a507, 0x7eee74a6), + TOBN(0x0dca11e2, 0x4b4c4620), TOBN(0xfd896e2e, 0x4c47d1f4)}}, + {{TOBN(0xeb45ae53, 0x308fbd93), TOBN(0x46cd5a2e, 0x02c36fda), + TOBN(0x6a3d4e90, 0xbaa48385), TOBN(0xdd55e62e, 0x9dbe9960)}, + {TOBN(0xa1406aa0, 0x2a81ede7), TOBN(0x6860dd14, 0xf9274ea7), + TOBN(0xcfdcb0c2, 0x80414f86), TOBN(0xff410b10, 0x22f94327)}}, + {{TOBN(0x5a33cc38, 0x49ad467b), TOBN(0xefb48b6c, 0x0a7335f1), + TOBN(0x14fb54a4, 0xb153a360), TOBN(0x604aa9d2, 0xb52469cc)}, + {TOBN(0x5e9dc486, 0x754e48e9), TOBN(0x693cb455, 0x37471e8e), + TOBN(0xfb2fd7cd, 0x8d3b37b6), TOBN(0x63345e16, 0xcf09ff07)}}, + {{TOBN(0x9910ba6b, 0x23a5d896), TOBN(0x1fe19e35, 0x7fe4364e), + TOBN(0x6e1da8c3, 0x9a33c677), TOBN(0x15b4488b, 0x29fd9fd0)}, + {TOBN(0x1f439254, 0x1a1f22bf), TOBN(0x920a8a70, 0xab8163e8), + TOBN(0x3fd1b249, 0x07e5658e), TOBN(0xf2c4f79c, 0xb6ec839b)}}, + {{TOBN(0x1abbc3d0, 0x4aa38d1b), TOBN(0x3b0db35c, 0xb5d9510e), + TOBN(0x1754ac78, 0x3e60dec0), TOBN(0x53272fd7, 0xea099b33)}, + {TOBN(0x5fb0494f, 0x07a8e107), TOBN(0x4a89e137, 0x6a8191fa), + TOBN(0xa113b7f6, 0x3c4ad544), TOBN(0x88a2e909, 0x6cb9897b)}}, + {{TOBN(0x17d55de3, 0xb44a3f84), TOBN(0xacb2f344, 0x17c6c690), + TOBN(0x32088168, 0x10232390), TOBN(0xf2e8a61f, 0x6c733bf7)}, + {TOBN(0xa774aab6, 0x9c2d7652), TOBN(0xfb5307e3, 0xed95c5bc), + TOBN(0xa05c73c2, 0x4981f110), TOBN(0x1baae31c, 0xa39458c9)}}, + {{TOBN(0x1def185b, 0xcbea62e7), TOBN(0xe8ac9eae, 0xeaf63059), + TOBN(0x098a8cfd, 0x9921851c), TOBN(0xd959c3f1, 0x3abe2f5b)}, + {TOBN(0xa4f19525, 0x20e40ae5), TOBN(0x320789e3, 0x07a24aa1), + TOBN(0x259e6927, 0x7392b2bc), TOBN(0x58f6c667, 0x1918668b)}}, + {{TOBN(0xce1db2bb, 0xc55d2d8b), TOBN(0x41d58bb7, 0xf4f6ca56), + TOBN(0x7650b680, 0x8f877614), TOBN(0x905e16ba, 0xf4c349ed)}, + {TOBN(0xed415140, 0xf661acac), TOBN(0x3b8784f0, 0xcb2270af), + TOBN(0x3bc280ac, 0x8a402cba), TOBN(0xd53f7146, 0x0937921a)}}, + {{TOBN(0xc03c8ee5, 0xe5681e83), TOBN(0x62126105, 0xf6ac9e4a), + TOBN(0x9503a53f, 0x936b1a38), TOBN(0x3d45e2d4, 0x782fecbd)}, + {TOBN(0x69a5c439, 0x76e8ae98), TOBN(0xb53b2eeb, 0xbfb4b00e), + TOBN(0xf1674712, 0x72386c89), TOBN(0x30ca34a2, 0x4268bce4)}}, + {{TOBN(0x7f1ed86c, 0x78341730), TOBN(0x8ef5beb8, 0xb525e248), + TOBN(0xbbc489fd, 0xb74fbf38), TOBN(0x38a92a0e, 0x91a0b382)}, + {TOBN(0x7a77ba3f, 0x22433ccf), TOBN(0xde8362d6, 0xa29f05a9), + TOBN(0x7f6a30ea, 0x61189afc), TOBN(0x693b5505, 0x59ef114f)}}, + {{TOBN(0x50266bc0, 0xcd1797a1), TOBN(0xea17b47e, 0xf4b7af2d), + TOBN(0xd6c4025c, 0x3df9483e), TOBN(0x8cbb9d9f, 0xa37b18c9)}, + {TOBN(0x91cbfd9c, 0x4d8424cf), TOBN(0xdb7048f1, 0xab1c3506), + TOBN(0x9eaf641f, 0x028206a3), TOBN(0xf986f3f9, 0x25bdf6ce)}}, + {{TOBN(0x262143b5, 0x224c08dc), TOBN(0x2bbb09b4, 0x81b50c91), + TOBN(0xc16ed709, 0xaca8c84f), TOBN(0xa6210d9d, 0xb2850ca8)}, + {TOBN(0x6d8df67a, 0x09cb54d6), TOBN(0x91eef6e0, 0x500919a4), + TOBN(0x90f61381, 0x0f132857), TOBN(0x9acede47, 0xf8d5028b)}}, + {{TOBN(0x844d1b71, 0x90b771c3), TOBN(0x563b71e4, 0xba6426be), + TOBN(0x2efa2e83, 0xbdb802ff), TOBN(0x3410cbab, 0xab5b4a41)}, + {TOBN(0x555b2d26, 0x30da84dd), TOBN(0xd0711ae9, 0xee1cc29a), + TOBN(0xcf3e8c60, 0x2f547792), TOBN(0x03d7d5de, 0xdc678b35)}}, + {{TOBN(0x071a2fa8, 0xced806b8), TOBN(0x222e6134, 0x697f1478), + TOBN(0xdc16fd5d, 0xabfcdbbf), TOBN(0x44912ebf, 0x121b53b8)}, + {TOBN(0xac943674, 0x2496c27c), TOBN(0x8ea3176c, 0x1ffc26b0), + TOBN(0xb6e224ac, 0x13debf2c), TOBN(0x524cc235, 0xf372a832)}}, + {{TOBN(0xd706e1d8, 0x9f6f1b18), TOBN(0x2552f005, 0x44cce35b), + TOBN(0x8c8326c2, 0xa88e31fc), TOBN(0xb5468b2c, 0xf9552047)}, + {TOBN(0xce683e88, 0x3ff90f2b), TOBN(0x77947bdf, 0x2f0a5423), + TOBN(0xd0a1b28b, 0xed56e328), TOBN(0xaee35253, 0xc20134ac)}}, + {{TOBN(0x7e98367d, 0x3567962f), TOBN(0x379ed61f, 0x8188bffb), + TOBN(0x73bba348, 0xfaf130a1), TOBN(0x6c1f75e1, 0x904ed734)}, + {TOBN(0x18956642, 0x3b4a79fc), TOBN(0xf20bc83d, 0x54ef4493), + TOBN(0x836d425d, 0x9111eca1), TOBN(0xe5b5c318, 0x009a8dcf)}}, + {{TOBN(0x3360b25d, 0x13221bc5), TOBN(0x707baad2, 0x6b3eeaf7), + TOBN(0xd7279ed8, 0x743a95a1), TOBN(0x7450a875, 0x969e809f)}, + {TOBN(0x32b6bd53, 0xe5d0338f), TOBN(0x1e77f7af, 0x2b883bbc), + TOBN(0x90da12cc, 0x1063ecd0), TOBN(0xe2697b58, 0xc315be47)}}, + {{TOBN(0x2771a5bd, 0xda85d534), TOBN(0x53e78c1f, 0xff980eea), + TOBN(0xadf1cf84, 0x900385e7), TOBN(0x7d3b14f6, 0xc9387b62)}, + {TOBN(0x170e74b0, 0xcb8f2bd2), TOBN(0x2d50b486, 0x827fa993), + TOBN(0xcdbe8c9a, 0xf6f32bab), TOBN(0x55e906b0, 0xc3b93ab8)}}, + {{TOBN(0x747f22fc, 0x8fe280d1), TOBN(0xcd8e0de5, 0xb2e114ab), + TOBN(0x5ab7dbeb, 0xe10b68b0), TOBN(0x9dc63a9c, 0xa480d4b2)}, + {TOBN(0x78d4bc3b, 0x4be1495f), TOBN(0x25eb3db8, 0x9359122d), + TOBN(0x3f8ac05b, 0x0809cbdc), TOBN(0xbf4187bb, 0xd37c702f)}}, + {{TOBN(0x84cea069, 0x1416a6a5), TOBN(0x8f860c79, 0x43ef881c), + TOBN(0x41311f8a, 0x38038a5d), TOBN(0xe78c2ec0, 0xfc612067)}, + {TOBN(0x494d2e81, 0x5ad73581), TOBN(0xb4cc9e00, 0x59604097), + TOBN(0xff558aec, 0xf3612cba), TOBN(0x35beef7a, 0x9e36c39e)}}, + {{TOBN(0x1845c7cf, 0xdbcf41b9), TOBN(0x5703662a, 0xaea997c0), + TOBN(0x8b925afe, 0xe402f6d8), TOBN(0xd0a1b1ae, 0x4dd72162)}, + {TOBN(0x9f47b375, 0x03c41c4b), TOBN(0xa023829b, 0x0391d042), + TOBN(0x5f5045c3, 0x503b8b0a), TOBN(0x123c2688, 0x98c010e5)}}, + {{TOBN(0x324ec0cc, 0x36ba06ee), TOBN(0xface3115, 0x3dd2cc0c), + TOBN(0xb364f3be, 0xf333e91f), TOBN(0xef8aff73, 0x28e832b0)}, + {TOBN(0x1e9bad04, 0x2d05841b), TOBN(0x42f0e3df, 0x356a21e2), + TOBN(0xa3270bcb, 0x4add627e), TOBN(0xb09a8158, 0xd322e711)}}, + {{TOBN(0x86e326a1, 0x0fee104a), TOBN(0xad7788f8, 0x3703f65d), + TOBN(0x7e765430, 0x47bc4833), TOBN(0x6cee582b, 0x2b9b893a)}, + {TOBN(0x9cd2a167, 0xe8f55a7b), TOBN(0xefbee3c6, 0xd9e4190d), + TOBN(0x33ee7185, 0xd40c2e9d), TOBN(0x844cc9c5, 0xa380b548)}}, + {{TOBN(0x323f8ecd, 0x66926e04), TOBN(0x0001e38f, 0x8110c1ba), + TOBN(0x8dbcac12, 0xfc6a7f07), TOBN(0xd65e1d58, 0x0cec0827)}, + {TOBN(0xd2cd4141, 0xbe76ca2d), TOBN(0x7895cf5c, 0xe892f33a), + TOBN(0x956d230d, 0x367139d2), TOBN(0xa91abd3e, 0xd012c4c1)}}, + {{TOBN(0x34fa4883, 0x87eb36bf), TOBN(0xc5f07102, 0x914b8fb4), + TOBN(0x90f0e579, 0xadb9c95f), TOBN(0xfe6ea8cb, 0x28888195)}, + {TOBN(0x7b9b5065, 0xedfa9284), TOBN(0x6c510bd2, 0x2b8c8d65), + TOBN(0xd7b8ebef, 0xcbe8aafd), TOBN(0xedb3af98, 0x96b1da07)}}, + {{TOBN(0x28ff779d, 0x6295d426), TOBN(0x0c4f6ac7, 0x3fa3ad7b), + TOBN(0xec44d054, 0x8b8e2604), TOBN(0x9b32a66d, 0x8b0050e1)}, + {TOBN(0x1f943366, 0xf0476ce2), TOBN(0x7554d953, 0xa602c7b4), + TOBN(0xbe35aca6, 0x524f2809), TOBN(0xb6881229, 0xfd4edbea)}}, + {{TOBN(0xe8cd0c8f, 0x508efb63), TOBN(0x9eb5b5c8, 0x6abcefc7), + TOBN(0xf5621f5f, 0xb441ab4f), TOBN(0x79e6c046, 0xb76a2b22)}, + {TOBN(0x74a4792c, 0xe37a1f69), TOBN(0xcbd252cb, 0x03542b60), + TOBN(0x785f65d5, 0xb3c20bd3), TOBN(0x8dea6143, 0x4fabc60c)}}, + {{TOBN(0x45e21446, 0xde673629), TOBN(0x57f7aa1e, 0x703c2d21), + TOBN(0xa0e99b7f, 0x98c868c7), TOBN(0x4e42f66d, 0x8b641676)}, + {TOBN(0x602884dc, 0x91077896), TOBN(0xa0d690cf, 0xc2c9885b), + TOBN(0xfeb4da33, 0x3b9a5187), TOBN(0x5f789598, 0x153c87ee)}}, + {{TOBN(0x2192dd47, 0x52b16dba), TOBN(0xdeefc0e6, 0x3524c1b1), + TOBN(0x465ea76e, 0xe4383693), TOBN(0x79401711, 0x361b8d98)}, + {TOBN(0xa5f9ace9, 0xf21a15cb), TOBN(0x73d26163, 0xefee9aeb), + TOBN(0xcca844b3, 0xe677016c), TOBN(0x6c122b07, 0x57eaee06)}}, + {{TOBN(0xb782dce7, 0x15f09690), TOBN(0x508b9b12, 0x2dfc0fc9), + TOBN(0x9015ab4b, 0x65d89fc6), TOBN(0x5e79dab7, 0xd6d5bb0f)}, + {TOBN(0x64f021f0, 0x6c775aa2), TOBN(0xdf09d8cc, 0x37c7eca1), + TOBN(0x9a761367, 0xef2fa506), TOBN(0xed4ca476, 0x5b81eec6)}}, + {{TOBN(0x262ede36, 0x10bbb8b5), TOBN(0x0737ce83, 0x0641ada3), + TOBN(0x4c94288a, 0xe9831ccc), TOBN(0x487fc1ce, 0x8065e635)}, + {TOBN(0xb13d7ab3, 0xb8bb3659), TOBN(0xdea5df3e, 0x855e4120), + TOBN(0xb9a18573, 0x85eb0244), TOBN(0x1a1b8ea3, 0xa7cfe0a3)}}, + {{TOBN(0x3b837119, 0x67b0867c), TOBN(0x8d5e0d08, 0x9d364520), + TOBN(0x52dccc1e, 0xd930f0e3), TOBN(0xefbbcec7, 0xbf20bbaf)}, + {TOBN(0x99cffcab, 0x0263ad10), TOBN(0xd8199e6d, 0xfcd18f8a), + TOBN(0x64e2773f, 0xe9f10617), TOBN(0x0079e8e1, 0x08704848)}}, + {{TOBN(0x1169989f, 0x8a342283), TOBN(0x8097799c, 0xa83012e6), + TOBN(0xece966cb, 0x8a6a9001), TOBN(0x93b3afef, 0x072ac7fc)}, + {TOBN(0xe6893a2a, 0x2db3d5ba), TOBN(0x263dc462, 0x89bf4fdc), + TOBN(0x8852dfc9, 0xe0396673), TOBN(0x7ac70895, 0x3af362b6)}}, + {{TOBN(0xbb9cce4d, 0x5c2f342b), TOBN(0xbf80907a, 0xb52d7aae), + TOBN(0x97f3d3cd, 0x2161bcd0), TOBN(0xb25b0834, 0x0962744d)}, + {TOBN(0xc5b18ea5, 0x6c3a1dda), TOBN(0xfe4ec7eb, 0x06c92317), + TOBN(0xb787b890, 0xad1c4afe), TOBN(0xdccd9a92, 0x0ede801a)}}, + {{TOBN(0x9ac6ddda, 0xdb58da1f), TOBN(0x22bbc12f, 0xb8cae6ee), + TOBN(0xc6f8bced, 0x815c4a43), TOBN(0x8105a92c, 0xf96480c7)}, + {TOBN(0x0dc3dbf3, 0x7a859d51), TOBN(0xe3ec7ce6, 0x3041196b), + TOBN(0xd9f64b25, 0x0d1067c9), TOBN(0xf2321321, 0x3d1f8dd8)}}, + {{TOBN(0x8b5c619c, 0x76497ee8), TOBN(0x5d2b0ac6, 0xc717370e), + TOBN(0x98204cb6, 0x4fcf68e1), TOBN(0x0bdec211, 0x62bc6792)}, + {TOBN(0x6973ccef, 0xa63b1011), TOBN(0xf9e3fa97, 0xe0de1ac5), + TOBN(0x5efb693e, 0x3d0e0c8b), TOBN(0x037248e9, 0xd2d4fcb4)}}}, + {{{TOBN(0x80802dc9, 0x1ec34f9e), TOBN(0xd8772d35, 0x33810603), + TOBN(0x3f06d66c, 0x530cb4f3), TOBN(0x7be5ed0d, 0xc475c129)}, + {TOBN(0xcb9e3c19, 0x31e82b10), TOBN(0xc63d2857, 0xc9ff6b4c), + TOBN(0xb92118c6, 0x92a1b45e), TOBN(0x0aec4414, 0x7285bbca)}}, + {{TOBN(0xfc189ae7, 0x1e29a3ef), TOBN(0xcbe906f0, 0x4c93302e), + TOBN(0xd0107914, 0xceaae10e), TOBN(0xb7a23f34, 0xb68e19f8)}, + {TOBN(0xe9d875c2, 0xefd2119d), TOBN(0x03198c6e, 0xfcadc9c8), + TOBN(0x65591bf6, 0x4da17113), TOBN(0x3cf0bbf8, 0x3d443038)}}, + {{TOBN(0xae485bb7, 0x2b724759), TOBN(0x945353e1, 0xb2d4c63a), + TOBN(0x82159d07, 0xde7d6f2c), TOBN(0x389caef3, 0x4ec5b109)}, + {TOBN(0x4a8ebb53, 0xdb65ef14), TOBN(0x2dc2cb7e, 0xdd99de43), + TOBN(0x816fa3ed, 0x83f2405f), TOBN(0x73429bb9, 0xc14208a3)}}, + {{TOBN(0xb618d590, 0xb01e6e27), TOBN(0x047e2ccd, 0xe180b2dc), + TOBN(0xd1b299b5, 0x04aea4a9), TOBN(0x412c9e1e, 0x9fa403a4)}, + {TOBN(0x88d28a36, 0x79407552), TOBN(0x49c50136, 0xf332b8e3), + TOBN(0x3a1b6fcc, 0xe668de19), TOBN(0x178851bc, 0x75122b97)}}, + {{TOBN(0xb1e13752, 0xfb85fa4c), TOBN(0xd61257ce, 0x383c8ce9), + TOBN(0xd43da670, 0xd2f74dae), TOBN(0xa35aa23f, 0xbf846bbb)}, + {TOBN(0x5e74235d, 0x4421fc83), TOBN(0xf6df8ee0, 0xc363473b), + TOBN(0x34d7f52a, 0x3c4aa158), TOBN(0x50d05aab, 0x9bc6d22e)}}, + {{TOBN(0x8c56e735, 0xa64785f4), TOBN(0xbc56637b, 0x5f29cd07), + TOBN(0x53b2bb80, 0x3ee35067), TOBN(0x50235a0f, 0xdc919270)}, + {TOBN(0x191ab6d8, 0xf2c4aa65), TOBN(0xc3475831, 0x8396023b), + TOBN(0x80400ba5, 0xf0f805ba), TOBN(0x8881065b, 0x5ec0f80f)}}, + {{TOBN(0xc370e522, 0xcc1b5e83), TOBN(0xde2d4ad1, 0x860b8bfb), + TOBN(0xad364df0, 0x67b256df), TOBN(0x8f12502e, 0xe0138997)}, + {TOBN(0x503fa0dc, 0x7783920a), TOBN(0xe80014ad, 0xc0bc866a), + TOBN(0x3f89b744, 0xd3064ba6), TOBN(0x03511dcd, 0xcba5dba5)}}, + {{TOBN(0x197dd46d, 0x95a7b1a2), TOBN(0x9c4e7ad6, 0x3c6341fb), + TOBN(0x426eca29, 0x484c2ece), TOBN(0x9211e489, 0xde7f4f8a)}, + {TOBN(0x14997f6e, 0xc78ef1f4), TOBN(0x2b2c0910, 0x06574586), + TOBN(0x17286a6e, 0x1c3eede8), TOBN(0x25f92e47, 0x0f60e018)}}, + {{TOBN(0x805c5646, 0x31890a36), TOBN(0x703ef600, 0x57feea5b), + TOBN(0x389f747c, 0xaf3c3030), TOBN(0xe0e5daeb, 0x54dd3739)}, + {TOBN(0xfe24a4c3, 0xc9c9f155), TOBN(0x7e4bf176, 0xb5393962), + TOBN(0x37183de2, 0xaf20bf29), TOBN(0x4a1bd7b5, 0xf95a8c3b)}}, + {{TOBN(0xa83b9699, 0x46191d3d), TOBN(0x281fc8dd, 0x7b87f257), + TOBN(0xb18e2c13, 0x54107588), TOBN(0x6372def7, 0x9b2bafe8)}, + {TOBN(0xdaf4bb48, 0x0d8972ca), TOBN(0x3f2dd4b7, 0x56167a3f), + TOBN(0x1eace32d, 0x84310cf4), TOBN(0xe3bcefaf, 0xe42700aa)}}, + {{TOBN(0x5fe5691e, 0xd785e73d), TOBN(0xa5db5ab6, 0x2ea60467), + TOBN(0x02e23d41, 0xdfc6514a), TOBN(0x35e8048e, 0xe03c3665)}, + {TOBN(0x3f8b118f, 0x1adaa0f8), TOBN(0x28ec3b45, 0x84ce1a5a), + TOBN(0xe8cacc6e, 0x2c6646b8), TOBN(0x1343d185, 0xdbd0e40f)}}, + {{TOBN(0xe5d7f844, 0xcaaa358c), TOBN(0x1a1db7e4, 0x9924182a), + TOBN(0xd64cd42d, 0x9c875d9a), TOBN(0xb37b515f, 0x042eeec8)}, + {TOBN(0x4d4dd409, 0x7b165fbe), TOBN(0xfc322ed9, 0xe206eff3), + TOBN(0x7dee4102, 0x59b7e17e), TOBN(0x55a481c0, 0x8236ca00)}}, + {{TOBN(0x8c885312, 0xc23fc975), TOBN(0x15715806, 0x05d6297b), + TOBN(0xa078868e, 0xf78edd39), TOBN(0x956b31e0, 0x03c45e52)}, + {TOBN(0x470275d5, 0xff7b33a6), TOBN(0xc8d5dc3a, 0x0c7e673f), + TOBN(0x419227b4, 0x7e2f2598), TOBN(0x8b37b634, 0x4c14a975)}}, + {{TOBN(0xd0667ed6, 0x8b11888c), TOBN(0x5e0e8c3e, 0x803e25dc), + TOBN(0x34e5d0dc, 0xb987a24a), TOBN(0x9f40ac3b, 0xae920323)}, + {TOBN(0x5463de95, 0x34e0f63a), TOBN(0xa128bf92, 0x6b6328f9), + TOBN(0x491ccd7c, 0xda64f1b7), TOBN(0x7ef1ec27, 0xc47bde35)}}, + {{TOBN(0xa857240f, 0xa36a2737), TOBN(0x35dc1366, 0x63621bc1), + TOBN(0x7a3a6453, 0xd4fb6897), TOBN(0x80f1a439, 0xc929319d)}, + {TOBN(0xfc18274b, 0xf8cb0ba0), TOBN(0xb0b53766, 0x8078c5eb), + TOBN(0xfb0d4924, 0x1e01d0ef), TOBN(0x50d7c67d, 0x372ab09c)}}, + {{TOBN(0xb4e370af, 0x3aeac968), TOBN(0xe4f7fee9, 0xc4b63266), + TOBN(0xb4acd4c2, 0xe3ac5664), TOBN(0xf8910bd2, 0xceb38cbf)}, + {TOBN(0x1c3ae50c, 0xc9c0726e), TOBN(0x15309569, 0xd97b40bf), + TOBN(0x70884b7f, 0xfd5a5a1b), TOBN(0x3890896a, 0xef8314cd)}}, + {{TOBN(0x58e1515c, 0xa5618c93), TOBN(0xe665432b, 0x77d942d1), + TOBN(0xb32181bf, 0xb6f767a8), TOBN(0x753794e8, 0x3a604110)}, + {TOBN(0x09afeb7c, 0xe8c0dbcc), TOBN(0x31e02613, 0x598673a3), + TOBN(0x5d98e557, 0x7d46db00), TOBN(0xfc21fb8c, 0x9d985b28)}}, + {{TOBN(0xc9040116, 0xb0843e0b), TOBN(0x53b1b3a8, 0x69b04531), + TOBN(0xdd1649f0, 0x85d7d830), TOBN(0xbb3bcc87, 0xcb7427e8)}, + {TOBN(0x77261100, 0xc93dce83), TOBN(0x7e79da61, 0xa1922a2a), + TOBN(0x587a2b02, 0xf3149ce8), TOBN(0x147e1384, 0xde92ec83)}}, + {{TOBN(0x484c83d3, 0xaf077f30), TOBN(0xea78f844, 0x0658b53a), + TOBN(0x912076c2, 0x027aec53), TOBN(0xf34714e3, 0x93c8177d)}, + {TOBN(0x37ef5d15, 0xc2376c84), TOBN(0x8315b659, 0x3d1aa783), + TOBN(0x3a75c484, 0xef852a90), TOBN(0x0ba0c58a, 0x16086bd4)}}, + {{TOBN(0x29688d7a, 0x529a6d48), TOBN(0x9c7f250d, 0xc2f19203), + TOBN(0x123042fb, 0x682e2df9), TOBN(0x2b7587e7, 0xad8121bc)}, + {TOBN(0x30fc0233, 0xe0182a65), TOBN(0xb82ecf87, 0xe3e1128a), + TOBN(0x71682861, 0x93fb098f), TOBN(0x043e21ae, 0x85e9e6a7)}}, + {{TOBN(0xab5b49d6, 0x66c834ea), TOBN(0x3be43e18, 0x47414287), + TOBN(0xf40fb859, 0x219a2a47), TOBN(0x0e6559e9, 0xcc58df3c)}, + {TOBN(0xfe1dfe8e, 0x0c6615b4), TOBN(0x14abc8fd, 0x56459d70), + TOBN(0x7be0fa8e, 0x05de0386), TOBN(0x8e63ef68, 0xe9035c7c)}}, + {{TOBN(0x116401b4, 0x53b31e91), TOBN(0x0cba7ad4, 0x4436b4d8), + TOBN(0x9151f9a0, 0x107afd66), TOBN(0xafaca8d0, 0x1f0ee4c4)}, + {TOBN(0x75fe5c1d, 0x9ee9761c), TOBN(0x3497a16b, 0xf0c0588f), + TOBN(0x3ee2bebd, 0x0304804c), TOBN(0xa8fb9a60, 0xc2c990b9)}}, + {{TOBN(0xd14d32fe, 0x39251114), TOBN(0x36bf25bc, 0xcac73366), + TOBN(0xc9562c66, 0xdba7495c), TOBN(0x324d301b, 0x46ad348b)}, + {TOBN(0x9f46620c, 0xd670407e), TOBN(0x0ea8d4f1, 0xe3733a01), + TOBN(0xd396d532, 0xb0c324e0), TOBN(0x5b211a0e, 0x03c317cd)}}, + {{TOBN(0x090d7d20, 0x5ffe7b37), TOBN(0x3b7f3efb, 0x1747d2da), + TOBN(0xa2cb525f, 0xb54fc519), TOBN(0x6e220932, 0xf66a971e)}, + {TOBN(0xddc160df, 0xb486d440), TOBN(0x7fcfec46, 0x3fe13465), + TOBN(0x83da7e4e, 0x76e4c151), TOBN(0xd6fa48a1, 0xd8d302b5)}}, + {{TOBN(0xc6304f26, 0x5872cd88), TOBN(0x806c1d3c, 0x278b90a1), + TOBN(0x3553e725, 0xcaf0bc1c), TOBN(0xff59e603, 0xbb9d8d5c)}, + {TOBN(0xa4550f32, 0x7a0b85dd), TOBN(0xdec5720a, 0x93ecc217), + TOBN(0x0b88b741, 0x69d62213), TOBN(0x7212f245, 0x5b365955)}}, + {{TOBN(0x20764111, 0xb5cae787), TOBN(0x13cb7f58, 0x1dfd3124), + TOBN(0x2dca77da, 0x1175aefb), TOBN(0xeb75466b, 0xffaae775)}, + {TOBN(0x74d76f3b, 0xdb6cff32), TOBN(0x7440f37a, 0x61fcda9a), + TOBN(0x1bb3ac92, 0xb525028b), TOBN(0x20fbf8f7, 0xa1975f29)}}, + {{TOBN(0x982692e1, 0xdf83097f), TOBN(0x28738f6c, 0x554b0800), + TOBN(0xdc703717, 0xa2ce2f2f), TOBN(0x7913b93c, 0x40814194)}, + {TOBN(0x04924593, 0x1fe89636), TOBN(0x7b98443f, 0xf78834a6), + TOBN(0x11c6ab01, 0x5114a5a1), TOBN(0x60deb383, 0xffba5f4c)}}, + {{TOBN(0x4caa54c6, 0x01a982e6), TOBN(0x1dd35e11, 0x3491cd26), + TOBN(0x973c315f, 0x7cbd6b05), TOBN(0xcab00775, 0x52494724)}, + {TOBN(0x04659b1f, 0x6565e15a), TOBN(0xbf30f529, 0x8c8fb026), + TOBN(0xfc21641b, 0xa8a0de37), TOBN(0xe9c7a366, 0xfa5e5114)}}, + {{TOBN(0xdb849ca5, 0x52f03ad8), TOBN(0xc7e8dbe9, 0x024e35c0), + TOBN(0xa1a2bbac, 0xcfc3c789), TOBN(0xbf733e7d, 0x9c26f262)}, + {TOBN(0x882ffbf5, 0xb8444823), TOBN(0xb7224e88, 0x6bf8483b), + TOBN(0x53023b8b, 0x65bef640), TOBN(0xaabfec91, 0xd4d5f8cd)}}, + {{TOBN(0xa40e1510, 0x079ea1bd), TOBN(0x1ad9addc, 0xd05d5d26), + TOBN(0xdb3f2eab, 0x13e68d4f), TOBN(0x1cff1ae2, 0x640f803f)}, + {TOBN(0xe0e7b749, 0xd4cee117), TOBN(0x8e9f275b, 0x4036d909), + TOBN(0xce34e31d, 0x8f4d4c38), TOBN(0x22b37f69, 0xd75130fc)}}, + {{TOBN(0x83e0f1fd, 0xb4014604), TOBN(0xa8ce9919, 0x89415078), + TOBN(0x82375b75, 0x41792efe), TOBN(0x4f59bf5c, 0x97d4515b)}, + {TOBN(0xac4f324f, 0x923a277d), TOBN(0xd9bc9b7d, 0x650f3406), + TOBN(0xc6fa87d1, 0x8a39bc51), TOBN(0x82588530, 0x5ccc108f)}}, + {{TOBN(0x5ced3c9f, 0x82e4c634), TOBN(0x8efb8314, 0x3a4464f8), + TOBN(0xe706381b, 0x7a1dca25), TOBN(0x6cd15a3c, 0x5a2a412b)}, + {TOBN(0x9347a8fd, 0xbfcd8fb5), TOBN(0x31db2eef, 0x6e54cd22), + TOBN(0xc4aeb11e, 0xf8d8932f), TOBN(0x11e7c1ed, 0x344411af)}}, + {{TOBN(0x2653050c, 0xdc9a151e), TOBN(0x9edbfc08, 0x3bb0a859), + TOBN(0x926c81c7, 0xfd5691e7), TOBN(0x9c1b2342, 0x6f39019a)}, + {TOBN(0x64a81c8b, 0x7f8474b9), TOBN(0x90657c07, 0x01761819), + TOBN(0x390b3331, 0x55e0375a), TOBN(0xc676c626, 0xb6ebc47d)}}, + {{TOBN(0x51623247, 0xb7d6dee8), TOBN(0x0948d927, 0x79659313), + TOBN(0x99700161, 0xe9ab35ed), TOBN(0x06cc32b4, 0x8ddde408)}, + {TOBN(0x6f2fd664, 0x061ef338), TOBN(0x1606fa02, 0xc202e9ed), + TOBN(0x55388bc1, 0x929ba99b), TOBN(0xc4428c5e, 0x1e81df69)}}, + {{TOBN(0xce2028ae, 0xf91b0b2a), TOBN(0xce870a23, 0xf03dfd3f), + TOBN(0x66ec2c87, 0x0affe8ed), TOBN(0xb205fb46, 0x284d0c00)}, + {TOBN(0xbf5dffe7, 0x44cefa48), TOBN(0xb6fc37a8, 0xa19876d7), + TOBN(0xbecfa84c, 0x08b72863), TOBN(0xd7205ff5, 0x2576374f)}}, + {{TOBN(0x80330d32, 0x8887de41), TOBN(0x5de0df0c, 0x869ea534), + TOBN(0x13f42753, 0x3c56ea17), TOBN(0xeb1f6069, 0x452b1a78)}, + {TOBN(0x50474396, 0xe30ea15c), TOBN(0x575816a1, 0xc1494125), + TOBN(0xbe1ce55b, 0xfe6bb38f), TOBN(0xb901a948, 0x96ae30f7)}}, + {{TOBN(0xe5af0f08, 0xd8fc3548), TOBN(0x5010b5d0, 0xd73bfd08), + TOBN(0x993d2880, 0x53fe655a), TOBN(0x99f2630b, 0x1c1309fd)}, + {TOBN(0xd8677baf, 0xb4e3b76f), TOBN(0x14e51ddc, 0xb840784b), + TOBN(0x326c750c, 0xbf0092ce), TOBN(0xc83d306b, 0xf528320f)}}, + {{TOBN(0xc4456715, 0x77d4715c), TOBN(0xd30019f9, 0x6b703235), + TOBN(0x207ccb2e, 0xd669e986), TOBN(0x57c824af, 0xf6dbfc28)}, + {TOBN(0xf0eb532f, 0xd8f92a23), TOBN(0x4a557fd4, 0x9bb98fd2), + TOBN(0xa57acea7, 0xc1e6199a), TOBN(0x0c663820, 0x8b94b1ed)}}, + {{TOBN(0x9b42be8f, 0xf83a9266), TOBN(0xc7741c97, 0x0101bd45), + TOBN(0x95770c11, 0x07bd9ceb), TOBN(0x1f50250a, 0x8b2e0744)}, + {TOBN(0xf762eec8, 0x1477b654), TOBN(0xc65b900e, 0x15efe59a), + TOBN(0x88c96148, 0x9546a897), TOBN(0x7e8025b3, 0xc30b4d7c)}}, + {{TOBN(0xae4065ef, 0x12045cf9), TOBN(0x6fcb2caf, 0x9ccce8bd), + TOBN(0x1fa0ba4e, 0xf2cf6525), TOBN(0xf683125d, 0xcb72c312)}, + {TOBN(0xa01da4ea, 0xe312410e), TOBN(0x67e28677, 0x6cd8e830), + TOBN(0xabd95752, 0x98fb3f07), TOBN(0x05f11e11, 0xeef649a5)}}, + {{TOBN(0xba47faef, 0x9d3472c2), TOBN(0x3adff697, 0xc77d1345), + TOBN(0x4761fa04, 0xdd15afee), TOBN(0x64f1f61a, 0xb9e69462)}, + {TOBN(0xfa691fab, 0x9bfb9093), TOBN(0x3df8ae8f, 0xa1133dfe), + TOBN(0xcd5f8967, 0x58cc710d), TOBN(0xfbb88d50, 0x16c7fe79)}}, + {{TOBN(0x8e011b4c, 0xe88c50d1), TOBN(0x7532e807, 0xa8771c4f), + TOBN(0x64c78a48, 0xe2278ee4), TOBN(0x0b283e83, 0x3845072a)}, + {TOBN(0x98a6f291, 0x49e69274), TOBN(0xb96e9668, 0x1868b21c), + TOBN(0x38f0adc2, 0xb1a8908e), TOBN(0x90afcff7, 0x1feb829d)}}, + {{TOBN(0x9915a383, 0x210b0856), TOBN(0xa5a80602, 0xdef04889), + TOBN(0x800e9af9, 0x7c64d509), TOBN(0x81382d0b, 0xb8996f6f)}, + {TOBN(0x490eba53, 0x81927e27), TOBN(0x46c63b32, 0x4af50182), + TOBN(0x784c5fd9, 0xd3ad62ce), TOBN(0xe4fa1870, 0xf8ae8736)}}, + {{TOBN(0x4ec9d0bc, 0xd7466b25), TOBN(0x84ddbe1a, 0xdb235c65), + TOBN(0x5e2645ee, 0x163c1688), TOBN(0x570bd00e, 0x00eba747)}, + {TOBN(0xfa51b629, 0x128bfa0f), TOBN(0x92fce1bd, 0x6c1d3b68), + TOBN(0x3e7361dc, 0xb66778b1), TOBN(0x9c7d249d, 0x5561d2bb)}}, + {{TOBN(0xa40b28bf, 0x0bbc6229), TOBN(0x1c83c05e, 0xdfd91497), + TOBN(0x5f9f5154, 0xf083df05), TOBN(0xbac38b3c, 0xeee66c9d)}, + {TOBN(0xf71db7e3, 0xec0dfcfd), TOBN(0xf2ecda8e, 0x8b0a8416), + TOBN(0x52fddd86, 0x7812aa66), TOBN(0x2896ef10, 0x4e6f4272)}}, + {{TOBN(0xff27186a, 0x0fe9a745), TOBN(0x08249fcd, 0x49ca70db), + TOBN(0x7425a2e6, 0x441cac49), TOBN(0xf4a0885a, 0xece5ff57)}, + {TOBN(0x6e2cb731, 0x7d7ead58), TOBN(0xf96cf7d6, 0x1898d104), + TOBN(0xafe67c9d, 0x4f2c9a89), TOBN(0x89895a50, 0x1c7bf5bc)}}, + {{TOBN(0xdc7cb8e5, 0x573cecfa), TOBN(0x66497eae, 0xd15f03e6), + TOBN(0x6bc0de69, 0x3f084420), TOBN(0x323b9b36, 0xacd532b0)}, + {TOBN(0xcfed390a, 0x0115a3c1), TOBN(0x9414c40b, 0x2d65ca0e), + TOBN(0x641406bd, 0x2f530c78), TOBN(0x29369a44, 0x833438f2)}}, + {{TOBN(0x996884f5, 0x903fa271), TOBN(0xe6da0fd2, 0xb9da921e), + TOBN(0xa6f2f269, 0x5db01e54), TOBN(0x1ee3e9bd, 0x6876214e)}, + {TOBN(0xa26e181c, 0xe27a9497), TOBN(0x36d254e4, 0x8e215e04), + TOBN(0x42f32a6c, 0x252cabca), TOBN(0x99481487, 0x80b57614)}}, + {{TOBN(0x4c4dfe69, 0x40d9cae1), TOBN(0x05869580, 0x11a10f09), + TOBN(0xca287b57, 0x3491b64b), TOBN(0x77862d5d, 0x3fd4a53b)}, + {TOBN(0xbf94856e, 0x50349126), TOBN(0x2be30bd1, 0x71c5268f), + TOBN(0x10393f19, 0xcbb650a6), TOBN(0x639531fe, 0x778cf9fd)}}, + {{TOBN(0x02556a11, 0xb2935359), TOBN(0xda38aa96, 0xaf8c126e), + TOBN(0x47dbe6c2, 0x0960167f), TOBN(0x37bbabb6, 0x501901cd)}, + {TOBN(0xb6e979e0, 0x2c947778), TOBN(0xd69a5175, 0x7a1a1dc6), + TOBN(0xc3ed5095, 0x9d9faf0c), TOBN(0x4dd9c096, 0x1d5fa5f0)}}, + {{TOBN(0xa0c4304d, 0x64f16ea8), TOBN(0x8b1cac16, 0x7e718623), + TOBN(0x0b576546, 0x7c67f03e), TOBN(0x559cf5ad, 0xcbd88c01)}, + {TOBN(0x074877bb, 0x0e2af19a), TOBN(0x1f717ec1, 0xa1228c92), + TOBN(0x70bcb800, 0x326e8920), TOBN(0xec6e2c5c, 0x4f312804)}}, + {{TOBN(0x426aea7d, 0x3fca4752), TOBN(0xf12c0949, 0x2211f62a), + TOBN(0x24beecd8, 0x7be7b6b5), TOBN(0xb77eaf4c, 0x36d7a27d)}, + {TOBN(0x154c2781, 0xfda78fd3), TOBN(0x848a83b0, 0x264eeabe), + TOBN(0x81287ef0, 0x4ffe2bc4), TOBN(0x7b6d88c6, 0xb6b6fc2a)}}, + {{TOBN(0x805fb947, 0xce417d99), TOBN(0x4b93dcc3, 0x8b916cc4), + TOBN(0x72e65bb3, 0x21273323), TOBN(0xbcc1badd, 0x6ea9886e)}, + {TOBN(0x0e223011, 0x4bc5ee85), TOBN(0xa561be74, 0xc18ee1e4), + TOBN(0x762fd2d4, 0xa6bcf1f1), TOBN(0x50e6a5a4, 0x95231489)}}, + {{TOBN(0xca96001f, 0xa00b500b), TOBN(0x5c098cfc, 0x5d7dcdf5), + TOBN(0xa64e2d2e, 0x8c446a85), TOBN(0xbae9bcf1, 0x971f3c62)}, + {TOBN(0x4ec22683, 0x8435a2c5), TOBN(0x8ceaed6c, 0x4bad4643), + TOBN(0xe9f8fb47, 0xccccf4e3), TOBN(0xbd4f3fa4, 0x1ce3b21e)}}, + {{TOBN(0xd79fb110, 0xa3db3292), TOBN(0xe28a37da, 0xb536c66a), + TOBN(0x279ce87b, 0x8e49e6a9), TOBN(0x70ccfe8d, 0xfdcec8e3)}, + {TOBN(0x2193e4e0, 0x3ba464b2), TOBN(0x0f39d60e, 0xaca9a398), + TOBN(0x7d7932af, 0xf82c12ab), TOBN(0xd8ff50ed, 0x91e7e0f7)}}, + {{TOBN(0xea961058, 0xfa28a7e0), TOBN(0xc726cf25, 0x0bf5ec74), + TOBN(0xe74d55c8, 0xdb229666), TOBN(0x0bd9abbf, 0xa57f5799)}, + {TOBN(0x7479ef07, 0x4dfc47b3), TOBN(0xd9c65fc3, 0x0c52f91d), + TOBN(0x8e0283fe, 0x36a8bde2), TOBN(0xa32a8b5e, 0x7d4b7280)}}, + {{TOBN(0x6a677c61, 0x12e83233), TOBN(0x0fbb3512, 0xdcc9bf28), + TOBN(0x562e8ea5, 0x0d780f61), TOBN(0x0db8b22b, 0x1dc4e89c)}, + {TOBN(0x0a6fd1fb, 0x89be0144), TOBN(0x8c77d246, 0xca57113b), + TOBN(0x4639075d, 0xff09c91c), TOBN(0x5b47b17f, 0x5060824c)}}, + {{TOBN(0x58aea2b0, 0x16287b52), TOBN(0xa1343520, 0xd0cd8eb0), + TOBN(0x6148b4d0, 0xc5d58573), TOBN(0xdd2b6170, 0x291c68ae)}, + {TOBN(0xa61b3929, 0x1da3b3b7), TOBN(0x5f946d79, 0x08c4ac10), + TOBN(0x4105d4a5, 0x7217d583), TOBN(0x5061da3d, 0x25e6de5e)}}, + {{TOBN(0x3113940d, 0xec1b4991), TOBN(0xf12195e1, 0x36f485ae), + TOBN(0xa7507fb2, 0x731a2ee0), TOBN(0x95057a8e, 0x6e9e196e)}, + {TOBN(0xa3c2c911, 0x2e130136), TOBN(0x97dfbb36, 0x33c60d15), + TOBN(0xcaf3c581, 0xb300ee2b), TOBN(0x77f25d90, 0xf4bac8b8)}}, + {{TOBN(0xdb1c4f98, 0x6d840cd6), TOBN(0x471d62c0, 0xe634288c), + TOBN(0x8ec2f85e, 0xcec8a161), TOBN(0x41f37cbc, 0xfa6f4ae2)}, + {TOBN(0x6793a20f, 0x4b709985), TOBN(0x7a7bd33b, 0xefa8985b), + TOBN(0x2c6a3fbd, 0x938e6446), TOBN(0x19042619, 0x2a8d47c1)}}, + {{TOBN(0x16848667, 0xcc36975f), TOBN(0x02acf168, 0x9d5f1dfb), + TOBN(0x62d41ad4, 0x613baa94), TOBN(0xb56fbb92, 0x9f684670)}, + {TOBN(0xce610d0d, 0xe9e40569), TOBN(0x7b99c65f, 0x35489fef), + TOBN(0x0c88ad1b, 0x3df18b97), TOBN(0x81b7d9be, 0x5d0e9edb)}}, + {{TOBN(0xd85218c0, 0xc716cc0a), TOBN(0xf4b5ff90, 0x85691c49), + TOBN(0xa4fd666b, 0xce356ac6), TOBN(0x17c72895, 0x4b327a7a)}, + {TOBN(0xf93d5085, 0xda6be7de), TOBN(0xff71530e, 0x3301d34e), + TOBN(0x4cd96442, 0xd8f448e8), TOBN(0x9283d331, 0x2ed18ffa)}}, + {{TOBN(0x4d33dd99, 0x2a849870), TOBN(0xa716964b, 0x41576335), + TOBN(0xff5e3a9b, 0x179be0e5), TOBN(0x5b9d6b1b, 0x83b13632)}, + {TOBN(0x3b8bd7d4, 0xa52f313b), TOBN(0xc9dd95a0, 0x637a4660), + TOBN(0x30035962, 0x0b3e218f), TOBN(0xce1481a3, 0xc7b28a3c)}}, + {{TOBN(0xab41b43a, 0x43228d83), TOBN(0x24ae1c30, 0x4ad63f99), + TOBN(0x8e525f1a, 0x46a51229), TOBN(0x14af860f, 0xcd26d2b4)}, + {TOBN(0xd6baef61, 0x3f714aa1), TOBN(0xf51865ad, 0xeb78795e), + TOBN(0xd3e21fce, 0xe6a9d694), TOBN(0x82ceb1dd, 0x8a37b527)}}}}; diff --git a/src/crypto/fipsmodule/ec/p256-x86_64.c b/src/crypto/fipsmodule/ec/p256-x86_64.c index ef1ccef..dd8108d 100644 --- a/src/crypto/fipsmodule/ec/p256-x86_64.c +++ b/src/crypto/fipsmodule/ec/p256-x86_64.c @@ -357,9 +357,7 @@ static void ecp_nistz256_points_mul(const EC_GROUP *group, EC_RAW_POINT *r, unsigned index = 0; unsigned wvalue = calc_first_wvalue(&index, p_str); - const PRECOMP256_ROW *const precomputed_table = - (const PRECOMP256_ROW *)ecp_nistz256_precomputed; - ecp_nistz256_select_w7(&p.a, precomputed_table[0], wvalue >> 1); + ecp_nistz256_select_w7(&p.a, ecp_nistz256_precomputed[0], wvalue >> 1); ecp_nistz256_neg(p.p.Z, p.p.Y); copy_conditional(p.p.Y, p.p.Z, wvalue & 1); @@ -373,11 +371,14 @@ static void ecp_nistz256_points_mul(const EC_GROUP *group, EC_RAW_POINT *r, for (int i = 1; i < 37; i++) { wvalue = calc_wvalue(&index, p_str); - ecp_nistz256_select_w7(&t.a, precomputed_table[i], wvalue >> 1); + ecp_nistz256_select_w7(&t.a, ecp_nistz256_precomputed[i], wvalue >> 1); ecp_nistz256_neg(t.p.Z, t.a.Y); copy_conditional(t.a.Y, t.p.Z, wvalue & 1); + // Note |ecp_nistz256_point_add_affine| does not work if |p.p| and |t.a| + // are the same non-infinity point, so it is important that we compute the + // |g_scalar| term before the |p_scalar| term. ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); } } @@ -401,14 +402,12 @@ static void ecp_nistz256_points_mul_public(const EC_GROUP *group, unsigned index = 0; unsigned wvalue = calc_first_wvalue(&index, p_str); - const PRECOMP256_ROW *const precomputed_table = - (const PRECOMP256_ROW *)ecp_nistz256_precomputed; - // Convert |p| from affine to Jacobian coordinates. We set Z to zero if |p| // is infinity and |ONE| otherwise. |p| was computed from the table, so it // is infinity iff |wvalue >> 1| is zero. if ((wvalue >> 1) != 0) { - OPENSSL_memcpy(&p.a, &precomputed_table[0][(wvalue >> 1) - 1], sizeof(p.a)); + OPENSSL_memcpy(&p.a, &ecp_nistz256_precomputed[0][(wvalue >> 1) - 1], + sizeof(p.a)); OPENSSL_memcpy(&p.p.Z, ONE, sizeof(p.p.Z)); } else { OPENSSL_memset(&p.a, 0, sizeof(p.a)); @@ -426,12 +425,16 @@ static void ecp_nistz256_points_mul_public(const EC_GROUP *group, continue; } - OPENSSL_memcpy(&t.a, &precomputed_table[i][(wvalue >> 1) - 1], sizeof(p.a)); + OPENSSL_memcpy(&t.a, &ecp_nistz256_precomputed[i][(wvalue >> 1) - 1], + sizeof(p.a)); if ((wvalue & 1) == 1) { ecp_nistz256_neg(t.a.Y, t.a.Y); } + // Note |ecp_nistz256_point_add_affine| does not work if |p.p| and |t.a| + // are the same non-infinity point, so it is important that we compute the + // |g_scalar| term before the |p_scalar| term. ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); } @@ -651,7 +654,7 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistz256_method) { out->scalar_inv_montgomery = ecp_nistz256_inv_mod_ord; out->scalar_inv_montgomery_vartime = ecp_nistz256_mont_inv_mod_ord_vartime; out->cmp_x_coordinate = ecp_nistz256_cmp_x_coordinate; -}; +} #endif /* !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \ !defined(OPENSSL_SMALL) */ diff --git a/src/crypto/fipsmodule/ec/p256-x86_64.h b/src/crypto/fipsmodule/ec/p256-x86_64.h index 9de3240..5deb81a 100644 --- a/src/crypto/fipsmodule/ec/p256-x86_64.h +++ b/src/crypto/fipsmodule/ec/p256-x86_64.h @@ -23,6 +23,8 @@ #include +#include "../bn/internal.h" + #if defined(__cplusplus) extern "C" { #endif @@ -87,7 +89,7 @@ void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS], // outputs are in Montgomery form. That is, |res| is // (|a| * 2^-256)^(2*|rep|) * 2^256 mod N. void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS], int rep); + const BN_ULONG a[P256_LIMBS], BN_ULONG rep); // beeu_mod_inverse_vartime sets out = a^-1 mod p using a Euclidean algorithm. // Assumption: 0 < a < p < 2^(256) and p is odd. diff --git a/src/crypto/fipsmodule/ec/p256-x86_64_test.cc b/src/crypto/fipsmodule/ec/p256-x86_64_test.cc index 7d6d616..f699fc8 100644 --- a/src/crypto/fipsmodule/ec/p256-x86_64_test.cc +++ b/src/crypto/fipsmodule/ec/p256-x86_64_test.cc @@ -28,6 +28,7 @@ #include "internal.h" #include "../bn/internal.h" #include "../../internal.h" +#include "../../test/abi_test.h" #include "../../test/file_test.h" #include "../../test/test_util.h" #include "p256-x86_64.h" @@ -61,6 +62,11 @@ TEST(P256_X86_64Test, SelectW5) { EXPECT_EQ(Bytes(reinterpret_cast(&expected), sizeof(expected)), Bytes(reinterpret_cast(&val), sizeof(val))); } + + // This is a constant-time function, so it is only necessary to instrument one + // index for ABI checking. + P256_POINT val; + CHECK_ABI(ecp_nistz256_select_w5, &val, table, 7); } TEST(P256_X86_64Test, SelectW7) { @@ -85,6 +91,11 @@ TEST(P256_X86_64Test, SelectW7) { EXPECT_EQ(Bytes(reinterpret_cast(&expected), sizeof(expected)), Bytes(reinterpret_cast(&val), sizeof(val))); } + + // This is a constant-time function, so it is only necessary to instrument one + // index for ABI checking. + P256_POINT_AFFINE val; + CHECK_ABI(ecp_nistz256_select_w7, &val, table, 42); } TEST(P256_X86_64Test, BEEU) { @@ -107,11 +118,16 @@ TEST(P256_X86_64Test, BEEU) { // Trying to find the inverse of zero should fail. ASSERT_FALSE(beeu_mod_inverse_vartime(out, in, order_words)); + // This is not a constant-time function, so instrument both zero and a few + // inputs below. + ASSERT_FALSE(CHECK_ABI(beeu_mod_inverse_vartime, out, in, order_words)); // kOneMont is 1, in Montgomery form. static const BN_ULONG kOneMont[P256_LIMBS] = { - TOBN(0xc46353d, 0x039cdaaf), TOBN(0x43190552, 0x58e8617b), - 0, 0xffffffff, + TOBN(0xc46353d, 0x039cdaaf), + TOBN(0x43190552, 0x58e8617b), + 0, + 0xffffffff, }; for (BN_ULONG i = 1; i < 2000; i++) { @@ -142,6 +158,10 @@ TEST(P256_X86_64Test, BEEU) { // Invert the result and expect to get back to the original value. ASSERT_TRUE(beeu_mod_inverse_vartime(out, out, order_words)); EXPECT_EQ(0, OPENSSL_memcmp(in, out, sizeof(in))); + + if (i < 5) { + EXPECT_TRUE(CHECK_ABI(beeu_mod_inverse_vartime, out, in, order_words)); + } } } @@ -483,4 +503,75 @@ TEST(P256_X86_64Test, TestVectors) { }); } +// Instrument the functions covered in TestVectors for ABI checking. +TEST(P256_X86_64Test, ABI) { + BN_ULONG a[P256_LIMBS], b[P256_LIMBS], c[P256_LIMBS]; + OPENSSL_memset(a, 0x01, sizeof(a)); + // These functions are all constant-time, so it is only necessary to + // instrument one call each for ABI checking. + CHECK_ABI(ecp_nistz256_neg, b, a); + CHECK_ABI(ecp_nistz256_mul_mont, c, a, b); + CHECK_ABI(ecp_nistz256_sqr_mont, c, a); + CHECK_ABI(ecp_nistz256_from_mont, c, a); + CHECK_ABI(ecp_nistz256_ord_mul_mont, c, a, b); + + // Check a few different loop counts. + CHECK_ABI(ecp_nistz256_ord_sqr_mont, b, a, 1); + CHECK_ABI(ecp_nistz256_ord_sqr_mont, b, a, 3); + + // Point addition has some special cases around infinity and doubling. Test a + // few different scenarios. + static const P256_POINT kA = { + {TOBN(0x60559ac7, 0xc8d0d89d), TOBN(0x6cda3400, 0x545f7e2c), + TOBN(0x9b5159e0, 0x323e6048), TOBN(0xcb8dea33, 0x27057fe6)}, + {TOBN(0x81a2d3bc, 0xc93a2d53), TOBN(0x81f40762, 0xa4f33ccf), + TOBN(0xc3c3300a, 0xa8ad50ea), TOBN(0x553de89b, 0x31719830)}, + {TOBN(0x3fd9470f, 0xb277d181), TOBN(0xc191b8d5, 0x6376f206), + TOBN(0xb2572c1f, 0x45eda26f), TOBN(0x4589e40d, 0xf2efc546)}, + }; + static const P256_POINT kB = { + {TOBN(0x3cf0b0aa, 0x92054341), TOBN(0xb949bb80, 0xdab57807), + TOBN(0x99de6814, 0xefd21b3e), TOBN(0x32ad5649, 0x7c6c6e83)}, + {TOBN(0x06afaa02, 0x688399e0), TOBN(0x75f2d096, 0x2a3ce65c), + TOBN(0xf6a31eb7, 0xca0244b3), TOBN(0x57b33b7a, 0xcfeee75e)}, + {TOBN(0x7617d2e0, 0xb4f1d35f), TOBN(0xa922cb10, 0x7f592b65), + TOBN(0x12fd6c7a, 0x51a2f474), TOBN(0x337d5e1e, 0xc2fc711b)}, + }; + // This file represents Jacobian infinity as (*, *, 0). + static const P256_POINT kInfinity = { + {TOBN(0, 0), TOBN(0, 0), TOBN(0, 0), TOBN(0, 0)}, + {TOBN(0, 0), TOBN(0, 0), TOBN(0, 0), TOBN(0, 0)}, + {TOBN(0, 0), TOBN(0, 0), TOBN(0, 0), TOBN(0, 0)}, + }; + + P256_POINT p; + CHECK_ABI(ecp_nistz256_point_add, &p, &kA, &kB); + CHECK_ABI(ecp_nistz256_point_add, &p, &kA, &kA); + OPENSSL_memcpy(&p, &kA, sizeof(P256_POINT)); + ecp_nistz256_neg(p.Y, p.Y); + CHECK_ABI(ecp_nistz256_point_add, &p, &kA, &p); // A + -A + CHECK_ABI(ecp_nistz256_point_add, &p, &kA, &kInfinity); + CHECK_ABI(ecp_nistz256_point_add, &p, &kInfinity, &kA); + CHECK_ABI(ecp_nistz256_point_add, &p, &kInfinity, &kInfinity); + CHECK_ABI(ecp_nistz256_point_double, &p, &kA); + CHECK_ABI(ecp_nistz256_point_double, &p, &kInfinity); + + static const P256_POINT_AFFINE kC = { + {TOBN(0x7e3ad339, 0xfb3fa5f0), TOBN(0x559d669d, 0xe3a047b2), + TOBN(0x8883b298, 0x7042e595), TOBN(0xfabada65, 0x7e477f08)}, + {TOBN(0xd9cfceb8, 0xda1c3e85), TOBN(0x80863761, 0x0ce6d6bc), + TOBN(0xa8409d84, 0x66034f02), TOBN(0x05519925, 0x31a68d55)}, + }; + // This file represents affine infinity as (0, 0). + static const P256_POINT_AFFINE kInfinityAffine = { + {TOBN(0, 0), TOBN(0, 0), TOBN(0, 0), TOBN(0, 0)}, + {TOBN(0, 0), TOBN(0, 0), TOBN(0, 0), TOBN(0, 0)}, + }; + + CHECK_ABI(ecp_nistz256_point_add_affine, &p, &kA, &kC); + CHECK_ABI(ecp_nistz256_point_add_affine, &p, &kA, &kInfinityAffine); + CHECK_ABI(ecp_nistz256_point_add_affine, &p, &kInfinity, &kInfinityAffine); + CHECK_ABI(ecp_nistz256_point_add_affine, &p, &kInfinity, &kC); +} + #endif diff --git a/src/crypto/fipsmodule/ec/p256-x86_64_tests.txt b/src/crypto/fipsmodule/ec/p256-x86_64_tests.txt index d1fdad0..8bc301e 100644 --- a/src/crypto/fipsmodule/ec/p256-x86_64_tests.txt +++ b/src/crypto/fipsmodule/ec/p256-x86_64_tests.txt @@ -1186,8 +1186,9 @@ Result = 8fa95d57aae2fff79045654501478f7a394b27b8b54113a25ac74662606f767c # Point adding tests. # -# The following tests satisfy Result = A + B, where Result is in affine -# coordinates and A and B are in Jacobian coordinates in the Montgomery domain. +# The following tests satisfy Result = A + B. Result is in affine coordinates, +# with infinity represented as (0, 0). A and B are in Jacobian coordinates. All +# field elements are fully reduced and in the Montgomery domain. # ∞ + ∞ = ∞. Test = PointAdd @@ -1202,11 +1203,11 @@ Result.Y = 0000000000000000000000000000000000000000000000000000000000000000 # ∞ + ∞ = ∞, with an alternate representation of ∞. Test = PointAdd -A.X = 2b11cb945c8cf152ffa4c9c2b1c965b019b35d0b7626919ef0ae6cb9d232f8af -A.Y = 6d333da42e30f7011245b6281015ded14e0f100968e758a1b6c3c083afc14ea0 +A.X = 33c0d6224957b40403366bcf638f29928c2b9bcc74a0bac58808b02040781420 +A.Y = f9698d488fd517306a66a397e92542d435a7ee54e978c2b4782da38fcf613c6e A.Z = 0000000000000000000000000000000000000000000000000000000000000000 -B.X = 2b11cb945c8cf152ffa4c9c2b1c965b019b35d0b7626919ef0ae6cb9d232f8af -B.Y = 6d333da42e30f7011245b6281015ded14e0f100968e758a1b6c3c083afc14ea0 +B.X = 5dd08e3206a651cf2320dc98a3a173baef07fbd04bdc6eee2d79ddb13c63ac2e +B.Y = 2270fd1d5dde52ec8f1e53816c2a0fcc9836d990894106894d8f99e89edbc335 B.Z = 0000000000000000000000000000000000000000000000000000000000000000 Result.X = 0000000000000000000000000000000000000000000000000000000000000000 Result.Y = 0000000000000000000000000000000000000000000000000000000000000000 @@ -1227,8 +1228,8 @@ Test = PointAdd A.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c A.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -B.X = 2b11cb945c8cf152ffa4c9c2b1c965b019b35d0b7626919ef0ae6cb9d232f8af -B.Y = 6d333da42e30f7011245b6281015ded14e0f100968e758a1b6c3c083afc14ea0 +B.X = edc21713cc3b51b9632b37925b5369a13aa3eab989f2d9a720154c1786eca076 +B.Y = 8da43525eb9de2a56c5a3fd7447258d96ccb60337e474b830d1fa37c0da1da8f B.Z = 0000000000000000000000000000000000000000000000000000000000000000 Result.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c Result.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a @@ -1244,165 +1245,169 @@ B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 Result.X = 0000000000000000000000000000000000000000000000000000000000000000 Result.Y = 0000000000000000000000000000000000000000000000000000000000000000 +# Test some random Jacobian sums. Test = PointAdd -A.X = bcba3eebf2b0af1174a4b874b155b4dc74bd5fb57c70214561aaabb105635580 -A.Y = 1dc33ce74f651305dd89263c1d314edd2773ef6dd043742a6f47f29542b9eb07 -A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -B.X = f9e0b98b1a87b6c49c4cc5fc47efd157e5f12cf5543d71cfa38187a3793d6791 -B.Y = 3b2de94df438554381037c9f9d2c21991c6975d83c0acd42ef1a8419a040436f -B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -Result.X = 6bd7b4e06d7862f749901a398417e941618c11c48dffcce719e4026220b77477 -Result.Y = 1e2ffd71e8c206acc19032d26a53ea275fefea51a2c90e4dd3c8b7c6acc51ab6 +A.X = cb8dea3327057fe69b5159e0323e60486cda3400545f7e2c60559ac7c8d0d89d +A.Y = 553de89b31719830c3c3300aa8ad50ea81f40762a4f33ccf81a2d3bcc93a2d53 +A.Z = 4589e40df2efc546b2572c1f45eda26fc191b8d56376f2063fd9470fb277d181 +B.X = 32ad56497c6c6e8399de6814efd21b3eb949bb80dab578073cf0b0aa92054341 +B.Y = 57b33b7acfeee75ef6a31eb7ca0244b375f2d0962a3ce65c06afaa02688399e0 +B.Z = 337d5e1ec2fc711b12fd6c7a51a2f474a922cb107f592b657617d2e0b4f1d35f +Result.X = 120c6ddd6f8ebc798c5740005bad5a2586575202df9cc3dd07401fe84d8cfdd4 +Result.Y = 966bc89126349ce41738be691f32c1a068e54a654ab2cb0eac39ef15ee17f0df Test = PointAdd -A.X = d71c6da129f6e867bf525563e1d8bdbd2f90a9bac7de867a6ea2317a5d6cb507 -A.Y = 125e0cc1ba0c93caa19edb419a764f88d955289c4c6e77d02d90e4e31d47c9a2 -A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -B.X = 334c2200ec08896808ab12a76820ff674fcdccff6d85afa2e586b31fc944de33 -B.Y = b5ee8cfa25896d4075588c60926a2582a099c7a5acbcfec78fba457c4886301c -B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -Result.X = 93e9d4e6f7736f80da1b00d221024ccfd17f2927d6b505a5bcefe0801fe6f0a9 -Result.Y = 4824eeb2d5da27d57e1d50c2dae000acdcddcbaf534d8b7e7d97854ed3dc939e +A.X = a858b5249026ccc4d25fbd85db17826afa3c5963c26815cbf8511d84dce62a25 +A.Y = bd753e125579388da968036d50067fe0e8eccb531c4d6f1a69c61bc8259c6d76 +A.Z = 82f9cdd9abf991ac27f0caa494b7b7b2851cc6591c6362ef02d1bd2c33fd116c +B.X = 3e5790fd7ff28a376586c8ef5625b906f2d5d7e6656191f5a530154eecd4c988 +B.Y = 6e6c91011cc5996a7db4e5539eee635ce84780a85a17778da06353048fdf6bd3 +B.Z = a9ef3402e9f15e7a91aef4a53431b2b2068914e4a09ebdafc8aa654351f32331 +Result.X = de9d6bb4dfdee64193d3eaebb9208a86e764b80e1459fd10a2e01c202e33c5e2 +Result.Y = 370e67dbb7cfa6b79adaeec48b1535f0c329856401102d546c695d0dfe1d0db5 Test = PointAdd -A.X = 0daba41be2b418e7d160a363e6cbdcbff5d433f96b0d5be3812c0a7adfab8ed4 -A.Y = 3ae4dd97c4d2987a63df16c5fb8c494164e14b93eeebd5585d74bd26e2201499 -A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -B.X = 87135fb06383ec8b282fdc028eb38fd447ac1ecc76922e37f0cc454febb11aee -B.Y = 98ab966087531eb3eea1e5e36189271a02f7ee8e381f9c78d6f346a301f96f81 -B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -Result.X = 2e096c2fabf06a5b838c7e07fda436d068dd1c4e3ff4f5704f89ab9df6b4be5b -Result.Y = 59ca6304321ae1e41bfa30f52e7ef27fceeade8507f20837654383d70e8a41df +A.X = a2d85e21bf520691b397ac9e0c1360218cef96a8a6f4c2b24d21791360ce4d9e +A.Y = 0cc1c5493edf586cd24f7a9f40185c1ceefa727369ed159a9fc09b700ba64f78 +A.Z = ad3083a5bd23ee1fdbd3a25abdee815052209bb1a8b22d3f7d8600442b760a61 +B.X = 7d8850dafe2c48d86b6c3f3f44453670aa7169712238d024dbd08cb4e95b9cc1 +B.Y = 6a2698c143609306fe2c402acdf26e3b42874f5ae3ea2e95898c305e791984b8 +B.Z = c81bc8988c6edabf4a03fcc456ce0c445e225c33b76a79552af0b818350ad6b0 +Result.X = 67c5f8af069b5a5636647eee50da847dff8f5f6ef71780a5d1330453db5c8a04 +Result.Y = cec9200fa541b602d94c694f1289d1d073e64f47054baa40a9921c20ca090643 Test = PointAdd -A.X = 356db98c21c2169899b9b296edcacb7d531524f2572913b75edb7b73196f5682 -A.Y = 47a26c52b1b2f229109e8aca7f5b4af768baf053a15ff8f58051c7e4e1b7f818 -A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -B.X = 56956f6d3bbbd4aece299f29bb4c537355f312f391c207c6ec6efe646362b288 -B.Y = a69fc73c0636c9928764cc9d6e1482577b6ca06f277c098f571108356a858cab -B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -Result.X = ca0ddd995a77173a1438473bf82734cb3a09fafe7050bda9bd592a1cf078fa38 -Result.Y = 379da87952d36c5396b934a2ce8b003ee8fc4155b3b488f2f550734e2a82ce7d - +A.X = 4f9a035ffeddcc36846906cacc812ffae7f3110fe46bf7da12d0b19ec54c3873 +A.Y = 73539ed620938543f94c358dba87319dca40ae4d13d0a888527f007d26d73d74 +A.Z = 922e97056fbf12d89984346368087375560990c3fb2f337d9f46429f2022d634 +B.X = de6fa333804b1da9f046896634e498d5f456288f8f03cc41fc7ba4b1e978429a +B.Y = fd45f1d5e905c448b947fd65bc2897928d6014425c8c502a1b2838ba882f5813 +B.Z = 50bb4c98bce36b8aad5662b8db35428bb5c1f298e17347caa5d4f542f278a1d9 +Result.X = 5c3cb05b52ec59f3cbb666b0059163afae885676cf81d64cadc943a1c0bb3a86 +Result.Y = 2871d088271faa9258e60ff28115f72294b938ef3d7b927e59177f9b41d5747e + +# Test some random Jacobian doublings. Test = PointAdd -A.X = 13764cccab4addf5cf4ef5fb4af60a93e08fa3a0a72653abf013e3427abbf82c -A.Y = c3dc524745368a0dc4948f897402f4b5a280acbf74f5ea9180d038a483d4090a -A.Z = 2903a04d6615ec23cd63ba46287be2e7a8eeee030bed49e7a94769386a46f209 -B.X = a5c5921f9a8c569f661693bfae1b167937987c2fe951956ef0e34c426965c648 -B.Y = f8a299605e690a78e583371e59cf2b848d475afc35bb1448981c53ad8c0a6581 -B.Z = 9c3fde73f1899a76eb40f055fce02ab9c1b1ce7d43b54c54f93ffe56830e3f83 -Result.X = 4073318e85bc2d7637fd0129fa8eb86b6ca20334542795f3bb1de54b90a16b69 -Result.Y = 9a1b1e7435d98287b244d2337f8bf0e9c87b40677bf1ea2a9dedbd07c5241ee0 +A.X = 75da62f76d1887e18a06483bb6b53c3ec42879ed73b7851ed4748e307653714c +A.Y = a6f0d0d3bb492bf488d99d549aff3f0c3a48f0c35a5931578fe697b8c5f486f7 +A.Z = 6d6a50229164869f24865148a19a24d57d94ebd09dc06b5e4fc3946a95f9124f +B.X = 3b225af8c7b6155d66061c75a03d23d94e01a2167fa7f44c5bd1e9d9c48c7421 +B.Y = af58b0e38531d1e08187c61a36b33693ef534ecae23dca4542667d93f1844d75 +B.Z = 86ed2be859c4af1d5cf99041840f3bcb7c9b8e8986811393c96e8bf57fcad872 +Result.X = ab0f931fb86a621102e67336eadcf01afe3127aeaf5b4f89e8f34628c8e1afd9 +Result.Y = 52c50e2783d69dde29d6bc75fa359ffe72e7115c2fc89a9699a499cac25e3383 Test = PointAdd -A.X = f72706b81fca2b1530238bdc2c0c454b5116ee54fdf156bc62bffea73f0645af -A.Y = c6e66d9ae8fc5e164e6a985f866aae41f3c4e4281a0eea9173e4e77cb29e4bc7 -A.Z = 6a84f9c37634b8aefdae477e9efec66f20d2f6159575f40c7b21a1e0732e8c49 -B.X = bcf21b020cb8fb4b2ef7f639240d221dd96fc08d7fa575c2e7037fc84d8f03b2 -B.Y = abc500f82f06f0d69a920c8d80eef9dd2310cd09e0d89d80fc7397aa4e361dd1 -B.Z = 5031c46be15f9d4fa9a347be998c07f9cc7f754999fe0f9c3c8b38e0d85dda9f -Result.X = 401b010df4dd21ed96f7c8babb401db74b3b6ee7f55c498803203855b5911de9 -Result.Y = 05e585cca569bc22855f7df32b20a4a45315a1ca5d98d2b94792eb748ec8744b +A.X = f0d499f2e3775de88ed997feeb4589506f061f93766abb0c1251d25630c4c24d +A.Y = e8de27c3369ba718adbab5597fbaad9581f5b59ae3b758e7d664bae81d895be4 +A.Z = c62dc820a597f75518734f12b2d3c076e5b872303e37b3663636912ade79c058 +B.X = c2845b3faaa995eb88e13a44b08d8a6fdb37103f7bbcc585302c9d090be3fc5b +B.Y = 733e5ef1b0314754b70b5b98da63cbb7475918ddb85a715e21aade0c2f2e5611 +B.Z = b8505e4a057d108b49f5d0b20884674be18bba48bbc37f765c2c32c5cc4aba5d +Result.X = 266f2961b9352b44e61902a235b33f766f82f8199c176920dae25ad2cbad5cc9 +Result.Y = 8560e62047908b13c4247b7e4d2657f2bdecab41e73c846ba18523e5f2918a9b Test = PointAdd -A.X = 7b44b52e9fb1bc58c81a2adc9bfedcc42bba3cb34ec666e51cba8050d48fdb37 -A.Y = 2b7e629fef7b4e175f5eb30c421e60f26fefdf5f9fed743cad4a8e638c18696a -A.Z = 68f31acd92bed56a4556e954b0c51f9f8f3b797bc853d1b2b01b228657bd317f -B.X = 3d293c36fd065d1f054eb218932d60feb00d1bd4bee0236cb9788d9723df9571 -B.Y = c8b893b8e9ff935f2e060227334e32ba144f4046b1bd4961f4479ad3fef1c7d2 -B.Z = 9c072deacfe5c025c763efebb4feab79e954c47d3e86ef4abfbd1901f50d8495 -Result.X = 245582d32415c77a2e3abbf844cf1a40c31466c1418cd279747e5394744509be -Result.Y = 5c2f80f947d2df7fb1f829d05c6175f6fce7cd2d7f79fd7aa865f930e910e9fd +A.X = f0ca07297738d8687bffcd3f1433966241f437fa1c3381cf2d13f0fc714bc83a +A.Y = 1181b9d61c6982e743f1c32de5d14da745290ecaf27297c36ff3ef20a7526a55 +A.Z = 93159618ca5a9f9240df7016ddc983e046126d1290e14478dfcc6a4bae9090bd +B.X = 3a2d75803ccad665f6b785c828eaa96821cb0e81979641b9e59b5fd488fcc755 +B.Y = 99e7f820abdbcdda23d90a88788e30d67303dac86987816dbbed447431e33f3f +B.Z = a870186c8137cdbd247d16f3aa18782de1e4c5848f49da3437223eb13d7a9ae2 +Result.X = 36a104368d39214d5a3a1a348a1de1389d1aa23009aee37464b5b3256ed4b28c +Result.Y = da5b14dbd75f6c333929bdff88e53af7253c27e166e15ead6d778631036b7d38 Test = PointAdd -A.X = 75ab91b8a46a5a1abf827cb209373b28cbb8f83a06adf6a9b10ac76e22493ecc -A.Y = abd989a78d1bcee7e63920d7e637f9763901da408a9d8c731e4e65a6fc52e1a1 -A.Z = 188a24145243ca066c35870e5a8835532ad512fbdcf5f5ae4033b262fa9aa6b8 -B.X = 5d6e885ec19069b2aa51a2723c98da1f03e8dbc344fe1de0bdb42910ba8bfe96 -B.Y = a1f86e66eacc38db7e47154a324a16031705b4803addf074037d3320b50dbef8 -B.Z = 5cff900a783687049a7d497b1f8cd837c479a61f3fef4b7ced180ea82770bc75 -Result.X = a4029333b9b9db434eea002bd6d4e0d9f3e5317c685511a30ecae351fc60d164 -Result.Y = 8e9302c77bc6f560c9bec473ef1ffb76b357c0d4794192696bda8e99651798ee - +A.X = a6256508926caca56a31414aba2d5f5b04dcabdb065352a572e215b043df6e01 +A.Y = e6567d330ffb11a86ec29b406b8e3d5cce8ca46f55f38515d842dd856d6852dd +A.Z = ec172618c8cdbfc0f4fd6dffb77858bb292f229e6d10b5c70d0d9ba75fa3ab44 +B.X = 0251f6715dbba02e6072c12ab1f89a562d35ed0ff68e021b3b5276b9faf57c52 +B.Y = d2d74ff4740ad968fa7e816bc2178458efee797669bef2e634e2857de1658e62 +B.Z = abbecea633d31f569297a4a9ec28f708c7a097cb2423ebaca66ac0e42b1c8ee4 +Result.X = d2a071d4dd72ad7e63834b58b23c4a034ed7950f5c80fad51bf96959b535d55b +Result.Y = 3cb8dcbe25f49099b9d8dd1a9cb6073368bf6556130f2aa02637dfcff430e869 + +# Test some random affine sums. Test = PointAdd -A.X = 8d1867f890abaa26b634d5d5cdeb0f4abc7ebd16d807479f837fcece592dc0eb -A.Y = fc68c801999c12070eddeb3169219c491f9e8fe29cdc4e3cb698ee8471934076 +A.X = fabada657e477f088883b2987042e595559d669de3a047b27e3ad339fb3fa5f0 +A.Y = 0551992531a68d55a8409d8466034f02808637610ce6d6bcd9cfceb8da1c3e85 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -B.X = 8d1867f890abaa26b634d5d5cdeb0f4abc7ebd16d807479f837fcece592dc0eb -B.Y = fc68c801999c12070eddeb3169219c491f9e8fe29cdc4e3cb698ee8471934076 +B.X = 3a831cf2b316ce371994a5622e31749407fdf59660dc88322d14c37ebb2d68d2 +B.Y = 849c511908abdfa2bcadc43f9beae88052fdb00573c783fbb1b34b99687b9a6b B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -Result.X = 8da53dc540c1450c73082ad3b799d0d18a69a747fcd81f847e9e60484dcf579a -Result.Y = c20c398e99e0513a452b5e9b6331863d1ac3eee6fcf73021f505a0b62daf6f80 +Result.X = d5dc9241b457d33b9bda849fb7aba8baaff8b6eea92974a8adf4b95fbfa849f0 +Result.Y = 089a66780811a8ce455c139c4bea6c5c16234c095a41b9e31c617689bdc6bd0f Test = PointAdd -A.X = 328b983f6490312e37e8eeb2121cd622cf85dbcf78af93df74fbca961ce3bfa2 -A.Y = 1c8a0aea2f2e540770644f48c41810bf7f9e1a782b2f6397712b17c88109fbce +A.X = 9dfe6299e62453bb943356b6f7d90c8b6c646728ba3550bb7c1548f2ba5920cb +A.Y = 60a4e342a89837c0e7d61c0e3e88a943633028f5260eff6af5ae8a6063f7a5da A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -B.X = 328b983f6490312e37e8eeb2121cd622cf85dbcf78af93df74fbca961ce3bfa2 -B.Y = 1c8a0aea2f2e540770644f48c41810bf7f9e1a782b2f6397712b17c88109fbce +B.X = 924d7305f867afecd3cc550f4c05c83a2b4c981ba0e7ff20fd2035fabe2ccc92 +B.Y = 73934620746c23be03a40edb0662c09ef1776506bd50d6397c2654d340629bf5 B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -Result.X = b6f3c548944862dfdea2314ca6d6a88780b08da41becf58384af80544aca4966 -Result.Y = 95afecb4ad3195485a2aad3cd14008c9a7c1e0c02656c3c2b7cd5f2e7f3a4474 +Result.X = 7384f658ccbe08afcf6b423bfdd092a8a95b03d81254a519b31517b9b9670155 +Result.Y = e922a56146b94776f805a0fbdee9084dd87be1df54f76145bf83e07cd31a083a Test = PointAdd -A.X = 3ae6b24cadd6a14612d24a1c094a35c6be56db8f53a6d526e0ede03923918443 -A.Y = de8a23105c5f5c88b77dbde74e30a56f8865d78a5ce9060cff9f2927dbd196b6 +A.X = 9b6642b661f06c5b3ef2a0950b3c03d35f42d3d0dcbe105a895f40132c40bd9e +A.Y = 90cbe0ed40e47923257f064886f1e309a310cb82fc21282f8e8fa4f6c975aed6 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -B.X = 3ae6b24cadd6a14612d24a1c094a35c6be56db8f53a6d526e0ede03923918443 -B.Y = de8a23105c5f5c88b77dbde74e30a56f8865d78a5ce9060cff9f2927dbd196b6 +B.X = 587f6b4c4bb3ab3d59ba8d31457615b3df9f9f9466df3563f4419db731f494ea +B.Y = 38135b314572346439c8d4535b892a26e5da650ae1dc9ac2d5aeb85ade24174f B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -Result.X = 6f125b512c3c736f39781fcd89adb653e515b4ce1e1204505f08d0a8480052ef -Result.Y = e1acfccf1b9950067adf0f06e0d9703a8b1ac1bbdbb35b08df28cd56c24ae5a0 +Result.X = 97e94b6d485f8de6779e4ad19cc7bede6d70ff4853a56eb6d5fd4e5caac60858 +Result.Y = 303bf4d62cf569370ae5393fac46b64efe98ee8222b9982bc3dc61b8e32411c5 Test = PointAdd -A.X = f317c6c02d9a6ff0799b3b4a22f83c95324831baad336ecd0c631ea04a5e11c8 -A.Y = b624e8057d411031f41b30cd02f56c24e89262e885007b7a1ed1861feb7ffcda +A.X = da49658b6c64fc7a7441b177987abbbdbfcfc3c2c569ed97696d706f7af91ca0 +A.Y = 9a66906a6e313603e9d78f99fbbda837e521e75bbbad9455ffd43f51f5e30ee5 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -B.X = f317c6c02d9a6ff0799b3b4a22f83c95324831baad336ecd0c631ea04a5e11c8 -B.Y = b624e8057d411031f41b30cd02f56c24e89262e885007b7a1ed1861feb7ffcda +B.X = fe32e5885d0005fa1962166142d2aea201af9c4ca41cdddc5446dc2472f71f42 +B.Y = a2f9b4d35ea19303a101034e96870a7caed371a980965bf86291b03b5c85af60 B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 -Result.X = e805208c74602e54482d113f16fcf6e4600436f8af49705cdd05ecfb0e6d45fd -Result.Y = baded898bfead1b4eb3ab3bbd0129837efc85823dabe82718a975bd603f96d9e +Result.X = 5375c5ea3e33c1862ca5f09322ce2012c2b4fbee9a299b66e4882e016908cc2a +Result.Y = 936e4f12ed144cf6fcd0ab085a4929e5e3e7c28641692b1fc2ad9a3b3d447b31 +# Test some random affine doublings. Test = PointAdd -A.X = 3a6802aeaebc67046a1e75152822fa8bab04c11ae2b816f42c073daee3f13274 -A.Y = d6522c882d18e32bc5ea1fa59efbce8ce2369f2154dcc00e6fb17500f50f8ebf -A.Z = bea747d5bb1c6ee865249d7a22378f3c760916e163497f4b6ef4da8adcb5dfab -B.X = 3a6802aeaebc67046a1e75152822fa8bab04c11ae2b816f42c073daee3f13274 -B.Y = d6522c882d18e32bc5ea1fa59efbce8ce2369f2154dcc00e6fb17500f50f8ebf -B.Z = bea747d5bb1c6ee865249d7a22378f3c760916e163497f4b6ef4da8adcb5dfab -Result.X = 5a2891dca746889d413d8dc1a69b715954baf692689fc32d9aa10b7431a5c149 -Result.Y = 91db7288536b4f6d78e5a787ecbb5094f6834515038cb070a7fa4870af8045f0 +A.X = b148cad109d4b24342eb3a03ccaa10dfd6101edf9548b1d1442b61982a4e332c +A.Y = 7daac293162a8ee2592529630f5bd1eae96659d27c045898d33833999cd076ba +A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 +B.X = b148cad109d4b24342eb3a03ccaa10dfd6101edf9548b1d1442b61982a4e332c +B.Y = 7daac293162a8ee2592529630f5bd1eae96659d27c045898d33833999cd076ba +B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 +Result.X = ad00fae6ab0898f7d5eeeffe8c94b302060fba2b191a2d342a8a302998ebe566 +Result.Y = 9ee46ba864901cad75169cdea023d7e64da39315e2fec1703fad6b613eb24006 Test = PointAdd -A.X = c76ddbcb15bc63f82807804536a0d25fd7a639c71adf953ad6cc8f68d915f485 -A.Y = e3a4f830809f5e91b68699c05fa9faa7c3d1f9d1b1c982c282508fa18d695537 -A.Z = eb372f19c7b9466a116363ad9114a89ad287523da318d915f59ed5e558bd824e -B.X = c76ddbcb15bc63f82807804536a0d25fd7a639c71adf953ad6cc8f68d915f485 -B.Y = e3a4f830809f5e91b68699c05fa9faa7c3d1f9d1b1c982c282508fa18d695537 -B.Z = eb372f19c7b9466a116363ad9114a89ad287523da318d915f59ed5e558bd824e -Result.X = c5485a3509f55c7cc33d098fb0bfe1b198a9f26ce0ebc29bec5baa29ef6f74a2 -Result.Y = 60e949a551aa94afc9a3efe411a3c63ecb851ef1738ed24c88f86cf85ec01020 +A.X = f21318618205f4967c4f47c9bc3cea41e144dc01830d087414da8dcb16d37cb3 +A.Y = 76cebf81ecc696024fe949191dc49b245ef8cc0d55ada88abf481ddad9eb6129 +A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 +B.X = f21318618205f4967c4f47c9bc3cea41e144dc01830d087414da8dcb16d37cb3 +B.Y = 76cebf81ecc696024fe949191dc49b245ef8cc0d55ada88abf481ddad9eb6129 +B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 +Result.X = ad8e13b721bcbfc0fe629465cda5fee3494785d51dbe65f1e13429f52c83f03e +Result.Y = 85722e168d89543dce293428e75d52765d0935bde2ef5c45a088222db0dbbeb5 Test = PointAdd -A.X = ca72936509631f09d2a3ac14fb786daabb15520ef01de4298c7fd71653e89194 -A.Y = 02aeb6b6f04cd8125887baa18e6e79ba2b0acfa9a2443e9eea36ca7715eb8eb3 -A.Z = 8b4ef1a52fa42c711445e0463003f2ed38ace6583bf08198e9a0b938b4589479 -B.X = ca72936509631f09d2a3ac14fb786daabb15520ef01de4298c7fd71653e89194 -B.Y = 02aeb6b6f04cd8125887baa18e6e79ba2b0acfa9a2443e9eea36ca7715eb8eb3 -B.Z = 8b4ef1a52fa42c711445e0463003f2ed38ace6583bf08198e9a0b938b4589479 -Result.X = 8d3b35c5661faafa83510ab9b3f1642bb121e7686ed4ae61323ddee2c7247f93 -Result.Y = 1a22ef5df156ca80235fe3cd1ca3152e21a3e17b2a34dd93b2003e3274a8a2fb +A.X = 8797ff95334b238dadf0cb3d4dc9350678f4c7fc520089ecb70ab419510f2331 +A.Y = 326c7583d54dde377fa9193c8588912c4db2219e1bb383ab13902187e5ef76ce +A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 +B.X = 8797ff95334b238dadf0cb3d4dc9350678f4c7fc520089ecb70ab419510f2331 +B.Y = 326c7583d54dde377fa9193c8588912c4db2219e1bb383ab13902187e5ef76ce +B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 +Result.X = e91c8ec9611de8e44e0d882df59f4fae8d15e3867858fb155256a4a2f154bbc4 +Result.Y = c12be21033c6dcea7e7d7262c47876d099aead75d8b025e45ce7986193fc6f8a Test = PointAdd -A.X = db7b023fbe056819027fa09c5a2a0d777a53fb78c00bf4f31f46b63a7494bbfe -A.Y = 59affcbf4628d572ee56b95087d30e765bb518b123e879b25df9960dab706a32 -A.Z = 1f7c7226d78e51478c683bbb6afe01abc2225dbfc773d0806d30ff5f827b76c8 -B.X = db7b023fbe056819027fa09c5a2a0d777a53fb78c00bf4f31f46b63a7494bbfe -B.Y = 59affcbf4628d572ee56b95087d30e765bb518b123e879b25df9960dab706a32 -B.Z = 1f7c7226d78e51478c683bbb6afe01abc2225dbfc773d0806d30ff5f827b76c8 -Result.X = fba400ae656ec3103c5c5f531d2a0f7368031e01a48a91f1a4f3138d294b13be -Result.Y = 160e358ad1f059eb62722df01a7440048a1db21ecaea8698efa9677db6e9ff97 +A.X = 2f4cba9543c9537e393f126e31bedb521dc0a74a940e731800e5e39cdece355d +A.Y = 1a0957898b746b7dbc9245acd0c6df9e6adca4d8537454c9f318a8ce7c3875c4 +A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 +B.X = 2f4cba9543c9537e393f126e31bedb521dc0a74a940e731800e5e39cdece355d +B.Y = 1a0957898b746b7dbc9245acd0c6df9e6adca4d8537454c9f318a8ce7c3875c4 +B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001 +Result.X = 5cdc40808120b68e3131bd6ed70a5ce6618f960e4d540baa582afc71be97c65d +Result.Y = 1926a2c9f5b2d3d1dff784623fe6efe2ac629395101d38db0eff5e540bfeacb0 # Scalar montgomery multiplication tests. diff --git a/src/crypto/fipsmodule/md5/asm/md5-x86_64.pl b/src/crypto/fipsmodule/md5/asm/md5-x86_64.pl index 568f4f5..6eb33c0 100644 --- a/src/crypto/fipsmodule/md5/asm/md5-x86_64.pl +++ b/src/crypto/fipsmodule/md5/asm/md5-x86_64.pl @@ -130,11 +130,17 @@ $code .= <D = D mov (%rsp),%r15 +.cfi_restore r15 mov 8(%rsp),%r14 +.cfi_restore r14 mov 16(%rsp),%r12 +.cfi_restore r12 mov 24(%rsp),%rbx +.cfi_restore rbx mov 32(%rsp),%rbp +.cfi_restore rbp add \$40,%rsp +.cfi_adjust_cfa_offset -40 .Lepilogue: ret +.cfi_endproc .size md5_block_asm_data_order,.-md5_block_asm_data_order EOF diff --git a/src/crypto/fipsmodule/md5/internal.h b/src/crypto/fipsmodule/md5/internal.h new file mode 100644 index 0000000..9ee9f13 --- /dev/null +++ b/src/crypto/fipsmodule/md5/internal.h @@ -0,0 +1,37 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_MD5_INTERNAL_H +#define OPENSSL_HEADER_MD5_INTERNAL_H + +#include + +#if defined(__cplusplus) +extern "C" { +#endif + + +#if !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) +#define MD5_ASM +extern void md5_block_asm_data_order(uint32_t *state, const uint8_t *data, + size_t num); +#endif + + +#if defined(__cplusplus) +} // extern "C" +#endif + +#endif // OPENSSL_HEADER_MD5_INTERNAL_H diff --git a/src/crypto/fipsmodule/md5/md5.c b/src/crypto/fipsmodule/md5/md5.c index 370b42a..66c65a6 100644 --- a/src/crypto/fipsmodule/md5/md5.c +++ b/src/crypto/fipsmodule/md5/md5.c @@ -60,6 +60,7 @@ #include +#include "internal.h" #include "../../internal.h" @@ -81,12 +82,8 @@ int MD5_Init(MD5_CTX *md5) { return 1; } -#if !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) -#define MD5_ASM +#if defined(MD5_ASM) #define md5_block_data_order md5_block_asm_data_order -extern void md5_block_data_order(uint32_t *state, const uint8_t *data, - size_t num); #else static void md5_block_data_order(uint32_t *state, const uint8_t *data, size_t num); diff --git a/src/crypto/fipsmodule/md5/md5_test.cc b/src/crypto/fipsmodule/md5/md5_test.cc new file mode 100644 index 0000000..7df5bb2 --- /dev/null +++ b/src/crypto/fipsmodule/md5/md5_test.cc @@ -0,0 +1,34 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#include + +#include "internal.h" +#include "../../test/abi_test.h" + + +#if defined(MD5_ASM) && defined(SUPPORTS_ABI_TEST) +TEST(MD5Test, ABI) { + MD5_CTX ctx; + MD5_Init(&ctx); + + static const uint8_t kBuf[MD5_CBLOCK * 8] = {0}; + CHECK_ABI(md5_block_asm_data_order, ctx.h, kBuf, 1); + CHECK_ABI(md5_block_asm_data_order, ctx.h, kBuf, 2); + CHECK_ABI(md5_block_asm_data_order, ctx.h, kBuf, 4); + CHECK_ABI(md5_block_asm_data_order, ctx.h, kBuf, 8); +} +#endif // MD5_ASM && SUPPORTS_ABI_TEST diff --git a/src/crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl b/src/crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl index 3d0600f..b9edb79 100644 --- a/src/crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl +++ b/src/crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl @@ -664,6 +664,12 @@ _aesni_ctr32_6x: .align 32 aesni_gcm_encrypt: .cfi_startproc +#ifndef NDEBUG +#ifndef BORINGSSL_FIPS +.extern BORINGSSL_function_hit + movb \$1,BORINGSSL_function_hit+2(%rip) +#endif +#endif xor $ret,$ret # We call |_aesni_ctr32_6x| twice, each call consuming 96 bytes of diff --git a/src/crypto/fipsmodule/modes/asm/ghash-ssse3-x86_64.pl b/src/crypto/fipsmodule/modes/asm/ghash-ssse3-x86_64.pl new file mode 100644 index 0000000..1dd2519 --- /dev/null +++ b/src/crypto/fipsmodule/modes/asm/ghash-ssse3-x86_64.pl @@ -0,0 +1,413 @@ +#!/usr/bin/env perl +# Copyright (c) 2019, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +# ghash-ssse3-x86_64.pl is a constant-time variant of the traditional 4-bit +# table-based GHASH implementation. It requires SSSE3 instructions. +# +# For background, the table-based strategy is a 4-bit windowed multiplication. +# It precomputes all 4-bit multiples of H (this is 16 128-bit rows), then loops +# over 4-bit windows of the input and indexes them up into the table. Visually, +# it multiplies as in the schoolbook multiplication diagram below, but with +# more terms. (Each term is 4 bits, so there are 32 terms in each row.) First +# it incorporates the terms labeled '1' by indexing the most significant term +# of X into the table. Then it shifts and repeats for '2' and so on. +# +# hhhhhh +# * xxxxxx +# ============ +# 666666 +# 555555 +# 444444 +# 333333 +# 222222 +# 111111 +# +# This implementation changes the order. We treat the table as a 16×16 matrix +# and transpose it. The first row is then the first byte of each multiple of H, +# and so on. We then reorder terms as below. Observe that the terms labeled '1' +# and '2' are all lookups into the first row, etc. This maps well to the SSSE3 +# pshufb instruction, using alternating terms of X in parallel as indices. This +# alternation is needed because pshufb maps 4 bits to 8 bits. Then we shift and +# repeat for each row. +# +# hhhhhh +# * xxxxxx +# ============ +# 224466 +# 113355 +# 224466 +# 113355 +# 224466 +# 113355 +# +# Next we account for GCM's confusing bit order. The "first" bit is the least +# significant coefficient, but GCM treats the most sigificant bit within a byte +# as first. Bytes are little-endian, and bits are big-endian. We reverse the +# bytes in XMM registers for a consistent bit and byte ordering, but this means +# the least significant bit is the most significant coefficient and vice versa. +# +# For consistency, "low", "high", "left-shift", and "right-shift" refer to the +# bit ordering within the XMM register, rather than the reversed coefficient +# ordering. Low bits are less significant bits and more significant +# coefficients. Right-shifts move from MSB to the LSB and correspond to +# increasing the power of each coefficient. +# +# Note this bit reversal enters into the table's column indices. H*1 is stored +# in column 0b1000 and H*x^3 is stored in column 0b0001. It also means earlier +# table rows contain more significant coefficients, so we iterate forwards. + +use strict; + +my $flavour = shift; +my $output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +my $win64 = 0; +$win64 = 1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; +my $dir = $1; +my $xlate; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT, "| \"$^X\" \"$xlate\" $flavour \"$output\""; +*STDOUT = *OUT; + +my ($Xi, $Htable, $in, $len) = $win64 ? ("%rcx", "%rdx", "%r8", "%r9") : + ("%rdi", "%rsi", "%rdx", "%rcx"); + + +my $code = <<____; +.text + +# gcm_gmult_ssse3 multiplies |Xi| by |Htable| and writes the result to |Xi|. +# |Xi| is represented in GHASH's serialized byte representation. |Htable| is +# formatted as described above. +# void gcm_gmult_ssse3(uint64_t Xi[2], const u128 Htable[16]); +.type gcm_gmult_ssse3, \@abi-omnipotent +.globl gcm_gmult_ssse3 +.align 16 +gcm_gmult_ssse3: +.cfi_startproc +.Lgmult_seh_begin: +____ +$code .= <<____ if ($win64); + subq \$40, %rsp +.Lgmult_seh_allocstack: + movdqa %xmm6, (%rsp) +.Lgmult_seh_save_xmm6: + movdqa %xmm10, 16(%rsp) +.Lgmult_seh_save_xmm10: +.Lgmult_seh_prolog_end: +____ +$code .= <<____; + movdqu ($Xi), %xmm0 + movdqa .Lreverse_bytes(%rip), %xmm10 + movdqa .Llow4_mask(%rip), %xmm2 + + # Reverse input bytes to deserialize. + pshufb %xmm10, %xmm0 + + # Split each byte into low (%xmm0) and high (%xmm1) halves. + movdqa %xmm2, %xmm1 + pandn %xmm0, %xmm1 + psrld \$4, %xmm1 + pand %xmm2, %xmm0 + + # Maintain the result in %xmm2 (the value) and %xmm3 (carry bits). Note + # that, due to bit reversal, %xmm3 contains bits that fall off when + # right-shifting, not left-shifting. + pxor %xmm2, %xmm2 + pxor %xmm3, %xmm3 +____ + +my $call_counter = 0; +# process_rows returns assembly code to process $rows rows of the table. On +# input, $Htable stores the pointer to the next row. %xmm0 and %xmm1 store the +# low and high halves of the input. The result so far is passed in %xmm2. %xmm3 +# must be zero. On output, $Htable is advanced to the next row and %xmm2 is +# updated. %xmm3 remains zero. It clobbers %rax, %xmm4, %xmm5, and %xmm6. +sub process_rows { + my ($rows) = @_; + $call_counter++; + + # Shifting whole XMM registers by bits is complex. psrldq shifts by bytes, + # and psrlq shifts the two 64-bit halves separately. Each row produces 8 + # bits of carry, and the reduction needs an additional 7-bit shift. This + # must fit in 64 bits so reduction can use psrlq. This allows up to 7 rows + # at a time. + die "Carry register would overflow 64 bits." if ($rows*8 + 7 > 64); + + return <<____; + movq \$$rows, %rax +.Loop_row_$call_counter: + movdqa ($Htable), %xmm4 + leaq 16($Htable), $Htable + + # Right-shift %xmm2 and %xmm3 by 8 bytes. + movdqa %xmm2, %xmm6 + palignr \$1, %xmm3, %xmm6 + movdqa %xmm6, %xmm3 + psrldq \$1, %xmm2 + + # Load the next table row and index the low and high bits of the input. + # Note the low (respectively, high) half corresponds to more + # (respectively, less) significant coefficients. + movdqa %xmm4, %xmm5 + pshufb %xmm0, %xmm4 + pshufb %xmm1, %xmm5 + + # Add the high half (%xmm5) without shifting. + pxor %xmm5, %xmm2 + + # Add the low half (%xmm4). This must be right-shifted by 4 bits. First, + # add into the carry register (%xmm3). + movdqa %xmm4, %xmm5 + psllq \$60, %xmm5 + movdqa %xmm5, %xmm6 + pslldq \$8, %xmm6 + pxor %xmm6, %xmm3 + + # Next, add into %xmm2. + psrldq \$8, %xmm5 + pxor %xmm5, %xmm2 + psrlq \$4, %xmm4 + pxor %xmm4, %xmm2 + + subq \$1, %rax + jnz .Loop_row_$call_counter + + # Reduce the carry register. The reduction polynomial is 1 + x + x^2 + + # x^7, so we shift and XOR four times. + pxor %xmm3, %xmm2 # x^0 = 0 + psrlq \$1, %xmm3 + pxor %xmm3, %xmm2 # x^1 = x + psrlq \$1, %xmm3 + pxor %xmm3, %xmm2 # x^(1+1) = x^2 + psrlq \$5, %xmm3 + pxor %xmm3, %xmm2 # x^(1+1+5) = x^7 + pxor %xmm3, %xmm3 +____ +} + +# We must reduce at least once every 7 rows, so divide into three chunks. +$code .= process_rows(5); +$code .= process_rows(5); +$code .= process_rows(6); + +$code .= <<____; + # Store the result. Reverse bytes to serialize. + pshufb %xmm10, %xmm2 + movdqu %xmm2, ($Xi) + + # Zero any registers which contain secrets. + pxor %xmm0, %xmm0 + pxor %xmm1, %xmm1 + pxor %xmm2, %xmm2 + pxor %xmm3, %xmm3 + pxor %xmm4, %xmm4 + pxor %xmm5, %xmm5 + pxor %xmm6, %xmm6 +____ +$code .= <<____ if ($win64); + movdqa (%rsp), %xmm6 + movdqa 16(%rsp), %xmm10 + addq \$40, %rsp +____ +$code .= <<____; + ret +.Lgmult_seh_end: +.cfi_endproc +.size gcm_gmult_ssse3,.-gcm_gmult_ssse3 +____ + +$code .= <<____; +# gcm_ghash_ssse3 incorporates |len| bytes from |in| to |Xi|, using |Htable| as +# the key. It writes the result back to |Xi|. |Xi| is represented in GHASH's +# serialized byte representation. |Htable| is formatted as described above. +# void gcm_ghash_ssse3(uint64_t Xi[2], const u128 Htable[16], const uint8_t *in, +# size_t len); +.type gcm_ghash_ssse3, \@abi-omnipotent +.globl gcm_ghash_ssse3 +.align 16 +gcm_ghash_ssse3: +.Lghash_seh_begin: +.cfi_startproc +____ +$code .= <<____ if ($win64); + subq \$56, %rsp +.Lghash_seh_allocstack: + movdqa %xmm6, (%rsp) +.Lghash_seh_save_xmm6: + movdqa %xmm10, 16(%rsp) +.Lghash_seh_save_xmm10: + movdqa %xmm11, 32(%rsp) +.Lghash_seh_save_xmm11: +.Lghash_seh_prolog_end: +____ +$code .= <<____; + movdqu ($Xi), %xmm0 + movdqa .Lreverse_bytes(%rip), %xmm10 + movdqa .Llow4_mask(%rip), %xmm11 + + # This function only processes whole blocks. + andq \$-16, $len + + # Reverse input bytes to deserialize. We maintain the running + # total in %xmm0. + pshufb %xmm10, %xmm0 + + # Iterate over each block. On entry to each iteration, %xmm3 is zero. + pxor %xmm3, %xmm3 +.Loop_ghash: + # Incorporate the next block of input. + movdqu ($in), %xmm1 + pshufb %xmm10, %xmm1 # Reverse bytes. + pxor %xmm1, %xmm0 + + # Split each byte into low (%xmm0) and high (%xmm1) halves. + movdqa %xmm11, %xmm1 + pandn %xmm0, %xmm1 + psrld \$4, %xmm1 + pand %xmm11, %xmm0 + + # Maintain the result in %xmm2 (the value) and %xmm3 (carry bits). Note + # that, due to bit reversal, %xmm3 contains bits that fall off when + # right-shifting, not left-shifting. + pxor %xmm2, %xmm2 + # %xmm3 is already zero at this point. +____ + +# We must reduce at least once every 7 rows, so divide into three chunks. +$code .= process_rows(5); +$code .= process_rows(5); +$code .= process_rows(6); + +$code .= <<____; + movdqa %xmm2, %xmm0 + + # Rewind $Htable for the next iteration. + leaq -256($Htable), $Htable + + # Advance input and continue. + leaq 16($in), $in + subq \$16, $len + jnz .Loop_ghash + + # Reverse bytes and store the result. + pshufb %xmm10, %xmm0 + movdqu %xmm0, ($Xi) + + # Zero any registers which contain secrets. + pxor %xmm0, %xmm0 + pxor %xmm1, %xmm1 + pxor %xmm2, %xmm2 + pxor %xmm3, %xmm3 + pxor %xmm4, %xmm4 + pxor %xmm5, %xmm5 + pxor %xmm6, %xmm6 +____ +$code .= <<____ if ($win64); + movdqa (%rsp), %xmm6 + movdqa 16(%rsp), %xmm10 + movdqa 32(%rsp), %xmm11 + addq \$56, %rsp +____ +$code .= <<____; + ret +.Lghash_seh_end: +.cfi_endproc +.size gcm_ghash_ssse3,.-gcm_ghash_ssse3 + +.align 16 +# .Lreverse_bytes is a permutation which, if applied with pshufb, reverses the +# bytes in an XMM register. +.Lreverse_bytes: +.byte 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 +# .Llow4_mask is an XMM mask which selects the low four bits of each byte. +.Llow4_mask: +.quad 0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f +____ + +if ($win64) { + # Add unwind metadata for SEH. + # + # TODO(davidben): This is all manual right now. Once we've added SEH tests, + # add support for emitting these in x86_64-xlate.pl, probably based on MASM + # and Yasm's unwind directives, and unify with CFI. Then upstream it to + # replace the error-prone and non-standard custom handlers. + + # See https://docs.microsoft.com/en-us/cpp/build/struct-unwind-code?view=vs-2017 + my $UWOP_ALLOC_SMALL = 2; + my $UWOP_SAVE_XMM128 = 8; + + $code .= <<____; +.section .pdata +.align 4 + .rva .Lgmult_seh_begin + .rva .Lgmult_seh_end + .rva .Lgmult_seh_info + + .rva .Lghash_seh_begin + .rva .Lghash_seh_end + .rva .Lghash_seh_info + +.section .xdata +.align 8 +.Lgmult_seh_info: + .byte 1 # version 1, no flags + .byte .Lgmult_seh_prolog_end-.Lgmult_seh_begin + .byte 5 # num_slots = 1 + 2 + 2 + .byte 0 # no frame register + + .byte .Lgmult_seh_save_xmm10-.Lgmult_seh_begin + .byte @{[$UWOP_SAVE_XMM128 | (10 << 4)]} + .value 1 + + .byte .Lgmult_seh_save_xmm6-.Lgmult_seh_begin + .byte @{[$UWOP_SAVE_XMM128 | (6 << 4)]} + .value 0 + + .byte .Lgmult_seh_allocstack-.Lgmult_seh_begin + .byte @{[$UWOP_ALLOC_SMALL | (((40 - 8) / 8) << 4)]} + +.align 8 +.Lghash_seh_info: + .byte 1 # version 1, no flags + .byte .Lghash_seh_prolog_end-.Lghash_seh_begin + .byte 7 # num_slots = 1 + 2 + 2 + 2 + .byte 0 # no frame register + + .byte .Lghash_seh_save_xmm11-.Lghash_seh_begin + .byte @{[$UWOP_SAVE_XMM128 | (11 << 4)]} + .value 2 + + .byte .Lghash_seh_save_xmm10-.Lghash_seh_begin + .byte @{[$UWOP_SAVE_XMM128 | (10 << 4)]} + .value 1 + + .byte .Lghash_seh_save_xmm6-.Lghash_seh_begin + .byte @{[$UWOP_SAVE_XMM128 | (6 << 4)]} + .value 0 + + .byte .Lghash_seh_allocstack-.Lghash_seh_begin + .byte @{[$UWOP_ALLOC_SMALL | (((56 - 8) / 8) << 4)]} +____ +} + +print $code; +close STDOUT; diff --git a/src/crypto/fipsmodule/modes/asm/ghash-x86_64.pl b/src/crypto/fipsmodule/modes/asm/ghash-x86_64.pl index fc631c7..b267698 100644 --- a/src/crypto/fipsmodule/modes/asm/ghash-x86_64.pl +++ b/src/crypto/fipsmodule/modes/asm/ghash-x86_64.pl @@ -518,6 +518,7 @@ $code.=<<___; .type gcm_init_clmul,\@abi-omnipotent .align 16 gcm_init_clmul: +.cfi_startproc .L_init_clmul: ___ $code.=<<___ if ($win64); @@ -587,6 +588,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size gcm_init_clmul,.-gcm_init_clmul ___ } @@ -598,6 +600,7 @@ $code.=<<___; .type gcm_gmult_clmul,\@abi-omnipotent .align 16 gcm_gmult_clmul: +.cfi_startproc .L_gmult_clmul: movdqu ($Xip),$Xi movdqa .Lbswap_mask(%rip),$T3 @@ -634,6 +637,7 @@ $code.=<<___; pshufb $T3,$Xi movdqu $Xi,($Xip) ret +.cfi_endproc .size gcm_gmult_clmul,.-gcm_gmult_clmul ___ } @@ -647,6 +651,7 @@ $code.=<<___; .type gcm_ghash_clmul,\@abi-omnipotent .align 32 gcm_ghash_clmul: +.cfi_startproc .L_ghash_clmul: ___ $code.=<<___ if ($win64); @@ -995,6 +1000,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size gcm_ghash_clmul,.-gcm_ghash_clmul ___ } @@ -1004,6 +1010,7 @@ $code.=<<___; .type gcm_init_avx,\@abi-omnipotent .align 32 gcm_init_avx: +.cfi_startproc ___ if ($avx) { my ($Htbl,$Xip)=@_4args; @@ -1132,6 +1139,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size gcm_init_avx,.-gcm_init_avx ___ } else { @@ -1146,7 +1154,9 @@ $code.=<<___; .type gcm_gmult_avx,\@abi-omnipotent .align 32 gcm_gmult_avx: +.cfi_startproc jmp .L_gmult_clmul +.cfi_endproc .size gcm_gmult_avx,.-gcm_gmult_avx ___ @@ -1155,6 +1165,7 @@ $code.=<<___; .type gcm_ghash_avx,\@abi-omnipotent .align 32 gcm_ghash_avx: +.cfi_startproc ___ if ($avx) { my ($Xip,$Htbl,$inp,$len)=@_4args; @@ -1567,6 +1578,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size gcm_ghash_avx,.-gcm_ghash_avx ___ } else { diff --git a/src/crypto/fipsmodule/modes/cbc.c b/src/crypto/fipsmodule/modes/cbc.c index 64ea505..3f1d777 100644 --- a/src/crypto/fipsmodule/modes/cbc.c +++ b/src/crypto/fipsmodule/modes/cbc.c @@ -49,6 +49,8 @@ #include #include +#include + #include "internal.h" @@ -61,30 +63,15 @@ void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len, assert(key != NULL && ivec != NULL); assert(len == 0 || (in != NULL && out != NULL)); - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) != - 0) { - while (len >= 16) { - for (n = 0; n < 16; ++n) { - out[n] = in[n] ^ iv[n]; - } - (*block)(out, out, key); - iv = out; - len -= 16; - in += 16; - out += 16; - } - } else { - while (len >= 16) { - for (n = 0; n < 16; n += sizeof(size_t)) { - store_word_le(out + n, load_word_le(in + n) ^ load_word_le(iv + n)); - } - (*block)(out, out, key); - iv = out; - len -= 16; - in += 16; - out += 16; + while (len >= 16) { + for (n = 0; n < 16; n += sizeof(size_t)) { + store_word_le(out + n, load_word_le(in + n) ^ load_word_le(iv + n)); } + (*block)(out, out, key); + iv = out; + len -= 16; + in += 16; + out += 16; } while (len) { @@ -127,66 +114,35 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len, if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) { // If |out| is at least two blocks behind |in| or completely disjoint, there // is no need to decrypt to a temporary block. + OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0, + "block cannot be evenly divided into words"); const uint8_t *iv = ivec; - - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) != - 0) { - while (len >= 16) { - (*block)(in, out, key); - for (n = 0; n < 16; ++n) { - out[n] ^= iv[n]; - } - iv = in; - len -= 16; - in += 16; - out += 16; - } - } else if (16 % sizeof(size_t) == 0) { // always true - while (len >= 16) { - (*block)(in, out, key); - for (n = 0; n < 16; n += sizeof(size_t)) { - store_word_le(out + n, load_word_le(out + n) ^ load_word_le(iv + n)); - } - iv = in; - len -= 16; - in += 16; - out += 16; + while (len >= 16) { + (*block)(in, out, key); + for (n = 0; n < 16; n += sizeof(size_t)) { + store_word_le(out + n, load_word_le(out + n) ^ load_word_le(iv + n)); } + iv = in; + len -= 16; + in += 16; + out += 16; } OPENSSL_memcpy(ivec, iv, 16); } else { - // |out| is less than two blocks behind |in|. Decrypting an input block - // directly to |out| would overwrite a ciphertext block before it is used as - // the next block's IV. Decrypt to a temporary block instead. - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) != - 0) { - uint8_t c; - while (len >= 16) { - (*block)(in, tmp.c, key); - for (n = 0; n < 16; ++n) { - c = in[n]; - out[n] = tmp.c[n] ^ ivec[n]; - ivec[n] = c; - } - len -= 16; - in += 16; - out += 16; - } - } else if (16 % sizeof(size_t) == 0) { // always true - while (len >= 16) { - (*block)(in, tmp.c, key); - for (n = 0; n < 16; n += sizeof(size_t)) { - size_t c = load_word_le(in + n); - store_word_le(out + n, - tmp.t[n / sizeof(size_t)] ^ load_word_le(ivec + n)); - store_word_le(ivec + n, c); - } - len -= 16; - in += 16; - out += 16; + OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0, + "block cannot be evenly divided into words"); + + while (len >= 16) { + (*block)(in, tmp.c, key); + for (n = 0; n < 16; n += sizeof(size_t)) { + size_t c = load_word_le(in + n); + store_word_le(out + n, + tmp.t[n / sizeof(size_t)] ^ load_word_le(ivec + n)); + store_word_le(ivec + n, c); } + len -= 16; + in += 16; + out += 16; } } diff --git a/src/crypto/fipsmodule/modes/cfb.c b/src/crypto/fipsmodule/modes/cfb.c index 0a81f3b..8ca9004 100644 --- a/src/crypto/fipsmodule/modes/cfb.c +++ b/src/crypto/fipsmodule/modes/cfb.c @@ -60,8 +60,6 @@ OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0, void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, uint8_t ivec[16], unsigned *num, int enc, block128_f block) { - size_t l = 0; - assert(in && out && key && ivec && num); unsigned n = *num; @@ -72,21 +70,6 @@ void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len, --len; n = (n + 1) % 16; } -#if STRICT_ALIGNMENT - if (((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) != - 0) { - while (l < len) { - if (n == 0) { - (*block)(ivec, ivec, key); - } - out[l] = ivec[n] ^= in[l]; - ++l; - n = (n + 1) % 16; - } - *num = n; - return; - } -#endif while (len >= 16) { (*block)(ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { @@ -116,22 +99,6 @@ void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len, --len; n = (n + 1) % 16; } - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) != - 0) { - while (l < len) { - uint8_t c; - if (n == 0) { - (*block)(ivec, ivec, key); - } - out[l] = ivec[n] ^ (c = in[l]); - ivec[n] = c; - ++l; - n = (n + 1) % 16; - } - *num = n; - return; - } while (len >= 16) { (*block)(ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { diff --git a/src/crypto/fipsmodule/modes/ctr.c b/src/crypto/fipsmodule/modes/ctr.c index b806b9a..8b0e059 100644 --- a/src/crypto/fipsmodule/modes/ctr.c +++ b/src/crypto/fipsmodule/modes/ctr.c @@ -99,26 +99,6 @@ void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len, --len; n = (n + 1) % 16; } - -#if STRICT_ALIGNMENT - if (((uintptr_t)in | (uintptr_t)out | - (uintptr_t)ecount_buf) % sizeof(size_t) != 0) { - size_t l = 0; - while (l < len) { - if (n == 0) { - (*block)(ivec, ecount_buf, key); - ctr128_inc(ivec); - } - out[l] = in[l] ^ ecount_buf[n]; - ++l; - n = (n + 1) % 16; - } - - *num = n; - return; - } -#endif - while (len >= 16) { (*block)(ivec, ecount_buf, key); ctr128_inc(ivec); diff --git a/src/crypto/fipsmodule/modes/gcm.c b/src/crypto/fipsmodule/modes/gcm.c index 5e556df..f92f675 100644 --- a/src/crypto/fipsmodule/modes/gcm.c +++ b/src/crypto/fipsmodule/modes/gcm.c @@ -57,12 +57,6 @@ #include "internal.h" #include "../../internal.h" -#if !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ - defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) || \ - defined(OPENSSL_PPC64LE)) -#define GHASH_ASM -#endif #define PACK(s) ((size_t)(s) << (sizeof(size_t) * 8 - 16)) #define REDUCE1BIT(V) \ @@ -82,7 +76,7 @@ // bits of a |size_t|. static const size_t kSizeTWithoutLower4Bits = (size_t) -16; -static void gcm_init_4bit(u128 Htable[16], uint64_t H[2]) { +void gcm_init_4bit(u128 Htable[16], const uint64_t H[2]) { u128 V; Htable[0].hi = 0; @@ -127,7 +121,7 @@ static const size_t rem_4bit[16] = { PACK(0xE100), PACK(0xFD20), PACK(0xD940), PACK(0xC560), PACK(0x9180), PACK(0x8DA0), PACK(0xA9C0), PACK(0xB5E0)}; -static void gcm_gmult_4bit(uint64_t Xi[2], const u128 Htable[16]) { +void gcm_gmult_4bit(uint64_t Xi[2], const u128 Htable[16]) { u128 Z; int cnt = 15; size_t rem, nlo, nhi; @@ -182,8 +176,8 @@ static void gcm_gmult_4bit(uint64_t Xi[2], const u128 Htable[16]) { // performance improvement, at least not on x86[_64]. It's here // mostly as reference and a placeholder for possible future // non-trivial optimization[s]... -static void gcm_ghash_4bit(uint64_t Xi[2], const u128 Htable[16], - const uint8_t *inp, size_t len) { +void gcm_ghash_4bit(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len) { u128 Z; int cnt; size_t rem, nlo, nhi; @@ -237,119 +231,54 @@ static void gcm_ghash_4bit(uint64_t Xi[2], const u128 Htable[16], Xi[1] = CRYPTO_bswap8(Z.lo); } while (inp += 16, len -= 16); } -#else // GHASH_ASM -void gcm_gmult_4bit(uint64_t Xi[2], const u128 Htable[16]); -void gcm_ghash_4bit(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len); -#endif +#endif // !GHASH_ASM || AARCH64 || PPC64LE #define GCM_MUL(ctx, Xi) gcm_gmult_4bit((ctx)->Xi.u, (ctx)->gcm_key.Htable) -#if defined(GHASH_ASM) #define GHASH(ctx, in, len) \ gcm_ghash_4bit((ctx)->Xi.u, (ctx)->gcm_key.Htable, in, len) // GHASH_CHUNK is "stride parameter" missioned to mitigate cache // trashing effect. In other words idea is to hash data while it's // still in L1 cache after encryption pass... #define GHASH_CHUNK (3 * 1024) -#endif - - -#if defined(GHASH_ASM) -#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) -#define GCM_FUNCREF_4BIT -void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]); -void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]); -void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len); - -#if defined(OPENSSL_X86_64) -#define GHASH_ASM_X86_64 -void gcm_init_avx(u128 Htable[16], const uint64_t Xi[2]); -void gcm_gmult_avx(uint64_t Xi[2], const u128 Htable[16]); -void gcm_ghash_avx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *in, - size_t len); -#define AESNI_GCM -size_t aesni_gcm_encrypt(const uint8_t *in, uint8_t *out, size_t len, - const AES_KEY *key, uint8_t ivec[16], uint64_t *Xi); -size_t aesni_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len, - const AES_KEY *key, uint8_t ivec[16], uint64_t *Xi); -#endif - -#if defined(OPENSSL_X86) -#define GHASH_ASM_X86 -void gcm_gmult_4bit_mmx(uint64_t Xi[2], const u128 Htable[16]); -void gcm_ghash_4bit_mmx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len); -#endif - -#elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) -#include -#if __ARM_ARCH__ >= 7 -#define GHASH_ASM_ARM -#define GCM_FUNCREF_4BIT - -static int pmull_capable(void) { - return CRYPTO_is_ARMv8_PMULL_capable(); -} - -void gcm_init_v8(u128 Htable[16], const uint64_t Xi[2]); -void gcm_gmult_v8(uint64_t Xi[2], const u128 Htable[16]); -void gcm_ghash_v8(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len); +#if defined(GHASH_ASM_X86_64) +void gcm_init_ssse3(u128 Htable[16], const uint64_t Xi[2]) { + // Run the existing 4-bit version. + gcm_init_4bit(Htable, Xi); -#if defined(OPENSSL_ARM) -// 32-bit ARM also has support for doing GCM with NEON instructions. -static int neon_capable(void) { - return CRYPTO_is_NEON_capable(); -} + // First, swap hi and lo. The "4bit" version places hi first. It treats the + // two fields separately, so the order does not matter, but ghash-ssse3 reads + // the entire state into one 128-bit register. + for (int i = 0; i < 16; i++) { + uint64_t tmp = Htable[i].hi; + Htable[i].hi = Htable[i].lo; + Htable[i].lo = tmp; + } -void gcm_init_neon(u128 Htable[16], const uint64_t Xi[2]); -void gcm_gmult_neon(uint64_t Xi[2], const u128 Htable[16]); -void gcm_ghash_neon(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len); -#else -// AArch64 only has the ARMv8 versions of functions. -static int neon_capable(void) { - return 0; -} -static void gcm_init_neon(u128 Htable[16], const uint64_t Xi[2]) { - abort(); -} -static void gcm_gmult_neon(uint64_t Xi[2], const u128 Htable[16]) { - abort(); -} -static void gcm_ghash_neon(uint64_t Xi[2], const u128 Htable[16], - const uint8_t *inp, size_t len) { - abort(); + // Treat |Htable| as a 16x16 byte table and transpose it. Thus, Htable[i] + // contains the i'th byte of j*H for all j. + uint8_t *Hbytes = (uint8_t *)Htable; + for (int i = 0; i < 16; i++) { + for (int j = 0; j < i; j++) { + uint8_t tmp = Hbytes[16*i + j]; + Hbytes[16*i + j] = Hbytes[16*j + i]; + Hbytes[16*j + i] = tmp; + } + } } -#endif - -#endif -#elif defined(OPENSSL_PPC64LE) -#define GHASH_ASM_PPC64LE -#define GCM_FUNCREF_4BIT -void gcm_init_p8(u128 Htable[16], const uint64_t Xi[2]); -void gcm_gmult_p8(uint64_t Xi[2], const u128 Htable[16]); -void gcm_ghash_p8(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len); -#endif -#endif +#endif // GHASH_ASM_X86_64 #ifdef GCM_FUNCREF_4BIT #undef GCM_MUL #define GCM_MUL(ctx, Xi) (*gcm_gmult_p)((ctx)->Xi.u, (ctx)->gcm_key.Htable) -#ifdef GHASH #undef GHASH #define GHASH(ctx, in, len) \ (*gcm_ghash_p)((ctx)->Xi.u, (ctx)->gcm_key.Htable, in, len) -#endif -#endif +#endif // GCM_FUNCREF_4BIT void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash, - u128 *out_key, u128 out_table[16], - int *out_is_avx, - const uint8_t *gcm_key) { + u128 *out_key, u128 out_table[16], int *out_is_avx, + const uint8_t gcm_key[16]) { *out_is_avx = 0; union { @@ -379,6 +308,12 @@ void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash, *out_hash = gcm_ghash_clmul; return; } + if (gcm_ssse3_capable()) { + gcm_init_ssse3(out_table, H.u); + *out_mult = gcm_gmult_ssse3; + *out_hash = gcm_ghash_ssse3; + return; + } #elif defined(GHASH_ASM_X86) if (crypto_gcm_clmul_enabled()) { gcm_init_clmul(out_table, H.u); @@ -387,14 +322,14 @@ void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash, return; } #elif defined(GHASH_ASM_ARM) - if (pmull_capable()) { + if (gcm_pmull_capable()) { gcm_init_v8(out_table, H.u); *out_mult = gcm_gmult_v8; *out_hash = gcm_ghash_v8; return; } - if (neon_capable()) { + if (gcm_neon_capable()) { gcm_init_neon(out_table, H.u); *out_mult = gcm_gmult_neon; *out_hash = gcm_ghash_neon; @@ -437,7 +372,6 @@ void CRYPTO_gcm128_init_key(GCM128_KEY *gcm_key, const AES_KEY *aes_key, void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const AES_KEY *key, const uint8_t *iv, size_t len) { - unsigned int ctr; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gcm_key.gmult; @@ -452,6 +386,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const AES_KEY *key, ctx->ares = 0; ctx->mres = 0; + uint32_t ctr; if (len == 12) { OPENSSL_memcpy(ctx->Yi.c, iv, 12); ctx->Yi.c[15] = 1; @@ -486,8 +421,6 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const AES_KEY *key, } int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len) { - unsigned int n; - uint64_t alen = ctx->len.u[0]; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gcm_key.gmult; @@ -501,13 +434,13 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len) { return 0; } - alen += len; + uint64_t alen = ctx->len.u[0] + len; if (alen > (UINT64_C(1) << 61) || (sizeof(len) == 8 && alen < len)) { return 0; } ctx->len.u[0] = alen; - n = ctx->ares; + unsigned n = ctx->ares; if (n) { while (n && len) { ctx->Xi.c[n] ^= *(aad++); @@ -523,23 +456,12 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len) { } // Process a whole number of blocks. -#ifdef GHASH size_t len_blocks = len & kSizeTWithoutLower4Bits; if (len_blocks != 0) { GHASH(ctx, aad, len_blocks); aad += len_blocks; len -= len_blocks; } -#else - while (len >= 16) { - for (size_t i = 0; i < 16; ++i) { - ctx->Xi.c[i] ^= aad[i]; - } - GCM_MUL(ctx, Xi); - aad += 16; - len -= 16; - } -#endif // Process the remainder. if (len != 0) { @@ -555,19 +477,15 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len) { int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, const uint8_t *in, uint8_t *out, size_t len) { - unsigned int n, ctr; - uint64_t mlen = ctx->len.u[1]; block128_f block = ctx->gcm_key.block; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gcm_key.gmult; -#ifdef GHASH void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, size_t len) = ctx->gcm_key.ghash; -#endif #endif - mlen += len; + uint64_t mlen = ctx->len.u[1] + len; if (mlen > ((UINT64_C(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) { return 0; @@ -580,9 +498,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, ctx->ares = 0; } - ctr = CRYPTO_bswap4(ctx->Yi.d[3]); - - n = ctx->mres; + unsigned n = ctx->mres; if (n) { while (n && len) { ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; @@ -596,25 +512,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, return 1; } } - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out) % sizeof(size_t) != 0) { - for (size_t i = 0; i < len; ++i) { - if (n == 0) { - (*block)(ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - } - ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n]; - n = (n + 1) % 16; - if (n == 0) { - GCM_MUL(ctx, Xi); - } - } - ctx->mres = n; - return 1; - } -#if defined(GHASH) && defined(GHASH_CHUNK) + uint32_t ctr = CRYPTO_bswap4(ctx->Yi.d[3]); while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; @@ -649,22 +548,6 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, } GHASH(ctx, out - len_blocks, len_blocks); } -#else - while (len >= 16) { - (*block)(ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - for (size_t i = 0; i < 16; i += sizeof(size_t)) { - size_t tmp = load_word_le(in + i) ^ ctx->EKi.t[i / sizeof(size_t)]; - store_word_le(out + i, tmp); - ctx->Xi.t[i / sizeof(size_t)] ^= tmp; - } - GCM_MUL(ctx, Xi); - out += 16; - in += 16; - len -= 16; - } -#endif if (len) { (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -682,19 +565,15 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, const unsigned char *in, unsigned char *out, size_t len) { - unsigned int n, ctr; - uint64_t mlen = ctx->len.u[1]; block128_f block = ctx->gcm_key.block; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gcm_key.gmult; -#ifdef GHASH void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, size_t len) = ctx->gcm_key.ghash; -#endif #endif - mlen += len; + uint64_t mlen = ctx->len.u[1] + len; if (mlen > ((UINT64_C(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) { return 0; @@ -707,9 +586,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, ctx->ares = 0; } - ctr = CRYPTO_bswap4(ctx->Yi.d[3]); - - n = ctx->mres; + unsigned n = ctx->mres; if (n) { while (n && len) { uint8_t c = *(in++); @@ -725,28 +602,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, return 1; } } - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out) % sizeof(size_t) != 0) { - for (size_t i = 0; i < len; ++i) { - uint8_t c; - if (n == 0) { - (*block)(ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - } - c = in[i]; - out[i] = c ^ ctx->EKi.c[n]; - ctx->Xi.c[n] ^= c; - n = (n + 1) % 16; - if (n == 0) { - GCM_MUL(ctx, Xi); - } - } - ctx->mres = n; - return 1; - } -#if defined(GHASH) && defined(GHASH_CHUNK) + uint32_t ctr = CRYPTO_bswap4(ctx->Yi.d[3]); while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; @@ -781,22 +638,6 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, len -= 16; } } -#else - while (len >= 16) { - (*block)(ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - for (size_t i = 0; i < 16; i += sizeof(size_t)) { - size_t c = load_word_le(in + i); - store_word_le(out + i, c ^ ctx->EKi.t[i / sizeof(size_t)]); - ctx->Xi.t[i / sizeof(size_t)] ^= c; - } - GCM_MUL(ctx, Xi); - out += 16; - in += 16; - len -= 16; - } -#endif if (len) { (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -816,18 +657,14 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key, const uint8_t *in, uint8_t *out, size_t len, ctr128_f stream) { - unsigned int n, ctr; - uint64_t mlen = ctx->len.u[1]; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gcm_key.gmult; -#ifdef GHASH void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, size_t len) = ctx->gcm_key.ghash; -#endif #endif - mlen += len; + uint64_t mlen = ctx->len.u[1] + len; if (mlen > ((UINT64_C(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) { return 0; @@ -840,7 +677,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key, ctx->ares = 0; } - n = ctx->mres; + unsigned n = ctx->mres; if (n) { while (n && len) { ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; @@ -866,9 +703,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key, } #endif - ctr = CRYPTO_bswap4(ctx->Yi.d[3]); - -#if defined(GHASH) + uint32_t ctr = CRYPTO_bswap4(ctx->Yi.d[3]); while (len >= GHASH_CHUNK) { (*stream)(in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; @@ -878,28 +713,17 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key, in += GHASH_CHUNK; len -= GHASH_CHUNK; } -#endif - size_t i = len & kSizeTWithoutLower4Bits; - if (i != 0) { - size_t j = i / 16; + size_t len_blocks = len & kSizeTWithoutLower4Bits; + if (len_blocks != 0) { + size_t j = len_blocks / 16; (*stream)(in, out, j, key, ctx->Yi.c); ctr += (unsigned int)j; ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - in += i; - len -= i; -#if defined(GHASH) - GHASH(ctx, out, i); - out += i; -#else - while (j--) { - for (i = 0; i < 16; ++i) { - ctx->Xi.c[i] ^= out[i]; - } - GCM_MUL(ctx, Xi); - out += 16; - } -#endif + in += len_blocks; + len -= len_blocks; + GHASH(ctx, out, len_blocks); + out += len_blocks; } if (len) { (*ctx->gcm_key.block)(ctx->Yi.c, ctx->EKi.c, key); @@ -918,18 +742,14 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key, int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key, const uint8_t *in, uint8_t *out, size_t len, ctr128_f stream) { - unsigned int n, ctr; - uint64_t mlen = ctx->len.u[1]; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gcm_key.gmult; -#ifdef GHASH void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, size_t len) = ctx->gcm_key.ghash; -#endif #endif - mlen += len; + uint64_t mlen = ctx->len.u[1] + len; if (mlen > ((UINT64_C(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) { return 0; @@ -942,7 +762,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key, ctx->ares = 0; } - n = ctx->mres; + unsigned n = ctx->mres; if (n) { while (n && len) { uint8_t c = *(in++); @@ -970,9 +790,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key, } #endif - ctr = CRYPTO_bswap4(ctx->Yi.d[3]); - -#if defined(GHASH) + uint32_t ctr = CRYPTO_bswap4(ctx->Yi.d[3]); while (len >= GHASH_CHUNK) { GHASH(ctx, in, GHASH_CHUNK); (*stream)(in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); @@ -982,31 +800,17 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key, in += GHASH_CHUNK; len -= GHASH_CHUNK; } -#endif - size_t i = len & kSizeTWithoutLower4Bits; - if (i != 0) { - size_t j = i / 16; + size_t len_blocks = len & kSizeTWithoutLower4Bits; + if (len_blocks != 0) { + size_t j = len_blocks / 16; -#if defined(GHASH) - GHASH(ctx, in, i); -#else - while (j--) { - size_t k; - for (k = 0; k < 16; ++k) { - ctx->Xi.c[k] ^= in[k]; - } - GCM_MUL(ctx, Xi); - in += 16; - } - j = i / 16; - in -= i; -#endif + GHASH(ctx, in, len_blocks); (*stream)(in, out, j, key, ctx->Yi.c); ctr += (unsigned int)j; ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - out += i; - in += i; - len -= i; + out += len_blocks; + in += len_blocks; + len -= len_blocks; } if (len) { (*ctx->gcm_key.block)(ctx->Yi.c, ctx->EKi.c, key); @@ -1025,8 +829,6 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key, } int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag, size_t len) { - uint64_t alen = ctx->len.u[0] << 3; - uint64_t clen = ctx->len.u[1] << 3; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gcm_key.gmult; @@ -1036,11 +838,8 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag, size_t len) { GCM_MUL(ctx, Xi); } - alen = CRYPTO_bswap8(alen); - clen = CRYPTO_bswap8(clen); - - ctx->Xi.u[0] ^= alen; - ctx->Xi.u[1] ^= clen; + ctx->Xi.u[0] ^= CRYPTO_bswap8(ctx->len.u[0] << 3); + ctx->Xi.u[1] ^= CRYPTO_bswap8(ctx->len.u[1] << 3); GCM_MUL(ctx, Xi); ctx->Xi.u[0] ^= ctx->EK0.u[0]; diff --git a/src/crypto/fipsmodule/modes/gcm_test.cc b/src/crypto/fipsmodule/modes/gcm_test.cc index a6b7fc0..47ecd29 100644 --- a/src/crypto/fipsmodule/modes/gcm_test.cc +++ b/src/crypto/fipsmodule/modes/gcm_test.cc @@ -54,10 +54,13 @@ #include #include +#include -#include "internal.h" +#include "../../test/abi_test.h" #include "../../test/file_test.h" #include "../../test/test_util.h" +#include "../aes/internal.h" +#include "internal.h" TEST(GCMTest, TestVectors) { @@ -90,7 +93,10 @@ TEST(GCMTest, TestVectors) { CRYPTO_gcm128_encrypt(&ctx, &aes_key, plaintext.data(), out.data(), plaintext.size()); } - ASSERT_TRUE(CRYPTO_gcm128_finish(&ctx, tag.data(), tag.size())); + + std::vector got_tag(tag.size()); + CRYPTO_gcm128_tag(&ctx, got_tag.data(), got_tag.size()); + EXPECT_EQ(Bytes(tag), Bytes(got_tag)); EXPECT_EQ(Bytes(ciphertext), Bytes(out)); CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce.data(), nonce.size()); @@ -112,3 +118,110 @@ TEST(GCMTest, ByteSwap) { EXPECT_EQ(UINT64_C(0x0807060504030201), CRYPTO_bswap8(UINT64_C(0x0102030405060708))); } + +#if defined(SUPPORTS_ABI_TEST) && defined(GHASH_ASM) +TEST(GCMTest, ABI) { + static const uint64_t kH[2] = { + UINT64_C(0x66e94bd4ef8a2c3b), + UINT64_C(0x884cfa59ca342b2e), + }; + static const size_t kBlockCounts[] = {1, 2, 3, 4, 7, 8, 15, 16, 31, 32}; + uint8_t buf[16 * 32]; + OPENSSL_memset(buf, 42, sizeof(buf)); + + uint64_t X[2] = { + UINT64_C(0x0388dace60b6a392), + UINT64_C(0xf328c2b971b2fe78), + }; + + alignas(16) u128 Htable[16]; + CHECK_ABI(gcm_init_4bit, Htable, kH); +#if defined(GHASH_ASM_X86) + CHECK_ABI(gcm_gmult_4bit_mmx, X, Htable); + for (size_t blocks : kBlockCounts) { + CHECK_ABI(gcm_ghash_4bit_mmx, X, Htable, buf, 16 * blocks); + } +#else + CHECK_ABI(gcm_gmult_4bit, X, Htable); + for (size_t blocks : kBlockCounts) { + CHECK_ABI(gcm_ghash_4bit, X, Htable, buf, 16 * blocks); + } +#endif // GHASH_ASM_X86 + +#if defined(GHASH_ASM_X86_64) + if (gcm_ssse3_capable()) { + CHECK_ABI_SEH(gcm_init_ssse3, Htable, kH); + CHECK_ABI_SEH(gcm_gmult_ssse3, X, Htable); + for (size_t blocks : kBlockCounts) { + CHECK_ABI_SEH(gcm_ghash_ssse3, X, Htable, buf, 16 * blocks); + } + } +#endif // GHASH_ASM_X86_64 + +#if defined(GHASH_ASM_X86) || defined(GHASH_ASM_X86_64) + if (crypto_gcm_clmul_enabled()) { + CHECK_ABI_SEH(gcm_init_clmul, Htable, kH); + CHECK_ABI_SEH(gcm_gmult_clmul, X, Htable); + for (size_t blocks : kBlockCounts) { + CHECK_ABI_SEH(gcm_ghash_clmul, X, Htable, buf, 16 * blocks); + } + +#if defined(GHASH_ASM_X86_64) + if (((OPENSSL_ia32cap_get()[1] >> 22) & 0x41) == 0x41) { // AVX+MOVBE + CHECK_ABI_SEH(gcm_init_avx, Htable, kH); + CHECK_ABI_SEH(gcm_gmult_avx, X, Htable); + for (size_t blocks : kBlockCounts) { + CHECK_ABI_SEH(gcm_ghash_avx, X, Htable, buf, 16 * blocks); + } + + if (hwaes_capable()) { + AES_KEY aes_key; + static const uint8_t kKey[16] = {0}; + + // aesni_gcm_* makes assumptions about |GCM128_CONTEXT|'s layout. + GCM128_CONTEXT gcm; + memset(&gcm, 0, sizeof(gcm)); + memcpy(&gcm.gcm_key.H, kH, sizeof(kH)); + memcpy(&gcm.gcm_key.Htable, Htable, sizeof(Htable)); + memcpy(&gcm.Xi, X, sizeof(X)); + uint8_t iv[16] = {0}; + + aes_hw_set_encrypt_key(kKey, 128, &aes_key); + for (size_t blocks : kBlockCounts) { + CHECK_ABI(aesni_gcm_encrypt, buf, buf, blocks * 16, &aes_key, iv, + gcm.Xi.u); + CHECK_ABI(aesni_gcm_encrypt, buf, buf, blocks * 16 + 7, &aes_key, iv, + gcm.Xi.u); + } + aes_hw_set_decrypt_key(kKey, 128, &aes_key); + for (size_t blocks : kBlockCounts) { + CHECK_ABI(aesni_gcm_decrypt, buf, buf, blocks * 16, &aes_key, iv, + gcm.Xi.u); + CHECK_ABI(aesni_gcm_decrypt, buf, buf, blocks * 16 + 7, &aes_key, iv, + gcm.Xi.u); + } + } + } +#endif // GHASH_ASM_X86_64 + } +#endif // GHASH_ASM_X86 || GHASH_ASM_X86_64 + +#if defined(GHASH_ASM_ARM) + if (gcm_neon_capable()) { + CHECK_ABI(gcm_init_neon, Htable, kH); + CHECK_ABI(gcm_gmult_neon, X, Htable); + for (size_t blocks : kBlockCounts) { + CHECK_ABI(gcm_ghash_neon, X, Htable, buf, 16 * blocks); + } + } + + if (gcm_pmull_capable()) { + CHECK_ABI(gcm_init_v8, Htable, kH); + CHECK_ABI(gcm_gmult_v8, X, Htable); + for (size_t blocks : kBlockCounts) { + CHECK_ABI(gcm_ghash_v8, X, Htable, buf, 16 * blocks); + } + } +#endif // GHASH_ASM_ARM +} +#endif // SUPPORTS_ABI_TEST && GHASH_ASM diff --git a/src/crypto/fipsmodule/modes/internal.h b/src/crypto/fipsmodule/modes/internal.h index 23aaca2..5f9d035 100644 --- a/src/crypto/fipsmodule/modes/internal.h +++ b/src/crypto/fipsmodule/modes/internal.h @@ -50,8 +50,11 @@ #define OPENSSL_HEADER_MODES_INTERNAL_H #include + #include +#include +#include #include #include "../../internal.h" @@ -61,12 +64,6 @@ extern "C" { #endif -#define STRICT_ALIGNMENT 1 -#if defined(OPENSSL_X86_64) || defined(OPENSSL_X86) || defined(OPENSSL_AARCH64) -#undef STRICT_ALIGNMENT -#define STRICT_ALIGNMENT 0 -#endif - static inline uint32_t GETU32(const void *in) { uint32_t v; OPENSSL_memcpy(&v, in, sizeof(v)); @@ -127,12 +124,6 @@ void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out, size_t len, uint8_t ecount_buf[16], unsigned *num, ctr128_f ctr); -#if !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) -void aesni_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t blocks, - const AES_KEY *key, const uint8_t *ivec); -#endif - // GCM. // @@ -156,7 +147,10 @@ typedef void (*ghash_func)(uint64_t Xi[2], const u128 Htable[16], typedef struct gcm128_key_st { // Note the MOVBE-based, x86-64, GHASH assembly requires |H| and |Htable| to - // be the first two elements of this struct. + // be the first two elements of this struct. Additionally, some assembly + // routines require a 16-byte-aligned |Htable| when hashing data, but not + // initialization. |GCM128_KEY| is not itself aligned to simplify embedding in + // |EVP_AEAD_CTX|, but |Htable|'s offset must be a multiple of 16. u128 H; u128 Htable[16]; gmult_func gmult; @@ -181,8 +175,10 @@ typedef struct { } Yi, EKi, EK0, len, Xi; // Note that the order of |Xi| and |gcm_key| is fixed by the MOVBE-based, - // x86-64, GHASH assembly. - GCM128_KEY gcm_key; + // x86-64, GHASH assembly. Additionally, some assembly routines require + // |gcm_key| to be 16-byte aligned. |GCM128_KEY| is not itself aligned to + // simplify embedding in |EVP_AEAD_CTX|. + alignas(16) GCM128_KEY gcm_key; unsigned mres, ares; } GCM128_CONTEXT; @@ -199,7 +195,7 @@ int crypto_gcm_clmul_enabled(void); // AVX implementation was used |*out_is_avx| will be true. void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash, u128 *out_key, u128 out_table[16], int *out_is_avx, - const uint8_t *gcm_key); + const uint8_t gcm_key[16]); // CRYPTO_gcm128_init_key initialises |gcm_key| to use |block| (typically AES) // with the given key. |block_is_hwaes| is one if |block| is |aes_hw_encrypt|. @@ -263,6 +259,108 @@ OPENSSL_EXPORT void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, uint8_t *tag, size_t len); +// GCM assembly. + +#if !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ + defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) || \ + defined(OPENSSL_PPC64LE)) +#define GHASH_ASM +#endif + +void gcm_init_4bit(u128 Htable[16], const uint64_t H[2]); +void gcm_gmult_4bit(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_4bit(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len); + +#if defined(GHASH_ASM) + +#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) +#define GCM_FUNCREF_4BIT +void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]); +void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len); + +#if defined(OPENSSL_X86_64) +#define GHASH_ASM_X86_64 +void gcm_init_avx(u128 Htable[16], const uint64_t Xi[2]); +void gcm_gmult_avx(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_avx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *in, + size_t len); + +OPENSSL_INLINE char gcm_ssse3_capable(void) { + return (OPENSSL_ia32cap_get()[1] & (1 << (41 - 32))) != 0; +} + +// |gcm_gmult_ssse3| and |gcm_ghash_ssse3| require |Htable| to be +// 16-byte-aligned, but |gcm_init_ssse3| does not. +void gcm_init_ssse3(u128 Htable[16], const uint64_t Xi[2]); +void gcm_gmult_ssse3(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_ssse3(uint64_t Xi[2], const u128 Htable[16], const uint8_t *in, + size_t len); + +#define AESNI_GCM +size_t aesni_gcm_encrypt(const uint8_t *in, uint8_t *out, size_t len, + const AES_KEY *key, uint8_t ivec[16], uint64_t *Xi); +size_t aesni_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len, + const AES_KEY *key, uint8_t ivec[16], uint64_t *Xi); +#endif // OPENSSL_X86_64 + +#if defined(OPENSSL_X86) +#define GHASH_ASM_X86 +void gcm_gmult_4bit_mmx(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_4bit_mmx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len); +#endif // OPENSSL_X86 + +#elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) +#define GHASH_ASM_ARM +#define GCM_FUNCREF_4BIT + +OPENSSL_INLINE int gcm_pmull_capable(void) { + return CRYPTO_is_ARMv8_PMULL_capable(); +} + +void gcm_init_v8(u128 Htable[16], const uint64_t Xi[2]); +void gcm_gmult_v8(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_v8(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len); + +#if defined(OPENSSL_ARM) +// 32-bit ARM also has support for doing GCM with NEON instructions. +OPENSSL_INLINE int gcm_neon_capable(void) { return CRYPTO_is_NEON_capable(); } + +void gcm_init_neon(u128 Htable[16], const uint64_t Xi[2]); +void gcm_gmult_neon(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_neon(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len); +#else +// AArch64 only has the ARMv8 versions of functions. +OPENSSL_INLINE int gcm_neon_capable(void) { return 0; } +OPENSSL_INLINE void gcm_init_neon(u128 Htable[16], const uint64_t Xi[2]) { + abort(); +} +OPENSSL_INLINE void gcm_gmult_neon(uint64_t Xi[2], const u128 Htable[16]) { + abort(); +} +OPENSSL_INLINE void gcm_ghash_neon(uint64_t Xi[2], const u128 Htable[16], + const uint8_t *inp, size_t len) { + abort(); +} +#endif // OPENSSL_ARM + +#elif defined(OPENSSL_PPC64LE) +#define GHASH_ASM_PPC64LE +#define GCM_FUNCREF_4BIT +void gcm_init_p8(u128 Htable[16], const uint64_t Xi[2]); +void gcm_gmult_p8(uint64_t Xi[2], const u128 Htable[16]); +void gcm_ghash_p8(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, + size_t len); +#endif +#endif // GHASH_ASM + + // CCM. typedef struct ccm128_context { @@ -376,10 +474,11 @@ typedef union { struct polyval_ctx { // Note that the order of |S|, |H| and |Htable| is fixed by the MOVBE-based, - // x86-64, GHASH assembly. + // x86-64, GHASH assembly. Additionally, some assembly routines require + // |Htable| to be 16-byte aligned. polyval_block S; u128 H; - u128 Htable[16]; + alignas(16) u128 Htable[16]; gmult_func gmult; ghash_func ghash; }; diff --git a/src/crypto/fipsmodule/rand/asm/rdrand-x86_64.pl b/src/crypto/fipsmodule/rand/asm/rdrand-x86_64.pl index 056dd74..76b5f9b 100644 --- a/src/crypto/fipsmodule/rand/asm/rdrand-x86_64.pl +++ b/src/crypto/fipsmodule/rand/asm/rdrand-x86_64.pl @@ -14,17 +14,27 @@ # OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN # CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -$flavour = shift; -$output = shift; +use strict; + +my $flavour = shift; +my $output = shift; if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +my $win64 = 0; +$win64 = 1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; +my $dir = $1; +my $xlate; ( $xlate="${dir}../../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; open OUT,"| \"$^X\" $xlate $flavour $output"; *STDOUT=*OUT; +my ($out, $len, $tmp1, $tmp2) = $win64 ? ("%rcx", "%rdx", "%r8", "%r9") + : ("%rdi", "%rsi", "%rdx", "%rcx"); + print<<___; .text @@ -32,40 +42,37 @@ print<<___; # |out|. It returns one on success or zero on hardware failure. # int CRYPTO_rdrand(uint8_t out[8]); .globl CRYPTO_rdrand -.type CRYPTO_rdrand,\@function,1 +.type CRYPTO_rdrand,\@abi-omnipotent .align 16 CRYPTO_rdrand: .cfi_startproc xorq %rax, %rax - # This is rdrand %rcx. It sets rcx to a random value and sets the carry - # flag on success. - .byte 0x48, 0x0f, 0xc7, 0xf1 + rdrand $tmp1 # An add-with-carry of zero effectively sets %rax to the carry flag. adcq %rax, %rax - movq %rcx, 0(%rdi) + movq $tmp1, 0($out) retq .cfi_endproc +.size CRYPTO_rdrand,.-CRYPTO_rdrand # CRYPTO_rdrand_multiple8_buf fills |len| bytes at |buf| with random data from # the hardware RNG. The |len| argument must be a multiple of eight. It returns # one on success and zero on hardware failure. # int CRYPTO_rdrand_multiple8_buf(uint8_t *buf, size_t len); .globl CRYPTO_rdrand_multiple8_buf -.type CRYPTO_rdrand_multiple8_buf,\@function,2 +.type CRYPTO_rdrand_multiple8_buf,\@abi-omnipotent .align 16 CRYPTO_rdrand_multiple8_buf: .cfi_startproc - test %rsi, %rsi + test $len, $len jz .Lout - movq \$8, %rdx + movq \$8, $tmp1 .Lloop: - # This is rdrand %rcx. It sets rcx to a random value and sets the carry - # flag on success. - .byte 0x48, 0x0f, 0xc7, 0xf1 + rdrand $tmp2 jnc .Lerr - movq %rcx, 0(%rdi) - addq %rdx, %rdi - subq %rdx, %rsi + movq $tmp2, 0($out) + addq $tmp1, $out + subq $tmp1, $len jnz .Lloop .Lout: movq \$1, %rax @@ -74,6 +81,7 @@ CRYPTO_rdrand_multiple8_buf: xorq %rax, %rax retq .cfi_endproc +.size CRYPTO_rdrand_multiple8_buf,.-CRYPTO_rdrand_multiple8_buf ___ close STDOUT; # flush diff --git a/src/crypto/fipsmodule/rand/ctrdrbg.c b/src/crypto/fipsmodule/rand/ctrdrbg.c index b2fda1d..418f56b 100644 --- a/src/crypto/fipsmodule/rand/ctrdrbg.c +++ b/src/crypto/fipsmodule/rand/ctrdrbg.c @@ -57,7 +57,12 @@ int CTR_DRBG_init(CTR_DRBG_STATE *drbg, seed_material[i] ^= kInitMask[i]; } - drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, seed_material, 32); + // |RAND_bytes| is rarely called with large enough inputs for bsaes to be + // faster than vpaes. bsaes also currently has side channel trade offs + // (https://crbug.com/boringssl/256), which we should especially avoid in the + // PRNG. (Note the size hint is a no-op on machines with AES instructions.) + drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, seed_material, 32, + 0 /* small inputs */); OPENSSL_memcpy(drbg->counter.bytes, seed_material + 32, 16); drbg->reseed_counter = 1; @@ -93,7 +98,8 @@ static int ctr_drbg_update(CTR_DRBG_STATE *drbg, const uint8_t *data, temp[i] ^= data[i]; } - drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, temp, 32); + drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, temp, 32, + 0 /* small inputs */); OPENSSL_memcpy(drbg->counter.bytes, temp + 32, 16); return 1; diff --git a/src/crypto/fipsmodule/rand/internal.h b/src/crypto/fipsmodule/rand/internal.h index f73f4a1..ad75823 100644 --- a/src/crypto/fipsmodule/rand/internal.h +++ b/src/crypto/fipsmodule/rand/internal.h @@ -16,6 +16,7 @@ #define OPENSSL_HEADER_CRYPTO_RAND_INTERNAL_H #include +#include #include "../../internal.h" #include "../modes/internal.h" @@ -85,6 +86,22 @@ OPENSSL_EXPORT int CTR_DRBG_generate(CTR_DRBG_STATE *drbg, uint8_t *out, OPENSSL_EXPORT void CTR_DRBG_clear(CTR_DRBG_STATE *drbg); +#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) +OPENSSL_INLINE int have_rdrand(void) { + return (OPENSSL_ia32cap_get()[1] & (1u << 30)) != 0; +} + +// CRYPTO_rdrand writes eight bytes of random data from the hardware RNG to +// |out|. It returns one on success or zero on hardware failure. +int CRYPTO_rdrand(uint8_t out[8]); + +// CRYPTO_rdrand_multiple8_buf fills |len| bytes at |buf| with random data from +// the hardware RNG. The |len| argument must be a multiple of eight. It returns +// one on success and zero on hardware failure. +int CRYPTO_rdrand_multiple8_buf(uint8_t *buf, size_t len); +#endif // OPENSSL_X86_64 && !OPENSSL_NO_ASM + + #if defined(__cplusplus) } // extern C #endif diff --git a/src/crypto/fipsmodule/rand/rand.c b/src/crypto/fipsmodule/rand/rand.c index e6b4bb4..a8ef458 100644 --- a/src/crypto/fipsmodule/rand/rand.c +++ b/src/crypto/fipsmodule/rand/rand.c @@ -54,17 +54,77 @@ static const unsigned kReseedInterval = 4096; // continuous random number generator test in FIPS 140-2, section 4.9.2. #define CRNGT_BLOCK_SIZE 16 -#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) && \ - !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) +// rand_thread_state contains the per-thread state for the RNG. +struct rand_thread_state { + CTR_DRBG_STATE drbg; + // calls is the number of generate calls made on |drbg| since it was last + // (re)seeded. This is bound by |kReseedInterval|. + unsigned calls; + // last_block_valid is non-zero iff |last_block| contains data from + // |CRYPTO_sysrand|. + int last_block_valid; -// These functions are defined in asm/rdrand-x86_64.pl -extern int CRYPTO_rdrand(uint8_t out[8]); -extern int CRYPTO_rdrand_multiple8_buf(uint8_t *buf, size_t len); +#if defined(BORINGSSL_FIPS) + // last_block contains the previous block from |CRYPTO_sysrand|. + uint8_t last_block[CRNGT_BLOCK_SIZE]; + // next and prev form a NULL-terminated, double-linked list of all states in + // a process. + struct rand_thread_state *next, *prev; +#endif +}; -static int have_rdrand(void) { - return (OPENSSL_ia32cap_get()[1] & (1u << 30)) != 0; +#if defined(BORINGSSL_FIPS) +// thread_states_list is the head of a linked-list of all |rand_thread_state| +// objects in the process, one per thread. This is needed because FIPS requires +// that they be zeroed on process exit, but thread-local destructors aren't +// called when the whole process is exiting. +DEFINE_BSS_GET(struct rand_thread_state *, thread_states_list); +DEFINE_STATIC_MUTEX(thread_states_list_lock); + +static void rand_thread_state_clear_all(void) __attribute__((destructor)); +static void rand_thread_state_clear_all(void) { + CRYPTO_STATIC_MUTEX_lock_write(thread_states_list_lock_bss_get()); + for (struct rand_thread_state *cur = *thread_states_list_bss_get(); + cur != NULL; cur = cur->next) { + CTR_DRBG_clear(&cur->drbg); + } + // |thread_states_list_lock is deliberately left locked so that any threads + // that are still running will hang if they try to call |RAND_bytes|. } +#endif + +// rand_thread_state_free frees a |rand_thread_state|. This is called when a +// thread exits. +static void rand_thread_state_free(void *state_in) { + struct rand_thread_state *state = state_in; + + if (state_in == NULL) { + return; + } + +#if defined(BORINGSSL_FIPS) + CRYPTO_STATIC_MUTEX_lock_write(thread_states_list_lock_bss_get()); + if (state->prev != NULL) { + state->prev->next = state->next; + } else { + *thread_states_list_bss_get() = state->next; + } + + if (state->next != NULL) { + state->next->prev = state->prev; + } + + CRYPTO_STATIC_MUTEX_unlock_write(thread_states_list_lock_bss_get()); + + CTR_DRBG_clear(&state->drbg); +#endif + + OPENSSL_free(state); +} + +#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) && \ + !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) static int hwrand(uint8_t *buf, const size_t len) { if (!have_rdrand()) { return 0; @@ -103,32 +163,9 @@ static int hwrand(uint8_t *buf, size_t len) { #endif -// rand_state contains an RNG state. -struct rand_state { - CTR_DRBG_STATE drbg; - // next forms a NULL-terminated linked-list of all free |rand_state| objects. - struct rand_state *next; - // calls is the number of generate calls made on |drbg| since it was last - // (re)seeded. This is bound by - // |kReseedInterval - 1 + SIZE_MAX / CTR_DRBG_MAX_GENERATE_LENGTH|. - size_t calls; - -#if defined(BORINGSSL_FIPS) - // next_all forms another NULL-terminated linked-list, this time of all - // |rand_state| objects that have been allocated including those that might - // currently be in use. - struct rand_state *next_all; - // last_block contains the previous block from |CRYPTO_sysrand|. - uint8_t last_block[CRNGT_BLOCK_SIZE]; - // last_block_valid is non-zero iff |last_block| contains data from - // |CRYPTO_sysrand|. - int last_block_valid; -#endif -}; - #if defined(BORINGSSL_FIPS) -static void rand_get_seed(struct rand_state *state, +static void rand_get_seed(struct rand_thread_state *state, uint8_t seed[CTR_DRBG_ENTROPY_LEN]) { if (!state->last_block_valid) { if (!hwrand(state->last_block, sizeof(state->last_block))) { @@ -177,7 +214,7 @@ static void rand_get_seed(struct rand_state *state, #else -static void rand_get_seed(struct rand_state *state, +static void rand_get_seed(struct rand_thread_state *state, uint8_t seed[CTR_DRBG_ENTROPY_LEN]) { // If not in FIPS mode, we don't overread from the system entropy source and // we don't depend only on the hardware RDRAND. @@ -186,97 +223,6 @@ static void rand_get_seed(struct rand_state *state, #endif -// rand_state_free_list is a list of currently free, |rand_state| structures. -// When a thread needs a |rand_state| it picks the head element of this list and -// allocs a new one if the list is empty. Once it's finished, it pushes the -// state back onto the front of the list. -// -// Previously we used a thread-local state but for processes with large numbers -// of threads this can result in excessive memory usage. Since we don't free -// |rand_state| objects, the number of objects in memory will eventually equal -// the maximum concurrency of |RAND_bytes|. -DEFINE_BSS_GET(struct rand_state *, rand_state_free_list); - -// rand_state_lock protects |rand_state_free_list| (and |rand_state_all_list|, -// in FIPS mode). -DEFINE_STATIC_MUTEX(rand_state_lock); - -#if defined(BORINGSSL_FIPS) -// rand_state_all_list is the head of a linked-list of all |rand_state| objects -// in the process. This is needed because FIPS requires that they be zeroed on -// process exit. -DEFINE_BSS_GET(struct rand_state *, rand_state_all_list); - -// rand_drbg_lock is taken in write mode by |rand_state_clear_all|, and -// in read mode by any operation on the |drbg| member of |rand_state|. -// This ensures that, in the event that a thread races destructor functions, we -// never return bogus random data. At worst, the thread will deadlock. -DEFINE_STATIC_MUTEX(rand_drbg_lock); - -static void rand_state_clear_all(void) __attribute__((destructor)); -static void rand_state_clear_all(void) { - CRYPTO_STATIC_MUTEX_lock_write(rand_drbg_lock_bss_get()); - CRYPTO_STATIC_MUTEX_lock_write(rand_state_lock_bss_get()); - for (struct rand_state *cur = *rand_state_all_list_bss_get(); - cur != NULL; cur = cur->next_all) { - CTR_DRBG_clear(&cur->drbg); - } - // Both locks are deliberately left locked so that any threads that are still - // running will hang if they try to call |RAND_bytes|. -} -#endif - -// rand_state_init seeds a |rand_state|. -static void rand_state_init(struct rand_state *state) { - OPENSSL_memset(state, 0, sizeof(struct rand_state)); - uint8_t seed[CTR_DRBG_ENTROPY_LEN]; - rand_get_seed(state, seed); - if (!CTR_DRBG_init(&state->drbg, seed, NULL, 0)) { - abort(); - } -} - -// rand_state_get pops a |rand_state| from the head of -// |rand_state_free_list| and returns it. If the list is empty, it -// creates a fresh |rand_state| and returns that instead. -static struct rand_state *rand_state_get(void) { - struct rand_state *state = NULL; - CRYPTO_STATIC_MUTEX_lock_write(rand_state_lock_bss_get()); - state = *rand_state_free_list_bss_get(); - if (state != NULL) { - *rand_state_free_list_bss_get() = state->next; - } - CRYPTO_STATIC_MUTEX_unlock_write(rand_state_lock_bss_get()); - - if (state != NULL) { - return state; - } - - state = OPENSSL_malloc(sizeof(struct rand_state)); - if (state == NULL) { - return NULL; - } - - rand_state_init(state); - -#if defined(BORINGSSL_FIPS) - CRYPTO_STATIC_MUTEX_lock_write(rand_state_lock_bss_get()); - state->next_all = *rand_state_all_list_bss_get(); - *rand_state_all_list_bss_get() = state; - CRYPTO_STATIC_MUTEX_unlock_write(rand_state_lock_bss_get()); -#endif - - return state; -} - -// rand_state_put pushes |state| onto |rand_state_free_list|. -static void rand_state_put(struct rand_state *state) { - CRYPTO_STATIC_MUTEX_lock_write(rand_state_lock_bss_get()); - state->next = *rand_state_free_list_bss_get(); - *rand_state_free_list_bss_get() = state; - CRYPTO_STATIC_MUTEX_unlock_write(rand_state_lock_bss_get()); -} - void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, const uint8_t user_additional_data[32]) { if (out_len == 0) { @@ -304,14 +250,41 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, additional_data[i] ^= user_additional_data[i]; } - struct rand_state stack_state; - struct rand_state *state = rand_state_get(); + struct rand_thread_state stack_state; + struct rand_thread_state *state = + CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND); if (state == NULL) { - // If the system is out of memory, use an ephemeral state on the - // stack. - state = &stack_state; - rand_state_init(state); + state = OPENSSL_malloc(sizeof(struct rand_thread_state)); + if (state == NULL || + !CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_RAND, state, + rand_thread_state_free)) { + // If the system is out of memory, use an ephemeral state on the + // stack. + state = &stack_state; + } + + state->last_block_valid = 0; + uint8_t seed[CTR_DRBG_ENTROPY_LEN]; + rand_get_seed(state, seed); + if (!CTR_DRBG_init(&state->drbg, seed, NULL, 0)) { + abort(); + } + state->calls = 0; + +#if defined(BORINGSSL_FIPS) + if (state != &stack_state) { + CRYPTO_STATIC_MUTEX_lock_write(thread_states_list_lock_bss_get()); + struct rand_thread_state **states_list = thread_states_list_bss_get(); + state->next = *states_list; + if (state->next != NULL) { + state->next->prev = state; + } + state->prev = NULL; + *states_list = state; + CRYPTO_STATIC_MUTEX_unlock_write(thread_states_list_lock_bss_get()); + } +#endif } if (state->calls >= kReseedInterval) { @@ -320,13 +293,13 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, #if defined(BORINGSSL_FIPS) // Take a read lock around accesses to |state->drbg|. This is needed to // avoid returning bad entropy if we race with - // |rand_state_clear_all|. + // |rand_thread_state_clear_all|. // // This lock must be taken after any calls to |CRYPTO_sysrand| to avoid a // bug on ppc64le. glibc may implement pthread locks by wrapping user code // in a hardware transaction, but, on some older versions of glibc and the // kernel, syscalls made with |syscall| did not abort the transaction. - CRYPTO_STATIC_MUTEX_lock_read(rand_drbg_lock_bss_get()); + CRYPTO_STATIC_MUTEX_lock_read(thread_states_list_lock_bss_get()); #endif if (!CTR_DRBG_reseed(&state->drbg, seed, NULL, 0)) { abort(); @@ -334,7 +307,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, state->calls = 0; } else { #if defined(BORINGSSL_FIPS) - CRYPTO_STATIC_MUTEX_lock_read(rand_drbg_lock_bss_get()); + CRYPTO_STATIC_MUTEX_lock_read(thread_states_list_lock_bss_get()); #endif } @@ -363,12 +336,8 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, } #if defined(BORINGSSL_FIPS) - CRYPTO_STATIC_MUTEX_unlock_read(rand_drbg_lock_bss_get()); + CRYPTO_STATIC_MUTEX_unlock_read(thread_states_list_lock_bss_get()); #endif - - if (state != &stack_state) { - rand_state_put(state); - } } int RAND_bytes(uint8_t *out, size_t out_len) { diff --git a/src/crypto/fipsmodule/rand/urandom.c b/src/crypto/fipsmodule/rand/urandom.c index d969675..56e4fbd 100644 --- a/src/crypto/fipsmodule/rand/urandom.c +++ b/src/crypto/fipsmodule/rand/urandom.c @@ -120,7 +120,7 @@ static ssize_t boringssl_getrandom(void *buf, size_t buf_len, unsigned flags) { #endif // OPENSSL_LINUX // rand_lock is used to protect the |*_requested| variables. -DEFINE_STATIC_MUTEX(rand_lock); +DEFINE_STATIC_MUTEX(rand_lock) // The following constants are magic values of |urandom_fd|. static const int kUnset = 0; @@ -128,12 +128,12 @@ static const int kHaveGetrandom = -3; // urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by // |rand_lock|. -DEFINE_BSS_GET(int, urandom_fd_requested); +DEFINE_BSS_GET(int, urandom_fd_requested) // urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|. -DEFINE_BSS_GET(int, urandom_fd); +DEFINE_BSS_GET(int, urandom_fd) -DEFINE_STATIC_ONCE(rand_once); +DEFINE_STATIC_ONCE(rand_once) // init_once initializes the state of this module to values previously // requested. This is the only function that modifies |urandom_fd| and diff --git a/src/crypto/fipsmodule/rsa/padding.c b/src/crypto/fipsmodule/rsa/padding.c index b7998fe..28f1b45 100644 --- a/src/crypto/fipsmodule/rsa/padding.c +++ b/src/crypto/fipsmodule/rsa/padding.c @@ -233,6 +233,9 @@ int RSA_padding_check_PKCS1_type_2(uint8_t *out, size_t *out_len, // impossible to completely avoid Bleichenbacher's attack. Consumers should // use |RSA_PADDING_NONE| and perform the padding check in constant-time // combined with a swap to a random session key or other mitigation. + CONSTTIME_DECLASSIFY(&valid_index, sizeof(valid_index)); + CONSTTIME_DECLASSIFY(&zero_index, sizeof(zero_index)); + if (!valid_index) { OPENSSL_PUT_ERROR(RSA, RSA_R_PKCS_DECODING_ERROR); return 0; diff --git a/src/crypto/fipsmodule/rsa/rsa.c b/src/crypto/fipsmodule/rsa/rsa.c index efb2f9b..724de69 100644 --- a/src/crypto/fipsmodule/rsa/rsa.c +++ b/src/crypto/fipsmodule/rsa/rsa.c @@ -80,7 +80,7 @@ // Cryptography.io depends on this error code. OPENSSL_DECLARE_ERROR_REASON(RSA, BLOCK_TYPE_IS_NOT_02) -DEFINE_STATIC_EX_DATA_CLASS(g_rsa_ex_data_class); +DEFINE_STATIC_EX_DATA_CLASS(g_rsa_ex_data_class) RSA *RSA_new(void) { return RSA_new_method(NULL); } diff --git a/src/crypto/fipsmodule/rsa/rsa_impl.c b/src/crypto/fipsmodule/rsa/rsa_impl.c index 895408d..903ba9a 100644 --- a/src/crypto/fipsmodule/rsa/rsa_impl.c +++ b/src/crypto/fipsmodule/rsa/rsa_impl.c @@ -120,6 +120,8 @@ static int ensure_fixed_copy(BIGNUM **out, const BIGNUM *in, int width) { return 0; } *out = copy; + CONSTTIME_SECRET(copy->d, sizeof(BN_ULONG) * width); + return 1; } @@ -166,6 +168,11 @@ static int freeze_private_key(RSA *rsa, BN_CTX *ctx) { } if (rsa->p != NULL && rsa->q != NULL) { + // TODO: p and q are also CONSTTIME_SECRET but not yet marked as such + // because the Montgomery code does things like test whether or not values + // are zero. So the secret marking probably needs to happen inside that + // code. + if (rsa->mont_p == NULL) { rsa->mont_p = BN_MONT_CTX_new_consttime(rsa->p, ctx); if (rsa->mont_p == NULL) { @@ -224,6 +231,9 @@ static int freeze_private_key(RSA *rsa, BN_CTX *ctx) { goto err; } rsa->inv_small_mod_large_mont = inv_small_mod_large_mont; + CONSTTIME_SECRET( + rsa->inv_small_mod_large_mont->d, + sizeof(BN_ULONG) * rsa->inv_small_mod_large_mont->width); } } } @@ -480,6 +490,7 @@ int rsa_default_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out, goto err; } + CONSTTIME_DECLASSIFY(out, rsa_size); *out_len = rsa_size; ret = 1; @@ -539,8 +550,11 @@ int rsa_default_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, goto err; } + CONSTTIME_DECLASSIFY(&ret, sizeof(ret)); if (!ret) { OPENSSL_PUT_ERROR(RSA, RSA_R_PADDING_CHECK_FAILED); + } else { + CONSTTIME_DECLASSIFY(out, out_len); } err: diff --git a/src/crypto/fipsmodule/sha/internal.h b/src/crypto/fipsmodule/sha/internal.h new file mode 100644 index 0000000..a5d70c3 --- /dev/null +++ b/src/crypto/fipsmodule/sha/internal.h @@ -0,0 +1,51 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_SHA_INTERNAL_H +#define OPENSSL_HEADER_SHA_INTERNAL_H + +#include + +#if defined(__cplusplus) +extern "C" { +#endif + + +#if !defined(OPENSSL_NO_ASM) + +#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || defined(OPENSSL_ARM) || \ + defined(OPENSSL_AARCH64) || defined(OPENSSL_PPC64LE) +#define SHA1_ASM +void sha1_block_data_order(uint32_t *state, const uint8_t *in, + size_t num_blocks); +#endif + +#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || defined(OPENSSL_ARM) || \ + defined(OPENSSL_AARCH64) +#define SHA256_ASM +#define SHA512_ASM +void sha256_block_data_order(uint32_t *state, const uint8_t *in, + size_t num_blocks); +void sha512_block_data_order(uint64_t *state, const uint8_t *in, + size_t num_blocks); +#endif + +#endif // OPENSSL_NO_ASM + + +#if defined(__cplusplus) +} // extern "C" +#endif + +#endif // OPENSSL_HEADER_SHA_INTERNAL_H diff --git a/src/crypto/fipsmodule/sha/sha1.c b/src/crypto/fipsmodule/sha/sha1.c index e5b4ba6..a3b771a 100644 --- a/src/crypto/fipsmodule/sha/sha1.c +++ b/src/crypto/fipsmodule/sha/sha1.c @@ -60,16 +60,10 @@ #include +#include "internal.h" #include "../../internal.h" -#if (!defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ - defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))) || \ - defined(OPENSSL_PPC64LE) -#define SHA1_ASM -#endif - int SHA1_Init(SHA_CTX *sha) { OPENSSL_memset(sha, 0, sizeof(SHA_CTX)); sha->h[0] = 0x67452301UL; @@ -120,9 +114,9 @@ uint8_t *SHA1(const uint8_t *data, size_t len, uint8_t *out) { } while (0) #ifndef SHA1_ASM -static +static void sha1_block_data_order(uint32_t *state, const uint8_t *data, + size_t num); #endif -void sha1_block_data_order(uint32_t *state, const uint8_t *data, size_t num); #include "../digest/md32_common.h" @@ -192,8 +186,8 @@ void sha1_block_data_order(uint32_t *state, const uint8_t *data, size_t num); * "find" this expectation reasonable:-( On order to make such * compilers generate better code I replace X[] with a bunch of * X0, X1, etc. See the function body below... -* */ -#define X(i) XX##i +* */ +#define X(i) XX##i #if !defined(SHA1_ASM) static void sha1_block_data_order(uint32_t *state, const uint8_t *data, diff --git a/src/crypto/fipsmodule/sha/sha256.c b/src/crypto/fipsmodule/sha/sha256.c index 3e9bcbc..92a5295 100644 --- a/src/crypto/fipsmodule/sha/sha256.c +++ b/src/crypto/fipsmodule/sha/sha256.c @@ -60,15 +60,10 @@ #include +#include "internal.h" #include "../../internal.h" -#if !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ - defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) -#define SHA256_ASM -#endif - int SHA224_Init(SHA256_CTX *sha) { OPENSSL_memset(sha, 0, sizeof(SHA256_CTX)); sha->h[0] = 0xc1059ed8UL; @@ -172,9 +167,9 @@ int SHA224_Final(uint8_t *md, SHA256_CTX *ctx) { #define HASH_FINAL SHA256_Final #define HASH_BLOCK_DATA_ORDER sha256_block_data_order #ifndef SHA256_ASM -static +static void sha256_block_data_order(uint32_t *state, const uint8_t *in, + size_t num); #endif -void sha256_block_data_order(uint32_t *state, const uint8_t *in, size_t num); #include "../digest/md32_common.h" diff --git a/src/crypto/fipsmodule/sha/sha512.c b/src/crypto/fipsmodule/sha/sha512.c index 3902f50..f96cfbd 100644 --- a/src/crypto/fipsmodule/sha/sha512.c +++ b/src/crypto/fipsmodule/sha/sha512.c @@ -60,31 +60,15 @@ #include +#include "internal.h" #include "../../internal.h" -// IMPLEMENTATION NOTES. -// // The 32-bit hash algorithms share a common byte-order neutral collector and // padding function implementations that operate on unaligned data, -// ../md32_common.h. This SHA-512 implementation does not. Reasons -// [in reverse order] are: -// -// - It's the only 64-bit hash algorithm for the moment of this writing, -// there is no need for common collector/padding implementation [yet]; -// - By supporting only a transform function that operates on *aligned* data -// the collector/padding function is simpler and easier to optimize. - -#if !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ - defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) -#define SHA512_ASM -#endif - -#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ - defined(__ARM_FEATURE_UNALIGNED) -#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA -#endif +// ../digest/md32_common.h. SHA-512 is the only 64-bit hash algorithm, as of +// this writing, so there is no need for a common collector/padding +// implementation yet. int SHA384_Init(SHA512_CTX *sha) { sha->h[0] = UINT64_C(0xcbbb9d5dc1059ed8); @@ -140,9 +124,9 @@ uint8_t *SHA512(const uint8_t *data, size_t len, uint8_t *out) { } #if !defined(SHA512_ASM) -static +static void sha512_block_data_order(uint64_t *state, const uint8_t *in, + size_t num_blocks); #endif -void sha512_block_data_order(uint64_t *state, const uint64_t *W, size_t num); int SHA384_Final(uint8_t *md, SHA512_CTX *sha) { @@ -154,19 +138,13 @@ int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len) { } void SHA512_Transform(SHA512_CTX *c, const uint8_t *block) { -#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA - if ((size_t)block % sizeof(c->u.d[0]) != 0) { - OPENSSL_memcpy(c->u.p, block, sizeof(c->u.p)); - block = c->u.p; - } -#endif - sha512_block_data_order(c->h, (uint64_t *)block, 1); + sha512_block_data_order(c->h, block, 1); } int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) { uint64_t l; - uint8_t *p = c->u.p; - const uint8_t *data = (const uint8_t *)in_data; + uint8_t *p = c->p; + const uint8_t *data = in_data; if (len == 0) { return 1; @@ -182,7 +160,7 @@ int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) { c->Nl = l; if (c->num != 0) { - size_t n = sizeof(c->u) - c->num; + size_t n = sizeof(c->p) - c->num; if (len < n) { OPENSSL_memcpy(p + c->num, data, len); @@ -192,27 +170,15 @@ int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) { OPENSSL_memcpy(p + c->num, data, n), c->num = 0; len -= n; data += n; - sha512_block_data_order(c->h, (uint64_t *)p, 1); + sha512_block_data_order(c->h, p, 1); } } - if (len >= sizeof(c->u)) { -#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA - if ((size_t)data % sizeof(c->u.d[0]) != 0) { - while (len >= sizeof(c->u)) { - OPENSSL_memcpy(p, data, sizeof(c->u)); - sha512_block_data_order(c->h, (uint64_t *)p, 1); - len -= sizeof(c->u); - data += sizeof(c->u); - } - } else -#endif - { - sha512_block_data_order(c->h, (uint64_t *)data, len / sizeof(c->u)); - data += len; - len %= sizeof(c->u); - data -= len; - } + if (len >= sizeof(c->p)) { + sha512_block_data_order(c->h, data, len / sizeof(c->p)); + data += len; + len %= sizeof(c->p); + data -= len; } if (len != 0) { @@ -224,36 +190,36 @@ int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) { } int SHA512_Final(uint8_t *md, SHA512_CTX *sha) { - uint8_t *p = (uint8_t *)sha->u.p; + uint8_t *p = sha->p; size_t n = sha->num; p[n] = 0x80; // There always is a room for one n++; - if (n > (sizeof(sha->u) - 16)) { - OPENSSL_memset(p + n, 0, sizeof(sha->u) - n); + if (n > (sizeof(sha->p) - 16)) { + OPENSSL_memset(p + n, 0, sizeof(sha->p) - n); n = 0; - sha512_block_data_order(sha->h, (uint64_t *)p, 1); + sha512_block_data_order(sha->h, p, 1); } - OPENSSL_memset(p + n, 0, sizeof(sha->u) - 16 - n); - p[sizeof(sha->u) - 1] = (uint8_t)(sha->Nl); - p[sizeof(sha->u) - 2] = (uint8_t)(sha->Nl >> 8); - p[sizeof(sha->u) - 3] = (uint8_t)(sha->Nl >> 16); - p[sizeof(sha->u) - 4] = (uint8_t)(sha->Nl >> 24); - p[sizeof(sha->u) - 5] = (uint8_t)(sha->Nl >> 32); - p[sizeof(sha->u) - 6] = (uint8_t)(sha->Nl >> 40); - p[sizeof(sha->u) - 7] = (uint8_t)(sha->Nl >> 48); - p[sizeof(sha->u) - 8] = (uint8_t)(sha->Nl >> 56); - p[sizeof(sha->u) - 9] = (uint8_t)(sha->Nh); - p[sizeof(sha->u) - 10] = (uint8_t)(sha->Nh >> 8); - p[sizeof(sha->u) - 11] = (uint8_t)(sha->Nh >> 16); - p[sizeof(sha->u) - 12] = (uint8_t)(sha->Nh >> 24); - p[sizeof(sha->u) - 13] = (uint8_t)(sha->Nh >> 32); - p[sizeof(sha->u) - 14] = (uint8_t)(sha->Nh >> 40); - p[sizeof(sha->u) - 15] = (uint8_t)(sha->Nh >> 48); - p[sizeof(sha->u) - 16] = (uint8_t)(sha->Nh >> 56); - - sha512_block_data_order(sha->h, (uint64_t *)p, 1); + OPENSSL_memset(p + n, 0, sizeof(sha->p) - 16 - n); + p[sizeof(sha->p) - 1] = (uint8_t)(sha->Nl); + p[sizeof(sha->p) - 2] = (uint8_t)(sha->Nl >> 8); + p[sizeof(sha->p) - 3] = (uint8_t)(sha->Nl >> 16); + p[sizeof(sha->p) - 4] = (uint8_t)(sha->Nl >> 24); + p[sizeof(sha->p) - 5] = (uint8_t)(sha->Nl >> 32); + p[sizeof(sha->p) - 6] = (uint8_t)(sha->Nl >> 40); + p[sizeof(sha->p) - 7] = (uint8_t)(sha->Nl >> 48); + p[sizeof(sha->p) - 8] = (uint8_t)(sha->Nl >> 56); + p[sizeof(sha->p) - 9] = (uint8_t)(sha->Nh); + p[sizeof(sha->p) - 10] = (uint8_t)(sha->Nh >> 8); + p[sizeof(sha->p) - 11] = (uint8_t)(sha->Nh >> 16); + p[sizeof(sha->p) - 12] = (uint8_t)(sha->Nh >> 24); + p[sizeof(sha->p) - 13] = (uint8_t)(sha->Nh >> 32); + p[sizeof(sha->p) - 14] = (uint8_t)(sha->Nh >> 40); + p[sizeof(sha->p) - 15] = (uint8_t)(sha->Nh >> 48); + p[sizeof(sha->p) - 16] = (uint8_t)(sha->Nh >> 56); + + sha512_block_data_order(sha->h, p, 1); if (md == NULL) { // TODO(davidben): This NULL check is absent in other low-level hash 'final' @@ -353,20 +319,6 @@ static const uint64_t K512[80] = { __asm__("rorq %1, %0" : "=r"(ret) : "J"(n), "0"(a) : "cc"); \ ret; \ }) -#define PULL64(x) \ - ({ \ - uint64_t ret = *((const uint64_t *)(&(x))); \ - __asm__("bswapq %0" : "=r"(ret) : "0"(ret)); \ - ret; \ - }) -#elif(defined(__i386) || defined(__i386__)) -#define PULL64(x) \ - ({ \ - const unsigned int *p = (const unsigned int *)(&(x)); \ - unsigned int hi = p[0], lo = p[1]; \ - __asm__("bswapl %0; bswapl %1;" : "=r"(lo), "=r"(hi) : "0"(lo), "1"(hi)); \ - ((uint64_t)hi) << 32 | lo; \ - }) #elif(defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) #define ROTR(a, n) \ ({ \ @@ -381,47 +333,22 @@ static const uint64_t K512[80] = { __asm__("ror %0, %1, %2" : "=r"(ret) : "r"(a), "I"(n)); \ ret; \ }) -#if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ - __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -#define PULL64(x) \ - ({ \ - uint64_t ret; \ - __asm__("rev %0, %1" : "=r"(ret) : "r"(*((const uint64_t *)(&(x))))); \ - ret; \ - }) -#endif #endif -#elif defined(_MSC_VER) -#if defined(_WIN64) // applies to both IA-64 and AMD64 +#elif defined(_MSC_VER) && defined(_WIN64) #pragma intrinsic(_rotr64) #define ROTR(a, n) _rotr64((a), n) #endif -#if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) -static uint64_t __fastcall __pull64be(const void *x) { - _asm mov edx, [ecx + 0] - _asm mov eax, [ecx + 4] - _asm bswap edx - _asm bswap eax -} -#define PULL64(x) __pull64be(&(x)) -#if _MSC_VER <= 1200 -#pragma inline_depth(0) -#endif -#endif -#endif - -#ifndef PULL64 -#define B(x, j) \ - (((uint64_t)(*(((const uint8_t *)(&x)) + j))) << ((7 - j) * 8)) -#define PULL64(x) \ - (B(x, 0) | B(x, 1) | B(x, 2) | B(x, 3) | B(x, 4) | B(x, 5) | B(x, 6) | \ - B(x, 7)) -#endif #ifndef ROTR #define ROTR(x, s) (((x) >> s) | (x) << (64 - s)) #endif +static inline uint64_t load_u64_be(const void *ptr) { + uint64_t ret; + OPENSSL_memcpy(&ret, ptr, sizeof(ret)); + return CRYPTO_bswap8(ret); +} + #define Sigma0(x) (ROTR((x), 28) ^ ROTR((x), 34) ^ ROTR((x), 39)) #define Sigma1(x) (ROTR((x), 14) ^ ROTR((x), 18) ^ ROTR((x), 41)) #define sigma0(x) (ROTR((x), 1) ^ ROTR((x), 8) ^ ((x) >> 7)) @@ -434,7 +361,7 @@ static uint64_t __fastcall __pull64be(const void *x) { #if defined(__i386) || defined(__i386__) || defined(_M_IX86) // This code should give better results on 32-bit CPU with less than // ~24 registers, both size and performance wise... -static void sha512_block_data_order(uint64_t *state, const uint64_t *W, +static void sha512_block_data_order(uint64_t *state, const uint8_t *in, size_t num) { uint64_t A, E, T; uint64_t X[9 + 80], *F; @@ -452,7 +379,7 @@ static void sha512_block_data_order(uint64_t *state, const uint64_t *W, F[7] = state[7]; for (i = 0; i < 16; i++, F--) { - T = PULL64(W[i]); + T = load_u64_be(in + i * 8); F[0] = A; F[4] = E; F[8] = T; @@ -483,7 +410,7 @@ static void sha512_block_data_order(uint64_t *state, const uint64_t *W, state[6] += F[6]; state[7] += F[7]; - W += 16; + in += 16 * 8; } } @@ -507,7 +434,7 @@ static void sha512_block_data_order(uint64_t *state, const uint64_t *W, ROUND_00_15(i + j, a, b, c, d, e, f, g, h); \ } while (0) -static void sha512_block_data_order(uint64_t *state, const uint64_t *W, +static void sha512_block_data_order(uint64_t *state, const uint8_t *in, size_t num) { uint64_t a, b, c, d, e, f, g, h, s0, s1, T1; uint64_t X[16]; @@ -524,37 +451,37 @@ static void sha512_block_data_order(uint64_t *state, const uint64_t *W, g = state[6]; h = state[7]; - T1 = X[0] = PULL64(W[0]); + T1 = X[0] = load_u64_be(in); ROUND_00_15(0, a, b, c, d, e, f, g, h); - T1 = X[1] = PULL64(W[1]); + T1 = X[1] = load_u64_be(in + 8); ROUND_00_15(1, h, a, b, c, d, e, f, g); - T1 = X[2] = PULL64(W[2]); + T1 = X[2] = load_u64_be(in + 2 * 8); ROUND_00_15(2, g, h, a, b, c, d, e, f); - T1 = X[3] = PULL64(W[3]); + T1 = X[3] = load_u64_be(in + 3 * 8); ROUND_00_15(3, f, g, h, a, b, c, d, e); - T1 = X[4] = PULL64(W[4]); + T1 = X[4] = load_u64_be(in + 4 * 8); ROUND_00_15(4, e, f, g, h, a, b, c, d); - T1 = X[5] = PULL64(W[5]); + T1 = X[5] = load_u64_be(in + 5 * 8); ROUND_00_15(5, d, e, f, g, h, a, b, c); - T1 = X[6] = PULL64(W[6]); + T1 = X[6] = load_u64_be(in + 6 * 8); ROUND_00_15(6, c, d, e, f, g, h, a, b); - T1 = X[7] = PULL64(W[7]); + T1 = X[7] = load_u64_be(in + 7 * 8); ROUND_00_15(7, b, c, d, e, f, g, h, a); - T1 = X[8] = PULL64(W[8]); + T1 = X[8] = load_u64_be(in + 8 * 8); ROUND_00_15(8, a, b, c, d, e, f, g, h); - T1 = X[9] = PULL64(W[9]); + T1 = X[9] = load_u64_be(in + 9 * 8); ROUND_00_15(9, h, a, b, c, d, e, f, g); - T1 = X[10] = PULL64(W[10]); + T1 = X[10] = load_u64_be(in + 10 * 8); ROUND_00_15(10, g, h, a, b, c, d, e, f); - T1 = X[11] = PULL64(W[11]); + T1 = X[11] = load_u64_be(in + 11 * 8); ROUND_00_15(11, f, g, h, a, b, c, d, e); - T1 = X[12] = PULL64(W[12]); + T1 = X[12] = load_u64_be(in + 12 * 8); ROUND_00_15(12, e, f, g, h, a, b, c, d); - T1 = X[13] = PULL64(W[13]); + T1 = X[13] = load_u64_be(in + 13 * 8); ROUND_00_15(13, d, e, f, g, h, a, b, c); - T1 = X[14] = PULL64(W[14]); + T1 = X[14] = load_u64_be(in + 14 * 8); ROUND_00_15(14, c, d, e, f, g, h, a, b); - T1 = X[15] = PULL64(W[15]); + T1 = X[15] = load_u64_be(in + 15 * 8); ROUND_00_15(15, b, c, d, e, f, g, h, a); for (i = 16; i < 80; i += 16) { @@ -585,7 +512,7 @@ static void sha512_block_data_order(uint64_t *state, const uint64_t *W, state[6] += g; state[7] += h; - W += 16; + in += 16 * 8; } } @@ -594,8 +521,6 @@ static void sha512_block_data_order(uint64_t *state, const uint64_t *W, #endif // !SHA512_ASM #undef ROTR -#undef PULL64 -#undef B #undef Sigma0 #undef Sigma1 #undef sigma0 @@ -604,5 +529,3 @@ static void sha512_block_data_order(uint64_t *state, const uint64_t *W, #undef Maj #undef ROUND_00_15 #undef ROUND_16_80 -#undef HOST_c2l -#undef HOST_l2c diff --git a/src/crypto/fipsmodule/sha/sha_test.cc b/src/crypto/fipsmodule/sha/sha_test.cc new file mode 100644 index 0000000..5b248b4 --- /dev/null +++ b/src/crypto/fipsmodule/sha/sha_test.cc @@ -0,0 +1,60 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#include + +#include "internal.h" +#include "../../test/abi_test.h" + + +#if defined(SHA1_ASM) && defined(SUPPORTS_ABI_TEST) +TEST(SHATest, SHA1ABI) { + SHA_CTX ctx; + SHA1_Init(&ctx); + + static const uint8_t kBuf[SHA_CBLOCK * 8] = {0}; + CHECK_ABI(sha1_block_data_order, ctx.h, kBuf, 1); + CHECK_ABI(sha1_block_data_order, ctx.h, kBuf, 2); + CHECK_ABI(sha1_block_data_order, ctx.h, kBuf, 4); + CHECK_ABI(sha1_block_data_order, ctx.h, kBuf, 8); +} +#endif // SHA1_ASM && SUPPORTS_ABI_TEST + +#if defined(SHA256_ASM) && defined(SUPPORTS_ABI_TEST) +TEST(SHATest, SHA256ABI) { + SHA256_CTX ctx; + SHA256_Init(&ctx); + + static const uint8_t kBuf[SHA256_CBLOCK * 8] = {0}; + CHECK_ABI(sha256_block_data_order, ctx.h, kBuf, 1); + CHECK_ABI(sha256_block_data_order, ctx.h, kBuf, 2); + CHECK_ABI(sha256_block_data_order, ctx.h, kBuf, 4); + CHECK_ABI(sha256_block_data_order, ctx.h, kBuf, 8); +} +#endif // SHA256_ASM && SUPPORTS_ABI_TEST + +#if defined(SHA512_ASM) && defined(SUPPORTS_ABI_TEST) +TEST(SHATest, SHA512ABI) { + SHA512_CTX ctx; + SHA512_Init(&ctx); + + static const uint8_t kBuf[SHA512_CBLOCK * 4] = {0}; + CHECK_ABI(sha512_block_data_order, ctx.h, kBuf, 1); + CHECK_ABI(sha512_block_data_order, ctx.h, kBuf, 2); + CHECK_ABI(sha512_block_data_order, ctx.h, kBuf, 3); + CHECK_ABI(sha512_block_data_order, ctx.h, kBuf, 4); +} +#endif // SHA512_ASM && SUPPORTS_ABI_TEST diff --git a/src/crypto/hrss/asm/poly_rq_mul.S b/src/crypto/hrss/asm/poly_rq_mul.S index 0ad0fb5..ebaabd3 100644 --- a/src/crypto/hrss/asm/poly_rq_mul.S +++ b/src/crypto/hrss/asm/poly_rq_mul.S @@ -312,6 +312,7 @@ mask_mod8192: .text .global poly_Rq_mul .hidden poly_Rq_mul +.type poly_Rq_mul, @function .att_syntax prefix poly_Rq_mul: .cfi_startproc @@ -8450,8 +8451,13 @@ vpand mask_mod8192(%rip), %ymm11, %ymm11 vmovdqu %ymm11, 1320(%rdi) mov %r8, %rsp pop %r12 +.cfi_restore r12 pop %rbp +.cfi_restore rbp +.cfi_def_cfa_register rsp +.cfi_adjust_cfa_offset -8 ret .cfi_endproc +.size poly_Rq_mul,.-poly_Rq_mul #endif diff --git a/src/crypto/hrss/hrss.c b/src/crypto/hrss/hrss.c index dd3f979..d81a43f 100644 --- a/src/crypto/hrss/hrss.c +++ b/src/crypto/hrss/hrss.c @@ -51,6 +51,8 @@ // SXY: https://eprint.iacr.org/2017/1005.pdf // NTRUTN14: // https://assets.onboardsecurity.com/static/downloads/NTRU/resources/NTRUTech014.pdf +// NTRUCOMP: +// https://eprint.iacr.org/2018/1174 // Vector operations. @@ -62,7 +64,7 @@ // NEON and SSE2 for implementing some vector operations. // TODO: MSVC can likely also be made to work with vector operations. -#if (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) && \ +#if ((defined(__SSE__) && defined(OPENSSL_X86)) || defined(OPENSSL_X86_64)) && \ (defined(__clang__) || !defined(_MSC_VER)) #define HRSS_HAVE_VECTOR_UNIT @@ -486,26 +488,30 @@ static int poly2_top_bits_are_clear(const struct poly2 *p) { // ----------------- // 0 | 0 | 0 // 0 | 1 | 1 -// 1 | 0 | 2 (aka -1) -// 1 | 1 | +// 1 | 1 | -1 (aka 2) +// 1 | 0 | // -// ('s' is for sign, and 'a' just a letter.) +// ('s' is for sign, and 'a' is the absolute value.) // // Once bitsliced as such, the following circuits can be used to implement // addition and multiplication mod 3: // // (s3, a3) = (s1, a1) × (s2, a2) -// s3 = (a1 ∧ s2) ⊕ (s1 ∧ a2) -// a3 = (s1 ∧ s2) ⊕ (a1 ∧ a2) +// a3 = a1 ∧ a2 +// s3 = (s1 ⊕ s2) ∧ a3 // // (s3, a3) = (s1, a1) + (s2, a2) -// x = (a1 ⊕ a2) -// y = (s1 ⊕ s2) ⊕ (a1 ∧ a2) -// z = (s1 ∧ s2) -// s3 = y ∧ ¬x -// a3 = z ∨ (x ∧ ¬y) +// t = s1 ⊕ a2 +// s3 = t ∧ (s2 ⊕ a1) +// a3 = (a1 ⊕ a2) ∨ (t ⊕ s2) +// +// (s3, a3) = (s1, a1) - (s2, a2) +// t = a1 ⊕ a2 +// s3 = (s1 ⊕ a2) ∧ (t ⊕ s2) +// a3 = t ∨ (s1 ⊕ s2) +// +// Negating a value just involves XORing s by a. // -// Negating a value just involves swapping s and a. // struct poly3 { // struct poly2 s, a; // }; @@ -538,22 +544,45 @@ static void poly3_zero(struct poly3 *p) { poly2_zero(&p->a); } +// poly3_word_mul sets (|out_s|, |out_a) to (|s1|, |a1|) × (|s2|, |a2|). +static void poly3_word_mul(crypto_word_t *out_s, crypto_word_t *out_a, + const crypto_word_t s1, const crypto_word_t a1, + const crypto_word_t s2, const crypto_word_t a2) { + *out_a = a1 & a2; + *out_s = (s1 ^ s2) & *out_a; +} + +// poly3_word_add sets (|out_s|, |out_a|) to (|s1|, |a1|) + (|s2|, |a2|). +static void poly3_word_add(crypto_word_t *out_s, crypto_word_t *out_a, + const crypto_word_t s1, const crypto_word_t a1, + const crypto_word_t s2, const crypto_word_t a2) { + const crypto_word_t t = s1 ^ a2; + *out_s = t & (s2 ^ a1); + *out_a = (a1 ^ a2) | (t ^ s2); +} + +// poly3_word_sub sets (|out_s|, |out_a|) to (|s1|, |a1|) - (|s2|, |a2|). +static void poly3_word_sub(crypto_word_t *out_s, crypto_word_t *out_a, + const crypto_word_t s1, const crypto_word_t a1, + const crypto_word_t s2, const crypto_word_t a2) { + const crypto_word_t t = a1 ^ a2; + *out_s = (s1 ^ a2) & (t ^ s2); + *out_a = t | (s1 ^ s2); +} + // lsb_to_all replicates the least-significant bit of |v| to all bits of the // word. This is used in bit-slicing operations to make a vector from a fixed // value. static crypto_word_t lsb_to_all(crypto_word_t v) { return 0u - (v & 1); } -// poly3_mul_const sets |p| to |p|×m, where m = (ms, ma). +// poly3_mul_const sets |p| to |p|×m, where m = (ms, ma). static void poly3_mul_const(struct poly3 *p, crypto_word_t ms, crypto_word_t ma) { ms = lsb_to_all(ms); ma = lsb_to_all(ma); for (size_t i = 0; i < WORDS_PER_POLY; i++) { - const crypto_word_t s = p->s.v[i]; - const crypto_word_t a = p->a.v[i]; - p->s.v[i] = (s & ma) ^ (ms & a); - p->a.v[i] = (ms & s) ^ (ma & a); + poly3_word_mul(&p->s.v[i], &p->a.v[i], p->s.v[i], p->a.v[i], ms, ma); } } @@ -564,23 +593,15 @@ static void poly3_rotr_consttime(struct poly3 *p, size_t bits) { HRSS_poly2_rotr_consttime(&p->a, bits); } -// poly3_fmadd sets |out| to |out| + |in|×m, where m is (ms, ma). -static void poly3_fmadd(struct poly3 *RESTRICT out, +// poly3_fmadd sets |out| to |out| - |in|×m, where m is (ms, ma). +static void poly3_fmsub(struct poly3 *RESTRICT out, const struct poly3 *RESTRICT in, crypto_word_t ms, crypto_word_t ma) { - // (See the multiplication and addition circuits given above.) + crypto_word_t product_s, product_a; for (size_t i = 0; i < WORDS_PER_POLY; i++) { - const crypto_word_t s = in->s.v[i]; - const crypto_word_t a = in->a.v[i]; - const crypto_word_t product_s = (s & ma) ^ (ms & a); - const crypto_word_t product_a = (ms & s) ^ (ma & a); - - const crypto_word_t x = out->a.v[i] ^ product_a; - const crypto_word_t y = - (out->s.v[i] ^ product_s) ^ (out->a.v[i] & product_a); - const crypto_word_t z = (out->s.v[i] & product_s); - out->s.v[i] = y & ~x; - out->a.v[i] = z | (x & ~y); + poly3_word_mul(&product_s, &product_a, in->s.v[i], in->a.v[i], ms, ma); + poly3_word_sub(&out->s.v[i], &out->a.v[i], out->s.v[i], out->a.v[i], + product_s, product_a); } } @@ -599,20 +620,13 @@ OPENSSL_UNUSED static int poly3_top_bits_are_clear(const struct poly3 *p) { // poly3_mod_phiN reduces |p| by Φ(N). static void poly3_mod_phiN(struct poly3 *p) { // In order to reduce by Φ(N) we subtract by the value of the greatest - // coefficient. That's the same as adding the negative of its value. The - // negative of (s, a) is (a, s), so the arguments are swapped in the following - // two lines. - const crypto_word_t factor_s = final_bit_to_all(p->a.v[WORDS_PER_POLY - 1]); - const crypto_word_t factor_a = final_bit_to_all(p->s.v[WORDS_PER_POLY - 1]); + // coefficient. + const crypto_word_t factor_s = final_bit_to_all(p->s.v[WORDS_PER_POLY - 1]); + const crypto_word_t factor_a = final_bit_to_all(p->a.v[WORDS_PER_POLY - 1]); for (size_t i = 0; i < WORDS_PER_POLY; i++) { - const crypto_word_t s = p->s.v[i]; - const crypto_word_t a = p->a.v[i]; - const crypto_word_t x = a ^ factor_a; - const crypto_word_t y = (s ^ factor_s) ^ (a & factor_a); - const crypto_word_t z = (s & factor_s); - p->s.v[i] = y & ~x; - p->a.v[i] = z | (x & ~y); + poly3_word_sub(&p->s.v[i], &p->a.v[i], p->s.v[i], p->a.v[i], factor_s, + factor_a); } poly2_clear_top_bits(&p->s); @@ -640,17 +654,6 @@ struct poly3_span { crypto_word_t *a; }; -// poly3_word_add sets (|out_s|, |out_a|) to (|s1|, |a1|) + (|s2|, |a2|). -static void poly3_word_add(crypto_word_t *out_s, crypto_word_t *out_a, - const crypto_word_t s1, const crypto_word_t a1, - const crypto_word_t s2, const crypto_word_t a2) { - const crypto_word_t x = a1 ^ a2; - const crypto_word_t y = (s1 ^ s2) ^ (a1 & a2); - const crypto_word_t z = s1 & s2; - *out_s = y & ~x; - *out_a = z | (x & ~y); -} - // poly3_span_add adds |n| words of values from |a| and |b| and writes the // result to |out|. static void poly3_span_add(const struct poly3_span *out, @@ -665,8 +668,7 @@ static void poly3_span_add(const struct poly3_span *out, static void poly3_span_sub(const struct poly3_span *a, const struct poly3_span *b, size_t n) { for (size_t i = 0; i < n; i++) { - // Swapping |b->s| and |b->a| negates the value being added. - poly3_word_add(&a->s[i], &a->a[i], a->s[i], a->a[i], b->a[i], b->s[i]); + poly3_word_sub(&a->s[i], &a->a[i], a->s[i], a->a[i], b->s[i], b->a[i]); } } @@ -686,14 +688,11 @@ static void poly3_mul_aux(const struct poly3_span *out, for (size_t i = 0; i < BITS_PER_WORD; i++) { // Multiply (s, a) by the next value from (b_s, b_a). - const crypto_word_t v_s = lsb_to_all(b_s); - const crypto_word_t v_a = lsb_to_all(b_a); + crypto_word_t m_s, m_a; + poly3_word_mul(&m_s, &m_a, a_s, a_a, lsb_to_all(b_s), lsb_to_all(b_a)); b_s >>= 1; b_a >>= 1; - const crypto_word_t m_s = (v_s & a_a) ^ (a_s & v_a); - const crypto_word_t m_a = (a_s & v_s) ^ (a_a & v_a); - if (i == 0) { // Special case otherwise the code tries to shift by BITS_PER_WORD // below, which is undefined. @@ -814,21 +813,22 @@ static inline void poly3_vec_cswap(vec_t a_s[6], vec_t a_a[6], vec_t b_s[6], } } -// poly3_vec_fmadd adds (|ms|, |ma|) × (|b_s|, |b_a|) to (|a_s|, |a_a|). -static inline void poly3_vec_fmadd(vec_t a_s[6], vec_t a_a[6], vec_t b_s[6], +// poly3_vec_fmsub subtracts (|ms|, |ma|) × (|b_s|, |b_a|) from (|a_s|, |a_a|). +static inline void poly3_vec_fmsub(vec_t a_s[6], vec_t a_a[6], vec_t b_s[6], vec_t b_a[6], const vec_t ms, const vec_t ma) { for (int i = 0; i < 6; i++) { + // See the bitslice formula, above. const vec_t s = b_s[i]; const vec_t a = b_a[i]; - const vec_t product_s = (s & ma) ^ (ms & a); - const vec_t product_a = (ms & s) ^ (ma & a); + const vec_t product_a = a & ma; + const vec_t product_s = (s ^ ms) & product_a; - const vec_t x = a_a[i] ^ product_a; - const vec_t y = (a_s[i] ^ product_s) ^ (a_a[i] & product_a); - const vec_t z = (a_s[i] & product_s); - a_s[i] = y & ~x; - a_a[i] = z | (x & ~y); + const vec_t out_s = a_s[i]; + const vec_t out_a = a_a[i]; + const vec_t t = out_a ^ product_a; + a_s[i] = (out_s ^ product_a) & (t ^ product_s); + a_a[i] = t | (out_s ^ product_s); } } @@ -872,19 +872,18 @@ static void poly3_invert_vec(struct poly3 *out, const struct poly3 *in) { memset(&still_going, 0xff, sizeof(still_going)); for (unsigned i = 0; i < 2 * (N - 1) - 1; i++) { - const vec_t s_a = vec_broadcast_bit( - still_going & ((f_a[0] & g_s[0]) ^ (f_s[0] & g_a[0]))); - const vec_t s_s = vec_broadcast_bit( - still_going & ((f_a[0] & g_a[0]) ^ (f_s[0] & g_s[0]))); + const vec_t s_a = vec_broadcast_bit(still_going & (f_a[0] & g_a[0])); + const vec_t s_s = + vec_broadcast_bit(still_going & ((f_s[0] ^ g_s[0]) & s_a)); const vec_t should_swap = (s_s | s_a) & vec_broadcast_bit15(deg_f - deg_g); poly3_vec_cswap(f_s, f_a, g_s, g_a, should_swap); - poly3_vec_fmadd(f_s, f_a, g_s, g_a, s_s, s_a); + poly3_vec_fmsub(f_s, f_a, g_s, g_a, s_s, s_a); poly3_vec_rshift1(f_s, f_a); poly3_vec_cswap(b_s, b_a, c_s, c_a, should_swap); - poly3_vec_fmadd(b_s, b_a, c_s, c_a, s_s, s_a); + poly3_vec_fmsub(b_s, b_a, c_s, c_a, s_s, s_a); poly3_vec_lshift1(c_s, c_a); const vec_t deg_sum = should_swap & (deg_f ^ deg_g); @@ -957,9 +956,9 @@ void HRSS_poly3_invert(struct poly3 *out, const struct poly3 *in) { for (unsigned i = 0; i < 2 * (N - 1) - 1; i++) { const crypto_word_t s_a = lsb_to_all( - still_going & ((f.a.v[0] & g.s.v[0]) ^ (f.s.v[0] & g.a.v[0]))); + still_going & (f.a.v[0] & g.a.v[0])); const crypto_word_t s_s = lsb_to_all( - still_going & ((f.a.v[0] & g.a.v[0]) ^ (f.s.v[0] & g.s.v[0]))); + still_going & ((f.s.v[0] ^ g.s.v[0]) & s_a)); const crypto_word_t should_swap = (s_s | s_a) & constant_time_lt_w(deg_f, deg_g); @@ -971,8 +970,8 @@ void HRSS_poly3_invert(struct poly3 *out, const struct poly3 *in) { deg_g ^= deg_sum; assert(deg_g >= 1); - poly3_fmadd(&f, &g, s_s, s_a); - poly3_fmadd(b, &c, s_s, s_a); + poly3_fmsub(&f, &g, s_s, s_a); + poly3_fmsub(b, &c, s_s, s_a); poly3_rshift1(&f); poly3_lshift1(&c); @@ -1385,23 +1384,12 @@ static void poly_mul_novec(struct poly *out, const struct poly *x, OPENSSL_memset(&out->v[N], 0, 3 * sizeof(uint16_t)); } -// On x86-64, we can use the AVX2 code from [HRSS]. (The authors have given -// explicit permission for this and signed a CLA.) However it's 57KB of object -// code, so it's not used if |OPENSSL_SMALL| is defined. -#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL) && \ - defined(OPENSSL_X86_64) && defined(OPENSSL_LINUX) -// poly_Rq_mul is defined in assembly. -extern void poly_Rq_mul(struct poly *r, const struct poly *a, - const struct poly *b); -#endif - static void poly_mul(struct poly *r, const struct poly *a, const struct poly *b) { -#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL) && \ - defined(OPENSSL_X86_64) && defined(OPENSSL_LINUX) +#if defined(POLY_RQ_MUL_ASM) const int has_avx2 = (OPENSSL_ia32cap_P[2] & (1 << 5)) != 0; if (has_avx2) { - poly_Rq_mul(r, a, b); + poly_Rq_mul(r->v, a->v, b->v); return; } #endif @@ -1472,7 +1460,7 @@ static void poly2_from_poly(struct poly2 *out, const struct poly *in) { *words = word; } -// mod3 treats |a| is a signed number and returns |a| mod 3. +// mod3 treats |a| as a signed number and returns |a| mod 3. static uint16_t mod3(int16_t a) { const int16_t q = ((int32_t)a * 21845) >> 16; int16_t ret = a - 3 * q; @@ -1495,9 +1483,10 @@ static void poly3_from_poly(struct poly3 *out, const struct poly *in) { // The signed value is reduced mod 3, yielding {0, 1, 2}. const uint16_t v = mod3((int16_t)(in->v[i] << 3) >> 3); s >>= 1; - s |= (crypto_word_t)(v & 2) << (BITS_PER_WORD - 2); + const crypto_word_t s_bit = (crypto_word_t)(v & 2) << (BITS_PER_WORD - 2); + s |= s_bit; a >>= 1; - a |= (crypto_word_t)(v & 1) << (BITS_PER_WORD - 1); + a |= s_bit | (crypto_word_t)(v & 1) << (BITS_PER_WORD - 1); shift++; if (shift == BITS_PER_WORD) { @@ -1537,9 +1526,11 @@ static crypto_word_t poly3_from_poly_checked(struct poly3 *out, ok &= constant_time_eq_w(v, expected); s >>= 1; - s |= (crypto_word_t)(mod3 & 2) << (BITS_PER_WORD - 2); + const crypto_word_t s_bit = (crypto_word_t)(mod3 & 2) + << (BITS_PER_WORD - 2); + s |= s_bit; a >>= 1; - a |= (crypto_word_t)(mod3 & 1) << (BITS_PER_WORD - 1); + a |= s_bit | (crypto_word_t)(mod3 & 1) << (BITS_PER_WORD - 1); shift++; if (shift == BITS_PER_WORD) { @@ -1686,6 +1677,7 @@ static void poly_invert(struct poly *out, const struct poly *in) { #define POLY_BYTES 1138 +// poly_marshal serialises all but the final coefficient of |in| to |out|. static void poly_marshal(uint8_t out[POLY_BYTES], const struct poly *in) { const uint16_t *p = in->v; @@ -1718,7 +1710,11 @@ static void poly_marshal(uint8_t out[POLY_BYTES], const struct poly *in) { out[6] = 0xf & (p[3] >> 9); } -static void poly_unmarshal(struct poly *out, const uint8_t in[POLY_BYTES]) { +// poly_unmarshal parses the output of |poly_marshal| and sets |out| such that +// all but the final coefficients match, and the final coefficient is calculated +// such that evaluating |out| at one results in zero. It returns one on success +// or zero if |in| is an invalid encoding. +static int poly_unmarshal(struct poly *out, const uint8_t in[POLY_BYTES]) { uint16_t *p = out->v; for (size_t i = 0; i < N / 8; i++) { @@ -1751,9 +1747,10 @@ static void poly_unmarshal(struct poly *out, const uint8_t in[POLY_BYTES]) { out->v[i] = (int16_t)(out->v[i] << 3) >> 3; } - // There are four unused bits at the top of the final byte. They are always - // marshaled as zero by this code but we allow them to take any value when - // parsing in order to support future extension. + // There are four unused bits in the last byte. We require them to be zero. + if ((in[6] & 0xf0) != 0) { + return 0; + } // Set the final coefficient as specifed in [HRSSNIST] 1.9.2 step 6. uint32_t sum = 0; @@ -1762,6 +1759,8 @@ static void poly_unmarshal(struct poly *out, const uint8_t in[POLY_BYTES]) { } out->v[N - 1] = (uint16_t)(0u - sum); + + return 1; } // mod3_from_modQ maps {0, 1, Q-1, 65535} -> {0, 1, 2, 2}. Note that |v| may @@ -1795,69 +1794,21 @@ static void poly_marshal_mod3(uint8_t out[HRSS_POLY3_BYTES], // HRSS-specific functions // ----------------------- -// poly_short_sample implements the sampling algorithm given in [HRSSNIST] -// section 1.8.1. The output coefficients are in {0, 1, 0xffff} which makes some -// later computation easier. +// poly_short_sample samples a vector of values in {0xffff (i.e. -1), 0, 1}. +// This is the same action as the algorithm in [HRSSNIST] section 1.8.1, but +// with HRSS-SXY the sampling algorithm is now a private detail of the +// implementation (previously it had to match between two parties). This +// function uses that freedom to implement a flatter distribution of values. static void poly_short_sample(struct poly *out, const uint8_t in[HRSS_SAMPLE_BYTES]) { - // We wish to calculate the difference (mod 3) between two, two-bit numbers. - // Here is a table of results for a - b. Negative one is written as 0b11 so - // that a couple of shifts can be used to sign-extend it. Any input value of - // 0b11 is invalid and a convention is adopted that an invalid input results - // in an invalid output (0b10). - // - // b a result - // 00 00 00 - // 00 01 01 - // 00 10 11 - // 00 11 10 - // 01 00 11 - // 01 01 00 - // 01 10 01 - // 01 11 10 - // 10 00 01 - // 10 01 11 - // 10 10 00 - // 10 11 10 - // 11 00 10 - // 11 01 10 - // 11 10 10 - // 11 11 10 - // - // The result column is encoded in a single-word lookup-table: - // 0001 1110 1100 0110 0111 0010 1010 1010 - // 1 d c 6 7 2 a a - static const uint32_t kLookup = 0x1dc672aa; - - // In order to generate pairs of numbers mod 3 (non-uniformly) we treat pairs - // of bits in a uint32 as separate values and sum two random vectors of 1-bit - // numbers. This works because these pairs are isolated because no carry can - // spread between them. - - uint16_t *p = out->v; - for (size_t i = 0; i < N / 8; i++) { - uint32_t v; - OPENSSL_memcpy(&v, in, sizeof(v)); - in += sizeof(v); - - uint32_t sums = (v & 0x55555555) + ((v >> 1) & 0x55555555); - for (unsigned j = 0; j < 8; j++) { - p[j] = (int32_t)(kLookup << ((sums & 15) << 1)) >> 30; - sums >>= 4; - } - p += 8; - } - - // There are four values remaining. - uint16_t v; - OPENSSL_memcpy(&v, in, sizeof(v)); - - uint16_t sums = (v & 0x5555) + ((v >> 1) & 0x5555); - for (unsigned j = 0; j < 4; j++) { - p[j] = (int32_t)(kLookup << ((sums & 15) << 1)) >> 30; - sums >>= 4; + OPENSSL_STATIC_ASSERT(HRSS_SAMPLE_BYTES == N - 1, + "HRSS_SAMPLE_BYTES incorrect"); + for (size_t i = 0; i < N - 1; i++) { + uint16_t v = mod3(in[i]); + // Map {0, 1, 2} -> {0, 1, 0xffff} + v |= ((v >> 1) ^ 1) - 1; + out->v[i] = v; } - out->v[N - 1] = 0; } @@ -2077,17 +2028,6 @@ void HRSS_generate_key( poly_clamp(&priv->ph_inverse); } -static void owf(uint8_t out[POLY_BYTES], const struct public_key *pub, - const struct poly *m_lifted, const struct poly *r) { - struct poly prh_plus_m; - poly_mul(&prh_plus_m, r, &pub->ph); - for (unsigned i = 0; i < N; i++) { - prh_plus_m.v[i] += m_lifted->v[i]; - } - - poly_marshal(out, &prh_plus_m); -} - static const char kSharedKey[] = "shared key"; void HRSS_encap(uint8_t out_ciphertext[POLY_BYTES], @@ -2100,7 +2040,14 @@ void HRSS_encap(uint8_t out_ciphertext[POLY_BYTES], poly_short_sample(&m, in); poly_short_sample(&r, in + HRSS_SAMPLE_BYTES); poly_lift(&m_lifted, &m); - owf(out_ciphertext, pub, &m_lifted, &r); + + struct poly prh_plus_m; + poly_mul(&prh_plus_m, &r, &pub->ph); + for (unsigned i = 0; i < N; i++) { + prh_plus_m.v[i] += m_lifted.v[i]; + } + + poly_marshal(out_ciphertext, &prh_plus_m); uint8_t m_bytes[HRSS_POLY3_BYTES], r_bytes[HRSS_POLY3_BYTES]; poly_marshal_mod3(m_bytes, &m); @@ -2116,11 +2063,8 @@ void HRSS_encap(uint8_t out_ciphertext[POLY_BYTES], } void HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES], - const struct HRSS_public_key *in_pub, const struct HRSS_private_key *in_priv, const uint8_t *ciphertext, size_t ciphertext_len) { - const struct public_key *pub = - public_key_from_external((struct HRSS_public_key *)in_pub); const struct private_key *priv = private_key_from_external((struct HRSS_private_key *)in_priv); @@ -2156,53 +2100,71 @@ void HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES], "HRSS shared key length incorrect"); SHA256_Final(out_shared_key, &hash_ctx); + struct poly c; // If the ciphertext is publicly invalid then a random shared key is still // returned to simply the logic of the caller, but this path is not constant // time. - if (ciphertext_len != HRSS_CIPHERTEXT_BYTES) { + if (ciphertext_len != HRSS_CIPHERTEXT_BYTES || + !poly_unmarshal(&c, ciphertext)) { return; } - struct poly c; - poly_unmarshal(&c, ciphertext); - - struct poly f; + struct poly f, cf; + struct poly3 cf3, m3; poly_from_poly3(&f, &priv->f); - - struct poly cf; poly_mul(&cf, &c, &f); - - struct poly3 cf3; poly3_from_poly(&cf3, &cf); // Note that cf3 is not reduced mod Φ(N). That reduction is deferred. - - struct poly3 m3; HRSS_poly3_mul(&m3, &cf3, &priv->f_inverse); struct poly m, m_lifted; poly_from_poly3(&m, &m3); poly_lift(&m_lifted, &m); + struct poly r; for (unsigned i = 0; i < N; i++) { - c.v[i] -= m_lifted.v[i]; + r.v[i] = c.v[i] - m_lifted.v[i]; } - poly_mul(&c, &c, &priv->ph_inverse); - poly_mod_phiN(&c); - poly_clamp(&c); + poly_mul(&r, &r, &priv->ph_inverse); + poly_mod_phiN(&r); + poly_clamp(&r); struct poly3 r3; - crypto_word_t ok = poly3_from_poly_checked(&r3, &c); + crypto_word_t ok = poly3_from_poly_checked(&r3, &r); + + // [NTRUCOMP] section 5.1 includes ReEnc2 and a proof that it's valid. Rather + // than do an expensive |poly_mul|, it rebuilds |c'| from |c - lift(m)| + // (called |b|) with: + // t = (−b(1)/N) mod Q + // c' = b + tΦ(N) + lift(m) mod Q + // + // When polynomials are transmitted, the final coefficient is omitted and + // |poly_unmarshal| sets it such that f(1) == 0. Thus c(1) == 0. Also, + // |poly_lift| multiplies the result by (x-1) and therefore evaluating a + // lifted polynomial at 1 is also zero. Thus lift(m)(1) == 0 and so + // (c - lift(m))(1) == 0. + // + // Although we defer the reduction above, |b| is conceptually reduced mod + // Φ(N). In order to do that reduction one subtracts |c[N-1]| from every + // coefficient. Therefore b(1) = -c[N-1]×N. The value of |t|, above, then is + // just recovering |c[N-1]|, and adding tΦ(N) is simply undoing the reduction. + // Therefore b + tΦ(N) + lift(m) = c by construction and we don't need to + // recover |c| at all so long as we do the checks in + // |poly3_from_poly_checked|. + // + // The |poly_marshal| here then is just confirming that |poly_unmarshal| is + // strict and could be omitted. uint8_t expected_ciphertext[HRSS_CIPHERTEXT_BYTES]; OPENSSL_STATIC_ASSERT(HRSS_CIPHERTEXT_BYTES == POLY_BYTES, "ciphertext is the wrong size"); assert(ciphertext_len == sizeof(expected_ciphertext)); - owf(expected_ciphertext, pub, &m_lifted, &c); + poly_marshal(expected_ciphertext, &c); uint8_t m_bytes[HRSS_POLY3_BYTES]; uint8_t r_bytes[HRSS_POLY3_BYTES]; poly_marshal_mod3(m_bytes, &m); - poly_marshal_mod3(r_bytes, &c); + poly_marshal_mod3(r_bytes, &r); ok &= constant_time_is_zero_w(CRYPTO_memcmp(ciphertext, expected_ciphertext, sizeof(expected_ciphertext))); @@ -2231,7 +2193,9 @@ void HRSS_marshal_public_key(uint8_t out[HRSS_PUBLIC_KEY_BYTES], int HRSS_parse_public_key(struct HRSS_public_key *out, const uint8_t in[HRSS_PUBLIC_KEY_BYTES]) { struct public_key *pub = public_key_from_external(out); - poly_unmarshal(&pub->ph, in); + if (!poly_unmarshal(&pub->ph, in)) { + return 0; + } OPENSSL_memset(&pub->ph.v[N], 0, 3 * sizeof(uint16_t)); return 1; } diff --git a/src/crypto/hrss/hrss_test.cc b/src/crypto/hrss/hrss_test.cc index ead717d..493255d 100644 --- a/src/crypto/hrss/hrss_test.cc +++ b/src/crypto/hrss/hrss_test.cc @@ -14,9 +14,11 @@ #include +#include #include #include +#include "../test/abi_test.h" #include "../test/test_util.h" #include "internal.h" @@ -79,20 +81,18 @@ static void poly3_rand(poly3 *p) { RAND_bytes(reinterpret_cast(p), sizeof(poly3)); p->s.v[WORDS_PER_POLY - 1] &= (UINT64_C(1) << BITS_IN_LAST_WORD) - 1; p->a.v[WORDS_PER_POLY - 1] &= (UINT64_C(1) << BITS_IN_LAST_WORD) - 1; - // (s, a) = (1, 1) is invalid. Map those to one. + // (s, a) = (1, 0) is invalid. Map those to -1. for (size_t j = 0; j < WORDS_PER_POLY; j++) { - p->s.v[j] ^= p->s.v[j] & p->a.v[j]; + p->a.v[j] |= p->s.v[j]; } } // poly3_word_add sets (|s1|, |a1|) += (|s2|, |a2|). static void poly3_word_add(crypto_word_t *s1, crypto_word_t *a1, const crypto_word_t s2, const crypto_word_t a2) { - const crypto_word_t x = *a1 ^ a2; - const crypto_word_t y = (*s1 ^ s2) ^ (*a1 & a2); - const crypto_word_t z = *s1 & s2; - *s1 = y & ~x; - *a1 = z | (x & ~y); + const crypto_word_t t = *s1 ^ a2; + *s1 = t & (s2 ^ *a1); + *a1 = (*a1 ^ a2) | (t ^ s2); } TEST(HRSS, Poly3Invert) { @@ -103,6 +103,7 @@ TEST(HRSS, Poly3Invert) { // The inverse of -1 is -1. p.s.v[0] = 1; + p.a.v[0] = 1; HRSS_poly3_invert(&inverse, &p); EXPECT_EQ(Bytes(reinterpret_cast(&p), sizeof(p)), Bytes(reinterpret_cast(&inverse), sizeof(inverse))); @@ -142,7 +143,7 @@ TEST(HRSS, Poly3UnreducedInput) { // |r| is probably already not reduced mod Φ(N), but add x^701 - 1 and // recompute to ensure that we get the same answer. (Since (x^701 - 1) ≡ 0 mod // Φ(N).) - poly3_word_add(&r.s.v[0], &r.a.v[0], 1, 0); + poly3_word_add(&r.s.v[0], &r.a.v[0], 1, 1); poly3_word_add(&r.s.v[WORDS_PER_POLY - 1], &r.a.v[WORDS_PER_POLY - 1], 0, UINT64_C(1) << BITS_IN_LAST_WORD); @@ -158,11 +159,11 @@ TEST(HRSS, Poly3UnreducedInput) { for (size_t i = 0; i < WORDS_PER_POLY-1; i++) { EXPECT_EQ(CONSTTIME_TRUE_W, result.s.v[i]); - EXPECT_EQ(0u, result.a.v[i]); + EXPECT_EQ(CONSTTIME_TRUE_W, result.a.v[i]); } EXPECT_EQ((UINT64_C(1) << (BITS_IN_LAST_WORD - 1)) - 1, result.s.v[WORDS_PER_POLY - 1]); - EXPECT_EQ(0u, result.a.v[WORDS_PER_POLY - 1]); + EXPECT_EQ(result.s.v[WORDS_PER_POLY - 1], result.a.v[WORDS_PER_POLY - 1]); } TEST(HRSS, Basic) { @@ -180,17 +181,17 @@ TEST(HRSS, Basic) { encap_entropy[i] = i; } - uint8_t ciphertext[HRSS_CIPHERTEXT_BYTES]; - uint8_t shared_key[HRSS_KEY_BYTES]; - HRSS_encap(ciphertext, shared_key, &pub, encap_entropy); - HRSS_public_key pub2; uint8_t pub_bytes[HRSS_PUBLIC_KEY_BYTES]; HRSS_marshal_public_key(pub_bytes, &pub); ASSERT_TRUE(HRSS_parse_public_key(&pub2, pub_bytes)); + uint8_t ciphertext[HRSS_CIPHERTEXT_BYTES]; + uint8_t shared_key[HRSS_KEY_BYTES]; + HRSS_encap(ciphertext, shared_key, &pub2, encap_entropy); + uint8_t shared_key2[HRSS_KEY_BYTES]; - HRSS_decap(shared_key2, &pub2, &priv, ciphertext, sizeof(ciphertext)); + HRSS_decap(shared_key2, &priv, ciphertext, sizeof(ciphertext)); EXPECT_EQ(Bytes(shared_key), Bytes(shared_key2)); } @@ -208,16 +209,23 @@ TEST(HRSS, Random) { for (unsigned j = 0; j < 10; j++) { uint8_t encap_entropy[HRSS_ENCAP_BYTES]; RAND_bytes(encap_entropy, sizeof(encap_entropy)); - SCOPED_TRACE(Bytes(generate_key_entropy)); + SCOPED_TRACE(Bytes(encap_entropy)); uint8_t ciphertext[HRSS_CIPHERTEXT_BYTES]; uint8_t shared_key[HRSS_KEY_BYTES]; HRSS_encap(ciphertext, shared_key, &pub, encap_entropy); uint8_t shared_key2[HRSS_KEY_BYTES]; - HRSS_decap(shared_key2, &pub, &priv, ciphertext, sizeof(ciphertext)); - + HRSS_decap(shared_key2, &priv, ciphertext, sizeof(ciphertext)); EXPECT_EQ(Bytes(shared_key), Bytes(shared_key2)); + + uint32_t offset; + RAND_bytes((uint8_t*) &offset, sizeof(offset)); + uint8_t bit; + RAND_bytes(&bit, sizeof(bit)); + ciphertext[offset % sizeof(ciphertext)] ^= (1 << (bit & 7)); + HRSS_decap(shared_key2, &priv, ciphertext, sizeof(ciphertext)); + EXPECT_NE(Bytes(shared_key), Bytes(shared_key2)); } } } @@ -242,231 +250,247 @@ TEST(HRSS, Golden) { HRSS_generate_key(&pub, &priv, generate_key_entropy); static const uint8_t kExpectedPub[HRSS_PUBLIC_KEY_BYTES] = { - 0xf8, 0x9f, 0xa0, 0xfc, 0xf1, 0xd4, 0xfa, 0x4d, 0x8f, 0x35, 0x28, 0x73, - 0x0e, 0x37, 0x18, 0x1d, 0x09, 0xf3, 0x9e, 0x16, 0x0d, 0x7f, 0x9c, 0x82, - 0x17, 0xa1, 0xa1, 0x88, 0x6b, 0x29, 0x5b, 0x3a, 0x30, 0xcd, 0x6f, 0x8e, - 0x0c, 0xd3, 0x38, 0x0c, 0x05, 0x68, 0x6e, 0x4c, 0xcc, 0x20, 0xd4, 0x06, - 0x77, 0x0c, 0xac, 0x1c, 0x49, 0x14, 0x00, 0xd6, 0x9b, 0x1c, 0xde, 0x43, - 0x0a, 0x59, 0x37, 0xd6, 0x46, 0x68, 0x1f, 0x04, 0xcb, 0x73, 0x92, 0x37, - 0x2d, 0x7f, 0x57, 0x70, 0x16, 0xe8, 0x06, 0x48, 0x3b, 0x66, 0xb3, 0x63, - 0x02, 0x5a, 0x71, 0x46, 0xdd, 0xa4, 0xee, 0xb8, 0x78, 0x44, 0xfd, 0x9e, - 0xd0, 0x71, 0x16, 0x00, 0xbd, 0x01, 0x1e, 0x27, 0x2e, 0xa0, 0xc6, 0x8d, - 0x55, 0x89, 0x7c, 0x2a, 0x01, 0x2b, 0x1b, 0x75, 0xa2, 0xc2, 0xd1, 0x5a, - 0x67, 0xfa, 0xdd, 0x3b, 0x70, 0x9d, 0xdb, 0xcd, 0x73, 0x32, 0x5e, 0x24, - 0xb1, 0xcf, 0x23, 0xbe, 0x3c, 0x56, 0xcc, 0xbe, 0x61, 0xdb, 0xe7, 0x3c, - 0xc7, 0xf5, 0x09, 0xe6, 0x87, 0xa0, 0x09, 0x52, 0x9d, 0x61, 0x5b, 0xc6, - 0xd4, 0xc5, 0x2e, 0xc2, 0x6c, 0x87, 0x30, 0x36, 0x49, 0x6f, 0x04, 0xaa, - 0xb3, 0x26, 0xd5, 0x63, 0xcf, 0xd4, 0x74, 0x1e, 0xc7, 0x79, 0xb3, 0xfc, - 0x8c, 0x41, 0x36, 0x79, 0xaa, 0xd5, 0xba, 0x64, 0x49, 0x48, 0xdb, 0xeb, - 0xe8, 0x33, 0x7d, 0xbe, 0x3b, 0x67, 0xd7, 0xfd, 0x93, 0x1e, 0x80, 0x8d, - 0x17, 0xab, 0x6f, 0xfd, 0x1c, 0x4b, 0x2d, 0x5b, 0x90, 0xf0, 0xf0, 0x5d, - 0xbe, 0x8f, 0x81, 0x18, 0x29, 0x08, 0x9a, 0x47, 0x1b, 0xc2, 0x2d, 0xa2, - 0x22, 0x5a, 0x4f, 0xe9, 0x81, 0x64, 0xdd, 0x53, 0x2e, 0x67, 0xe5, 0x07, - 0x1a, 0xf0, 0x0c, 0x54, 0x9b, 0xe2, 0xf8, 0xe6, 0xb3, 0xb6, 0xe0, 0x5a, - 0x74, 0xfa, 0x8d, 0x9c, 0xa5, 0x7c, 0x6e, 0x73, 0xba, 0xee, 0x6e, 0x6e, - 0x31, 0xcb, 0x59, 0xd7, 0xfd, 0x94, 0x1c, 0x4d, 0x62, 0xc6, 0x87, 0x0b, - 0x38, 0x54, 0xc6, 0x35, 0xac, 0xc8, 0x8c, 0xc0, 0xd9, 0x99, 0xee, 0xfc, - 0xa9, 0xde, 0xc4, 0x50, 0x88, 0x8e, 0x24, 0xf6, 0xd6, 0x04, 0x54, 0x3e, - 0x81, 0xc4, 0x96, 0x9a, 0x40, 0xe5, 0xef, 0x8b, 0xec, 0x41, 0x50, 0x1d, - 0x14, 0xae, 0xa4, 0x5a, 0xac, 0xd4, 0x73, 0x31, 0xc3, 0x1d, 0xc1, 0x96, - 0x89, 0xd8, 0x62, 0x97, 0x60, 0x3f, 0x58, 0x2a, 0x5f, 0xcf, 0xcb, 0x26, - 0x99, 0x69, 0x81, 0x13, 0x9c, 0xaf, 0x17, 0x91, 0xa8, 0xeb, 0x9a, 0xf9, - 0xd3, 0x83, 0x47, 0x66, 0xc7, 0xf8, 0xd8, 0xe3, 0xd2, 0x7e, 0x58, 0xa9, - 0xf5, 0xb2, 0x03, 0xbe, 0x7e, 0xa5, 0x29, 0x9d, 0xff, 0xd1, 0xd8, 0x55, - 0x39, 0xc7, 0x2c, 0xce, 0x03, 0x64, 0xdc, 0x18, 0xe7, 0xb0, 0x60, 0x46, - 0x26, 0xeb, 0xb7, 0x61, 0x4b, 0x91, 0x2c, 0xd8, 0xa2, 0xee, 0x63, 0x2e, - 0x15, 0x0a, 0x58, 0x88, 0x04, 0xb1, 0xed, 0x6d, 0xf1, 0x5c, 0xc7, 0xee, - 0x60, 0x38, 0x26, 0xc9, 0x31, 0x7e, 0x69, 0xe4, 0xac, 0x3c, 0x72, 0x09, - 0x3e, 0xe6, 0x24, 0x30, 0x44, 0x6e, 0x66, 0x83, 0xb9, 0x2a, 0x22, 0xaf, - 0x26, 0x1e, 0xaa, 0xa3, 0xf4, 0xb1, 0xa1, 0x5c, 0xfa, 0x5f, 0x0d, 0x71, - 0xac, 0xe3, 0xe0, 0xc3, 0xdd, 0x4f, 0x96, 0x57, 0x8b, 0x58, 0xac, 0xe3, - 0x42, 0x8e, 0x47, 0x72, 0xb1, 0xe4, 0x19, 0x68, 0x3e, 0xbb, 0x19, 0x14, - 0xdf, 0x16, 0xb5, 0xde, 0x7f, 0x37, 0xaf, 0xd8, 0xd3, 0x3d, 0x6a, 0x16, - 0x1b, 0x26, 0xd3, 0xcc, 0x53, 0x82, 0x57, 0x90, 0x89, 0xc5, 0x7e, 0x6d, - 0x7e, 0x99, 0x5b, 0xcd, 0xd3, 0x18, 0xbb, 0x89, 0xef, 0x76, 0xbd, 0xd2, - 0x62, 0xf0, 0xe8, 0x25, 0x2a, 0x8d, 0xe2, 0x21, 0xea, 0xde, 0x6e, 0xa5, - 0xa4, 0x3d, 0x58, 0xee, 0xdf, 0x90, 0xc1, 0xa1, 0x38, 0x5d, 0x11, 0x50, - 0xb5, 0xac, 0x9d, 0xb4, 0xfd, 0xef, 0x53, 0xe8, 0xc0, 0x17, 0x6c, 0x4f, - 0x31, 0xe0, 0xcc, 0x8f, 0x80, 0x7a, 0x84, 0x14, 0xde, 0xee, 0xec, 0xdd, - 0x6a, 0xad, 0x29, 0x65, 0xa5, 0x72, 0xc3, 0x73, 0x5f, 0xe3, 0x6f, 0x60, - 0xb1, 0xfb, 0x0f, 0xaa, 0xc6, 0xda, 0x53, 0x4a, 0xb1, 0x92, 0x2a, 0xb7, - 0x02, 0xbe, 0xf9, 0xdf, 0x37, 0x16, 0xe7, 0x5c, 0x38, 0x0b, 0x3c, 0xe2, - 0xdd, 0x90, 0xb8, 0x7b, 0x48, 0x69, 0x79, 0x81, 0xc5, 0xae, 0x9a, 0x0d, - 0x78, 0x95, 0x52, 0x63, 0x80, 0xda, 0x46, 0x69, 0x20, 0x57, 0x9b, 0x27, - 0xe2, 0xe8, 0xbd, 0x2f, 0x45, 0xe6, 0x46, 0x40, 0xae, 0x50, 0xd5, 0xa2, - 0x53, 0x93, 0xe1, 0x99, 0xfd, 0x13, 0x7c, 0xf6, 0x22, 0xc4, 0x6c, 0xab, - 0xe3, 0xc9, 0x55, 0x0a, 0x16, 0x67, 0x68, 0x26, 0x6b, 0xd6, 0x7d, 0xde, - 0xd3, 0xae, 0x71, 0x32, 0x02, 0xf1, 0x27, 0x67, 0x47, 0x74, 0xd9, 0x40, - 0x35, 0x1d, 0x25, 0x72, 0x32, 0xdf, 0x75, 0xd5, 0x60, 0x26, 0xab, 0x90, - 0xfa, 0xeb, 0x26, 0x11, 0x4b, 0xb4, 0xc5, 0xc2, 0x3e, 0xa9, 0x23, 0x3a, - 0x4e, 0x6a, 0xb1, 0xbb, 0xb3, 0xea, 0xf9, 0x1e, 0xe4, 0x10, 0xf5, 0xdc, - 0x35, 0xde, 0xb5, 0xee, 0xf0, 0xde, 0xa1, 0x18, 0x80, 0xc7, 0x13, 0x68, - 0x46, 0x94, 0x0e, 0x2a, 0x8e, 0xf8, 0xe9, 0x26, 0x84, 0x42, 0x0f, 0x56, - 0xed, 0x67, 0x7f, 0xeb, 0x7d, 0x35, 0x07, 0x01, 0x11, 0x81, 0x8b, 0x56, - 0x88, 0xc6, 0x58, 0x61, 0x65, 0x3c, 0x5d, 0x9c, 0x58, 0x25, 0xd6, 0xdf, - 0x4e, 0x3b, 0x93, 0xbf, 0x82, 0xe1, 0x19, 0xb8, 0xda, 0xde, 0x26, 0x38, - 0xf2, 0xd9, 0x95, 0x24, 0x98, 0xde, 0x58, 0xf7, 0x0c, 0xe9, 0x32, 0xbb, - 0xcc, 0xf7, 0x92, 0x69, 0xa2, 0xf0, 0xc3, 0xfa, 0xd2, 0x31, 0x8b, 0x43, - 0x4e, 0x03, 0xe2, 0x13, 0x79, 0x6e, 0x73, 0x63, 0x3b, 0x45, 0xde, 0x80, - 0xf4, 0x26, 0xb1, 0x38, 0xed, 0x62, 0x55, 0xc6, 0x6a, 0x67, 0x00, 0x2d, - 0xba, 0xb2, 0xc5, 0xb6, 0x97, 0x62, 0x28, 0x64, 0x30, 0xb9, 0xfb, 0x3f, - 0x94, 0x03, 0x48, 0x36, 0x2c, 0x5d, 0xfd, 0x08, 0x96, 0x40, 0xd1, 0x6c, - 0xe5, 0xd0, 0xf8, 0x99, 0x40, 0x82, 0x87, 0xd7, 0xdc, 0x2f, 0x8b, 0xaa, - 0x31, 0x96, 0x0a, 0x34, 0x33, 0xa6, 0xf1, 0x84, 0x6e, 0x33, 0x73, 0xc5, - 0xe3, 0x26, 0xad, 0xd0, 0xcb, 0x62, 0x71, 0x82, 0xab, 0xd1, 0x82, 0x33, - 0xe6, 0xca, 0xd0, 0x3e, 0xf5, 0x4d, 0x12, 0x6e, 0xf1, 0x83, 0xbd, 0xdc, - 0x4d, 0xdf, 0x49, 0xbc, 0x63, 0xae, 0x7e, 0x59, 0xe8, 0x3c, 0x0d, 0xd6, - 0x1d, 0x41, 0x89, 0x72, 0x52, 0xc0, 0xae, 0xd1, 0x2f, 0x0a, 0x8a, 0xce, - 0x26, 0xd0, 0x3e, 0x0c, 0x71, 0x32, 0x52, 0xb2, 0xe4, 0xee, 0xa2, 0xe5, - 0x28, 0xb6, 0x33, 0x69, 0x97, 0x5a, 0x53, 0xdb, 0x56, 0x63, 0xe9, 0xb3, - 0x6d, 0x60, 0xf4, 0x7a, 0xce, 0xec, 0x36, 0x65, 0xd5, 0xca, 0x63, 0x2a, - 0x19, 0x90, 0x14, 0x7b, 0x02, 0x33, 0xfa, 0x11, 0x58, 0x5a, 0xd9, 0xc5, - 0x54, 0xf3, 0x28, 0xd5, 0x6e, 0xea, 0x85, 0xf5, 0x09, 0xbb, 0x81, 0x44, - 0x1c, 0x63, 0x66, 0x81, 0xc5, 0x96, 0x2d, 0x7c, 0x0e, 0x75, 0x7b, 0xb4, - 0x7e, 0x4e, 0x0c, 0xfd, 0x3c, 0xc5, 0x5a, 0x22, 0x85, 0x5c, 0xc8, 0xf3, - 0x97, 0x98, 0x2c, 0xe9, 0x46, 0xb4, 0x02, 0xcf, 0x7d, 0xa4, 0xf2, 0x44, - 0x7a, 0x89, 0x71, 0xa0, 0xfa, 0xb6, 0xa3, 0xaf, 0x13, 0x25, 0x46, 0xe2, - 0x64, 0xe3, 0x69, 0xba, 0xf9, 0x68, 0x5c, 0xc0, 0xb7, 0xa8, 0xa6, 0x4b, - 0xe1, 0x42, 0xe9, 0xb5, 0xc7, 0x84, 0xbb, 0xa6, 0x4b, 0x10, 0x4e, 0xd4, - 0x68, 0x70, 0x0a, 0x75, 0x2a, 0xbb, 0x9d, 0xa0, 0xcb, 0xf0, 0x36, 0x4c, - 0x70, 0x6c, 0x60, 0x4d, 0xfe, 0xe8, 0xc8, 0x66, 0x80, 0x1b, 0xf7, 0xcc, - 0x1a, 0xdd, 0x6b, 0xa7, 0xa7, 0x25, 0x61, 0x0c, 0x31, 0xf0, 0x34, 0x63, - 0x00, 0x0e, 0x48, 0x6a, 0x5a, 0x8d, 0x47, 0x94, 0x3f, 0x14, 0x16, 0xa8, - 0x8a, 0x49, 0xbb, 0x0c, 0x43, 0x21, 0xda, 0xf2, 0xc5, 0xd0, 0xff, 0x19, - 0x3e, 0x36, 0x64, 0x20, 0xb3, 0x70, 0xae, 0x54, 0xca, 0x73, 0x05, 0x56, - 0x7a, 0x49, 0x45, 0xe9, 0x46, 0xbc, 0xc2, 0x61, 0x70, 0x40, 0x7c, 0xb0, - 0xf7, 0xea, 0xc0, 0xd1, 0xb0, 0x77, 0x2c, 0xc7, 0xdd, 0x88, 0xcb, 0x9d, - 0xea, 0x55, 0x6c, 0x5c, 0x28, 0xb8, 0x84, 0x1c, 0x2c, 0x06, + 0x4a, 0x21, 0x39, 0x7c, 0xb4, 0xa6, 0x58, 0x15, 0x35, 0x77, 0xe4, 0x2a, + 0x02, 0x79, 0xc0, 0x02, 0xe2, 0x21, 0x27, 0x5f, 0x49, 0xc7, 0x2c, 0x14, + 0xb6, 0xe0, 0x67, 0xc2, 0xc7, 0x09, 0x62, 0x0c, 0xe5, 0x23, 0x9c, 0x40, + 0xd7, 0x7e, 0xf5, 0x55, 0x5a, 0xa2, 0xd0, 0x9f, 0xd3, 0x8c, 0x67, 0x7b, + 0x48, 0xa4, 0x53, 0x8d, 0x39, 0xb1, 0xcc, 0x99, 0x29, 0xf7, 0x83, 0xbf, + 0x6f, 0x9b, 0x16, 0x73, 0x23, 0xcc, 0xc3, 0x86, 0x98, 0xb1, 0x7c, 0x53, + 0xb1, 0xf5, 0xf4, 0xdd, 0xc8, 0x97, 0x5e, 0xd3, 0x6d, 0x63, 0xce, 0xf3, + 0xa2, 0xf6, 0xef, 0x94, 0xed, 0x4a, 0x3e, 0xe6, 0x4b, 0xa2, 0xfb, 0x87, + 0xa3, 0xbc, 0x65, 0x1c, 0x17, 0x64, 0x25, 0xa7, 0xb4, 0xa1, 0xe6, 0x84, + 0x06, 0x72, 0x0c, 0x28, 0xe8, 0xfc, 0xaa, 0xca, 0xf8, 0x20, 0x79, 0x89, + 0xa9, 0xf0, 0x60, 0xdf, 0xd6, 0xd4, 0xe0, 0xaf, 0x99, 0x54, 0x21, 0xaf, + 0x76, 0xd5, 0x9a, 0x31, 0x80, 0xea, 0x7f, 0x03, 0x6c, 0x14, 0x74, 0x06, + 0x9c, 0x93, 0xe3, 0x93, 0xcc, 0x46, 0x4d, 0x82, 0xda, 0xdf, 0x67, 0xe9, + 0x6d, 0x58, 0x2b, 0x49, 0xf3, 0x10, 0x71, 0xa0, 0xc5, 0xec, 0xa0, 0x29, + 0xd7, 0x7c, 0x43, 0xd5, 0x05, 0x7e, 0x14, 0x8c, 0x39, 0x28, 0xf9, 0x46, + 0x3d, 0xc1, 0x10, 0x6c, 0x2f, 0xaa, 0xca, 0x11, 0x87, 0x6a, 0xe2, 0xb1, + 0xf6, 0x31, 0x76, 0xb0, 0xdc, 0x30, 0x8a, 0x97, 0x7d, 0xdc, 0xe4, 0xd1, + 0x18, 0xe9, 0x03, 0x91, 0xf5, 0xd2, 0x94, 0x4d, 0x71, 0xf7, 0x35, 0xc8, + 0x3e, 0x46, 0xaf, 0xa3, 0xeb, 0x35, 0x07, 0x01, 0x77, 0xc5, 0x58, 0xca, + 0x82, 0x67, 0x3e, 0x4f, 0x01, 0x88, 0xa4, 0xa0, 0xea, 0x0a, 0xb7, 0x13, + 0x06, 0xbe, 0xb6, 0x61, 0xa4, 0xa2, 0x28, 0xe2, 0x32, 0xcf, 0x25, 0x46, + 0xcf, 0xce, 0xf5, 0x57, 0x9b, 0x74, 0x8f, 0xfd, 0xbc, 0xfa, 0x3a, 0xa2, + 0x18, 0x22, 0xf1, 0xb1, 0x43, 0x12, 0xe8, 0xe2, 0xe3, 0x06, 0xe6, 0x1c, + 0xa7, 0x76, 0x2d, 0x0d, 0xe5, 0x5f, 0xbd, 0x8f, 0xa0, 0x95, 0xcd, 0xe9, + 0x28, 0xdb, 0xcc, 0xe5, 0x66, 0x33, 0xd4, 0x4b, 0xf9, 0x0c, 0x42, 0x9b, + 0x27, 0xee, 0x11, 0xd0, 0xe3, 0x0b, 0x9d, 0xce, 0x2c, 0x91, 0x7a, 0x0e, + 0xb8, 0xde, 0x31, 0x73, 0x86, 0x8e, 0x34, 0x59, 0x93, 0x2e, 0x37, 0x9d, + 0xc2, 0x3e, 0x89, 0x0b, 0x47, 0xff, 0xa6, 0x55, 0x21, 0xe6, 0x4f, 0x72, + 0x7c, 0xcc, 0xe5, 0xb8, 0x18, 0x2c, 0x10, 0xcb, 0xce, 0x48, 0xa5, 0xc5, + 0x26, 0xb6, 0x19, 0x76, 0xc5, 0x38, 0xf0, 0x38, 0x72, 0xec, 0x22, 0xf9, + 0x25, 0xde, 0x1c, 0x0c, 0x1b, 0x3e, 0x43, 0xc5, 0x5c, 0x8c, 0xdb, 0xf1, + 0x42, 0x66, 0xbc, 0xdf, 0xa0, 0x82, 0x4b, 0xec, 0xe1, 0x50, 0x42, 0x57, + 0x84, 0x60, 0xfd, 0x89, 0x12, 0x1b, 0xf6, 0xf9, 0x4d, 0x0d, 0x16, 0xe8, + 0xa4, 0xe2, 0x67, 0x2c, 0x8f, 0x22, 0xea, 0xba, 0x46, 0x34, 0xce, 0x97, + 0x8b, 0x4c, 0x38, 0x0e, 0x16, 0x82, 0xb6, 0xf3, 0x34, 0x38, 0x07, 0x87, + 0x73, 0x2a, 0x3d, 0x80, 0x56, 0x4b, 0x85, 0x67, 0xca, 0x2a, 0x19, 0xb6, + 0xb6, 0x2c, 0xfe, 0xd8, 0x02, 0xe5, 0xad, 0xd0, 0x61, 0x79, 0x73, 0xab, + 0xda, 0x3b, 0xa4, 0x51, 0xb3, 0xf7, 0x85, 0x99, 0xb2, 0xd0, 0x64, 0x97, + 0xb7, 0x3c, 0x0e, 0x58, 0xdf, 0xd2, 0x98, 0x98, 0x18, 0x1a, 0xf5, 0x59, + 0xcd, 0xc5, 0x48, 0x17, 0x10, 0x9f, 0xd8, 0x19, 0xbd, 0xd0, 0x42, 0x71, + 0x1c, 0x30, 0xc6, 0x76, 0xe9, 0xb0, 0xee, 0xf5, 0x38, 0x05, 0xbe, 0x9b, + 0x6c, 0x0d, 0xb0, 0xd0, 0xda, 0x1c, 0x89, 0xbd, 0x40, 0x5d, 0xc2, 0x5a, + 0xbe, 0x83, 0xa6, 0xb5, 0x47, 0xa7, 0xf8, 0xb9, 0xbf, 0xa2, 0x65, 0x17, + 0x1e, 0xd8, 0x28, 0x42, 0xbe, 0xb0, 0x35, 0xf6, 0x7b, 0x88, 0x38, 0xbe, + 0xf5, 0xb5, 0x1b, 0x63, 0x7a, 0x83, 0x92, 0x0d, 0x64, 0xad, 0x92, 0x59, + 0x97, 0x55, 0x5c, 0x60, 0xab, 0x48, 0x8e, 0x23, 0x27, 0x22, 0x75, 0x3b, + 0x7c, 0x9c, 0x69, 0x13, 0x52, 0x6b, 0xae, 0xfd, 0x38, 0xe5, 0x4b, 0x36, + 0x78, 0x55, 0x92, 0xb5, 0x8f, 0x25, 0xde, 0x0e, 0x93, 0xe3, 0x1d, 0x83, + 0x62, 0x05, 0x6a, 0x5a, 0xff, 0x7f, 0x77, 0xf7, 0x1b, 0xfc, 0x21, 0x45, + 0xf7, 0xb8, 0xfa, 0xcb, 0x00, 0x5e, 0x85, 0xf9, 0x2f, 0x15, 0x2f, 0xcf, + 0x17, 0x9e, 0x84, 0xf6, 0xf5, 0x15, 0x6e, 0xdd, 0xb4, 0x73, 0x44, 0xc2, + 0x2c, 0x74, 0xae, 0x27, 0x5f, 0x19, 0xe7, 0x51, 0x61, 0xc1, 0x82, 0xce, + 0xf1, 0x5b, 0xa0, 0x6f, 0x0b, 0x13, 0x10, 0x68, 0xb7, 0xee, 0xfb, 0x8a, + 0x85, 0xe2, 0xd6, 0x17, 0x55, 0x26, 0xa5, 0xc5, 0xb3, 0x94, 0x45, 0xdf, + 0x49, 0xe6, 0x50, 0xf8, 0x99, 0xd8, 0x3c, 0xcb, 0x94, 0x80, 0x67, 0x3b, + 0x73, 0xac, 0xf6, 0x46, 0x31, 0x63, 0xb3, 0x1b, 0x47, 0xce, 0x40, 0x3f, + 0x8c, 0xd0, 0x82, 0xc4, 0x79, 0x3a, 0x7c, 0x48, 0x10, 0xe3, 0x97, 0x98, + 0xdc, 0x0b, 0x62, 0x42, 0xfa, 0x26, 0x05, 0xf6, 0x8c, 0x32, 0xa9, 0xb6, + 0x2c, 0x4f, 0x85, 0xd2, 0x9b, 0xf3, 0x89, 0x1f, 0x91, 0xca, 0x12, 0x3d, + 0xe2, 0xa8, 0x0b, 0xca, 0x64, 0x28, 0x0e, 0xa7, 0xfd, 0xd8, 0xa3, 0xcb, + 0x0a, 0xd9, 0x97, 0x2d, 0xc3, 0xf2, 0x39, 0x74, 0xdb, 0xe3, 0x9a, 0x87, + 0x1a, 0xe0, 0x33, 0xe3, 0x92, 0xe8, 0xde, 0xb5, 0x08, 0x28, 0xcb, 0xd7, + 0xb6, 0x79, 0xec, 0x71, 0xcc, 0xe5, 0xd1, 0x4b, 0x89, 0x96, 0x5f, 0xfa, + 0xfd, 0x4b, 0xd0, 0xa8, 0x66, 0x0d, 0xb4, 0xa7, 0x51, 0x56, 0xbc, 0xa7, + 0x74, 0x07, 0x7f, 0xae, 0x0e, 0xf6, 0x9c, 0x13, 0xd9, 0xf2, 0xed, 0x12, + 0xa9, 0x87, 0x3e, 0xb7, 0x9d, 0x53, 0x8a, 0x82, 0x2d, 0x03, 0x2f, 0xac, + 0x94, 0x84, 0x95, 0x00, 0x29, 0x09, 0x01, 0x38, 0x62, 0xff, 0xaf, 0xfd, + 0x10, 0x2b, 0x31, 0x03, 0xb2, 0x4f, 0x51, 0xfb, 0x76, 0x27, 0x1e, 0x25, + 0x82, 0x79, 0x65, 0x69, 0xfa, 0x24, 0xaf, 0xcb, 0xe8, 0x40, 0x8d, 0x7d, + 0xd2, 0x9a, 0x12, 0x69, 0x2f, 0xe4, 0xce, 0x99, 0x98, 0x4f, 0x6c, 0x46, + 0xfd, 0x63, 0x40, 0x50, 0xef, 0x22, 0x02, 0x68, 0x2e, 0x53, 0xbb, 0x00, + 0xa3, 0x65, 0x61, 0x3e, 0x97, 0xd4, 0x5f, 0xa2, 0xc1, 0x66, 0xcd, 0x04, + 0xdc, 0xda, 0x55, 0x10, 0x28, 0x0d, 0x40, 0x11, 0xe6, 0x68, 0xed, 0x68, + 0x38, 0x7d, 0x20, 0xc3, 0x97, 0x9d, 0xcb, 0x6e, 0x30, 0xfc, 0xbe, 0x63, + 0xe7, 0x72, 0x47, 0x05, 0xf5, 0x0b, 0x7e, 0x66, 0x3b, 0xc5, 0x3a, 0x85, + 0x5a, 0xa3, 0xc5, 0x72, 0x9d, 0xb9, 0xc1, 0xb4, 0x80, 0x98, 0x6e, 0x40, + 0x86, 0xc9, 0xcb, 0xa3, 0xab, 0x77, 0xc2, 0x56, 0xfc, 0xcb, 0x6e, 0x12, + 0xf5, 0x63, 0x62, 0xf8, 0xff, 0x91, 0x15, 0xa7, 0xa1, 0x5e, 0xb6, 0xee, + 0x69, 0x4d, 0x5b, 0x5f, 0x4e, 0xfa, 0xd3, 0x61, 0xca, 0xec, 0x14, 0xfd, + 0xd9, 0x10, 0xf5, 0x4a, 0x05, 0x5f, 0x29, 0xcb, 0x77, 0x2c, 0x2d, 0xe2, + 0x90, 0x67, 0x62, 0x78, 0x75, 0xa9, 0x4e, 0x20, 0x00, 0x0c, 0x91, 0x84, + 0xba, 0xed, 0x1c, 0xce, 0xbd, 0x57, 0x4f, 0xa5, 0x2f, 0x59, 0x6c, 0x4c, + 0xdf, 0x5f, 0xaa, 0x32, 0xf0, 0x86, 0x09, 0x15, 0x36, 0xc6, 0xe6, 0x6a, + 0x24, 0xb4, 0xb3, 0x09, 0xdd, 0x32, 0xc5, 0x95, 0xac, 0x60, 0xb5, 0x09, + 0x97, 0x36, 0xa1, 0x3c, 0x8f, 0x0e, 0x90, 0x8e, 0xcd, 0xd0, 0x49, 0x75, + 0xf7, 0xf3, 0x80, 0x80, 0xcb, 0x1f, 0xee, 0xf2, 0x6a, 0x2f, 0x19, 0x8c, + 0xba, 0x10, 0x00, 0xda, 0x13, 0xef, 0x10, 0x2b, 0xb7, 0xef, 0xfd, 0xd1, + 0xe0, 0x7c, 0xf8, 0x46, 0x01, 0x69, 0x9b, 0x99, 0x80, 0x51, 0x1f, 0x74, + 0x3b, 0x67, 0x93, 0x18, 0x5e, 0xd4, 0x34, 0x6c, 0x81, 0x76, 0x02, 0xef, + 0x91, 0xa4, 0x22, 0x2a, 0x23, 0x1b, 0x58, 0x43, 0x75, 0x65, 0x13, 0x87, + 0x98, 0x60, 0x14, 0x25, 0x28, 0x67, 0xa3, 0x34, 0x8c, 0xe0, 0xd5, 0xd3, + 0x51, 0x33, 0x68, 0xff, 0x65, 0x59, 0x5a, 0xa7, 0xb2, 0x6b, 0x01, 0xad, + 0x70, 0x06, 0x73, 0x01, 0x51, 0x1b, 0xe1, 0xec, 0x28, 0x2f, 0x8a, 0x85, + 0x5a, 0x10, 0xd0, 0x0e, 0x6b, 0x35, 0x45, 0x2e, 0x61, 0xdd, 0x77, 0x20, + 0xb1, 0x35, 0x3b, 0xa8, 0xdd, 0x8a, 0xe2, 0x15, 0x79, 0x07, }; uint8_t pub_bytes[HRSS_PUBLIC_KEY_BYTES]; HRSS_marshal_public_key(pub_bytes, &pub); EXPECT_EQ(Bytes(pub_bytes), Bytes(kExpectedPub)); + uint8_t encap_entropy[HRSS_ENCAP_BYTES]; + for (size_t i = 0; i < sizeof(encap_entropy); i++) { + encap_entropy[i] = 31 + i; + } uint8_t ciphertext[HRSS_CIPHERTEXT_BYTES]; uint8_t shared_key[HRSS_KEY_BYTES]; - OPENSSL_STATIC_ASSERT( - sizeof(kExpectedPub) >= HRSS_ENCAP_BYTES, - "Private key too small to use as input to HRSS encapsulation"); - HRSS_encap(ciphertext, shared_key, &pub, kExpectedPub); + HRSS_encap(ciphertext, shared_key, &pub, encap_entropy); static const uint8_t kExpectedCiphertext[HRSS_CIPHERTEXT_BYTES] = { - 0x8e, 0x6b, 0x46, 0x9d, 0x4a, 0xef, 0xa6, 0x8c, 0x28, 0x7b, 0xec, 0x6f, - 0x13, 0x2d, 0x7f, 0x6c, 0xca, 0x7d, 0x9e, 0x6b, 0x54, 0x62, 0xa3, 0x13, - 0xe1, 0x1e, 0x8f, 0x5f, 0x71, 0x67, 0xc4, 0x85, 0xdf, 0xd5, 0x6b, 0xbd, - 0x86, 0x0f, 0x98, 0xec, 0xa5, 0x04, 0xf7, 0x7b, 0x2a, 0xbe, 0xcb, 0xac, - 0x29, 0xbe, 0xe1, 0x0f, 0xbc, 0x62, 0x87, 0x85, 0x7f, 0x05, 0xae, 0xe4, - 0x3f, 0x87, 0xfc, 0x1f, 0xf7, 0x45, 0x1e, 0xa3, 0xdb, 0xb1, 0xa0, 0x25, - 0xba, 0x82, 0xec, 0xca, 0x8d, 0xab, 0x7a, 0x20, 0x03, 0xeb, 0xe5, 0x5c, - 0x9f, 0xd0, 0x46, 0x78, 0xf1, 0x5a, 0xc7, 0x9e, 0xb4, 0x10, 0x6d, 0x37, - 0xc0, 0x75, 0x08, 0xfb, 0xeb, 0xcb, 0xd8, 0x35, 0x21, 0x9b, 0x89, 0xa0, - 0xaa, 0x87, 0x00, 0x66, 0x38, 0x37, 0x68, 0xa4, 0xa3, 0x93, 0x8e, 0x2b, - 0xca, 0xf7, 0x7a, 0x43, 0xb2, 0x15, 0x79, 0x81, 0xce, 0xa9, 0x09, 0xcb, - 0x29, 0xd4, 0xcc, 0xef, 0xf1, 0x9b, 0xbd, 0xe6, 0x63, 0xd5, 0x26, 0x0f, - 0xe8, 0x8b, 0xdf, 0xf1, 0xc3, 0xb4, 0x18, 0x0e, 0xf2, 0x1d, 0x5d, 0x82, - 0x9b, 0x1f, 0xf3, 0xca, 0x36, 0x2a, 0x26, 0x0a, 0x7f, 0xc4, 0x0d, 0xbd, - 0x5b, 0x15, 0x1c, 0x18, 0x6c, 0x11, 0x4e, 0xec, 0x36, 0x01, 0xc1, 0x15, - 0xab, 0xf7, 0x0b, 0x1a, 0xd3, 0xa1, 0xbd, 0x68, 0xc8, 0x59, 0xe7, 0x49, - 0x5c, 0xd5, 0x4b, 0x8c, 0x31, 0xdb, 0xb3, 0xea, 0x88, 0x09, 0x2f, 0xb9, - 0x8b, 0xfd, 0x96, 0x35, 0x88, 0x53, 0x72, 0x40, 0xcd, 0x89, 0x75, 0xb4, - 0x20, 0xf6, 0xf6, 0xe5, 0x74, 0x19, 0x48, 0xaf, 0x4b, 0xaa, 0x42, 0xa4, - 0xc8, 0x90, 0xee, 0xf3, 0x12, 0x04, 0x63, 0x90, 0x92, 0x8a, 0x89, 0xc3, - 0xa0, 0x7e, 0xfe, 0x19, 0xb3, 0x54, 0x53, 0x83, 0xe9, 0xc1, 0x6c, 0xe3, - 0x97, 0xa6, 0x27, 0xc3, 0x20, 0x9a, 0x79, 0x35, 0xc9, 0xb5, 0xc0, 0x90, - 0xe1, 0x56, 0x84, 0x69, 0xc2, 0x54, 0x77, 0x52, 0x48, 0x55, 0x71, 0x3e, - 0xcd, 0xa7, 0xd6, 0x25, 0x5d, 0x49, 0x13, 0xd2, 0x59, 0xd7, 0xe1, 0xd1, - 0x70, 0x46, 0xa0, 0xd4, 0xee, 0x59, 0x13, 0x1f, 0x1a, 0xd3, 0x39, 0x7d, - 0xb0, 0x79, 0xf7, 0xc0, 0x73, 0x5e, 0xbb, 0x08, 0xf7, 0x5c, 0xb0, 0x31, - 0x41, 0x3d, 0x7b, 0x1e, 0xf0, 0xe6, 0x47, 0x5c, 0x37, 0xd5, 0x54, 0xf1, - 0xbb, 0x64, 0xd7, 0x41, 0x8b, 0x34, 0x55, 0xaa, 0xc3, 0x5a, 0x9c, 0xa0, - 0xcc, 0x29, 0x8e, 0x5a, 0x1a, 0x93, 0x5a, 0x49, 0xd3, 0xd0, 0xa0, 0x56, - 0xda, 0x32, 0xa2, 0xa9, 0xa7, 0x13, 0x42, 0x93, 0x9b, 0x20, 0x32, 0x37, - 0x5c, 0x3e, 0x03, 0xa5, 0x28, 0x10, 0x93, 0xdd, 0xa0, 0x04, 0x7b, 0x2a, - 0xbd, 0x31, 0xc3, 0x6a, 0x89, 0x58, 0x6e, 0x55, 0x0e, 0xc9, 0x5c, 0x70, - 0x07, 0x10, 0xf1, 0x9a, 0xbd, 0xfb, 0xd2, 0xb7, 0x94, 0x5b, 0x4f, 0x8d, - 0x90, 0xfa, 0xee, 0xae, 0x37, 0x48, 0xc5, 0xf8, 0x16, 0xa1, 0x3b, 0x70, - 0x03, 0x1f, 0x0e, 0xb8, 0xbd, 0x8d, 0x30, 0x4f, 0x95, 0x31, 0x0b, 0x9f, - 0xfc, 0x80, 0xf8, 0xef, 0xa3, 0x3c, 0xbc, 0xe2, 0x23, 0x23, 0x3e, 0x2a, - 0x55, 0x11, 0xe8, 0x2c, 0x17, 0xea, 0x1c, 0xbd, 0x1d, 0x2d, 0x1b, 0xd5, - 0x16, 0x9e, 0x05, 0xfc, 0x89, 0x64, 0x50, 0x4d, 0x9a, 0x22, 0x50, 0xc6, - 0x5a, 0xd9, 0x58, 0x99, 0x8f, 0xbd, 0xf2, 0x4f, 0x2c, 0xdb, 0x51, 0x6a, - 0x86, 0xe2, 0xc6, 0x64, 0x8f, 0x54, 0x1a, 0xf2, 0xcb, 0x34, 0x88, 0x08, - 0xbd, 0x2a, 0x8f, 0xec, 0x29, 0xf5, 0x22, 0x36, 0x83, 0x99, 0xb9, 0x71, - 0x8c, 0x99, 0x5c, 0xec, 0x91, 0x78, 0xc1, 0xe2, 0x2d, 0xe9, 0xd1, 0x4d, - 0xf5, 0x15, 0x93, 0x4d, 0x93, 0x92, 0x9f, 0x0f, 0x33, 0x5e, 0xcd, 0x58, - 0x5f, 0x3d, 0x52, 0xb9, 0x38, 0x6a, 0x85, 0x63, 0x8b, 0x63, 0x29, 0xcb, - 0x67, 0x12, 0x25, 0xc2, 0x44, 0xd7, 0xab, 0x1a, 0x24, 0xca, 0x3d, 0xca, - 0x77, 0xce, 0x28, 0x68, 0x1a, 0x91, 0xed, 0x7b, 0xc9, 0x70, 0x84, 0xab, - 0xe2, 0xd4, 0xf4, 0xac, 0x58, 0xf6, 0x70, 0x99, 0xfc, 0x99, 0x4d, 0xbd, - 0xb4, 0x1b, 0x4f, 0x15, 0x86, 0x95, 0x08, 0xd1, 0x4e, 0x73, 0xa9, 0xbc, - 0x6a, 0x8c, 0xbc, 0xb5, 0x4b, 0xe0, 0xee, 0x35, 0x24, 0xf9, 0x12, 0xf5, - 0x88, 0x70, 0x50, 0x6c, 0xfe, 0x0d, 0x35, 0xbd, 0xf7, 0xc4, 0x2e, 0x39, - 0x16, 0x30, 0x6c, 0xf3, 0xb2, 0x19, 0x44, 0xaa, 0xcb, 0x4a, 0xf6, 0x75, - 0xb7, 0x09, 0xb9, 0xe1, 0x47, 0x71, 0x70, 0x5c, 0x05, 0x5f, 0x50, 0x50, - 0x9c, 0xd0, 0xe3, 0xc7, 0x91, 0xee, 0x6b, 0xc7, 0x0f, 0x71, 0x1b, 0xc3, - 0x48, 0x8b, 0xed, 0x15, 0x26, 0x8c, 0xc3, 0xd5, 0x54, 0x08, 0xcc, 0x33, - 0x79, 0xc0, 0x9f, 0x49, 0xc8, 0x75, 0xef, 0xb6, 0xf3, 0x29, 0x89, 0xfd, - 0x75, 0xd1, 0xda, 0x92, 0xc3, 0x13, 0xc6, 0x76, 0x51, 0x11, 0x40, 0x7b, - 0x82, 0xf7, 0x30, 0x79, 0x49, 0x04, 0xe3, 0xbb, 0x61, 0x34, 0xa6, 0x58, - 0x0b, 0x7d, 0xef, 0x3e, 0xf9, 0xb3, 0x8d, 0x2a, 0xba, 0xe9, 0xbc, 0xc0, - 0xa7, 0xe6, 0x6c, 0xda, 0xf8, 0x8c, 0xdf, 0x8d, 0x96, 0x83, 0x2d, 0x80, - 0x4f, 0x21, 0x81, 0xde, 0x57, 0x9d, 0x0a, 0x3c, 0xcc, 0xec, 0x3b, 0xb2, - 0x25, 0x96, 0x3c, 0xea, 0xfd, 0x46, 0x26, 0xbe, 0x1c, 0x79, 0x82, 0x1d, - 0xe0, 0x14, 0x22, 0x7c, 0x80, 0x3d, 0xbd, 0x05, 0x90, 0xfa, 0xaf, 0x7d, - 0x70, 0x13, 0x43, 0x0f, 0x3d, 0xa0, 0x7f, 0x92, 0x3a, 0x53, 0x69, 0xe4, - 0xb0, 0x10, 0x0d, 0xa7, 0x73, 0xa8, 0x8c, 0x74, 0xab, 0xd7, 0x78, 0x15, - 0x45, 0xec, 0x6e, 0xc8, 0x8b, 0xa0, 0xba, 0x21, 0x6f, 0xf3, 0x08, 0xb8, - 0xc7, 0x4f, 0x14, 0xf5, 0xcc, 0xfd, 0x39, 0xbc, 0x11, 0xf5, 0xb9, 0x11, - 0xba, 0xf3, 0x11, 0x24, 0x74, 0x3e, 0x0c, 0x07, 0x4f, 0xac, 0x2a, 0xb2, - 0xb1, 0x3c, 0x00, 0xfa, 0xbb, 0x8c, 0xd8, 0x7d, 0x17, 0x5b, 0x8d, 0x39, - 0xc6, 0x23, 0x31, 0x32, 0x7d, 0x6e, 0x20, 0x38, 0xd0, 0xc3, 0x58, 0xe2, - 0xb1, 0xfe, 0x53, 0x6b, 0xc7, 0x10, 0x13, 0x7e, 0xc6, 0x7c, 0x67, 0x59, - 0x43, 0x70, 0x4a, 0x2d, 0x7f, 0x76, 0xde, 0xbd, 0x45, 0x43, 0x56, 0x60, - 0xcd, 0xe9, 0x24, 0x7b, 0xb7, 0x41, 0xce, 0x56, 0xed, 0xd3, 0x74, 0x75, - 0xcc, 0x9d, 0x48, 0x61, 0xc8, 0x19, 0x66, 0x08, 0xfb, 0x28, 0x60, 0x1f, - 0x83, 0x11, 0xc0, 0x9b, 0xbd, 0x71, 0x53, 0x36, 0x01, 0x76, 0xa8, 0xc0, - 0xdc, 0x1d, 0x18, 0x85, 0x19, 0x65, 0xce, 0xcf, 0x14, 0x2e, 0x6c, 0x32, - 0x15, 0xbc, 0x2c, 0x5e, 0x8f, 0xfc, 0x3c, 0xf0, 0x2d, 0xf5, 0x5c, 0x04, - 0xc9, 0x22, 0xf4, 0xc3, 0xb8, 0x57, 0x79, 0x52, 0x41, 0xfd, 0xff, 0xcd, - 0x26, 0xa8, 0xc0, 0xd2, 0xe1, 0x71, 0xd6, 0xf1, 0xf4, 0x0c, 0xa8, 0xeb, - 0x0c, 0x33, 0x40, 0x25, 0x73, 0xbb, 0x31, 0xda, 0x0c, 0xa6, 0xee, 0x0c, - 0x41, 0x51, 0x94, 0x3c, 0x24, 0x27, 0x65, 0xe9, 0xb5, 0xc4, 0xe2, 0x88, - 0xc0, 0x82, 0xd0, 0x72, 0xd9, 0x10, 0x4d, 0x7f, 0xc0, 0x88, 0x94, 0x41, - 0x2d, 0x05, 0x09, 0xfb, 0x97, 0x31, 0x6e, 0xc1, 0xe9, 0xf4, 0x50, 0x70, - 0xdc, 0x3f, 0x0a, 0x90, 0x46, 0x37, 0x60, 0x8c, 0xfb, 0x06, 0x6e, 0xde, - 0x6f, 0xa7, 0x6b, 0xa3, 0x88, 0x18, 0x96, 0x93, 0x19, 0x87, 0xe7, 0x0a, - 0x98, 0xf0, 0x13, 0x01, 0xab, 0x7c, 0xeb, 0x25, 0xa5, 0xe2, 0x98, 0x44, - 0x7d, 0x09, 0xe2, 0x42, 0x33, 0xd4, 0xeb, 0xcc, 0x9b, 0x70, 0xf6, 0x0f, - 0xf0, 0xb2, 0x99, 0xcc, 0x4f, 0x64, 0xc4, 0x69, 0x12, 0xea, 0x56, 0xfe, - 0x50, 0x0e, 0x02, 0x1f, 0x6d, 0x7a, 0x79, 0x62, 0xaa, 0x2e, 0x52, 0xaf, - 0xa3, 0xed, 0xcd, 0xa7, 0x45, 0xe6, 0x86, 0xed, 0xa1, 0x73, 0x5b, 0x1e, - 0x49, 0x4f, 0x92, 0x50, 0x83, 0x99, 0x3c, 0xf4, 0xf6, 0xa8, 0x49, 0xd7, - 0x08, 0xf7, 0xdc, 0x28, 0x2c, 0xe6, 0x22, 0x6f, 0xf8, 0xfa, 0xba, 0x9e, - 0x0a, 0xcf, 0x72, 0x74, 0x76, 0x75, 0x99, 0x4d, 0x3d, 0x9a, 0x4c, 0x54, - 0xcd, 0xf8, 0x54, 0xf0, 0xbd, 0x73, 0xe9, 0x4f, 0x29, 0xd0, 0xe1, 0x24, - 0x94, 0x52, 0xd6, 0x60, 0x80, 0x71, 0x24, 0x95, 0x92, 0x01, 0x0e, 0xa9, - 0x7e, 0x64, 0x2e, 0xed, 0x51, 0xcc, 0xd2, 0xff, 0xfd, 0x0b, + 0xe0, 0xc0, 0x77, 0xeb, 0x7a, 0x48, 0x7d, 0x74, 0x4e, 0x4f, 0x6d, 0xb9, + 0x5c, 0x18, 0xe9, 0x5b, 0x47, 0x6c, 0x78, 0x9d, 0x98, 0x02, 0x84, 0x9f, + 0xf2, 0x45, 0x43, 0x86, 0x0e, 0xc6, 0x93, 0x48, 0xd8, 0x20, 0xff, 0x82, + 0x38, 0x9e, 0x78, 0xb4, 0x2c, 0xb3, 0x42, 0xe4, 0xb3, 0xab, 0xdf, 0xed, + 0x65, 0x24, 0x0c, 0xa5, 0x95, 0x2c, 0xbf, 0x4c, 0x28, 0xfc, 0xb8, 0xe7, + 0xc6, 0xbc, 0x76, 0xa0, 0xf5, 0x3f, 0x29, 0x73, 0x23, 0xf1, 0x6c, 0x10, + 0x7c, 0x08, 0x8e, 0x16, 0x3a, 0xda, 0x17, 0xa3, 0x0d, 0x46, 0x44, 0xee, + 0x6f, 0x70, 0xf1, 0x88, 0x51, 0x35, 0x33, 0x91, 0x76, 0xeb, 0x98, 0xc1, + 0x04, 0xdb, 0x97, 0xab, 0x88, 0xb9, 0x04, 0x87, 0xd9, 0xb8, 0x34, 0xd3, + 0x38, 0xe7, 0x90, 0x05, 0x2e, 0x45, 0xe0, 0xac, 0x36, 0x0c, 0x59, 0x58, + 0xb1, 0xf5, 0x65, 0x6d, 0x28, 0x1a, 0x39, 0xd9, 0xd2, 0x83, 0x17, 0xee, + 0xeb, 0x6f, 0x7d, 0x29, 0x3c, 0x79, 0xcf, 0x48, 0xf1, 0x6d, 0x35, 0xc2, + 0x8c, 0xe8, 0x67, 0x18, 0xcc, 0x9d, 0x9b, 0x8d, 0x07, 0x7a, 0x4e, 0x56, + 0xa8, 0x00, 0x2e, 0x67, 0x67, 0xbb, 0xc1, 0xda, 0x4a, 0x7b, 0x9f, 0xa6, + 0x4a, 0x5c, 0x40, 0xcc, 0xe4, 0xdd, 0xf5, 0xc0, 0x44, 0xfe, 0xa5, 0xa2, + 0x1c, 0xdc, 0xf2, 0x31, 0xf4, 0x01, 0x1f, 0x69, 0x15, 0x7e, 0x8c, 0x54, + 0xb6, 0x47, 0x0c, 0x1d, 0x9f, 0x1a, 0xfa, 0xf7, 0x46, 0xa3, 0xcb, 0x34, + 0x2c, 0x18, 0x45, 0x65, 0xc4, 0xf2, 0x0e, 0xf8, 0xc7, 0x96, 0x1d, 0x29, + 0x5c, 0x90, 0xd3, 0xdf, 0xb2, 0x8e, 0x21, 0xf9, 0x15, 0x40, 0x7e, 0xd3, + 0x84, 0x52, 0x1d, 0xd9, 0xee, 0xed, 0xe8, 0x71, 0x1c, 0xdb, 0x48, 0xf5, + 0x20, 0x82, 0xc4, 0x61, 0xfd, 0x6d, 0x71, 0x9f, 0xd8, 0x03, 0x90, 0x8e, + 0xfc, 0xed, 0x4d, 0xab, 0x6e, 0xb2, 0xe9, 0x66, 0xfd, 0xcc, 0x3a, 0xa3, + 0x99, 0x53, 0x35, 0x76, 0xea, 0x08, 0x88, 0xba, 0xf0, 0xb7, 0x53, 0xf3, + 0x4c, 0x1a, 0x8f, 0x7f, 0xe4, 0x1b, 0x8b, 0xfc, 0x99, 0x3e, 0x4c, 0xa9, + 0xd9, 0x17, 0x10, 0x64, 0x60, 0xfd, 0x81, 0x76, 0xe6, 0x37, 0xb0, 0xe3, + 0x3e, 0xc0, 0xf7, 0x06, 0x7e, 0x34, 0xa5, 0xf4, 0xb9, 0x5f, 0x66, 0xe6, + 0x81, 0xc8, 0x5e, 0xb2, 0x26, 0x6b, 0x8c, 0xad, 0xd0, 0x94, 0x01, 0x22, + 0xf6, 0xbe, 0x1a, 0x0b, 0x34, 0xfc, 0x33, 0xc0, 0x84, 0xa5, 0xe0, 0x12, + 0x8a, 0x08, 0xae, 0x8a, 0xaf, 0x55, 0x0c, 0x34, 0x4b, 0x2b, 0xdd, 0xa3, + 0x7c, 0xc0, 0xed, 0xe8, 0x8d, 0x98, 0x47, 0x7c, 0x81, 0x25, 0x1b, 0x9f, + 0x08, 0x26, 0x9d, 0xfc, 0x19, 0x8e, 0x39, 0xc4, 0x1a, 0x3c, 0x42, 0x70, + 0x49, 0x37, 0x57, 0x87, 0x0f, 0x76, 0xb1, 0xc4, 0xbe, 0x25, 0x5e, 0x1c, + 0x06, 0x57, 0xc6, 0x88, 0x34, 0x28, 0xdf, 0x60, 0x33, 0x09, 0xc5, 0xcc, + 0xf4, 0xc4, 0x33, 0x85, 0x8b, 0x48, 0xe8, 0x27, 0xb7, 0x72, 0x22, 0x44, + 0xff, 0xe7, 0x89, 0xf9, 0x71, 0x99, 0xed, 0x62, 0x47, 0xb0, 0x22, 0x9e, + 0xa6, 0x7c, 0xaf, 0xa9, 0x98, 0x2b, 0x5c, 0x8a, 0x42, 0x34, 0x77, 0xa3, + 0xc8, 0x13, 0x1e, 0xcf, 0x32, 0xa7, 0x70, 0xa8, 0xad, 0xc1, 0x66, 0x5c, + 0x8f, 0xaf, 0x14, 0x6d, 0xc4, 0x45, 0x05, 0xcd, 0xcb, 0x80, 0xfa, 0x0e, + 0xa6, 0xca, 0x72, 0x86, 0xd2, 0xb7, 0x39, 0x26, 0x77, 0xf8, 0x14, 0xd0, + 0xcd, 0xdd, 0xf7, 0xdc, 0xda, 0x25, 0x8e, 0x3c, 0x21, 0xfd, 0xef, 0x92, + 0xee, 0x52, 0xf7, 0xc3, 0xc7, 0xe2, 0x2d, 0x1c, 0x57, 0x5a, 0xba, 0xd8, + 0xaa, 0x0d, 0x09, 0xa7, 0xb3, 0xcc, 0xa1, 0x5d, 0xdb, 0x04, 0x21, 0x82, + 0xef, 0xba, 0xc2, 0xc8, 0x54, 0xb1, 0xbe, 0xd7, 0x2a, 0x91, 0xd8, 0xeb, + 0x72, 0x54, 0xc1, 0x74, 0x24, 0x24, 0x5a, 0x03, 0xf7, 0xcd, 0xab, 0x91, + 0xd1, 0x63, 0xf1, 0x60, 0x9f, 0x22, 0x07, 0xad, 0x10, 0x2b, 0x97, 0x1c, + 0x6f, 0xce, 0xc0, 0x29, 0xc2, 0xb2, 0xb8, 0x1b, 0xbd, 0x14, 0xc8, 0xb9, + 0x80, 0x66, 0xc1, 0x86, 0xfc, 0x93, 0x5f, 0x6e, 0x0b, 0x7a, 0x7b, 0x8e, + 0x42, 0x8c, 0x08, 0xd1, 0x60, 0xb9, 0xf8, 0x66, 0x24, 0x7d, 0x88, 0x58, + 0x2f, 0xd2, 0x52, 0x75, 0x3a, 0x8a, 0x1c, 0xfa, 0x1e, 0xa1, 0x1c, 0x91, + 0x46, 0x79, 0x9a, 0xe5, 0x8a, 0xdd, 0xc2, 0x75, 0xed, 0x0d, 0xb8, 0x2b, + 0x4f, 0x8f, 0x95, 0xca, 0xce, 0x21, 0xa4, 0x7a, 0x0d, 0x14, 0x7f, 0x2d, + 0x98, 0xf0, 0x88, 0xc3, 0x6f, 0xad, 0xb5, 0x04, 0x24, 0x91, 0x41, 0x65, + 0xd3, 0xa5, 0x7e, 0xfb, 0x53, 0x1c, 0xcc, 0xd0, 0xf7, 0x7c, 0x91, 0x08, + 0x0e, 0xdd, 0xd4, 0x6c, 0x73, 0xaa, 0xa5, 0x7a, 0xd2, 0x24, 0xc9, 0x3b, + 0x6f, 0xda, 0x06, 0x8a, 0xdb, 0x2e, 0xa8, 0xe9, 0xe1, 0x3e, 0x08, 0xee, + 0xbe, 0x96, 0x65, 0x72, 0x68, 0x6f, 0xf7, 0x50, 0xe7, 0xa7, 0x18, 0xda, + 0xc2, 0x94, 0xda, 0xe3, 0xbc, 0xca, 0x03, 0xd8, 0xf7, 0x7a, 0xcc, 0x44, + 0xa1, 0x60, 0xa8, 0x7f, 0xdc, 0xef, 0x80, 0xf4, 0x62, 0xc6, 0x06, 0x4e, + 0xb6, 0xac, 0x77, 0x17, 0xb7, 0xb3, 0x3e, 0xf8, 0x6d, 0x8a, 0x61, 0x83, + 0x3a, 0xfd, 0xbb, 0x93, 0x5b, 0x1a, 0x33, 0xf8, 0xee, 0x7d, 0x9e, 0x5c, + 0xf8, 0xc9, 0xd5, 0x3e, 0x3d, 0x42, 0x9b, 0xe5, 0x0d, 0xec, 0xc9, 0x0f, + 0x6f, 0x03, 0xb0, 0x41, 0x85, 0xb9, 0xfe, 0xf9, 0xb1, 0xb4, 0xc3, 0xd9, + 0x13, 0x03, 0xfa, 0x0d, 0xe7, 0xd1, 0xb4, 0xc8, 0xf6, 0xb5, 0x11, 0x7a, + 0x92, 0x09, 0x21, 0x7b, 0xa9, 0x89, 0x4c, 0x19, 0x90, 0x0d, 0x96, 0x32, + 0x4f, 0x77, 0xfc, 0x7f, 0x8c, 0xa3, 0x39, 0x2a, 0x56, 0xe6, 0x5c, 0xd1, + 0x86, 0x0a, 0x72, 0xf4, 0xa3, 0x1b, 0xa5, 0x30, 0x04, 0x3c, 0x15, 0x20, + 0x4b, 0xe4, 0x2d, 0x1a, 0xf1, 0x44, 0x48, 0xfc, 0xda, 0xc1, 0x41, 0xdb, + 0x71, 0xfd, 0x92, 0x00, 0x53, 0xe4, 0x70, 0xd0, 0xba, 0xf6, 0xef, 0x17, + 0x72, 0xb8, 0xea, 0x6d, 0x41, 0x16, 0x4d, 0x1f, 0x59, 0x18, 0xbd, 0x1f, + 0xc5, 0x6b, 0x6a, 0x6c, 0x2e, 0xa6, 0x1a, 0x33, 0x74, 0x8b, 0xc5, 0x9f, + 0x16, 0x01, 0x77, 0x7e, 0x37, 0xe7, 0x63, 0xe1, 0xa3, 0x8c, 0x1f, 0x71, + 0xe9, 0x4f, 0xad, 0x15, 0x8b, 0xf3, 0xc9, 0xac, 0xdc, 0x19, 0xad, 0x92, + 0x18, 0x00, 0xf6, 0xa1, 0xd5, 0x97, 0xa3, 0x3d, 0x9e, 0x78, 0x02, 0xc3, + 0x8f, 0x75, 0xd8, 0xad, 0x22, 0xbf, 0xef, 0x19, 0x5d, 0x15, 0x34, 0x1a, + 0x7c, 0x9b, 0xaf, 0xd4, 0xf2, 0xf9, 0x5f, 0x72, 0x88, 0x9c, 0xe4, 0x58, + 0xda, 0x46, 0x8f, 0x79, 0x30, 0x2b, 0xd9, 0x3b, 0xbc, 0xab, 0x28, 0x77, + 0x75, 0x0e, 0x2c, 0x23, 0x47, 0x95, 0x14, 0xeb, 0xf0, 0x4a, 0x3e, 0x53, + 0x93, 0xa7, 0xf4, 0x82, 0x9c, 0x34, 0x8b, 0x80, 0x42, 0xb2, 0xa7, 0xb0, + 0x7c, 0x6c, 0xe1, 0x07, 0xf4, 0x34, 0x3e, 0xed, 0x33, 0x9c, 0xb3, 0xde, + 0xa5, 0x91, 0x61, 0x25, 0x8e, 0x8c, 0x54, 0x56, 0xbe, 0x1a, 0xac, 0x17, + 0xd2, 0x7a, 0xa4, 0x12, 0x54, 0x2a, 0x51, 0xd0, 0x0e, 0xd1, 0xc1, 0x44, + 0x50, 0x05, 0x39, 0xa7, 0xb6, 0x14, 0x45, 0xca, 0xf8, 0x5f, 0x06, 0x6b, + 0x5d, 0x5e, 0xc7, 0xe9, 0x27, 0x6f, 0x38, 0xe0, 0x31, 0xcf, 0xf8, 0xcc, + 0x2e, 0xb9, 0x4a, 0x10, 0x1b, 0xb4, 0x34, 0x4b, 0x90, 0xbb, 0xf2, 0xe0, + 0x3c, 0x79, 0x7f, 0x39, 0x59, 0x0c, 0x01, 0x4c, 0x0d, 0x2d, 0x71, 0xf1, + 0xbd, 0xda, 0x1a, 0x78, 0xcf, 0x26, 0x6f, 0xb5, 0xa9, 0x07, 0x20, 0xe6, + 0x8c, 0xd0, 0xad, 0xd4, 0xca, 0x24, 0x6c, 0xc5, 0x28, 0x1d, 0xfb, 0xcc, + 0xe7, 0x93, 0x72, 0x99, 0x61, 0x63, 0x60, 0x4c, 0x5c, 0xa9, 0xb6, 0x15, + 0x32, 0xa4, 0xbc, 0x1f, 0xf6, 0x63, 0x61, 0x2c, 0x26, 0xa7, 0x0e, 0x5f, + 0x1b, 0x25, 0xce, 0x3f, 0x64, 0xdf, 0x6d, 0xb0, 0x8f, 0xd2, 0xe9, 0x3b, + 0x35, 0xd0, 0x59, 0x81, 0x22, 0xf1, 0x65, 0x86, 0x15, 0x10, 0xe8, 0xa7, + 0xa1, 0x6f, 0xb4, 0x34, 0x1c, 0x79, 0xd5, 0x9e, 0x8d, 0xc8, 0xa5, 0xbb, + 0x82, 0x71, 0x81, 0x00, 0x34, 0x55, 0x6b, 0x96, 0x56, 0x13, 0x0e, 0xe7, + 0x39, 0xa2, 0x6f, 0xbe, 0x54, 0x2a, 0x13, 0x03, 0x13, 0xd2, 0x1d, 0x71, + 0x9a, 0xbe, 0x09, 0x00, 0xe1, 0x8d, 0x59, 0xb5, 0x44, 0x02, }; EXPECT_EQ(Bytes(ciphertext), Bytes(kExpectedCiphertext)); static const uint8_t kExpectedSharedKey[HRSS_KEY_BYTES] = { - 0xbc, 0x98, 0x9c, 0x9c, 0x1f, 0x57, 0x6f, 0x38, 0x0b, 0x5d, 0xc2, - 0x23, 0x7d, 0x01, 0xae, 0x63, 0x17, 0xe8, 0xe4, 0xb2, 0x02, 0xa7, - 0xc4, 0x3a, 0x1b, 0x5a, 0xf3, 0xf8, 0xb5, 0xea, 0x6e, 0x22, + 0x57, 0xf2, 0x77, 0xb2, 0xf3, 0x7f, 0xd0, 0x71, 0xb6, 0x7e, 0x64, + 0x0f, 0x85, 0x1f, 0x6d, 0x3b, 0xd1, 0x7a, 0x6e, 0x01, 0x04, 0xde, + 0x0f, 0x9e, 0x03, 0x95, 0x55, 0x60, 0xce, 0xda, 0x32, 0x71, }; EXPECT_EQ(Bytes(shared_key), Bytes(kExpectedSharedKey)); - HRSS_decap(shared_key, &pub, &priv, ciphertext, sizeof(ciphertext)); + HRSS_decap(shared_key, &priv, ciphertext, sizeof(ciphertext)); EXPECT_EQ(Bytes(shared_key, sizeof(shared_key)), Bytes(kExpectedSharedKey, sizeof(kExpectedSharedKey))); // Corrupt the ciphertext and ensure that the failure key is constant. ciphertext[50] ^= 4; - HRSS_decap(shared_key, &pub, &priv, ciphertext, sizeof(ciphertext)); + HRSS_decap(shared_key, &priv, ciphertext, sizeof(ciphertext)); static const uint8_t kExpectedFailureKey[HRSS_KEY_BYTES] = { - 0x8e, 0x19, 0xfe, 0x2b, 0x12, 0x67, 0xef, 0x9a, 0x63, 0x4d, 0x79, - 0x33, 0x8c, 0xce, 0xbf, 0x03, 0xdb, 0x9c, 0xc4, 0xc1, 0x70, 0xe1, - 0x32, 0xa6, 0xb3, 0xd3, 0xa1, 0x43, 0x3c, 0xf1, 0x1f, 0x5a, + 0x13, 0xf7, 0xed, 0x51, 0x00, 0xbc, 0xca, 0x29, 0xdf, 0xb0, 0xd0, + 0x5e, 0xa1, 0x9d, 0x15, 0xb2, 0xf6, 0x23, 0x94, 0xfd, 0x93, 0x74, + 0x14, 0x46, 0x85, 0x61, 0x8b, 0x87, 0x30, 0xd3, 0x8d, 0xad, }; EXPECT_EQ(Bytes(shared_key), Bytes(kExpectedFailureKey)); } + +#if defined(POLY_RQ_MUL_ASM) && defined(SUPPORTS_ABI_TEST) +TEST(HRSS, ABI) { + const bool has_avx2 = (OPENSSL_ia32cap_P[2] & (1 << 5)) != 0; + if (!has_avx2) { + fprintf(stderr, "Skipping ABI test due to lack of AVX2 support.\n"); + return; + } + + alignas(16) uint16_t r[N + 3]; + alignas(16) uint16_t a[N + 3] = {0}; + alignas(16) uint16_t b[N + 3] = {0}; + CHECK_ABI(poly_Rq_mul, r, a, b); +} +#endif // POLY_RQ_MUL_ASM && SUPPORTS_ABI_TEST diff --git a/src/crypto/hrss/internal.h b/src/crypto/hrss/internal.h index 70218b8..7cfe010 100644 --- a/src/crypto/hrss/internal.h +++ b/src/crypto/hrss/internal.h @@ -42,6 +42,18 @@ OPENSSL_EXPORT void HRSS_poly3_mul(struct poly3 *out, const struct poly3 *x, OPENSSL_EXPORT void HRSS_poly3_invert(struct poly3 *out, const struct poly3 *in); +// On x86-64, we can use the AVX2 code from [HRSS]. (The authors have given +// explicit permission for this and signed a CLA.) However it's 57KB of object +// code, so it's not used if |OPENSSL_SMALL| is defined. +#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL) && \ + defined(OPENSSL_X86_64) && defined(OPENSSL_LINUX) +#define POLY_RQ_MUL_ASM +// poly_Rq_mul is defined in assembly. Inputs and outputs must be 16-byte- +// aligned. +extern void poly_Rq_mul(uint16_t r[N + 3], const uint16_t a[N + 3], + const uint16_t b[N + 3]); +#endif + #if defined(__cplusplus) } // extern "C" diff --git a/src/crypto/impl_dispatch_test.cc b/src/crypto/impl_dispatch_test.cc new file mode 100644 index 0000000..f1192a7 --- /dev/null +++ b/src/crypto/impl_dispatch_test.cc @@ -0,0 +1,155 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#if !defined(NDEBUG) && !defined(BORINGSSL_FIPS) && \ + !defined(BORINGSSL_SHARED_LIBRARY) + +#include +#include +#include + +#include +#include +#include +#include + +#include + +#include "internal.h" + + +class ImplDispatchTest : public ::testing::Test { + public: + void SetUp() override { +#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) + aesni_ = OPENSSL_ia32cap_P[1] & (1 << (57 - 32)); + avx_movbe_ = ((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41; + ssse3_ = OPENSSL_ia32cap_P[1] & (1 << (41 - 32)); + is_x86_64_ = +#if defined(OPENSSL_X86_64) + true; +#else + false; +#endif +#endif // X86 || X86_64 + } + + protected: + // AssertFunctionsHit takes a list of pairs (flag index, boolean), and a + // function to test. It runs the given function and asserts, for each flag + // index, that the boolean reflects whether that flag index was written or + // not, and that no other flagged functions were triggered. + void AssertFunctionsHit(std::vector> flags, + std::function f) { + OPENSSL_memset(BORINGSSL_function_hit, 0, sizeof(BORINGSSL_function_hit)); + + f(); + + for (const auto flag : flags) { + SCOPED_TRACE(flag.first); + + ASSERT_LT(flag.first, sizeof(BORINGSSL_function_hit)); + EXPECT_EQ(flag.second, BORINGSSL_function_hit[flag.first] == 1); + BORINGSSL_function_hit[flag.first] = 0; + } + + for (size_t i = 0; i < sizeof(BORINGSSL_function_hit); i++) { + EXPECT_EQ(0u, BORINGSSL_function_hit[i]) + << "Flag " << i << " unexpectedly hit"; + } + } + +#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) + bool aesni_ = false; + bool avx_movbe_ = false; + bool ssse3_ = false; + bool is_x86_64_ = false; +#endif +}; + +#if !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) + +constexpr size_t kFlag_aes_hw_ctr32_encrypt_blocks = 0; +constexpr size_t kFlag_aes_hw_encrypt = 1; +constexpr size_t kFlag_aesni_gcm_encrypt = 2; +constexpr size_t kFlag_aes_hw_set_encrypt_key = 3; +constexpr size_t kFlag_vpaes_encrypt = 4; +constexpr size_t kFlag_vpaes_set_encrypt_key = 5; +constexpr size_t kFlag_bsaes_ctr32_encrypt_blocks = 6; + +TEST_F(ImplDispatchTest, AEAD_AES_GCM) { + AssertFunctionsHit( + { + {kFlag_aes_hw_ctr32_encrypt_blocks, aesni_}, + {kFlag_aes_hw_encrypt, aesni_}, + {kFlag_aes_hw_set_encrypt_key, aesni_}, + {kFlag_aesni_gcm_encrypt, is_x86_64_ && aesni_ && avx_movbe_}, + {kFlag_vpaes_encrypt, !is_x86_64_ && ssse3_ && !aesni_}, + {kFlag_vpaes_set_encrypt_key, !is_x86_64_ && ssse3_ && !aesni_}, + {kFlag_bsaes_ctr32_encrypt_blocks, is_x86_64_ && ssse3_ && !aesni_}, + }, + [] { + const uint8_t kZeros[16] = {0}; + const uint8_t kPlaintext[40] = {1, 2, 3, 4, 0}; + uint8_t ciphertext[sizeof(kPlaintext) + 16]; + size_t ciphertext_len; + EVP_AEAD_CTX ctx; + ASSERT_TRUE(EVP_AEAD_CTX_init(&ctx, EVP_aead_aes_128_gcm(), kZeros, + sizeof(kZeros), + EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr)); + ASSERT_TRUE(EVP_AEAD_CTX_seal( + &ctx, ciphertext, &ciphertext_len, sizeof(ciphertext), kZeros, + EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()), kPlaintext, + sizeof(kPlaintext), nullptr, 0)); + }); +} + +TEST_F(ImplDispatchTest, AES_set_encrypt_key) { + AssertFunctionsHit( + { + {kFlag_aes_hw_set_encrypt_key, aesni_}, + {kFlag_vpaes_set_encrypt_key, ssse3_ && !aesni_}, + // BSAES will not be used for the |AES_*| functions. + }, + [] { + AES_KEY key; + static const uint8_t kZeros[16] = {0}; + AES_set_encrypt_key(kZeros, sizeof(kZeros) * 8, &key); + }); +} + +TEST_F(ImplDispatchTest, AES_single_block) { + AES_KEY key; + static const uint8_t kZeros[16] = {0}; + AES_set_encrypt_key(kZeros, sizeof(kZeros) * 8, &key); + + AssertFunctionsHit( + { + {kFlag_aes_hw_encrypt, aesni_}, + {kFlag_vpaes_encrypt, ssse3_ && !aesni_}, + // BSAES will not be used for the |AES_*| functions. + }, + [&key] { + uint8_t in[AES_BLOCK_SIZE] = {0}; + uint8_t out[AES_BLOCK_SIZE]; + AES_encrypt(in, out, &key); + }); +} + +#endif // X86 || X86_64 + +#endif // !NDEBUG && !FIPS && !SHARED_LIBRARY diff --git a/src/crypto/internal.h b/src/crypto/internal.h index b98b556..b80f065 100644 --- a/src/crypto/internal.h +++ b/src/crypto/internal.h @@ -116,6 +116,10 @@ #include #include +#if defined(BORINGSSL_CONSTANT_TIME_VALIDATION) +#include +#endif + #if !defined(__cplusplus) #if defined(_MSC_VER) #define alignas(x) __declspec(align(x)) @@ -365,6 +369,26 @@ static inline int constant_time_select_int(crypto_word_t mask, int a, int b) { (crypto_word_t)(b))); } +#if defined(BORINGSSL_CONSTANT_TIME_VALIDATION) + +// CONSTTIME_SECRET takes a pointer and a number of bytes and marks that region +// of memory as secret. Secret data is tracked as it flows to registers and +// other parts of a memory. If secret data is used as a condition for a branch, +// or as a memory index, it will trigger warnings in valgrind. +#define CONSTTIME_SECRET(x, y) VALGRIND_MAKE_MEM_UNDEFINED(x, y) + +// CONSTTIME_DECLASSIFY takes a pointer and a number of bytes and marks that +// region of memory as public. Public data is not subject to constant-time +// rules. +#define CONSTTIME_DECLASSIFY(x, y) VALGRIND_MAKE_MEM_DEFINED(x, y) + +#else + +#define CONSTTIME_SECRET(x, y) +#define CONSTTIME_DECLASSIFY(x, y) + +#endif // BORINGSSL_CONSTANT_TIME_VALIDATION + // Thread-safe initialisation. @@ -529,6 +553,7 @@ BSSL_NAMESPACE_END // stored. typedef enum { OPENSSL_THREAD_LOCAL_ERR = 0, + OPENSSL_THREAD_LOCAL_RAND, OPENSSL_THREAD_LOCAL_TEST, NUM_OPENSSL_THREAD_LOCALS, } thread_local_data_t; @@ -620,7 +645,7 @@ static inline uint64_t CRYPTO_bswap8(uint64_t x) { } #elif defined(_MSC_VER) OPENSSL_MSVC_PRAGMA(warning(push, 3)) -#include +#include OPENSSL_MSVC_PRAGMA(warning(pop)) #pragma intrinsic(_byteswap_uint64, _byteswap_ulong) static inline uint32_t CRYPTO_bswap4(uint32_t x) { diff --git a/src/crypto/perlasm/x86_64-xlate.pl b/src/crypto/perlasm/x86_64-xlate.pl index 49551c8..f928411 100755 --- a/src/crypto/perlasm/x86_64-xlate.pl +++ b/src/crypto/perlasm/x86_64-xlate.pl @@ -124,6 +124,9 @@ my %globals; $self->{sz} = ""; } elsif ($self->{op} =~ /mov[dq]/ && $$line =~ /%xmm/) { $self->{sz} = ""; + } elsif ($self->{op} =~ /^or([qlwb])$/) { + $self->{op} = "or"; + $self->{sz} = $1; } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) { $self->{op} = $1; $self->{sz} = $2; @@ -536,6 +539,7 @@ my %globals; ); my ($cfa_reg, $cfa_rsp); + my @cfa_stack; # [us]leb128 format is variable-length integer representation base # 2^128, with most significant bit of each byte being 0 denoting @@ -683,6 +687,14 @@ my %globals; cfa_expression($$line))); last; }; + /remember_state/ + && do { push @cfa_stack, [$cfa_reg, $cfa_rsp]; + last; + }; + /restore_state/ + && do { ($cfa_reg, $cfa_rsp) = @{pop @cfa_stack}; + last; + }; } $self->{value} = ".cfi_$dir\t$$line" if ($dir); @@ -720,7 +732,7 @@ my %globals; $$line = $globals{$$line} if ($prefix); last; }; - /\.type/ && do { my ($sym,$type,$narg) = split(',',$$line); + /\.type/ && do { my ($sym,$type,$narg) = split(/\s*,\s*/,$$line); if ($type eq "\@function") { undef $current_function; $current_function->{name} = $sym; @@ -742,7 +754,7 @@ my %globals; } last; }; - /\.rva|\.long|\.quad/ + /\.rva|\.long|\.quad|\.byte/ && do { $$line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei; $$line =~ s/\.L/$decor/g; last; @@ -882,7 +894,7 @@ my %globals; $var=~s/^(0b[0-1]+)/oct($1)/eig; $var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm); if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva")) - { $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; } + { $var=~s/^([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; } $var; }; @@ -1169,7 +1181,20 @@ while(defined(my $line=<>)) { $line =~ s|\R$||; # Better chomp - $line =~ s|[#!].*$||; # get rid of asm-style comments... + if ($nasm) { + $line =~ s|^#ifdef |%ifdef |; + $line =~ s|^#ifndef |%ifndef |; + $line =~ s|^#endif|%endif|; + $line =~ s|[#!].*$||; # get rid of asm-style comments... + } else { + # Get rid of asm-style comments but not preprocessor directives. The + # former are identified by having a letter after the '#' and starting in + # the first column. + $line =~ s|!.*$||; + $line =~ s|(?<=.)#.*$||; + $line =~ s|^#([^a-z].*)?$||; + } + $line =~ s|/\*.*\*/||; # ... and C-style comments... $line =~ s|^\s+||; # ... and skip white spaces in beginning $line =~ s|\s+$||; # ... and at the end diff --git a/src/crypto/perlasm/x86asm.pl b/src/crypto/perlasm/x86asm.pl index 3d2943b..3278188 100644 --- a/src/crypto/perlasm/x86asm.pl +++ b/src/crypto/perlasm/x86asm.pl @@ -33,6 +33,26 @@ sub ::AUTOLOAD &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD"; } +# record_function_hit(int) writes a byte with value one to the given offset of +# |BORINGSSL_function_hit|, but only if NDEBUG is not defined. This is used in +# impl_dispatch_test.cc to test whether the expected assembly functions are +# triggered by high-level API calls. +sub ::record_function_hit +{ my($index)=@_; + &preprocessor_ifndef("NDEBUG"); + &push("ebx"); + &push("edx"); + &call(&label("pic")); + &set_label("pic"); + &blindpop("ebx"); + &lea("ebx",&DWP("BORINGSSL_function_hit+$index"."-".&label("pic"),"ebx")); + &mov("edx", 1); + &movb(&BP(0, "ebx"), "dl"); + &pop("edx"); + &pop("ebx"); + &preprocessor_endif(); +} + sub ::emit { my $opcode=shift; diff --git a/src/crypto/perlasm/x86gas.pl b/src/crypto/perlasm/x86gas.pl index 0c989a1..4e19a89 100644 --- a/src/crypto/perlasm/x86gas.pl +++ b/src/crypto/perlasm/x86gas.pl @@ -265,6 +265,14 @@ ___ sub ::dataseg { push(@out,".data\n"); } +sub ::preprocessor_ifndef +{ my($define)=@_; + push(@out,"#ifndef ${define}\n"); +} + +sub ::preprocessor_endif +{ push(@out,"#endif\n"); } + *::hidden = sub { push(@out,".hidden\t$nmdecor$_[0]\n"); } if ($::elf); 1; diff --git a/src/crypto/perlasm/x86masm.pl b/src/crypto/perlasm/x86masm.pl index dffee76..01bfbf3 100644 --- a/src/crypto/perlasm/x86masm.pl +++ b/src/crypto/perlasm/x86masm.pl @@ -203,4 +203,12 @@ sub ::safeseh push(@out,"ENDIF\n"); } +sub ::preprocessor_ifndef +{ my($define)=@_; + push(@out,"%ifndef ${define}\n"); +} + +sub ::preprocessor_endif +{ push(@out,"%endif\n"); } + 1; diff --git a/src/crypto/perlasm/x86nasm.pl b/src/crypto/perlasm/x86nasm.pl index d3773b6..a3e0ab7 100644 --- a/src/crypto/perlasm/x86nasm.pl +++ b/src/crypto/perlasm/x86nasm.pl @@ -191,4 +191,12 @@ sub ::safeseh push(@out,"%endif\n"); } +sub ::preprocessor_ifndef +{ my($define)=@_; + push(@out,"%ifndef ${define}\n"); +} + +sub ::preprocessor_endif +{ push(@out,"%endif\n"); } + 1; diff --git a/src/crypto/pool/internal.h b/src/crypto/pool/internal.h index 5b288eb..ed91de6 100644 --- a/src/crypto/pool/internal.h +++ b/src/crypto/pool/internal.h @@ -23,7 +23,7 @@ extern "C" { #endif -DECLARE_LHASH_OF(CRYPTO_BUFFER); +DECLARE_LHASH_OF(CRYPTO_BUFFER) struct crypto_buffer_st { CRYPTO_BUFFER_POOL *pool; diff --git a/src/crypto/rand_extra/rand_test.cc b/src/crypto/rand_extra/rand_test.cc index 9ee3f26..9c69b8f 100644 --- a/src/crypto/rand_extra/rand_test.cc +++ b/src/crypto/rand_extra/rand_test.cc @@ -14,10 +14,15 @@ #include +#include + #include +#include #include +#include "../fipsmodule/rand/internal.h" +#include "../test/abi_test.h" #include "../test/test_util.h" #if defined(OPENSSL_THREADS) @@ -28,7 +33,6 @@ #if !defined(OPENSSL_WINDOWS) #include -#include #include #include #include @@ -183,4 +187,21 @@ TEST(RandTest, Threads) { // Draw entropy in parallel with lower concurrency than the previous maximum. RunConcurrentRands(kFewerThreads); } -#endif +#endif // OPENSSL_THREADS + +#if defined(OPENSSL_X86_64) && defined(SUPPORTS_ABI_TEST) +TEST(RandTest, RdrandABI) { + if (!have_rdrand()) { + fprintf(stderr, "rdrand not supported. Skipping.\n"); + return; + } + + uint8_t buf[32]; + CHECK_ABI_SEH(CRYPTO_rdrand, buf); + CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, nullptr, 0); + CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 8); + CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 16); + CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 24); + CHECK_ABI_SEH(CRYPTO_rdrand_multiple8_buf, buf, 32); +} +#endif // OPENSSL_X86_64 && SUPPORTS_ABI_TEST diff --git a/src/crypto/stack/stack.c b/src/crypto/stack/stack.c index 93b9d1b..ec557c0 100644 --- a/src/crypto/stack/stack.c +++ b/src/crypto/stack/stack.c @@ -358,8 +358,6 @@ err: } void sk_sort(_STACK *sk) { - int (*comp_func)(const void *,const void *); - if (sk == NULL || sk->comp == NULL || sk->sorted) { return; } @@ -370,8 +368,11 @@ void sk_sort(_STACK *sk) { // e.g., CFI does not notice. Unfortunately, |qsort| is missing a void* // parameter in its callback and |qsort_s| / |qsort_r| are a mess of // incompatibility. - comp_func = (int (*)(const void *, const void *))(sk->comp); - qsort(sk->data, sk->num, sizeof(void *), comp_func); + if (sk->num >= 2) { + int (*comp_func)(const void *, const void *) = + (int (*)(const void *, const void *))(sk->comp); + qsort(sk->data, sk->num, sizeof(void *), comp_func); + } sk->sorted = 1; } diff --git a/src/crypto/test/CMakeLists.txt b/src/crypto/test/CMakeLists.txt index 3e02c3c..b968fd7 100644 --- a/src/crypto/test/CMakeLists.txt +++ b/src/crypto/test/CMakeLists.txt @@ -1,15 +1,24 @@ add_library( - test_support + test_support_lib - OBJECT + STATIC + abi_test.cc file_test.cc malloc.cc test_util.cc wycheproof_util.cc ) -add_dependencies(test_support global_target) +if (LIBUNWIND_FOUND) + target_compile_options(test_support_lib PRIVATE ${LIBUNWIND_CFLAGS_OTHER}) + target_include_directories(test_support_lib PRIVATE ${LIBUNWIND_INCLUDE_DIRS}) + target_link_libraries(test_support_lib ${LIBUNWIND_LDFLAGS}) +endif() +if(WIN32) + target_link_libraries(test_support_lib dbghelp) +endif() +add_dependencies(test_support_lib global_target) add_library( boringssl_gtest_main diff --git a/src/crypto/test/abi_test.cc b/src/crypto/test/abi_test.cc new file mode 100644 index 0000000..9844c73 --- /dev/null +++ b/src/crypto/test/abi_test.cc @@ -0,0 +1,786 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "abi_test.h" + +#include +#include + +#include +#include + +#include +#include +#include +#include + +#if defined(OPENSSL_X86_64) && defined(SUPPORTS_ABI_TEST) +#if defined(OPENSSL_LINUX) && defined(BORINGSSL_HAVE_LIBUNWIND) +#define SUPPORTS_UNWIND_TEST +#define UNW_LOCAL_ONLY +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#elif defined(OPENSSL_WINDOWS) +#define SUPPORTS_UNWIND_TEST +OPENSSL_MSVC_PRAGMA(warning(push, 3)) +#include +#include +OPENSSL_MSVC_PRAGMA(warning(pop)) +#endif +#endif // X86_64 && SUPPORTS_ABI_TEST + + +namespace abi_test { + +namespace internal { + +static bool g_unwind_tests_enabled = false; + +std::string FixVAArgsString(const char *str) { + std::string ret = str; + size_t idx = ret.find(','); + if (idx == std::string::npos) { + return ret + "()"; + } + size_t idx2 = idx + 1; + while (idx2 < ret.size() && ret[idx2] == ' ') { + idx2++; + } + while (idx > 0 && ret[idx - 1] == ' ') { + idx--; + } + return ret.substr(0, idx) + "(" + ret.substr(idx2) + ")"; +} + +#if defined(SUPPORTS_ABI_TEST) +// ForEachMismatch calls |func| for each register where |a| and |b| differ. +template +static void ForEachMismatch(const CallerState &a, const CallerState &b, + const Func &func) { +#define CALLER_STATE_REGISTER(type, name) \ + if (a.name != b.name) { \ + func(#name); \ + } + LOOP_CALLER_STATE_REGISTERS() +#undef CALLER_STATE_REGISTER +} + +// ReadUnwindResult adds the results of the most recent unwind test to |out|. +static void ReadUnwindResult(Result *out); + +crypto_word_t RunTrampoline(Result *out, crypto_word_t func, + const crypto_word_t *argv, size_t argc, + bool unwind) { + CallerState state; + RAND_bytes(reinterpret_cast(&state), sizeof(state)); + + unwind &= g_unwind_tests_enabled; + CallerState state2 = state; + crypto_word_t ret = abi_test_trampoline(func, &state2, argv, argc, unwind); +#if defined(OPENSSL_X86_64) || defined(OPENSSL_X86) + // Query and clear the direction flag early, so negative tests do not + // interfere with |malloc|. + bool direction_flag = abi_test_get_and_clear_direction_flag(); +#endif // OPENSSL_X86_64 || OPENSSL_X86 + + *out = Result(); + ForEachMismatch(state, state2, [&](const char *reg) { + out->errors.push_back(std::string(reg) + " was not restored after return"); + }); +#if defined(OPENSSL_X86_64) || defined(OPENSSL_X86) + // Linux and Windows ABIs for x86 require the direction flag be cleared on + // return. (Some OpenSSL assembly preserves it, which is stronger, but we only + // require what is specified by the ABI so |CHECK_ABI| works with C compiler + // output.) + if (direction_flag) { + out->errors.emplace_back("Direction flag set after return"); + } +#endif // OPENSSL_X86_64 || OPENSSL_X86 + if (unwind) { + ReadUnwindResult(out); + } + return ret; +} +#endif // SUPPORTS_ABI_TEST + +#if defined(SUPPORTS_UNWIND_TEST) +// We test unwind metadata by running the function under test with the trap flag +// set. This results in |SIGTRAP| and |EXCEPTION_SINGLE_STEP| on Linux and +// Windows, respectively. We hande these and verify libunwind or the Windows +// unwind APIs unwind successfully. + +// IsAncestorStackFrame returns true if |a_sp| is an ancestor stack frame of +// |b_sp|. +static bool IsAncestorStackFrame(crypto_word_t a_sp, crypto_word_t b_sp) { +#if defined(OPENSSL_X86_64) + // The stack grows down, so ancestor stack frames have higher addresses. + return a_sp > b_sp; +#else +#error "unknown architecture" +#endif +} + +// Implement some string formatting utilties. Ideally we would use |snprintf|, +// but this is called in a signal handler and |snprintf| is not async-signal- +// safe. + +#if !defined(OPENSSL_WINDOWS) +static std::array WordToDecimal( + crypto_word_t v) { + std::array ret; + size_t len = 0; + do { + ret[len++] = '0' + v % 10; + v /= 10; + } while (v != 0); + for (size_t i = 0; i < len / 2; i++) { + std::swap(ret[i], ret[len - 1 - i]); + } + ret[len] = '\0'; + return ret; +} +#endif // !OPENSSL_WINDOWS + +static std::array WordToHex( + crypto_word_t v) { + static const char kHex[] = "0123456789abcdef"; + std::array ret; + for (size_t i = sizeof(crypto_word_t) - 1; i < sizeof(crypto_word_t); i--) { + uint8_t b = v & 0xff; + v >>= 8; + ret[i * 2] = kHex[b >> 4]; + ret[i * 2 + 1] = kHex[b & 0xf]; + } + ret[sizeof(crypto_word_t) * 2] = '\0'; + return ret; +} + +static void StrCatSignalSafeImpl(bssl::Span out) {} + +template +static void StrCatSignalSafeImpl(bssl::Span out, const char *str, + Args... args) { + BUF_strlcat(out.data(), str, out.size()); + StrCatSignalSafeImpl(out, args...); +} + +template +static void StrCatSignalSafe(bssl::Span out, Args... args) { + if (out.empty()) { + return; + } + out[0] = '\0'; + StrCatSignalSafeImpl(out, args...); +} + +template +[[noreturn]] static void FatalError(Args... args) { + // We cannot use |snprintf| here because it is not async-signal-safe. + char buf[512]; + StrCatSignalSafe(buf, args..., "\n"); +#if defined(OPENSSL_WINDOWS) + HANDLE stderr_handle = GetStdHandle(STD_ERROR_HANDLE); + if (stderr_handle != INVALID_HANDLE_VALUE) { + DWORD unused; + WriteFile(stderr_handle, buf, strlen(buf), &unused, nullptr); + } +#else + write(STDERR_FILENO, buf, strlen(buf)); +#endif + abort(); +} + +class UnwindStatus { + public: + UnwindStatus() : err_(nullptr) {} + explicit UnwindStatus(const char *err) : err_(err) {} + + bool ok() const { return err_ == nullptr; } + const char *Error() const { return err_; } + + private: + const char *err_; +}; + +template +class UnwindStatusOr { + public: + UnwindStatusOr(UnwindStatus status) : status_(status) { + assert(!status_.ok()); + } + + UnwindStatusOr(const T &value) : status_(UnwindStatus()), value_(value) {} + + bool ok() const { return status_.ok(); } + const char *Error() const { return status_.Error(); } + + const T &ValueOrDie(const char *msg = "Unexpected error") const { + if (!ok()) { + FatalError(msg, ": ", Error()); + } + return value_; + } + + private: + UnwindStatus status_; + T value_; +}; + +// UnwindCursor abstracts between libunwind and Windows unwind APIs. It is +// async-signal-safe. +#if defined(OPENSSL_WINDOWS) +class UnwindCursor { + public: + explicit UnwindCursor(const CONTEXT &ctx) : ctx_(ctx) { + starting_ip_ = ctx_.Rip; + } + + crypto_word_t starting_ip() const { return starting_ip_; } + + // Step unwinds the cursor by one frame. On success, it returns whether there + // were more frames to unwind. + UnwindStatusOr Step() { + bool is_top = is_top_; + is_top_ = false; + + DWORD64 image_base; + RUNTIME_FUNCTION *entry = + RtlLookupFunctionEntry(ctx_.Rip, &image_base, nullptr); + if (entry == nullptr) { + // This is a leaf function. Leaf functions do not touch stack or + // callee-saved registers, so they may be unwound by simulating a ret. + if (!is_top) { + return UnwindStatus("leaf function found below the top frame"); + } + memcpy(&ctx_.Rip, reinterpret_cast(ctx_.Rsp), + sizeof(ctx_.Rip)); + ctx_.Rsp += 8; + return true; + } + + // This is a frame function. Call into the Windows unwinder. + void *handler_data; + DWORD64 establisher_frame; + RtlVirtualUnwind(UNW_FLAG_NHANDLER, image_base, ctx_.Rip, entry, &ctx_, + &handler_data, &establisher_frame, nullptr); + return ctx_.Rip != 0; + } + + // GetIP returns the instruction pointer at the current frame. + UnwindStatusOr GetIP() { return ctx_.Rip; } + + // GetSP returns the stack pointer at the current frame. + UnwindStatusOr GetSP() { return ctx_.Rsp; } + + // GetCallerState returns the callee-saved registers at the current frame. + UnwindStatusOr GetCallerState() { + CallerState state; + state.rbx = ctx_.Rbx; + state.rbp = ctx_.Rbp; + state.rdi = ctx_.Rdi; + state.rsi = ctx_.Rsi; + state.r12 = ctx_.R12; + state.r13 = ctx_.R13; + state.r14 = ctx_.R14; + state.r15 = ctx_.R15; + memcpy(&state.xmm6, &ctx_.Xmm6, sizeof(Reg128)); + memcpy(&state.xmm7, &ctx_.Xmm7, sizeof(Reg128)); + memcpy(&state.xmm8, &ctx_.Xmm8, sizeof(Reg128)); + memcpy(&state.xmm9, &ctx_.Xmm9, sizeof(Reg128)); + memcpy(&state.xmm10, &ctx_.Xmm10, sizeof(Reg128)); + memcpy(&state.xmm11, &ctx_.Xmm11, sizeof(Reg128)); + memcpy(&state.xmm12, &ctx_.Xmm12, sizeof(Reg128)); + memcpy(&state.xmm13, &ctx_.Xmm13, sizeof(Reg128)); + memcpy(&state.xmm14, &ctx_.Xmm14, sizeof(Reg128)); + memcpy(&state.xmm15, &ctx_.Xmm15, sizeof(Reg128)); + return state; + } + + // ToString returns a human-readable representation of the address the cursor + // started at. + const char *ToString() { + StrCatSignalSafe(starting_ip_buf_, "0x", WordToHex(starting_ip_).data()); + return starting_ip_buf_; + } + + private: + CONTEXT ctx_; + crypto_word_t starting_ip_; + char starting_ip_buf_[64]; + bool is_top_ = true; +}; +#else // !OPENSSL_WINDOWS +class UnwindCursor { + public: + explicit UnwindCursor(unw_context_t *ctx) : ctx_(ctx) { + int ret = InitAtSignalFrame(&cursor_); + if (ret < 0) { + FatalError("Error getting unwind context: ", unw_strerror(ret)); + } + starting_ip_ = GetIP().ValueOrDie("Error getting instruction pointer"); + } + + // Step unwinds the cursor by one frame. On success, it returns whether there + // were more frames to unwind. + UnwindStatusOr Step() { + int ret = unw_step(&cursor_); + if (ret < 0) { + return UNWError(ret); + } + return ret != 0; + } + + // GetIP returns the instruction pointer at the current frame. + UnwindStatusOr GetIP() { + crypto_word_t ip; + int ret = GetReg(&ip, UNW_REG_IP); + if (ret < 0) { + return UNWError(ret); + } + return ip; + } + + // GetSP returns the stack pointer at the current frame. + UnwindStatusOr GetSP() { + crypto_word_t sp; + int ret = GetReg(&sp, UNW_REG_SP); + if (ret < 0) { + return UNWError(ret); + } + return sp; + } + + // GetCallerState returns the callee-saved registers at the current frame. + UnwindStatusOr GetCallerState() { + CallerState state; + int ret = 0; +#if defined(OPENSSL_X86_64) + ret = ret < 0 ? ret : GetReg(&state.rbx, UNW_X86_64_RBX); + ret = ret < 0 ? ret : GetReg(&state.rbp, UNW_X86_64_RBP); + ret = ret < 0 ? ret : GetReg(&state.r12, UNW_X86_64_R12); + ret = ret < 0 ? ret : GetReg(&state.r13, UNW_X86_64_R13); + ret = ret < 0 ? ret : GetReg(&state.r14, UNW_X86_64_R14); + ret = ret < 0 ? ret : GetReg(&state.r15, UNW_X86_64_R15); +#else +#error "unknown architecture" +#endif + if (ret < 0) { + return UNWError(ret); + } + return state; + } + + // ToString returns a human-readable representation of the address the cursor + // started at, using debug information if available. + const char *ToString() { + // Use a new cursor. |cursor_| has already been unwound, and + // |unw_get_proc_name| is slow so we do not sample it unconditionally in the + // constructor. + unw_cursor_t cursor; + unw_word_t off; + if (InitAtSignalFrame(&cursor) != 0 || + unw_get_proc_name(&cursor, starting_ip_buf_, sizeof(starting_ip_buf_), + &off) != 0) { + StrCatSignalSafe(starting_ip_buf_, "0x", WordToHex(starting_ip_).data()); + return starting_ip_buf_; + } + size_t len = strlen(starting_ip_buf_); + // Print the offset in decimal, to match gdb's disassembly output and ease + // debugging. + StrCatSignalSafe(bssl::Span(starting_ip_buf_).subspan(len), "+", + WordToDecimal(off).data(), " (0x", + WordToHex(starting_ip_).data(), ")"); + return starting_ip_buf_; + } + + private: + static UnwindStatus UNWError(int ret) { + assert(ret < 0); + const char *msg = unw_strerror(ret); + return UnwindStatus(msg == nullptr ? "unknown error" : msg); + } + + int InitAtSignalFrame(unw_cursor_t *cursor) { + // Work around a bug in libunwind which breaks rax and rdx recovery. This + // breaks functions which temporarily use rax as the CFA register. See + // https://git.savannah.gnu.org/gitweb/?p=libunwind.git;a=commit;h=819bf51bbd2da462c2ec3401e8ac9153b6e725e3 + OPENSSL_memset(cursor, 0, sizeof(*cursor)); + int ret = unw_init_local(cursor, ctx_); + if (ret < 0) { + return ret; + } + for (;;) { + ret = unw_is_signal_frame(cursor); + if (ret < 0) { + return ret; + } + if (ret != 0) { + return 0; // Found the signal frame. + } + ret = unw_step(cursor); + if (ret < 0) { + return ret; + } + } + } + + int GetReg(crypto_word_t *out, unw_regnum_t reg) { + unw_word_t val; + int ret = unw_get_reg(&cursor_, reg, &val); + if (ret >= 0) { + static_assert(sizeof(crypto_word_t) == sizeof(unw_word_t), + "crypto_word_t and unw_word_t are inconsistent"); + *out = val; + } + return ret; + } + + unw_context_t *ctx_; + unw_cursor_t cursor_; + crypto_word_t starting_ip_; + char starting_ip_buf_[64]; +}; +#endif // OPENSSL_WINDOWS + +// g_in_trampoline is true if we are in an instrumented |abi_test_trampoline| +// call, in the region that triggers |SIGTRAP|. +static bool g_in_trampoline = false; +// g_unwind_function_done, if |g_in_trampoline| is true, is whether the function +// under test has returned. It is undefined otherwise. +static bool g_unwind_function_done; +// g_trampoline_state, if |g_in_trampoline| is true, is the state the function +// under test must preserve. It is undefined otherwise. +static CallerState g_trampoline_state; +// g_trampoline_sp, if |g_in_trampoline| is true, is the stack pointer of the +// trampoline frame. It is undefined otherwise. +static crypto_word_t g_trampoline_sp; + +// kMaxUnwindErrors is the maximum number of unwind errors reported per +// function. If a function's unwind tables are wrong, we are otherwise likely to +// repeat the same error at multiple addresses. +static constexpr size_t kMaxUnwindErrors = 10; + +// Errors are saved in a signal handler. We use a static buffer to avoid +// allocation. +static size_t g_num_unwind_errors = 0; + +struct UnwindError { +#if defined(OPENSSL_WINDOWS) + crypto_word_t ip; +#endif + char str[512]; +}; + +static UnwindError g_unwind_errors[kMaxUnwindErrors]; + +template +static void AddUnwindError(UnwindCursor *cursor, Args... args) { + if (g_num_unwind_errors >= kMaxUnwindErrors) { + return; + } +#if defined(OPENSSL_WINDOWS) + // Windows symbol functions should not be called when handling an + // exception. Stash the instruction pointer, to be symbolized later. + g_unwind_errors[g_num_unwind_errors].ip = cursor->starting_ip(); + StrCatSignalSafe(g_unwind_errors[g_num_unwind_errors].str, args...); +#else + StrCatSignalSafe(g_unwind_errors[g_num_unwind_errors].str, + "unwinding at ", cursor->ToString(), ": ", args...); +#endif + g_num_unwind_errors++; +} + +static void CheckUnwind(UnwindCursor *cursor) { + const crypto_word_t kStartAddress = + reinterpret_cast(&abi_test_unwind_start); + const crypto_word_t kReturnAddress = + reinterpret_cast(&abi_test_unwind_return); + const crypto_word_t kStopAddress = + reinterpret_cast(&abi_test_unwind_stop); + + crypto_word_t sp = cursor->GetSP().ValueOrDie("Error getting stack pointer"); + crypto_word_t ip = + cursor->GetIP().ValueOrDie("Error getting instruction pointer"); + if (!g_in_trampoline) { + if (ip != kStartAddress) { + FatalError("Unexpected SIGTRAP at ", cursor->ToString()); + } + + // Save the current state and begin. + g_in_trampoline = true; + g_unwind_function_done = false; + g_trampoline_sp = sp; + g_trampoline_state = cursor->GetCallerState().ValueOrDie( + "Error getting initial caller state"); + } else { + if (sp == g_trampoline_sp || g_unwind_function_done) { + // |g_unwind_function_done| should imply |sp| is |g_trampoline_sp|, but + // clearing the trap flag in x86 briefly displaces the stack pointer. + // + // Also note we check both |ip| and |sp| below, in case the function under + // test is also |abi_test_trampoline|. + if (ip == kReturnAddress && sp == g_trampoline_sp) { + g_unwind_function_done = true; + } + if (ip == kStopAddress && sp == g_trampoline_sp) { + // |SIGTRAP| is fatal again. + g_in_trampoline = false; + } + } else if (IsAncestorStackFrame(sp, g_trampoline_sp)) { + // This should never happen. We went past |g_trampoline_sp| without + // stopping at |kStopAddress|. + AddUnwindError(cursor, "stack frame is before caller"); + g_in_trampoline = false; + } else if (g_num_unwind_errors < kMaxUnwindErrors) { + for (;;) { + UnwindStatusOr step_ret = cursor->Step(); + if (!step_ret.ok()) { + AddUnwindError(cursor, "error unwinding: ", step_ret.Error()); + break; + } + // |Step| returns whether there was a frame to unwind. + if (!step_ret.ValueOrDie()) { + AddUnwindError(cursor, "could not unwind to starting frame"); + break; + } + + UnwindStatusOr cur_sp = cursor->GetSP(); + if (!cur_sp.ok()) { + AddUnwindError(cursor, + "error recovering stack pointer: ", cur_sp.Error()); + break; + } + if (IsAncestorStackFrame(cur_sp.ValueOrDie(), g_trampoline_sp)) { + AddUnwindError(cursor, "unwound past starting frame"); + break; + } + if (cur_sp.ValueOrDie() == g_trampoline_sp) { + // We found the parent frame. Check the return address. + UnwindStatusOr cur_ip = cursor->GetIP(); + if (!cur_ip.ok()) { + AddUnwindError(cursor, + "error recovering return address: ", cur_ip.Error()); + } else if (cur_ip.ValueOrDie() != kReturnAddress) { + AddUnwindError(cursor, "wrong return address"); + } + + // Check the remaining registers. + UnwindStatusOr state = cursor->GetCallerState(); + if (!state.ok()) { + AddUnwindError(cursor, + "error recovering registers: ", state.Error()); + } else { + ForEachMismatch(state.ValueOrDie(), g_trampoline_state, + [&](const char *reg) { + AddUnwindError(cursor, reg, " was not recovered"); + }); + } + break; + } + } + } + } +} + +static void ReadUnwindResult(Result *out) { + for (size_t i = 0; i < g_num_unwind_errors; i++) { +#if defined(OPENSSL_WINDOWS) + const crypto_word_t ip = g_unwind_errors[i].ip; + char buf[256]; + DWORD64 displacement; + struct { + SYMBOL_INFO info; + char name_buf[128]; + } symbol; + memset(&symbol, 0, sizeof(symbol)); + symbol.info.SizeOfStruct = sizeof(symbol.info); + symbol.info.MaxNameLen = sizeof(symbol.name_buf); + if (SymFromAddr(GetCurrentProcess(), ip, &displacement, &symbol.info)) { + snprintf(buf, sizeof(buf), "unwinding at %s+%llu (0x%s): %s", + symbol.info.Name, displacement, WordToHex(ip).data(), + g_unwind_errors[i].str); + } else { + snprintf(buf, sizeof(buf), "unwinding at 0x%s: %s", + WordToHex(ip).data(), g_unwind_errors[i].str); + } + out->errors.emplace_back(buf); +#else + out->errors.emplace_back(g_unwind_errors[i].str); +#endif + } + if (g_num_unwind_errors == kMaxUnwindErrors) { + out->errors.emplace_back("(additional errors omitted)"); + } + g_num_unwind_errors = 0; +} + +#if defined(OPENSSL_WINDOWS) +static DWORD g_main_thread; + +static long ExceptionHandler(EXCEPTION_POINTERS *info) { + if (info->ExceptionRecord->ExceptionCode != EXCEPTION_SINGLE_STEP || + GetCurrentThreadId() != g_main_thread) { + return EXCEPTION_CONTINUE_SEARCH; + } + + UnwindCursor cursor(*info->ContextRecord); + CheckUnwind(&cursor); + if (g_in_trampoline) { + // Windows clears the trap flag, so we must restore it. + info->ContextRecord->EFlags |= 0x100; + } + return EXCEPTION_CONTINUE_EXECUTION; +} + +static void EnableUnwindTestsImpl() { + if (IsDebuggerPresent()) { + // Unwind tests drive logic via |EXCEPTION_SINGLE_STEP|, which conflicts with + // debuggers. + fprintf(stderr, "Debugger detected. Disabling unwind tests.\n"); + return; + } + + g_main_thread = GetCurrentThreadId(); + + SymSetOptions(SYMOPT_DEFERRED_LOADS); + if (!SymInitialize(GetCurrentProcess(), nullptr, TRUE)) { + fprintf(stderr, "Could not initialize symbols.\n"); + } + + if (AddVectoredExceptionHandler(0, ExceptionHandler) == nullptr) { + fprintf(stderr, "Error installing exception handler.\n"); + abort(); + } + + g_unwind_tests_enabled = true; +} +#else // !OPENSSL_WINDOWS +// HandleEINTR runs |func| and returns the result, retrying the operation on +// |EINTR|. +template +static auto HandleEINTR(const Func &func) -> decltype(func()) { + decltype(func()) ret; + do { + ret = func(); + } while (ret < 0 && errno == EINTR); + return ret; +} + +static bool ReadFileToString(std::string *out, const char *path) { + out->clear(); + + int fd = HandleEINTR([&] { return open(path, O_RDONLY); }); + if (fd < 0) { + return false; + } + + for (;;) { + char buf[1024]; + ssize_t ret = HandleEINTR([&] { return read(fd, buf, sizeof(buf)); }); + if (ret < 0) { + close(fd); + return false; + } + if (ret == 0) { + close(fd); + return true; + } + out->append(buf, static_cast(ret)); + } +} + +static bool IsBeingDebugged() { + std::string status; + if (!ReadFileToString(&status, "/proc/self/status")) { + perror("error reading /proc/self/status"); + return false; + } + std::string key = "\nTracerPid:\t"; + size_t idx = status.find(key); + if (idx == std::string::npos) { + return false; + } + idx += key.size(); + return idx < status.size() && status[idx] != '0'; +} + +static pthread_t g_main_thread; + +static void TrapHandler(int sig) { + // Note this is a signal handler, so only async-signal-safe functions may be + // used here. See signal-safety(7). libunwind promises local unwind is + // async-signal-safe. + + // |pthread_equal| is not listed as async-signal-safe, but this is clearly an + // oversight. + if (!pthread_equal(g_main_thread, pthread_self())) { + FatalError("SIGTRAP on background thread"); + } + + unw_context_t ctx; + int ret = unw_getcontext(&ctx); + if (ret < 0) { + FatalError("Error getting unwind context: ", unw_strerror(ret)); + } + + UnwindCursor cursor(&ctx); + CheckUnwind(&cursor); +} + +static void EnableUnwindTestsImpl() { + if (IsBeingDebugged()) { + // Unwind tests drive logic via |SIGTRAP|, which conflicts with debuggers. + fprintf(stderr, "Debugger detected. Disabling unwind tests.\n"); + return; + } + + g_main_thread = pthread_self(); + + struct sigaction trap_action; + OPENSSL_memset(&trap_action, 0, sizeof(trap_action)); + sigemptyset(&trap_action.sa_mask); + trap_action.sa_handler = TrapHandler; + if (sigaction(SIGTRAP, &trap_action, NULL) != 0) { + perror("sigaction"); + abort(); + } + + g_unwind_tests_enabled = true; +} +#endif // OPENSSL_WINDOWS + +#else // !SUPPORTS_UNWIND_TEST + +#if defined(SUPPORTS_ABI_TEST) +static void ReadUnwindResult(Result *) {} +#endif +static void EnableUnwindTestsImpl() {} + +#endif // SUPPORTS_UNWIND_TEST + +} // namespace internal + +void EnableUnwindTests() { internal::EnableUnwindTestsImpl(); } + +bool UnwindTestsEnabled() { return internal::g_unwind_tests_enabled; } + +} // namespace abi_test diff --git a/src/crypto/test/abi_test.h b/src/crypto/test/abi_test.h new file mode 100644 index 0000000..44547f8 --- /dev/null +++ b/src/crypto/test/abi_test.h @@ -0,0 +1,475 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_ABI_TEST_H +#define OPENSSL_HEADER_ABI_TEST_H + +#include + +#include +#include +#include + +#include + +#include "../internal.h" + + +// abi_test provides routines for verifying that functions satisfy platform ABI +// requirements. +namespace abi_test { + +// Result stores the result of an ABI test. +struct Result { + bool ok() const { return errors.empty(); } + + std::vector errors; +}; + +namespace internal { + +// DeductionGuard wraps |T| in a template, so that template argument deduction +// does not apply to it. This may be used to force C++ to deduce template +// arguments from another parameter. +template +struct DeductionGuard { + using Type = T; +}; + +// Reg128 contains storage space for a 128-bit register. +struct alignas(16) Reg128 { + bool operator==(const Reg128 &x) const { return x.lo == lo && x.hi == hi; } + bool operator!=(const Reg128 &x) const { return !((*this) == x); } + uint64_t lo, hi; +}; + +// LOOP_CALLER_STATE_REGISTERS is a macro that iterates over all registers the +// callee is expected to save for the caller, with the exception of the stack +// pointer. The stack pointer is tested implicitly by the function successfully +// returning at all. +#if defined(OPENSSL_X86_64) + +// References: +// SysV64: https://github.com/hjl-tools/x86-psABI/wiki/x86-64-psABI-1.0.pdf +// Win64: https://docs.microsoft.com/en-us/cpp/build/x64-software-conventions?view=vs-2017#register-usage +#if defined(OPENSSL_WINDOWS) +#define LOOP_CALLER_STATE_REGISTERS() \ + CALLER_STATE_REGISTER(uint64_t, rbx) \ + CALLER_STATE_REGISTER(uint64_t, rbp) \ + CALLER_STATE_REGISTER(uint64_t, rdi) \ + CALLER_STATE_REGISTER(uint64_t, rsi) \ + CALLER_STATE_REGISTER(uint64_t, r12) \ + CALLER_STATE_REGISTER(uint64_t, r13) \ + CALLER_STATE_REGISTER(uint64_t, r14) \ + CALLER_STATE_REGISTER(uint64_t, r15) \ + CALLER_STATE_REGISTER(Reg128, xmm6) \ + CALLER_STATE_REGISTER(Reg128, xmm7) \ + CALLER_STATE_REGISTER(Reg128, xmm8) \ + CALLER_STATE_REGISTER(Reg128, xmm9) \ + CALLER_STATE_REGISTER(Reg128, xmm10) \ + CALLER_STATE_REGISTER(Reg128, xmm11) \ + CALLER_STATE_REGISTER(Reg128, xmm12) \ + CALLER_STATE_REGISTER(Reg128, xmm13) \ + CALLER_STATE_REGISTER(Reg128, xmm14) \ + CALLER_STATE_REGISTER(Reg128, xmm15) +#else +#define LOOP_CALLER_STATE_REGISTERS() \ + CALLER_STATE_REGISTER(uint64_t, rbx) \ + CALLER_STATE_REGISTER(uint64_t, rbp) \ + CALLER_STATE_REGISTER(uint64_t, r12) \ + CALLER_STATE_REGISTER(uint64_t, r13) \ + CALLER_STATE_REGISTER(uint64_t, r14) \ + CALLER_STATE_REGISTER(uint64_t, r15) +#endif // OPENSSL_WINDOWS + +#elif defined(OPENSSL_X86) + +// References: +// SysV32: https://uclibc.org/docs/psABI-i386.pdf and +// Win32: https://docs.microsoft.com/en-us/cpp/cpp/argument-passing-and-naming-conventions?view=vs-2017 +#define LOOP_CALLER_STATE_REGISTERS() \ + CALLER_STATE_REGISTER(uint32_t, esi) \ + CALLER_STATE_REGISTER(uint32_t, edi) \ + CALLER_STATE_REGISTER(uint32_t, ebx) \ + CALLER_STATE_REGISTER(uint32_t, ebp) + +#elif defined(OPENSSL_ARM) + +// References: +// AAPCS: http://infocenter.arm.com/help/topic/com.arm.doc.ihi0042f/IHI0042F_aapcs.pdf +// iOS32: https://developer.apple.com/library/archive/documentation/Xcode/Conceptual/iPhoneOSABIReference/Articles/ARMv6FunctionCallingConventions.html +// Linux: http://sourcery.mentor.com/sgpp/lite/arm/portal/kbattach142/arm_gnu_linux_%20abi.pdf +// +// ARM specifies a common calling convention, except r9 is left to the platform. +// Linux treats r9 as callee-saved, while iOS 3+ treats it as caller-saved. Most +// of our assembly treats it as callee-saved to be uniform, but we match the +// platform to avoid false positives when testing compiler-generated output. +#define LOOP_CALLER_STATE_REGISTERS_PRE_R9() \ + CALLER_STATE_REGISTER(uint64_t, d8) \ + CALLER_STATE_REGISTER(uint64_t, d9) \ + CALLER_STATE_REGISTER(uint64_t, d10) \ + CALLER_STATE_REGISTER(uint64_t, d11) \ + CALLER_STATE_REGISTER(uint64_t, d12) \ + CALLER_STATE_REGISTER(uint64_t, d13) \ + CALLER_STATE_REGISTER(uint64_t, d14) \ + CALLER_STATE_REGISTER(uint64_t, d15) \ + CALLER_STATE_REGISTER(uint32_t, r4) \ + CALLER_STATE_REGISTER(uint32_t, r5) \ + CALLER_STATE_REGISTER(uint32_t, r6) \ + CALLER_STATE_REGISTER(uint32_t, r7) \ + CALLER_STATE_REGISTER(uint32_t, r8) +#define LOOP_CALLER_STATE_REGISTERS_POST_R9() \ + CALLER_STATE_REGISTER(uint32_t, r10) \ + CALLER_STATE_REGISTER(uint32_t, r11) +#if defined(OPENSSL_APPLE) +#define LOOP_CALLER_STATE_REGISTERS() \ + LOOP_CALLER_STATE_REGISTERS_PRE_R9() \ + LOOP_CALLER_STATE_REGISTERS_POST_R9() +#else // !OPENSSL_APPLE +#define LOOP_CALLER_STATE_REGISTERS() \ + LOOP_CALLER_STATE_REGISTERS_PRE_R9() \ + CALLER_STATE_REGISTER(uint32_t, r9) \ + LOOP_CALLER_STATE_REGISTERS_POST_R9() +#endif // OPENSSL_APPLE + +#elif defined(OPENSSL_AARCH64) + +// References: +// AAPCS64: http://infocenter.arm.com/help/topic/com.arm.doc.ihi0055b/IHI0055B_aapcs64.pdf +// iOS64: https://developer.apple.com/library/archive/documentation/Xcode/Conceptual/iPhoneOSABIReference/Articles/ARM64FunctionCallingConventions.html +// +// In aarch64, r19 (x19 in a 64-bit context) is the platform register. iOS says +// user code may not touch it. We found no clear reference for Linux. The iOS +// behavior implies portable assembly cannot use it, and aarch64 has many +// registers. Thus this framework ignores register's existence. We can test r19 +// violations with grep. +#define LOOP_CALLER_STATE_REGISTERS() \ + /* Per AAPCS64, section 5.1.2, only the bottom 64 bits of v8-v15 */ \ + /* are preserved. These are accessed as dN. */ \ + CALLER_STATE_REGISTER(uint64_t, d8) \ + CALLER_STATE_REGISTER(uint64_t, d9) \ + CALLER_STATE_REGISTER(uint64_t, d10) \ + CALLER_STATE_REGISTER(uint64_t, d11) \ + CALLER_STATE_REGISTER(uint64_t, d12) \ + CALLER_STATE_REGISTER(uint64_t, d13) \ + CALLER_STATE_REGISTER(uint64_t, d14) \ + CALLER_STATE_REGISTER(uint64_t, d15) \ + /* For consistency with dN, use the 64-bit name xN, rather than */ \ + /* the generic rN. */ \ + CALLER_STATE_REGISTER(uint64_t, x19) \ + CALLER_STATE_REGISTER(uint64_t, x20) \ + CALLER_STATE_REGISTER(uint64_t, x21) \ + CALLER_STATE_REGISTER(uint64_t, x22) \ + CALLER_STATE_REGISTER(uint64_t, x23) \ + CALLER_STATE_REGISTER(uint64_t, x24) \ + CALLER_STATE_REGISTER(uint64_t, x25) \ + CALLER_STATE_REGISTER(uint64_t, x26) \ + CALLER_STATE_REGISTER(uint64_t, x27) \ + CALLER_STATE_REGISTER(uint64_t, x28) \ + CALLER_STATE_REGISTER(uint64_t, x29) + +#endif // X86_64 || X86 || ARM || AARCH64 + +// Enable ABI testing if all of the following are true. +// +// - We have CallerState and trampoline support for the architecture. +// +// - Assembly is enabled. +// +// - This is not a shared library build. Assembly functions are not reachable +// from tests in shared library builds. +#if defined(LOOP_CALLER_STATE_REGISTERS) && !defined(OPENSSL_NO_ASM) && \ + !defined(BORINGSSL_SHARED_LIBRARY) +#define SUPPORTS_ABI_TEST + +// CallerState contains all caller state that the callee is expected to +// preserve. +struct CallerState { +#define CALLER_STATE_REGISTER(type, name) type name; + LOOP_CALLER_STATE_REGISTERS() +#undef CALLER_STATE_REGISTER +}; + +// RunTrampoline runs |func| on |argv|, recording ABI errors in |out|. It does +// not perform any type-checking. If |unwind| is true and unwind tests have been +// enabled, |func| is single-stepped under an unwind test. +crypto_word_t RunTrampoline(Result *out, crypto_word_t func, + const crypto_word_t *argv, size_t argc, + bool unwind); + +template +inline crypto_word_t ToWord(T t) { +#if !defined(OPENSSL_X86) && !defined(OPENSSL_X86_64) && \ + !defined(OPENSSL_ARM) && !defined(OPENSSL_AARCH64) +#error "Unknown architecture" +#endif + static_assert(sizeof(T) <= sizeof(crypto_word_t), + "T is larger than crypto_word_t"); + static_assert(sizeof(T) >= 4, "types under four bytes are complicated"); + + // ABIs are complex around arguments that are smaller than native words. For + // 32-bit architectures, the rules above imply we only have word-sized + // arguments. For 64-bit architectures, we still have assembly functions which + // take |int|. + // + // For aarch64, AAPCS64, section 5.4.2, clauses C.7 and C.14 says any + // remaining bits are unspecified. iOS64 contradicts this and says the callee + // extends arguments up to 32 bits, and only the upper 32 bits are + // unspecified. Rejecting parameters smaller than 32 bits avoids the + // divergence. + // + // TODO(davidben): Find authoritative citations for x86_64. For x86_64, I + // observed the behavior of Clang, GCC, and MSVC. ABI rules here may be + // inferred from two kinds of experiments: + // + // 1. When passing a value to a small-argument-taking function, does the + // compiler ensure unused bits are cleared, sign-extended, etc.? Tests for + // register parameters are confounded by x86_64's implicit clearing of + // registers' upper halves, but passing some_u64 >> 1 usually clears this. + // + // 2. When compiling a small-argument-taking function, does the compiler make + // assumptions about unused bits of arguments? + // + // MSVC for x86_64 is straightforward. It appears to tolerate and produce + // arbitrary values for unused bits, like AAPCS64. + // + // GCC and Clang for x86_64 are more complex. They match MSVC for stack + // parameters. However, for register parameters, they behave like iOS64 and, + // as callers, extend up to 32 bits, leaving the remainder arbitrary. When + // compiling a callee, Clang takes advantage of this conversion, but I was + // unable to make GCC do so. + // + // Note that, although the Win64 rules are sufficient to require our assembly + // be conservative, we wish for |CHECK_ABI| to support C-compiled functions, + // so it must enforce the correct rules for each platform. + // + // Fortunately, the |static_assert|s above cause all supported architectures + // to behave the same. + crypto_word_t ret; + // Filling extra bits with 0xaa will be vastly out of bounds for code + // expecting either sign- or zero-extension. (0xaa is 0b10101010.) + OPENSSL_memset(&ret, 0xaa, sizeof(ret)); + OPENSSL_memcpy(&ret, &t, sizeof(t)); + return ret; +} + +// CheckImpl runs |func| on |args|, recording ABI errors in |out|. If |unwind| +// is true and unwind tests have been enabled, |func| is single-stepped under an +// unwind test. +// +// It returns the value as a |crypto_word_t| to work around problems when |R| is +// void. |args| is wrapped in a |DeductionGuard| so |func| determines the +// template arguments. Otherwise, |args| may deduce |Args| incorrectly. For +// instance, if |func| takes const int *, and the caller passes an int *, the +// compiler will complain the deduced types do not match. +template +inline crypto_word_t CheckImpl(Result *out, bool unwind, R (*func)(Args...), + typename DeductionGuard::Type... args) { + // We only support up to 8 arguments. This ensures all arguments on aarch64 + // are passed in registers and avoids the iOS descrepancy around packing small + // arguments on the stack. + // + // https://developer.apple.com/library/archive/documentation/Xcode/Conceptual/iPhoneOSABIReference/Articles/ARM64FunctionCallingConventions.html + static_assert(sizeof...(args) <= 8, + "too many arguments for abi_test_trampoline"); + + // Allocate one extra entry so MSVC does not complain about zero-size arrays. + crypto_word_t argv[sizeof...(args) + 1] = { + ToWord(args)..., + }; + return RunTrampoline(out, reinterpret_cast(func), argv, + sizeof...(args), unwind); +} +#else +// To simplify callers when ABI testing support is unavoidable, provide a backup +// CheckImpl implementation. It must be specialized for void returns because we +// call |func| directly. +template +inline typename std::enable_if::value, crypto_word_t>::type +CheckImpl(Result *out, bool /* unwind */, R (*func)(Args...), + typename DeductionGuard::Type... args) { + *out = Result(); + return func(args...); +} + +template +inline crypto_word_t CheckImpl(Result *out, bool /* unwind */, + void (*func)(Args...), + typename DeductionGuard::Type... args) { + *out = Result(); + func(args...); + return 0; +} +#endif // SUPPORTS_ABI_TEST + +// FixVAArgsString takes a string like "f, 1, 2" and returns a string like +// "f(1, 2)". +// +// This is needed because the |CHECK_ABI| macro below cannot be defined as +// CHECK_ABI(func, ...). The C specification requires that variadic macros bind +// at least one variadic argument. Clang, GCC, and MSVC all ignore this, but +// there are issues with trailing commas and different behaviors across +// compilers. +std::string FixVAArgsString(const char *str); + +// CheckGTest behaves like |CheckImpl|, but it returns the correct type and +// raises GTest assertions on failure. If |unwind| is true and unwind tests are +// enabled, |func| is single-stepped under an unwind test. +template +inline R CheckGTest(const char *va_args_str, const char *file, int line, + bool unwind, R (*func)(Args...), + typename DeductionGuard::Type... args) { + Result result; + crypto_word_t ret = CheckImpl(&result, unwind, func, args...); + if (!result.ok()) { + testing::Message msg; + msg << "ABI failures in " << FixVAArgsString(va_args_str) << ":\n"; + for (const auto &error : result.errors) { + msg << " " << error << "\n"; + } + ADD_FAILURE_AT(file, line) << msg; + } + return (R)ret; +} + +} // namespace internal + +// Check runs |func| on |args| and returns the result. If ABI-testing is +// supported in this build configuration, it writes any ABI failures to |out|. +// Otherwise, it runs the function transparently. +template +inline R Check(Result *out, R (*func)(Args...), + typename internal::DeductionGuard::Type... args) { + return (R)internal::CheckImpl(out, false, func, args...); +} + +// EnableUnwindTests enables unwind tests, if supported. If not supported, it +// does nothing. +void EnableUnwindTests(); + +// UnwindTestsEnabled returns true if unwind tests are enabled and false +// otherwise. +bool UnwindTestsEnabled(); + +} // namespace abi_test + +// CHECK_ABI calls the first argument on the remaining arguments and returns the +// result. If ABI-testing is supported in this build configuration, it adds a +// non-fatal GTest failure if the call did not satisfy ABI requirements. +// +// |CHECK_ABI| does return the value and thus may replace any function call, +// provided it takes only simple parameters. However, it is recommended to test +// ABI separately from functional tests of assembly. Fully instrumenting a +// function for ABI checking requires single-stepping the function, which is +// inefficient. +// +// Functional testing requires coverage of input values, while ABI testing only +// requires branch coverage. Most of our assembly is constant-time, so usually +// only a few instrumented calls are necessary. +// +// TODO(https://crbug.com/boringssl/259): Most of Windows assembly currently +// fails SEH testing. For now, |CHECK_ABI| behaves like |CHECK_ABI_NO_UNWIND| +// on Windows. Functions which work with unwind testing on Windows should use +// |CHECK_ABI_SEH|. +#if defined(OPENSSL_WINDOWS) +#define CHECK_ABI(...) CHECK_ABI_NO_UNWIND(__VA_ARGS__) +#else +#define CHECK_ABI(...) CHECK_ABI_SEH(__VA_ARGS__) +#endif + +// CHECK_ABI_SEH behaves like |CHECK_ABI| but enables unwind testing on Windows. +#define CHECK_ABI_SEH(...) \ + abi_test::internal::CheckGTest(#__VA_ARGS__, __FILE__, __LINE__, true, \ + __VA_ARGS__) + +// CHECK_ABI_NO_UNWIND behaves like |CHECK_ABI| but disables unwind testing. +#define CHECK_ABI_NO_UNWIND(...) \ + abi_test::internal::CheckGTest(#__VA_ARGS__, __FILE__, __LINE__, false, \ + __VA_ARGS__) + + +// Internal functions. + +#if defined(SUPPORTS_ABI_TEST) +struct Uncallable { + Uncallable() = delete; +}; + +extern "C" { + +// abi_test_trampoline loads callee-saved registers from |state|, calls |func| +// with |argv|, then saves the callee-saved registers into |state|. It returns +// the result of |func|. If |unwind| is non-zero, this function triggers unwind +// instrumentation. +// +// We give |func| type |crypto_word_t| to avoid tripping MSVC's warning 4191. +crypto_word_t abi_test_trampoline(crypto_word_t func, + abi_test::internal::CallerState *state, + const crypto_word_t *argv, size_t argc, + crypto_word_t unwind); + +#if defined(OPENSSL_X86_64) +// abi_test_unwind_start points at the instruction that starts unwind testing in +// |abi_test_trampoline|. This is the value of the instruction pointer at the +// first |SIGTRAP| during unwind testing. +// +// This symbol is not a function and should not be called. +void abi_test_unwind_start(Uncallable); + +// abi_test_unwind_return points at the instruction immediately after the call in +// |abi_test_trampoline|. When unwinding the function under test, this is the +// expected address in the |abi_test_trampoline| frame. After this address, the +// unwind tester should ignore |SIGTRAP| until |abi_test_unwind_stop|. +// +// This symbol is not a function and should not be called. +void abi_test_unwind_return(Uncallable); + +// abi_test_unwind_stop is the value of the instruction pointer at the final +// |SIGTRAP| during unwind testing. +// +// This symbol is not a function and should not be called. +void abi_test_unwind_stop(Uncallable); + +// abi_test_bad_unwind_wrong_register preserves the ABI, but annotates the wrong +// register in unwind metadata. +void abi_test_bad_unwind_wrong_register(void); + +// abi_test_bad_unwind_temporary preserves the ABI, but temporarily corrupts the +// storage space for a saved register, breaking unwind. +void abi_test_bad_unwind_temporary(void); + +#if defined(OPENSSL_WINDOWS) +// abi_test_bad_unwind_epilog preserves the ABI, and correctly annotates the +// prolog, but the epilog does not match Win64's rules, breaking unwind during +// the epilog. +void abi_test_bad_unwind_epilog(void); +#endif +#endif // OPENSSL_X86_64 + +#if defined(OPENSSL_X86_64) || defined(OPENSSL_X86) +// abi_test_get_and_clear_direction_flag clears the direction flag. If the flag +// was previously set, it returns one. Otherwise, it returns zero. +int abi_test_get_and_clear_direction_flag(void); + +// abi_test_set_direction_flag sets the direction flag. This does not conform to +// ABI requirements and must only be called within a |CHECK_ABI| guard to avoid +// errors later in the program. +int abi_test_set_direction_flag(void); +#endif // OPENSSL_X86_64 || OPENSSL_X86 + +} // extern "C" +#endif // SUPPORTS_ABI_TEST + + +#endif // OPENSSL_HEADER_ABI_TEST_H diff --git a/src/crypto/test/asm/trampoline-armv4.pl b/src/crypto/test/asm/trampoline-armv4.pl new file mode 100755 index 0000000..30f510e --- /dev/null +++ b/src/crypto/test/asm/trampoline-armv4.pl @@ -0,0 +1,182 @@ +#!/usr/bin/env perl +# Copyright (c) 2019, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +# This file defines helper functions for crypto/test/abi_test.h on 32-bit +# ARM. See that header for details on how to use this. +# +# For convenience, this file is linked into libcrypto, where consuming builds +# already support architecture-specific sources. The static linker should drop +# this code in non-test binaries. This includes a shared library build of +# libcrypto, provided --gc-sections (ELF), -dead_strip (iOS), or equivalent is +# used. +# +# References: +# +# AAPCS: http://infocenter.arm.com/help/topic/com.arm.doc.ihi0042f/IHI0042F_aapcs.pdf +# iOS ARMv6: https://developer.apple.com/library/archive/documentation/Xcode/Conceptual/iPhoneOSABIReference/Articles/ARMv6FunctionCallingConventions.html +# iOS ARMv7: https://developer.apple.com/library/archive/documentation/Xcode/Conceptual/iPhoneOSABIReference/Articles/ARMv7FunctionCallingConventions.html +# Linux: http://sourcery.mentor.com/sgpp/lite/arm/portal/kbattach142/arm_gnu_linux_%20abi.pdf + +use strict; + +my $flavour = shift; +my $output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; +my $dir = $1; +my $xlate; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT, "| \"$^X\" \"$xlate\" $flavour \"$output\""; +*STDOUT = *OUT; + +my ($func, $state, $argv, $argc) = ("r0", "r1", "r2", "r3"); +my $code = <<____; +.syntax unified + +.arch armv7-a +.fpu vfp + +.text + +@ abi_test_trampoline loads callee-saved registers from |state|, calls |func| +@ with |argv|, then saves the callee-saved registers into |state|. It returns +@ the result of |func|. The |unwind| argument is unused. +@ uint32_t abi_test_trampoline(void (*func)(...), CallerState *state, +@ const uint32_t *argv, size_t argc, +@ int unwind); +.type abi_test_trampoline, %function +.globl abi_test_trampoline +.align 4 +abi_test_trampoline: +.Labi_test_trampoline_begin: + @ Save parameters and all callee-saved registers. For convenience, we + @ save r9 on iOS even though it's volatile. + vstmdb sp!, {d8-d15} + stmdb sp!, {r0-r11,lr} + + @ Reserve stack space for six (10-4) stack parameters, plus an extra 4 + @ bytes to keep it 8-byte-aligned (see AAPCS, section 5.3). + sub sp, sp, #28 + + @ Every register in AAPCS is either non-volatile or a parameter (except + @ r9 on iOS), so this code, by the actual call, loses all its scratch + @ registers. First fill in stack parameters while there are registers + @ to spare. + cmp $argc, #4 + bls .Lstack_args_done + mov r4, sp @ r4 is the output pointer. + add r5, $argv, $argc, lsl #2 @ Set r5 to the end of argv. + add $argv, $argv, #16 @ Skip four arguments. +.Lstack_args_loop: + ldr r6, [$argv], #4 + cmp $argv, r5 + str r6, [r4], #4 + bne .Lstack_args_loop + +.Lstack_args_done: + @ Load registers from |$state|. + vldmia $state!, {d8-d15} +#if defined(__APPLE__) + @ r9 is not volatile on iOS. + ldmia $state!, {r4-r8,r10-r11} +#else + ldmia $state!, {r4-r11} +#endif + + @ Load register parameters. This uses up our remaining registers, so we + @ repurpose lr as scratch space. + ldr $argc, [sp, #40] @ Reload argc. + ldr lr, [sp, #36] @ Load argv into lr. + cmp $argc, #3 + bhi .Larg_r3 + beq .Larg_r2 + cmp $argc, #1 + bhi .Larg_r1 + beq .Larg_r0 + b .Largs_done + +.Larg_r3: + ldr r3, [lr, #12] @ argv[3] +.Larg_r2: + ldr r2, [lr, #8] @ argv[2] +.Larg_r1: + ldr r1, [lr, #4] @ argv[1] +.Larg_r0: + ldr r0, [lr] @ argv[0] +.Largs_done: + + @ With every other register in use, load the function pointer into lr + @ and call the function. + ldr lr, [sp, #28] + blx lr + + @ r1-r3 are free for use again. The trampoline only supports + @ single-return functions. Pass r4-r11 to the caller. + ldr $state, [sp, #32] + vstmia $state!, {d8-d15} +#if defined(__APPLE__) + @ r9 is not volatile on iOS. + stmia $state!, {r4-r8,r10-r11} +#else + stmia $state!, {r4-r11} +#endif + + @ Unwind the stack and restore registers. + add sp, sp, #44 @ 44 = 28+16 + ldmia sp!, {r4-r11,lr} @ Skip r0-r3 (see +16 above). + vldmia sp!, {d8-d15} + + bx lr +.size abi_test_trampoline,.-abi_test_trampoline +____ + +# abi_test_clobber_* zeros the corresponding register. These are used to test +# the ABI-testing framework. +foreach (0..12) { + # This loop skips r13 (sp), r14 (lr, implicitly clobbered by every call), and + # r15 (pc). + $code .= <<____; +.type abi_test_clobber_r$_, %function +.globl abi_test_clobber_r$_ +.align 4 +abi_test_clobber_r$_: + mov r$_, #0 + bx lr +.size abi_test_clobber_r$_,.-abi_test_clobber_r$_ +____ +} + +foreach (0..15) { + my $lo = "s".(2*$_); + my $hi = "s".(2*$_+1); + $code .= <<____; +.type abi_test_clobber_d$_, %function +.globl abi_test_clobber_d$_ +.align 4 +abi_test_clobber_d$_: + mov r0, #0 + vmov $lo, r0 + vmov $hi, r0 + bx lr +.size abi_test_clobber_d$_,.-abi_test_clobber_d$_ +____ +} + +print $code; +close STDOUT; diff --git a/src/crypto/test/asm/trampoline-armv8.pl b/src/crypto/test/asm/trampoline-armv8.pl new file mode 100755 index 0000000..aab5250 --- /dev/null +++ b/src/crypto/test/asm/trampoline-armv8.pl @@ -0,0 +1,209 @@ +#!/usr/bin/env perl +# Copyright (c) 2019, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +# This file defines helper functions for crypto/test/abi_test.h on aarch64. See +# that header for details on how to use this. +# +# For convenience, this file is linked into libcrypto, where consuming builds +# already support architecture-specific sources. The static linker should drop +# this code in non-test binaries. This includes a shared library build of +# libcrypto, provided --gc-sections (ELF), -dead_strip (iOS), or equivalent is +# used. +# +# References: +# +# AAPCS64: http://infocenter.arm.com/help/topic/com.arm.doc.ihi0055b/IHI0055B_aapcs64.pdf +# iOS ARM64: https://developer.apple.com/library/archive/documentation/Xcode/Conceptual/iPhoneOSABIReference/Articles/ARM64FunctionCallingConventions.html + +use strict; + +my $flavour = shift; +my $output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; +my $dir = $1; +my $xlate; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT, "| \"$^X\" \"$xlate\" $flavour \"$output\""; +*STDOUT = *OUT; + +my ($func, $state, $argv, $argc) = ("x0", "x1", "x2", "x3"); +my $code = <<____; +.text + +// abi_test_trampoline loads callee-saved registers from |state|, calls |func| +// with |argv|, then saves the callee-saved registers into |state|. It returns +// the result of |func|. The |unwind| argument is unused. +// uint64_t abi_test_trampoline(void (*func)(...), CallerState *state, +// const uint64_t *argv, size_t argc, +// uint64_t unwind); +.type abi_test_trampoline, %function +.globl abi_test_trampoline +.align 4 +abi_test_trampoline: +.Labi_test_trampoline_begin: + // Stack layout (low to high addresses) + // x29,x30 (16 bytes) + // d8-d15 (64 bytes) + // x19-x28 (80 bytes) + // $state (8 bytes) + // padding (8 bytes) + stp x29, x30, [sp, #-176]! + mov x29, sp + + // Saved callee-saved registers and |state|. + stp d8, d9, [sp, #16] + stp d10, d11, [sp, #32] + stp d12, d13, [sp, #48] + stp d14, d15, [sp, #64] + stp x19, x20, [sp, #80] + stp x21, x22, [sp, #96] + stp x23, x24, [sp, #112] + stp x25, x26, [sp, #128] + stp x27, x28, [sp, #144] + str $state, [sp, #160] + + // Load registers from |state|, with the exception of x29. x29 is the + // frame pointer and also callee-saved, but AAPCS64 allows platforms to + // mandate that x29 always point to a frame. iOS64 does so, which means + // we cannot fill x29 with entropy without violating ABI rules + // ourselves. x29 is tested separately below. + ldp d8, d9, [$state], #16 + ldp d10, d11, [$state], #16 + ldp d12, d13, [$state], #16 + ldp d14, d15, [$state], #16 + ldp x19, x20, [$state], #16 + ldp x21, x22, [$state], #16 + ldp x23, x24, [$state], #16 + ldp x25, x26, [$state], #16 + ldp x27, x28, [$state], #16 + + // Move parameters into temporary registers. + mov x9, $func + mov x10, $argv + mov x11, $argc + + // Load parameters into registers. + cbz x11, .Largs_done + ldr x0, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x1, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x2, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x3, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x4, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x5, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x6, [x10], #8 + subs x11, x11, #1 + b.eq .Largs_done + ldr x7, [x10], #8 + +.Largs_done: + blr x9 + + // Reload |state| and store registers. + ldr $state, [sp, #160] + stp d8, d9, [$state], #16 + stp d10, d11, [$state], #16 + stp d12, d13, [$state], #16 + stp d14, d15, [$state], #16 + stp x19, x20, [$state], #16 + stp x21, x22, [$state], #16 + stp x23, x24, [$state], #16 + stp x25, x26, [$state], #16 + stp x27, x28, [$state], #16 + + // |func| is required to preserve x29, the frame pointer. We cannot load + // random values into x29 (see comment above), so compare it against the + // expected value and zero the field of |state| if corrupted. + mov x9, sp + cmp x29, x9 + b.eq .Lx29_ok + str xzr, [$state] + +.Lx29_ok: + // Restore callee-saved registers. + ldp d8, d9, [sp, #16] + ldp d10, d11, [sp, #32] + ldp d12, d13, [sp, #48] + ldp d14, d15, [sp, #64] + ldp x19, x20, [sp, #80] + ldp x21, x22, [sp, #96] + ldp x23, x24, [sp, #112] + ldp x25, x26, [sp, #128] + ldp x27, x28, [sp, #144] + + ldp x29, x30, [sp], #176 + ret +.size abi_test_trampoline,.-abi_test_trampoline +____ + +# abi_test_clobber_* zeros the corresponding register. These are used to test +# the ABI-testing framework. +foreach (0..29) { + # x18 is the platform register and off limits. + next if ($_ == 18); + $code .= <<____; +.type abi_test_clobber_x$_, %function +.globl abi_test_clobber_x$_ +.align 4 +abi_test_clobber_x$_: + mov x$_, xzr + ret +.size abi_test_clobber_x$_,.-abi_test_clobber_x$_ +____ +} +foreach (0..31) { + $code .= <<____; +.type abi_test_clobber_d$_, %function +.globl abi_test_clobber_d$_ +.align 4 +abi_test_clobber_d$_: + fmov d$_, xzr + ret +.size abi_test_clobber_d$_,.-abi_test_clobber_d$_ +____ +} + +# abi_test_clobber_v*_upper clobbers only the upper half of v*. AAPCS64 only +# requires the lower half (d*) be preserved. +foreach (8..15) { + $code .= <<____; +.type abi_test_clobber_v${_}_upper, %function +.globl abi_test_clobber_v${_}_upper +.align 4 +abi_test_clobber_v${_}_upper: + fmov v${_}.d[1], xzr + ret +.size abi_test_clobber_v${_}_upper,.-abi_test_clobber_v${_}_upper +____ +} + +print $code; +close STDOUT; diff --git a/src/crypto/test/asm/trampoline-x86.pl b/src/crypto/test/asm/trampoline-x86.pl new file mode 100755 index 0000000..569a3dd --- /dev/null +++ b/src/crypto/test/asm/trampoline-x86.pl @@ -0,0 +1,123 @@ +#!/usr/bin/env perl +# Copyright (c) 2018, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +# This file defines helper functions for crypto/test/abi_test.h on x86. See +# that header for details on how to use this. +# +# For convenience, this file is linked into libcrypto, where consuming builds +# already support architecture-specific sources. The static linker should drop +# this code in non-test binaries. This includes a shared library build of +# libcrypto, provided --gc-sections (ELF), -dead_strip (Mac), or equivalent is +# used. +# +# References: +# +# SysV ABI: https://uclibc.org/docs/psABI-i386.pdf +# Win32 ABI: https://docs.microsoft.com/en-us/cpp/cpp/argument-passing-and-naming-conventions?view=vs-2017 + +use strict; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; +my $dir = $1; +push(@INC, "${dir}", "${dir}../../perlasm"); +require "x86asm.pl"; + +my $output = pop; +open STDOUT, ">$output"; + +&asm_init($ARGV[0]); + +# abi_test_trampoline loads callee-saved registers from |state|, calls |func| +# with |argv|, then saves the callee-saved registers into |state|. It returns +# the result of |func|. |unwind| is ignored. +# uint32_t abi_test_trampoline(void (*func)(...), CallerState *state, +# const uint32_t *argv, size_t argc, +# int unwind); +&function_begin("abi_test_trampoline") + # Load registers from |state|. Note |function_begin| (as opposed to + # |function_begin_B|) automatically saves all callee-saved registers, so we + # may freely clobber them. + &mov("ecx", &wparam(1)); + &mov("esi", &DWP(4*0, "ecx")); + &mov("edi", &DWP(4*1, "ecx")); + &mov("ebx", &DWP(4*2, "ecx")); + &mov("ebp", &DWP(4*3, "ecx")); + + # Use a fixed stack allocation so |wparam| continues to work. abi_test.h + # supports at most 10 arguments. The SysV ABI requires a 16-byte-aligned + # stack on process entry, so round up to 3 (mod 4). + &stack_push(11); + + # Copy parameters to stack. + &mov("eax", &wparam(2)); + &xor("ecx", "ecx"); +&set_label("loop"); + &cmp("ecx", &wparam(3)); + &jae(&label("loop_done")); + &mov("edx", &DWP(0, "eax", "ecx", 4)); + &mov(&DWP(0, "esp", "ecx", 4), "edx"); + &add("ecx", 1); + &jmp(&label("loop")); + +&set_label("loop_done"); + &call_ptr(&wparam(0)); + + &stack_pop(11); + + # Save registers back into |state|. + &mov("ecx", &wparam(1)); + &mov(&DWP(4*0, "ecx"), "esi"); + &mov(&DWP(4*1, "ecx"), "edi"); + &mov(&DWP(4*2, "ecx"), "ebx"); + &mov(&DWP(4*3, "ecx"), "ebp"); +&function_end("abi_test_trampoline") + +# abi_test_get_and_clear_direction_flag clears the direction flag. If the flag +# was previously set, it returns one. Otherwise, it returns zero. +# int abi_test_get_and_clear_direction_flag(void); +&function_begin_B("abi_test_get_and_clear_direction_flag"); + &pushf(); + &pop("eax"); + &and("eax", 0x400); + &shr("eax", 10); + &cld(); + &ret(); +&function_end_B("abi_test_get_and_clear_direction_flag"); + +# abi_test_set_direction_flag sets the direction flag. +# void abi_test_set_direction_flag(void); +&function_begin_B("abi_test_set_direction_flag"); + &std(); + &ret(); +&function_end_B("abi_test_set_direction_flag"); + +# abi_test_clobber_* zeros the corresponding register. These are used to test +# the ABI-testing framework. +foreach ("eax", "ebx", "ecx", "edx", "edi", "esi", "ebp") { +&function_begin_B("abi_test_clobber_$_"); + &xor($_, $_); + &ret(); +&function_end_B("abi_test_clobber_$_"); +} +foreach (0..7) { +&function_begin_B("abi_test_clobber_xmm$_"); + &pxor("xmm$_", "xmm$_"); + &ret(); +&function_end_B("abi_test_clobber_xmm$_"); +} + +&asm_finish(); + +close STDOUT; diff --git a/src/crypto/test/asm/trampoline-x86_64.pl b/src/crypto/test/asm/trampoline-x86_64.pl new file mode 100755 index 0000000..8cb1410 --- /dev/null +++ b/src/crypto/test/asm/trampoline-x86_64.pl @@ -0,0 +1,559 @@ +#!/usr/bin/env perl +# Copyright (c) 2018, Google Inc. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +# This file defines helper functions for crypto/test/abi_test.h on x86_64. See +# that header for details on how to use this. +# +# For convenience, this file is linked into libcrypto, where consuming builds +# already support architecture-specific sources. The static linker should drop +# this code in non-test binaries. This includes a shared library build of +# libcrypto, provided --gc-sections (ELF), -dead_strip (Mac), or equivalent is +# used. +# +# References: +# +# SysV ABI: https://github.com/hjl-tools/x86-psABI/wiki/x86-64-psABI-1.0.pdf +# Win64 ABI: https://docs.microsoft.com/en-us/cpp/build/x64-software-conventions?view=vs-2017 + +use strict; + +my $flavour = shift; +my $output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +my $win64 = 0; +$win64 = 1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; +my $dir = $1; +my $xlate; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT, "| \"$^X\" \"$xlate\" $flavour \"$output\""; +*STDOUT = *OUT; + +# @inp is the registers used for function inputs, in order. +my @inp = $win64 ? ("%rcx", "%rdx", "%r8", "%r9") : + ("%rdi", "%rsi", "%rdx", "%rcx", "%r8", "%r9"); + +# @caller_state is the list of registers that the callee must preserve for the +# caller. This must match the definition of CallerState in abi_test.h. +my @caller_state = ("%rbx", "%rbp", "%r12", "%r13", "%r14", "%r15"); +if ($win64) { + @caller_state = ("%rbx", "%rbp", "%rdi", "%rsi", "%r12", "%r13", "%r14", + "%r15", "%xmm6", "%xmm7", "%xmm8", "%xmm9", "%xmm10", + "%xmm11", "%xmm12", "%xmm13", "%xmm14", "%xmm15"); +} + +# $caller_state_size is the size of CallerState, in bytes. +my $caller_state_size = 0; +foreach (@caller_state) { + if (/^%r/) { + $caller_state_size += 8; + } elsif (/^%xmm/) { + $caller_state_size += 16; + } else { + die "unknown register $_"; + } +} + +# load_caller_state returns code which loads a CallerState structure at +# $off($reg) into the respective registers. No other registers are touched, but +# $reg may not be a register in CallerState. $cb is an optional callback to +# add extra lines after each movq or movdqa. $cb is passed the offset, relative +# to $reg, and name of each register. +sub load_caller_state { + my ($off, $reg, $cb) = @_; + my $ret = ""; + foreach (@caller_state) { + my $old_off = $off; + if (/^%r/) { + $ret .= "\tmovq\t$off($reg), $_\n"; + $off += 8; + } elsif (/^%xmm/) { + $ret .= "\tmovdqa\t$off($reg), $_\n"; + $off += 16; + } else { + die "unknown register $_"; + } + $ret .= $cb->($old_off, $_) if (defined($cb)); + } + return $ret; +} + +# store_caller_state behaves like load_caller_state, except that it writes the +# current values of the registers into $off($reg). +sub store_caller_state { + my ($off, $reg, $cb) = @_; + my $ret = ""; + foreach (@caller_state) { + my $old_off = $off; + if (/^%r/) { + $ret .= "\tmovq\t$_, $off($reg)\n"; + $off += 8; + } elsif (/^%xmm/) { + $ret .= "\tmovdqa\t$_, $off($reg)\n"; + $off += 16; + } else { + die "unknown register $_"; + } + $ret .= $cb->($old_off, $_) if (defined($cb)); + } + return $ret; +} + +# $max_params is the maximum number of parameters abi_test_trampoline supports. +my $max_params = 10; + +# Windows reserves stack space for the register-based parameters, while SysV +# only reserves space for the overflow ones. +my $stack_params_skip = $win64 ? scalar(@inp) : 0; +my $num_stack_params = $win64 ? $max_params : $max_params - scalar(@inp); + +my ($func, $state, $argv, $argc, $unwind) = @inp; +my $code = <<____; +.text + +# abi_test_trampoline loads callee-saved registers from |state|, calls |func| +# with |argv|, then saves the callee-saved registers into |state|. It returns +# the result of |func|. If |unwind| is non-zero, this function triggers unwind +# instrumentation. +# uint64_t abi_test_trampoline(void (*func)(...), CallerState *state, +# const uint64_t *argv, size_t argc, +# int unwind); +.type abi_test_trampoline, \@abi-omnipotent +.globl abi_test_trampoline +.align 16 +abi_test_trampoline: +.Labi_test_trampoline_seh_begin: +.cfi_startproc + # Stack layout: + # 8 bytes - align + # $caller_state_size bytes - saved caller registers + # 8 bytes - scratch space + # 8 bytes - saved copy of \$unwind (SysV-only) + # 8 bytes - saved copy of \$state + # 8 bytes - saved copy of \$func + # 8 bytes - if needed for stack alignment + # 8*$num_stack_params bytes - parameters for \$func +____ +my $stack_alloc_size = 8 + $caller_state_size + 8*3 + 8*$num_stack_params; +if (!$win64) { + $stack_alloc_size += 8; +} +# SysV and Windows both require the stack to be 16-byte-aligned. The call +# instruction offsets it by 8, so stack allocations must be 8 mod 16. +if ($stack_alloc_size % 16 != 8) { + $num_stack_params++; + $stack_alloc_size += 8; +} +my $stack_params_offset = 8 * $stack_params_skip; +my $func_offset = 8 * $num_stack_params; +my $state_offset = $func_offset + 8; +# On Win64, unwind is already passed in memory. On SysV, it is passed in as +# register and we must reserve stack space for it. +my ($unwind_offset, $scratch_offset); +if ($win64) { + $unwind_offset = $stack_alloc_size + 5*8; + $scratch_offset = $state_offset + 8; +} else { + $unwind_offset = $state_offset + 8; + $scratch_offset = $unwind_offset + 8; +} +my $caller_state_offset = $scratch_offset + 8; +$code .= <<____; + subq \$$stack_alloc_size, %rsp +.cfi_adjust_cfa_offset $stack_alloc_size +.Labi_test_trampoline_seh_prolog_alloc: +____ +$code .= <<____ if (!$win64); + movq $unwind, $unwind_offset(%rsp) +____ +# Store our caller's state. This is needed because we modify it ourselves, and +# also to isolate the test infrastruction from the function under test failing +# to save some register. +my %reg_offsets; +$code .= store_caller_state($caller_state_offset, "%rsp", sub { + my ($off, $reg) = @_; + $reg = substr($reg, 1); + $reg_offsets{$reg} = $off; + $off -= $stack_alloc_size + 8; + return <<____; +.cfi_offset $reg, $off +.Labi_test_trampoline_seh_prolog_$reg: +____ +}); +$code .= <<____; +.Labi_test_trampoline_seh_prolog_end: +____ + +$code .= load_caller_state(0, $state); +$code .= <<____; + # Stash \$func and \$state, so they are available after the call returns. + movq $func, $func_offset(%rsp) + movq $state, $state_offset(%rsp) + + # Load parameters. Note this will clobber \$argv and \$argc, so we can + # only use non-parameter volatile registers. There are three, and they + # are the same between SysV and Win64: %rax, %r10, and %r11. + movq $argv, %r10 + movq $argc, %r11 +____ +foreach (@inp) { + $code .= <<____; + dec %r11 + js .Largs_done + movq (%r10), $_ + addq \$8, %r10 +____ +} +$code .= <<____; + leaq $stack_params_offset(%rsp), %rax +.Largs_loop: + dec %r11 + js .Largs_done + + # This block should be: + # movq (%r10), %rtmp + # movq %rtmp, (%rax) + # There are no spare registers available, so we spill into the scratch + # space. + movq %r11, $scratch_offset(%rsp) + movq (%r10), %r11 + movq %r11, (%rax) + movq $scratch_offset(%rsp), %r11 + + addq \$8, %r10 + addq \$8, %rax + jmp .Largs_loop + +.Largs_done: + movq $func_offset(%rsp), %rax + movq $unwind_offset(%rsp), %r10 + testq %r10, %r10 + jz .Lno_unwind + + # Set the trap flag. + pushfq + orq \$0x100, 0(%rsp) + popfq + + # Run an instruction to trigger a breakpoint immediately before the + # call. + nop +.globl abi_test_unwind_start +abi_test_unwind_start: + + call *%rax +.globl abi_test_unwind_return +abi_test_unwind_return: + + # Clear the trap flag. Note this assumes the trap flag was clear on + # entry. We do not support instrumenting an unwind-instrumented + # |abi_test_trampoline|. + pushfq + andq \$-0x101, 0(%rsp) # -0x101 is ~0x100 + popfq +.globl abi_test_unwind_stop +abi_test_unwind_stop: + + jmp .Lcall_done + +.Lno_unwind: + call *%rax + +.Lcall_done: + # Store what \$func did our state, so our caller can check. + movq $state_offset(%rsp), $state +____ +$code .= store_caller_state(0, $state); + +# Restore our caller's state. +$code .= load_caller_state($caller_state_offset, "%rsp", sub { + my ($off, $reg) = @_; + $reg = substr($reg, 1); + return ".cfi_restore\t$reg\n"; +}); +$code .= <<____; + addq \$$stack_alloc_size, %rsp +.cfi_adjust_cfa_offset -$stack_alloc_size + + # %rax already contains \$func's return value, unmodified. + ret +.cfi_endproc +.Labi_test_trampoline_seh_end: +.size abi_test_trampoline,.-abi_test_trampoline +____ + +# abi_test_clobber_* zeros the corresponding register. These are used to test +# the ABI-testing framework. +foreach ("ax", "bx", "cx", "dx", "di", "si", "bp", 8..15) { + $code .= <<____; +.type abi_test_clobber_r$_, \@abi-omnipotent +.globl abi_test_clobber_r$_ +.align 16 +abi_test_clobber_r$_: + xorq %r$_, %r$_ + ret +.size abi_test_clobber_r$_,.-abi_test_clobber_r$_ +____ +} + +foreach (0..15) { + $code .= <<____; +.type abi_test_clobber_xmm$_, \@abi-omnipotent +.globl abi_test_clobber_xmm$_ +.align 16 +abi_test_clobber_xmm$_: + pxor %xmm$_, %xmm$_ + ret +.size abi_test_clobber_xmm$_,.-abi_test_clobber_xmm$_ +____ +} + +$code .= <<____; +# abi_test_bad_unwind_wrong_register preserves the ABI, but annotates the wrong +# register in unwind metadata. +# void abi_test_bad_unwind_wrong_register(void); +.type abi_test_bad_unwind_wrong_register, \@abi-omnipotent +.globl abi_test_bad_unwind_wrong_register +.align 16 +abi_test_bad_unwind_wrong_register: +.cfi_startproc +.Labi_test_bad_unwind_wrong_register_seh_begin: + pushq %r12 +.cfi_push %r13 # This should be %r12 +.Labi_test_bad_unwind_wrong_register_seh_push_r13: + # Windows evaluates epilogs directly in the unwinder, rather than using + # unwind codes. Add a nop so there is one non-epilog point (immediately + # before the nop) where the unwinder can observe the mistake. + nop + popq %r12 +.cfi_pop %r12 + ret +.Labi_test_bad_unwind_wrong_register_seh_end: +.cfi_endproc +.size abi_test_bad_unwind_wrong_register,.-abi_test_bad_unwind_wrong_register + +# abi_test_bad_unwind_temporary preserves the ABI, but temporarily corrupts the +# storage space for a saved register, breaking unwind. +# void abi_test_bad_unwind_temporary(void); +.type abi_test_bad_unwind_temporary, \@abi-omnipotent +.globl abi_test_bad_unwind_temporary +.align 16 +abi_test_bad_unwind_temporary: +.cfi_startproc +.Labi_test_bad_unwind_temporary_seh_begin: + pushq %r12 +.cfi_push %r12 +.Labi_test_bad_unwind_temporary_seh_push_r12: + + movq %r12, %rax + inc %rax + movq %rax, (%rsp) + # Unwinding from here is incorrect. Although %r12 itself has not been + # changed, the unwind codes say to look in (%rsp) instead. + + movq %r12, (%rsp) + # Unwinding is now fixed. + + popq %r12 +.cfi_pop %r12 + ret +.Labi_test_bad_unwind_temporary_seh_end: +.cfi_endproc +.size abi_test_bad_unwind_temporary,.-abi_test_bad_unwind_temporary + +# abi_test_get_and_clear_direction_flag clears the direction flag. If the flag +# was previously set, it returns one. Otherwise, it returns zero. +# int abi_test_get_and_clear_direction_flag(void); +.type abi_test_set_direction_flag, \@abi-omnipotent +.globl abi_test_get_and_clear_direction_flag +abi_test_get_and_clear_direction_flag: + pushfq + popq %rax + andq \$0x400, %rax + shrq \$10, %rax + cld + ret +.size abi_test_get_and_clear_direction_flag,.-abi_test_get_and_clear_direction_flag + +# abi_test_set_direction_flag sets the direction flag. +# void abi_test_set_direction_flag(void); +.type abi_test_set_direction_flag, \@abi-omnipotent +.globl abi_test_set_direction_flag +abi_test_set_direction_flag: + std + ret +.size abi_test_set_direction_flag,.-abi_test_set_direction_flag +____ + +if ($win64) { + $code .= <<____; +# abi_test_bad_unwind_epilog preserves the ABI, and correctly annotates the +# prolog, but the epilog does not match Win64's rules, breaking unwind during +# the epilog. +# void abi_test_bad_unwind_epilog(void); +.type abi_test_bad_unwind_epilog, \@abi-omnipotent +.globl abi_test_bad_unwind_epilog +.align 16 +abi_test_bad_unwind_epilog: +.Labi_test_bad_unwind_epilog_seh_begin: + pushq %r12 +.Labi_test_bad_unwind_epilog_seh_push_r12: + + nop + + # The epilog should begin here, but the nop makes it invalid. + popq %r12 + nop + ret +.Labi_test_bad_unwind_epilog_seh_end: +.size abi_test_bad_unwind_epilog,.-abi_test_bad_unwind_epilog +____ + + # Add unwind metadata for SEH. + # + # TODO(davidben): This is all manual right now. Once we've added SEH tests, + # add support for emitting these in x86_64-xlate.pl, probably based on MASM + # and Yasm's unwind directives, and unify with CFI. (Sadly, NASM does not + # support these directives.) Then push that upstream to replace the + # error-prone and non-standard custom handlers. + + # See https://docs.microsoft.com/en-us/cpp/build/struct-unwind-code?view=vs-2017 + my $UWOP_PUSH_NONVOL = 0; + my $UWOP_ALLOC_LARGE = 1; + my $UWOP_ALLOC_SMALL = 2; + my $UWOP_SAVE_NONVOL = 4; + my $UWOP_SAVE_XMM128 = 8; + + my %UWOP_REG_NUMBER = (rax => 0, rcx => 1, rdx => 2, rbx => 3, rsp => 4, + rbp => 5, rsi => 6, rdi => 7, + map(("r$_" => $_), (8..15))); + + my $unwind_codes = ""; + my $num_slots = 0; + foreach my $reg (reverse @caller_state) { + $reg = substr($reg, 1); + die "unknown register $reg" unless exists($reg_offsets{$reg}); + if ($reg =~ /^r/) { + die "unknown register $reg" unless exists($UWOP_REG_NUMBER{$reg}); + my $info = $UWOP_SAVE_NONVOL | ($UWOP_REG_NUMBER{$reg} << 4); + my $value = $reg_offsets{$reg} / 8; + $unwind_codes .= <<____; + .byte .Labi_test_trampoline_seh_prolog_$reg-.Labi_test_trampoline_seh_begin + .byte $info + .value $value +____ + $num_slots += 2; + } elsif ($reg =~ /^xmm/) { + my $info = $UWOP_SAVE_XMM128 | (substr($reg, 3) << 4); + my $value = $reg_offsets{$reg} / 16; + $unwind_codes .= <<____; + .byte .Labi_test_trampoline_seh_prolog_$reg-.Labi_test_trampoline_seh_begin + .byte $info + .value $value +____ + $num_slots += 2; + } else { + die "unknown register $reg"; + } + } + + if ($stack_alloc_size <= 128) { + my $info = $UWOP_ALLOC_SMALL | ((($stack_alloc_size - 8) / 8) << 4); + $unwind_codes .= <<____; + .byte .Labi_test_trampoline_seh_prolog_alloc-.Labi_test_trampoline_seh_begin + .byte $info +____ + $num_slots++; + } else { + die "stack allocation needs three unwind slots" if ($stack_alloc_size > 512 * 1024 + 8); + my $info = $UWOP_ALLOC_LARGE; + my $value = $stack_alloc_size / 8; + $unwind_codes .= <<____; + .byte .Labi_test_trampoline_seh_prolog_alloc-.Labi_test_trampoline_seh_begin + .byte $info + .value $value +____ + $num_slots += 2; + } + + $code .= <<____; +.section .pdata +.align 4 + # https://docs.microsoft.com/en-us/cpp/build/struct-runtime-function?view=vs-2017 + .rva .Labi_test_trampoline_seh_begin + .rva .Labi_test_trampoline_seh_end + .rva .Labi_test_trampoline_seh_info + + .rva .Labi_test_bad_unwind_wrong_register_seh_begin + .rva .Labi_test_bad_unwind_wrong_register_seh_end + .rva .Labi_test_bad_unwind_wrong_register_seh_info + + .rva .Labi_test_bad_unwind_temporary_seh_begin + .rva .Labi_test_bad_unwind_temporary_seh_end + .rva .Labi_test_bad_unwind_temporary_seh_info + + .rva .Labi_test_bad_unwind_epilog_seh_begin + .rva .Labi_test_bad_unwind_epilog_seh_end + .rva .Labi_test_bad_unwind_epilog_seh_info + +.section .xdata +.align 8 +.Labi_test_trampoline_seh_info: + # https://docs.microsoft.com/en-us/cpp/build/struct-unwind-info?view=vs-2017 + .byte 1 # version 1, no flags + .byte .Labi_test_trampoline_seh_prolog_end-.Labi_test_trampoline_seh_begin + .byte $num_slots + .byte 0 # no frame register +$unwind_codes + +.align 8 +.Labi_test_bad_unwind_wrong_register_seh_info: + .byte 1 # version 1, no flags + .byte .Labi_test_bad_unwind_wrong_register_seh_push_r13-.Labi_test_bad_unwind_wrong_register_seh_begin + .byte 1 # one slot + .byte 0 # no frame register + + .byte .Labi_test_bad_unwind_wrong_register_seh_push_r13-.Labi_test_bad_unwind_wrong_register_seh_begin + .byte @{[$UWOP_PUSH_NONVOL | ($UWOP_REG_NUMBER{r13} << 4)]} + +.align 8 +.Labi_test_bad_unwind_temporary_seh_info: + .byte 1 # version 1, no flags + .byte .Labi_test_bad_unwind_temporary_seh_push_r12-.Labi_test_bad_unwind_temporary_seh_begin + .byte 1 # one slot + .byte 0 # no frame register + + .byte .Labi_test_bad_unwind_temporary_seh_push_r12-.Labi_test_bad_unwind_temporary_seh_begin + .byte @{[$UWOP_PUSH_NONVOL | ($UWOP_REG_NUMBER{r12} << 4)]} + +.align 8 +.Labi_test_bad_unwind_epilog_seh_info: + .byte 1 # version 1, no flags + .byte .Labi_test_bad_unwind_epilog_seh_push_r12-.Labi_test_bad_unwind_epilog_seh_begin + .byte 1 # one slot + .byte 0 # no frame register + + .byte .Labi_test_bad_unwind_epilog_seh_push_r12-.Labi_test_bad_unwind_epilog_seh_begin + .byte @{[$UWOP_PUSH_NONVOL | ($UWOP_REG_NUMBER{r12} << 4)]} +____ +} + +print $code; +close STDOUT; diff --git a/src/crypto/test/gtest_main.cc b/src/crypto/test/gtest_main.cc index a557168..aeec0f5 100644 --- a/src/crypto/test/gtest_main.cc +++ b/src/crypto/test/gtest_main.cc @@ -20,6 +20,7 @@ #include #include +#include "abi_test.h" #include "gtest_main.h" #include "../internal.h" @@ -34,16 +35,15 @@ int main(int argc, char **argv) { testing::InitGoogleTest(&argc, argv); bssl::SetupGoogleTest(); -#if !defined(OPENSSL_WINDOWS) + bool unwind_tests = true; for (int i = 1; i < argc; i++) { +#if !defined(OPENSSL_WINDOWS) if (strcmp(argv[i], "--fork_unsafe_buffering") == 0) { RAND_enable_fork_unsafe_buffering(-1); } - } #endif #if defined(TEST_ARM_CPUS) - for (int i = 1; i < argc; i++) { if (strncmp(argv[i], "--cpu=", 6) == 0) { const char *cpu = argv[i] + 6; uint32_t armcap; @@ -68,8 +68,28 @@ int main(int argc, char **argv) { printf("Simulating CPU '%s'\n", cpu); *armcap_ptr = armcap; } - } #endif // TEST_ARM_CPUS - return RUN_ALL_TESTS(); + if (strcmp(argv[i], "--no_unwind_tests") == 0) { + unwind_tests = false; + } + } + + if (unwind_tests) { + abi_test::EnableUnwindTests(); + } + + // Run the entire test suite under an ABI check. This is less effective than + // testing the individual assembly functions, but will catch issues with + // rarely-used registers. + abi_test::Result abi; + int ret = abi_test::Check(&abi, RUN_ALL_TESTS); + if (!abi.ok()) { + fprintf(stderr, "ABI failure in test suite:\n"); + for (const auto &error : abi.errors) { + fprintf(stderr, " %s\n", error.c_str()); + } + exit(1); + } + return ret; } diff --git a/src/decrepit/CMakeLists.txt b/src/decrepit/CMakeLists.txt index 1cb5e11..0829926 100644 --- a/src/decrepit/CMakeLists.txt +++ b/src/decrepit/CMakeLists.txt @@ -29,16 +29,18 @@ target_link_libraries(decrepit crypto ssl) add_executable( decrepit_test - ripemd/ripemd_test.cc + blowfish/blowfish_test.cc + cast/cast_test.cc cfb/cfb_test.cc + ripemd/ripemd_test.cc $ - $ ) add_dependencies(decrepit_test global_target) -target_link_libraries(decrepit_test crypto decrepit boringssl_gtest) +target_link_libraries(decrepit_test test_support_lib boringssl_gtest decrepit + crypto) if(WIN32) target_link_libraries(decrepit_test ws2_32) endif() diff --git a/src/decrepit/blowfish/blowfish.c b/src/decrepit/blowfish/blowfish.c index 04b7368..aa872bc 100644 --- a/src/decrepit/blowfish/blowfish.c +++ b/src/decrepit/blowfish/blowfish.c @@ -55,7 +55,10 @@ * [including the GNU Public Licence.] */ #include +#include +#include +#include #include #include "../../crypto/internal.h" @@ -149,18 +152,18 @@ void BF_ecb_encrypt(const uint8_t *in, uint8_t *out, l2n(d[1], out); } -void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, +void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, const BF_KEY *schedule, uint8_t *ivec, int encrypt) { uint32_t tin0, tin1; uint32_t tout0, tout1, xor0, xor1; - long l = length; + size_t l = length; uint32_t tin[2]; if (encrypt) { n2l(ivec, tout0); n2l(ivec, tout1); ivec -= 8; - for (l -= 8; l >= 0; l -= 8) { + while (l >= 8) { n2l(in, tin0); n2l(in, tin1); tin0 ^= tout0; @@ -172,9 +175,10 @@ void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, tout1 = tin[1]; l2n(tout0, out); l2n(tout1, out); + l -= 8; } - if (l != -8) { - n2ln(in, tin0, tin1, l + 8); + if (l != 0) { + n2ln(in, tin0, tin1, l); tin0 ^= tout0; tin1 ^= tout1; tin[0] = tin0; @@ -191,7 +195,7 @@ void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, n2l(ivec, xor0); n2l(ivec, xor1); ivec -= 8; - for (l -= 8; l >= 0; l -= 8) { + while (l >= 8) { n2l(in, tin0); n2l(in, tin1); tin[0] = tin0; @@ -203,8 +207,9 @@ void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, l2n(tout1, out); xor0 = tin0; xor1 = tin1; + l -= 8; } - if (l != -8) { + if (l != 0) { n2l(in, tin0); n2l(in, tin1); tin[0] = tin0; @@ -212,7 +217,7 @@ void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, BF_decrypt(tin, schedule); tout0 = tin[0] ^ xor0; tout1 = tin[1] ^ xor1; - l2nn(tout0, tout1, out, l + 8); + l2nn(tout0, tout1, out, l); xor0 = tin0; xor1 = tin1; } @@ -492,3 +497,130 @@ void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data) { p[i + 1] = in[1]; } } + +static void BF_cfb64_encrypt(const uint8_t *in, uint8_t *out, size_t length, + const BF_KEY *schedule, uint8_t *ivec, int *num, + int encrypt) { + uint32_t v0, v1, t; + int n = *num; + size_t l = length; + uint32_t ti[2]; + uint8_t c, cc; + + uint8_t *iv = ivec; + if (encrypt) { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + BF_encrypt(ti, schedule); + iv = ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = ivec; + } + c = *(in++) ^ iv[n]; + *(out++) = c; + iv[n] = c; + n = (n + 1) & 0x07; + } + } else { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + BF_encrypt(ti, schedule); + iv = ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = ivec; + } + cc = *(in++); + c = iv[n]; + iv[n] = cc; + *(out++) = c ^ cc; + n = (n + 1) & 0x07; + } + } + + *num = n; +} + +static int bf_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, + const uint8_t *iv, int enc) { + BF_KEY *bf_key = ctx->cipher_data; + BF_set_key(bf_key, ctx->key_len, key); + return 1; +} + +static int bf_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { + BF_KEY *bf_key = ctx->cipher_data; + + while (len >= BF_BLOCK) { + BF_ecb_encrypt(in, out, bf_key, ctx->encrypt); + in += BF_BLOCK; + out += BF_BLOCK; + len -= BF_BLOCK; + } + assert(len == 0); + + return 1; +} + +static int bf_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { + BF_KEY *bf_key = ctx->cipher_data; + BF_cbc_encrypt(in, out, len, bf_key, ctx->iv, ctx->encrypt); + return 1; +} + +static int bf_cfb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { + BF_KEY *bf_key = ctx->cipher_data; + int num = ctx->num; + BF_cfb64_encrypt(in, out, len, bf_key, ctx->iv, &num, ctx->encrypt); + ctx->num = num; + return 1; +} + +static const EVP_CIPHER bf_ecb = { + NID_bf_ecb, BF_BLOCK /* block_size */, + 16 /* key_size */, BF_BLOCK /* iv_len */, + sizeof(BF_KEY), EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH, + NULL /* app_data */, bf_init_key, + bf_ecb_cipher, NULL /* cleanup */, + NULL /* ctrl */, +}; + +static const EVP_CIPHER bf_cbc = { + NID_bf_cbc, BF_BLOCK /* block_size */, + 16 /* key_size */, BF_BLOCK /* iv_len */, + sizeof(BF_KEY), EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH, + NULL /* app_data */, bf_init_key, + bf_cbc_cipher, NULL /* cleanup */, + NULL /* ctrl */, +}; + +static const EVP_CIPHER bf_cfb = { + NID_bf_cfb64, 1 /* block_size */, + 16 /* key_size */, BF_BLOCK /* iv_len */, + sizeof(BF_KEY), EVP_CIPH_CFB_MODE | EVP_CIPH_VARIABLE_LENGTH, + NULL /* app_data */, bf_init_key, + bf_cfb_cipher, NULL /* cleanup */, + NULL /* ctrl */, +}; + +const EVP_CIPHER *EVP_bf_ecb(void) { return &bf_ecb; } + +const EVP_CIPHER *EVP_bf_cbc(void) { return &bf_cbc; } + +const EVP_CIPHER *EVP_bf_cfb(void) { return &bf_cfb; } diff --git a/src/decrepit/blowfish/blowfish_test.cc b/src/decrepit/blowfish/blowfish_test.cc new file mode 100644 index 0000000..d19346a --- /dev/null +++ b/src/decrepit/blowfish/blowfish_test.cc @@ -0,0 +1,163 @@ +// Copyright (c) 2019, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +#include + +#include + +#include "../../crypto/internal.h" +#include "../../crypto/test/test_util.h" + +struct TestCase { + uint8_t key[16]; + uint8_t plaintext[16]; + uint8_t iv[8]; + uint8_t ecb_ciphertext[16]; + uint8_t cbc_ciphertext[24]; + uint8_t cfb_ciphertext[16]; +}; + +static const TestCase kTests[] = { + // Randomly generated test cases. Checked against vanilla OpenSSL. + { + {0xbb, 0x56, 0xb1, 0x27, 0x7c, 0x4c, 0xdd, 0x5a, 0x99, 0x90, 0x1e, 0x6f, + 0xeb, 0x36, 0x6c, 0xf3}, + {0xa6, 0x5b, 0xe0, 0x99, 0xad, 0x5d, 0x91, 0x98, 0x37, 0xc1, 0xa4, 0x7f, + 0x01, 0x24, 0x9a, 0x6b}, + {0xd5, 0x8a, 0x5c, 0x29, 0xeb, 0xee, 0xed, 0x76}, + {0xda, 0x6e, 0x18, 0x9c, 0x03, 0x59, 0x12, 0x61, 0xfa, 0x20, 0xd9, 0xce, + 0xee, 0x43, 0x9d, 0x05}, + {0x4f, 0x8b, 0x3e, 0x17, 0xa5, 0x35, 0x9b, 0xcb, + 0xdf, 0x3c, 0x52, 0xfb, 0xe5, 0x20, 0xdd, 0x53, + 0xd5, 0xf8, 0x1a, 0x6c, 0xf0, 0x99, 0x34, 0x94}, + {0xfd, 0x65, 0xc5, 0xa6, 0x07, 0x07, 0xb5, 0xf3, 0x2e, 0xfb, 0x12, 0xc3, + 0x7f, 0x45, 0x37, 0x54}, + }, + { + {0x5d, 0x98, 0xa9, 0xd2, 0x27, 0x5d, 0xc8, 0x8c, 0x8c, 0xee, 0x23, 0x7f, + 0x8e, 0x2b, 0xd4, 0x8d}, + {0x60, 0xec, 0x31, 0xda, 0x25, 0x07, 0x02, 0x14, 0x84, 0x44, 0x96, 0xa6, + 0x04, 0x81, 0xca, 0x4e}, + {0x96, 0x4c, 0xa4, 0x07, 0xee, 0x1c, 0xd1, 0xfb}, + {0x83, 0x8a, 0xef, 0x18, 0x53, 0x96, 0xec, 0xf3, 0xf4, 0xd9, 0xe8, 0x4b, + 0x2c, 0x3f, 0xe7, 0x27}, + {0xad, 0x78, 0x70, 0x06, 0x2e, 0x5e, 0xa5, 0x21, + 0xdd, 0xe8, 0xa0, 0xb9, 0xdb, 0x0c, 0x81, 0x1d, + 0x0a, 0xd3, 0xa9, 0x63, 0x78, 0xac, 0x82, 0x64}, + {0x43, 0x2f, 0xf3, 0x23, 0xf4, 0x5c, 0xbf, 0x05, 0x53, 0x3c, 0x9e, 0xd6, + 0xd3, 0xd2, 0xc0, 0xf0}, + }, +}; + +TEST(Blowfish, ECB) { + unsigned test_num = 0; + for (const auto &test : kTests) { + test_num++; + SCOPED_TRACE(test_num); + + uint8_t out[sizeof(test.ecb_ciphertext)]; + int out_bytes, final_bytes; + + bssl::ScopedEVP_CIPHER_CTX ctx; + ASSERT_TRUE(EVP_EncryptInit_ex(ctx.get(), EVP_bf_ecb(), nullptr, test.key, + nullptr)); + ASSERT_TRUE(EVP_CIPHER_CTX_set_padding(ctx.get(), 0 /* no padding */)); + ASSERT_TRUE(EVP_EncryptUpdate(ctx.get(), out, &out_bytes, test.plaintext, + sizeof(test.plaintext))); + ASSERT_TRUE(EVP_EncryptFinal_ex(ctx.get(), out + out_bytes, &final_bytes)); + EXPECT_EQ(static_cast(out_bytes + final_bytes), + sizeof(test.plaintext)); + EXPECT_EQ(Bytes(test.ecb_ciphertext), Bytes(out)); + + bssl::ScopedEVP_CIPHER_CTX decrypt_ctx; + ASSERT_TRUE(EVP_DecryptInit_ex(decrypt_ctx.get(), EVP_bf_ecb(), nullptr, + test.key, nullptr)); + ASSERT_TRUE( + EVP_CIPHER_CTX_set_padding(decrypt_ctx.get(), 0 /* no padding */)); + ASSERT_TRUE(EVP_DecryptUpdate(decrypt_ctx.get(), out, &out_bytes, + test.ecb_ciphertext, + sizeof(test.ecb_ciphertext))); + ASSERT_TRUE( + EVP_DecryptFinal_ex(decrypt_ctx.get(), out + out_bytes, &final_bytes)); + EXPECT_EQ(static_cast(out_bytes + final_bytes), + sizeof(test.plaintext)); + EXPECT_EQ(Bytes(test.plaintext), Bytes(out)); + } +} + +TEST(Blowfish, CBC) { + unsigned test_num = 0; + for (const auto &test : kTests) { + test_num++; + SCOPED_TRACE(test_num); + + uint8_t out[sizeof(test.cbc_ciphertext)]; + int out_bytes, final_bytes; + + bssl::ScopedEVP_CIPHER_CTX ctx; + ASSERT_TRUE(EVP_EncryptInit_ex(ctx.get(), EVP_bf_cbc(), nullptr, test.key, + test.iv)); + ASSERT_TRUE(EVP_EncryptUpdate(ctx.get(), out, &out_bytes, test.plaintext, + sizeof(test.plaintext))); + EXPECT_TRUE(EVP_EncryptFinal_ex(ctx.get(), out + out_bytes, &final_bytes)); + EXPECT_EQ(static_cast(out_bytes + final_bytes), + sizeof(test.cbc_ciphertext)); + EXPECT_EQ(Bytes(test.cbc_ciphertext), Bytes(out)); + + bssl::ScopedEVP_CIPHER_CTX decrypt_ctx; + ASSERT_TRUE(EVP_DecryptInit_ex(decrypt_ctx.get(), EVP_bf_cbc(), nullptr, + test.key, test.iv)); + ASSERT_TRUE(EVP_DecryptUpdate(decrypt_ctx.get(), out, &out_bytes, + test.cbc_ciphertext, + sizeof(test.cbc_ciphertext))); + EXPECT_TRUE( + EVP_DecryptFinal_ex(decrypt_ctx.get(), out + out_bytes, &final_bytes)); + EXPECT_EQ(static_cast(out_bytes + final_bytes), + sizeof(test.plaintext)); + EXPECT_EQ(Bytes(test.plaintext), Bytes(out, out_bytes + final_bytes)); + } +} + +TEST(Blowfish, CFB) { + unsigned test_num = 0; + for (const auto &test : kTests) { + test_num++; + SCOPED_TRACE(test_num); + + uint8_t out[sizeof(test.cfb_ciphertext)]; + int out_bytes, final_bytes; + + bssl::ScopedEVP_CIPHER_CTX ctx; + ASSERT_TRUE(EVP_EncryptInit_ex(ctx.get(), EVP_bf_cfb(), nullptr, test.key, + test.iv)); + ASSERT_TRUE(EVP_EncryptUpdate(ctx.get(), out, &out_bytes, test.plaintext, + sizeof(test.plaintext))); + ASSERT_TRUE(EVP_EncryptFinal_ex(ctx.get(), out + out_bytes, &final_bytes)); + EXPECT_EQ(static_cast(out_bytes + final_bytes), + sizeof(test.plaintext)); + EXPECT_EQ(Bytes(test.cfb_ciphertext), Bytes(out)); + + bssl::ScopedEVP_CIPHER_CTX decrypt_ctx; + ASSERT_TRUE(EVP_DecryptInit_ex(decrypt_ctx.get(), EVP_bf_cfb(), nullptr, + test.key, test.iv)); + ASSERT_TRUE(EVP_DecryptUpdate(decrypt_ctx.get(), out, &out_bytes, + test.cfb_ciphertext, + sizeof(test.cfb_ciphertext))); + ASSERT_TRUE( + EVP_DecryptFinal_ex(decrypt_ctx.get(), out + out_bytes, &final_bytes)); + EXPECT_EQ(static_cast(out_bytes + final_bytes), + sizeof(test.plaintext)); + EXPECT_EQ(Bytes(test.plaintext), Bytes(out)); + } +} diff --git a/src/decrepit/cast/cast.c b/src/decrepit/cast/cast.c index 8d80aba..8fd4e3a 100644 --- a/src/decrepit/cast/cast.c +++ b/src/decrepit/cast/cast.c @@ -55,6 +55,8 @@ * [including the GNU Public Licence.]. */ #include +#include +#include #if defined(OPENSSL_WINDOWS) OPENSSL_MSVC_PRAGMA(warning(push, 3)) @@ -62,6 +64,7 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3)) OPENSSL_MSVC_PRAGMA(warning(pop)) #endif +#include "../../crypto/internal.h" #include "internal.h" #include "../macros.h" @@ -163,18 +166,18 @@ void CAST_decrypt(uint32_t *data, const CAST_KEY *key) { data[0] = r & 0xffffffffL; } -void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, +void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, const CAST_KEY *ks, uint8_t *iv, int enc) { uint32_t tin0, tin1; uint32_t tout0, tout1, xor0, xor1; - long l = length; + size_t l = length; uint32_t tin[2]; if (enc) { n2l(iv, tout0); n2l(iv, tout1); iv -= 8; - for (l -= 8; l >= 0; l -= 8) { + while (l >= 8) { n2l(in, tin0); n2l(in, tin1); tin0 ^= tout0; @@ -186,9 +189,10 @@ void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, tout1 = tin[1]; l2n(tout0, out); l2n(tout1, out); + l -= 8; } - if (l != -8) { - n2ln(in, tin0, tin1, l + 8); + if (l != 0) { + n2ln(in, tin0, tin1, l); tin0 ^= tout0; tin1 ^= tout1; tin[0] = tin0; @@ -205,7 +209,7 @@ void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, n2l(iv, xor0); n2l(iv, xor1); iv -= 8; - for (l -= 8; l >= 0; l -= 8) { + while (l >= 8) { n2l(in, tin0); n2l(in, tin1); tin[0] = tin0; @@ -217,8 +221,9 @@ void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, l2n(tout1, out); xor0 = tin0; xor1 = tin1; + l -= 8; } - if (l != -8) { + if (l != 0) { n2l(in, tin0); n2l(in, tin1); tin[0] = tin0; @@ -226,7 +231,7 @@ void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, CAST_decrypt(tin, ks); tout0 = tin[0] ^ xor0; tout1 = tin[1] ^ xor1; - l2nn(tout0, tout1, out, l + 8); + l2nn(tout0, tout1, out, l); xor0 = tin0; xor1 = tin1; } @@ -351,12 +356,12 @@ void CAST_set_key(CAST_KEY *key, size_t len, const uint8_t *data) { // The input and output encrypted as though 64bit cfb mode is being used. The // extra state information to record how much of the 64bit block we have used // is contained in *num. -void CAST_cfb64_encrypt(const uint8_t *in, uint8_t *out, long length, +void CAST_cfb64_encrypt(const uint8_t *in, uint8_t *out, size_t length, const CAST_KEY *schedule, uint8_t *ivec, int *num, int enc) { uint32_t v0, v1, t; int n = *num; - long l = length; + size_t l = length; uint32_t ti[2]; uint8_t *iv, c, cc; @@ -406,3 +411,54 @@ void CAST_cfb64_encrypt(const uint8_t *in, uint8_t *out, long length, v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; *num = n; } + +static int cast_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, + const uint8_t *iv, int enc) { + CAST_KEY *cast_key = ctx->cipher_data; + CAST_set_key(cast_key, ctx->key_len, key); + return 1; +} + +static int cast_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { + CAST_KEY *cast_key = ctx->cipher_data; + + while (len >= CAST_BLOCK) { + CAST_ecb_encrypt(in, out, cast_key, ctx->encrypt); + in += CAST_BLOCK; + out += CAST_BLOCK; + len -= CAST_BLOCK; + } + assert(len == 0); + + return 1; +} + +static int cast_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { + CAST_KEY *cast_key = ctx->cipher_data; + CAST_cbc_encrypt(in, out, len, cast_key, ctx->iv, ctx->encrypt); + return 1; +} + +static const EVP_CIPHER cast5_ecb = { + NID_cast5_ecb, CAST_BLOCK, + CAST_KEY_LENGTH, CAST_BLOCK /* iv_len */, + sizeof(CAST_KEY), EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH, + NULL /* app_data */, cast_init_key, + cast_ecb_cipher, NULL /* cleanup */, + NULL /* ctrl */, +}; + +static const EVP_CIPHER cast5_cbc = { + NID_cast5_cbc, CAST_BLOCK, + CAST_KEY_LENGTH, CAST_BLOCK /* iv_len */, + sizeof(CAST_KEY), EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH, + NULL /* app_data */, cast_init_key, + cast_cbc_cipher, NULL /* cleanup */, + NULL /* ctrl */, +}; + +const EVP_CIPHER *EVP_cast5_ecb(void) { return &cast5_ecb; } + +const EVP_CIPHER *EVP_cast5_cbc(void) { return &cast5_cbc; } diff --git a/src/decrepit/cast/cast_test.cc b/src/decrepit/cast/cast_test.cc new file mode 100644 index 0000000..05a04cb --- /dev/null +++ b/src/decrepit/cast/cast_test.cc @@ -0,0 +1,125 @@ +// Copyright (c) 2019, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +#include + +#include + +#include "../../crypto/internal.h" +#include "../../crypto/test/test_util.h" + +struct TestCase { + uint8_t key[16]; + uint8_t plaintext[16]; + uint8_t iv[8]; + uint8_t ecb_ciphertext[16]; + uint8_t cbc_ciphertext[24]; +}; + +static const TestCase kTests[] = { + // Randomly generated test cases. Checked against vanilla OpenSSL. + { + {0xbb, 0x56, 0xb1, 0x27, 0x7c, 0x4c, 0xdd, 0x5a, 0x99, 0x90, 0x1e, 0x6f, + 0xeb, 0x36, 0x6c, 0xf3}, + {0xa6, 0x5b, 0xe0, 0x99, 0xad, 0x5d, 0x91, 0x98, 0x37, 0xc1, 0xa4, 0x7f, + 0x01, 0x24, 0x9a, 0x6b}, + {0xd5, 0x8a, 0x5c, 0x29, 0xeb, 0xee, 0xed, 0x76}, + {0x01, 0x8d, 0x1b, 0x42, 0xb8, 0x77, 0xc8, 0x84, 0x25, 0x7d, 0xd4, 0x89, + 0x8d, 0xc1, 0xbc, 0x2a}, + {0xc1, 0x05, 0xa1, 0x9a, 0xb4, 0xc4, 0xd0, 0x15, + 0x9d, 0xfd, 0xea, 0xd0, 0xc3, 0x54, 0xe5, 0x33, + 0x26, 0xac, 0x25, 0xf3, 0x48, 0xbc, 0xf6, 0xa2}, + }, + { + {0x5d, 0x98, 0xa9, 0xd2, 0x27, 0x5d, 0xc8, 0x8c, 0x8c, 0xee, 0x23, 0x7f, + 0x8e, 0x2b, 0xd4, 0x8d}, + {0x60, 0xec, 0x31, 0xda, 0x25, 0x07, 0x02, 0x14, 0x84, 0x44, 0x96, 0xa6, + 0x04, 0x81, 0xca, 0x4e}, + {0x96, 0x4c, 0xa4, 0x07, 0xee, 0x1c, 0xd1, 0xfb}, + {0x58, 0x62, 0x29, 0x62, 0x23, 0x69, 0x9e, 0xe8, 0x27, 0xc2, 0xcd, 0x5b, + 0x35, 0xf1, 0xdf, 0xa4}, + {0x1c, 0xd0, 0x29, 0xe5, 0xf3, 0xdb, 0x65, 0x60, + 0x05, 0xde, 0x01, 0x2b, 0x10, 0x09, 0x44, 0x56, + 0x59, 0x44, 0x00, 0x26, 0xdb, 0xb3, 0x2d, 0x98}, + }, +}; + +TEST(CAST, ECB) { + unsigned test_num = 0; + for (const auto &test : kTests) { + test_num++; + SCOPED_TRACE(test_num); + + uint8_t out[sizeof(test.ecb_ciphertext)]; + int out_bytes, final_bytes; + + bssl::ScopedEVP_CIPHER_CTX ctx; + ASSERT_TRUE(EVP_EncryptInit_ex(ctx.get(), EVP_cast5_ecb(), nullptr, + test.key, nullptr)); + ASSERT_TRUE(EVP_CIPHER_CTX_set_padding(ctx.get(), 0 /* no padding */)); + ASSERT_TRUE(EVP_EncryptUpdate(ctx.get(), out, &out_bytes, test.plaintext, + sizeof(test.plaintext))); + ASSERT_TRUE(EVP_EncryptFinal_ex(ctx.get(), out + out_bytes, &final_bytes)); + EXPECT_EQ(static_cast(out_bytes + final_bytes), + sizeof(test.plaintext)); + EXPECT_EQ(Bytes(test.ecb_ciphertext), Bytes(out)); + + bssl::ScopedEVP_CIPHER_CTX decrypt_ctx; + ASSERT_TRUE(EVP_DecryptInit_ex(decrypt_ctx.get(), EVP_cast5_ecb(), nullptr, + test.key, nullptr)); + ASSERT_TRUE( + EVP_CIPHER_CTX_set_padding(decrypt_ctx.get(), 0 /* no padding */)); + ASSERT_TRUE(EVP_DecryptUpdate(decrypt_ctx.get(), out, &out_bytes, + test.ecb_ciphertext, + sizeof(test.ecb_ciphertext))); + ASSERT_TRUE( + EVP_DecryptFinal_ex(decrypt_ctx.get(), out + out_bytes, &final_bytes)); + EXPECT_EQ(static_cast(out_bytes + final_bytes), + sizeof(test.plaintext)); + EXPECT_EQ(Bytes(test.plaintext), Bytes(out)); + } +} + +TEST(CAST, CBC) { + unsigned test_num = 0; + for (const auto &test : kTests) { + test_num++; + SCOPED_TRACE(test_num); + + uint8_t out[sizeof(test.cbc_ciphertext)]; + int out_bytes, final_bytes; + + bssl::ScopedEVP_CIPHER_CTX ctx; + ASSERT_TRUE(EVP_EncryptInit_ex(ctx.get(), EVP_cast5_cbc(), nullptr, + test.key, test.iv)); + ASSERT_TRUE(EVP_EncryptUpdate(ctx.get(), out, &out_bytes, test.plaintext, + sizeof(test.plaintext))); + EXPECT_TRUE(EVP_EncryptFinal_ex(ctx.get(), out + out_bytes, &final_bytes)); + EXPECT_EQ(static_cast(out_bytes + final_bytes), + sizeof(test.cbc_ciphertext)); + EXPECT_EQ(Bytes(test.cbc_ciphertext), Bytes(out)); + + bssl::ScopedEVP_CIPHER_CTX decrypt_ctx; + ASSERT_TRUE(EVP_DecryptInit_ex(decrypt_ctx.get(), EVP_cast5_cbc(), nullptr, + test.key, test.iv)); + ASSERT_TRUE(EVP_DecryptUpdate(decrypt_ctx.get(), out, &out_bytes, + test.cbc_ciphertext, + sizeof(test.cbc_ciphertext))); + EXPECT_TRUE( + EVP_DecryptFinal_ex(decrypt_ctx.get(), out + out_bytes, &final_bytes)); + EXPECT_EQ(static_cast(out_bytes + final_bytes), + sizeof(test.plaintext)); + EXPECT_EQ(Bytes(test.plaintext), Bytes(out, out_bytes + final_bytes)); + } +} diff --git a/src/decrepit/evp/evp_do_all.c b/src/decrepit/evp/evp_do_all.c index 38b8f9f..d540144 100644 --- a/src/decrepit/evp/evp_do_all.c +++ b/src/decrepit/evp/evp_do_all.c @@ -20,14 +20,20 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, const char *unused, void *arg), void *arg) { callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg); - callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg); - callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg); - callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg); + callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg); callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg); + callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg); + callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg); callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg); + callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg); + callback(EVP_aes_192_ecb(), "AES-192-ECB", NULL, arg); callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg); + callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg); + callback(EVP_aes_192_ofb(), "AES-192-OFB", NULL, arg); callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg); - callback(EVP_aes_256_xts(), "AES-256-XTS", NULL, arg); + callback(EVP_aes_128_gcm(), "AES-128-GCM", NULL, arg); + callback(EVP_aes_192_gcm(), "AES-192-GCM", NULL, arg); + callback(EVP_aes_256_gcm(), "AES-256-GCM", NULL, arg); callback(EVP_des_cbc(), "DES-CBC", NULL, arg); callback(EVP_des_ecb(), "DES-ECB", NULL, arg); callback(EVP_des_ede(), "DES-EDE", NULL, arg); @@ -38,14 +44,20 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, // OpenSSL returns everything twice, the second time in lower case. callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg); - callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg); - callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg); - callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg); + callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg); callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg); + callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg); + callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg); callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg); + callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg); + callback(EVP_aes_192_ecb(), "aes-192-ecb", NULL, arg); callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg); + callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg); + callback(EVP_aes_192_ofb(), "aes-192-ofb", NULL, arg); callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg); - callback(EVP_aes_256_xts(), "aes-256-xts", NULL, arg); + callback(EVP_aes_128_gcm(), "aes-128-gcm", NULL, arg); + callback(EVP_aes_192_gcm(), "aes-192-gcm", NULL, arg); + callback(EVP_aes_256_gcm(), "aes-256-gcm", NULL, arg); callback(EVP_des_cbc(), "des-cbc", NULL, arg); callback(EVP_des_ecb(), "des-ecb", NULL, arg); callback(EVP_des_ede(), "des-ede", NULL, arg); diff --git a/src/decrepit/xts/xts.c b/src/decrepit/xts/xts.c index bc2a1b2..a433c3b 100644 --- a/src/decrepit/xts/xts.c +++ b/src/decrepit/xts/xts.c @@ -80,23 +80,13 @@ static size_t CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, if (!enc && (len % 16)) len -= 16; while (len >= 16) { -#if STRICT_ALIGNMENT OPENSSL_memcpy(scratch.c, inp, 16); scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; -#else - scratch.u[0] = ((uint64_t *)inp)[0] ^ tweak.u[0]; - scratch.u[1] = ((uint64_t *)inp)[1] ^ tweak.u[1]; -#endif (*ctx->block1)(scratch.c, scratch.c, ctx->key1); -#if STRICT_ALIGNMENT scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; OPENSSL_memcpy(out, scratch.c, 16); -#else - ((uint64_t *)out)[0] = scratch.u[0] ^= tweak.u[0]; - ((uint64_t *)out)[1] = scratch.u[1] ^= tweak.u[1]; -#endif inp += 16; out += 16; len -= 16; @@ -134,14 +124,9 @@ static size_t CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, carry = (unsigned int)(tweak.u[0] >> 63); tweak1.u[0] = (tweak.u[0] << 1) ^ res; tweak1.u[1] = (tweak.u[1] << 1) | carry; -#if STRICT_ALIGNMENT OPENSSL_memcpy(scratch.c, inp, 16); scratch.u[0] ^= tweak1.u[0]; scratch.u[1] ^= tweak1.u[1]; -#else - scratch.u[0] = ((uint64_t *)inp)[0] ^ tweak1.u[0]; - scratch.u[1] = ((uint64_t *)inp)[1] ^ tweak1.u[1]; -#endif (*ctx->block1)(scratch.c, scratch.c, ctx->key1); scratch.u[0] ^= tweak1.u[0]; scratch.u[1] ^= tweak1.u[1]; @@ -154,14 +139,9 @@ static size_t CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; (*ctx->block1)(scratch.c, scratch.c, ctx->key1); -#if STRICT_ALIGNMENT scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; OPENSSL_memcpy(out, scratch.c, 16); -#else - ((uint64_t *)out)[0] = scratch.u[0] ^ tweak.u[0]; - ((uint64_t *)out)[1] = scratch.u[1] ^ tweak.u[1]; -#endif } return 1; diff --git a/src/fipstools/CMakeLists.txt b/src/fipstools/CMakeLists.txt index 779fcd1..58c9a60 100644 --- a/src/fipstools/CMakeLists.txt +++ b/src/fipstools/CMakeLists.txt @@ -25,8 +25,6 @@ if(FIPS) cavp_tlskdf_test.cc cavp_test_util.cc - - $ ) add_dependencies(cavp global_target) @@ -35,11 +33,10 @@ if(FIPS) test_fips test_fips.c - $ ) add_dependencies(test_fips global_target) - target_link_libraries(cavp crypto) - target_link_libraries(test_fips crypto) + target_link_libraries(cavp test_support_lib crypto) + target_link_libraries(test_fips test_support_lib crypto) endif() diff --git a/src/go.mod b/src/go.mod index 09d36fb..eb5a68a 100644 --- a/src/go.mod +++ b/src/go.mod @@ -1 +1,3 @@ module boringssl.googlesource.com/boringssl + +go 1.11 diff --git a/src/include/openssl/blowfish.h b/src/include/openssl/blowfish.h index ecf9d45..293b175 100644 --- a/src/include/openssl/blowfish.h +++ b/src/include/openssl/blowfish.h @@ -81,9 +81,9 @@ OPENSSL_EXPORT void BF_decrypt(uint32_t *data, const BF_KEY *key); OPENSSL_EXPORT void BF_ecb_encrypt(const uint8_t *in, uint8_t *out, const BF_KEY *key, int enc); -OPENSSL_EXPORT void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, - const BF_KEY *schedule, uint8_t *ivec, - int enc); +OPENSSL_EXPORT void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, + size_t length, const BF_KEY *schedule, + uint8_t *ivec, int enc); #ifdef __cplusplus diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h index c198f4d..b6b7e9a 100644 --- a/src/include/openssl/bn.h +++ b/src/include/openssl/bn.h @@ -932,6 +932,12 @@ OPENSSL_EXPORT BN_MONT_CTX *BN_MONT_CTX_new(void); OPENSSL_EXPORT int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +// BN_bn2binpad behaves like |BN_bn2bin_padded|, but it returns |len| on success +// and -1 on error. +// +// Use |BN_bn2bin_padded| instead. It is |size_t|-clean. +OPENSSL_EXPORT int BN_bn2binpad(const BIGNUM *in, uint8_t *out, int len); + // Private functions diff --git a/src/include/openssl/bytestring.h b/src/include/openssl/bytestring.h index 701466e..75b8434 100644 --- a/src/include/openssl/bytestring.h +++ b/src/include/openssl/bytestring.h @@ -110,6 +110,10 @@ OPENSSL_EXPORT int CBS_get_u24(CBS *cbs, uint32_t *out); // and advances |cbs|. It returns one on success and zero on error. OPENSSL_EXPORT int CBS_get_u32(CBS *cbs, uint32_t *out); +// CBS_get_u64 sets |*out| to the next, big-endian uint64_t value from |cbs| +// and advances |cbs|. It returns one on success and zero on error. +OPENSSL_EXPORT int CBS_get_u64(CBS *cbs, uint64_t *out); + // CBS_get_last_u8 sets |*out| to the last uint8_t from |cbs| and shortens // |cbs|. It returns one on success and zero on error. OPENSSL_EXPORT int CBS_get_last_u8(CBS *cbs, uint8_t *out); @@ -459,6 +463,10 @@ OPENSSL_EXPORT int CBB_add_u24(CBB *cbb, uint32_t value); // returns one on success and zero otherwise. OPENSSL_EXPORT int CBB_add_u32(CBB *cbb, uint32_t value); +// CBB_add_u64 appends a 64-bit, big-endian number from |value| to |cbb|. It +// returns one on success and zero otherwise. +OPENSSL_EXPORT int CBB_add_u64(CBB *cbb, uint64_t value); + // CBB_discard_child discards the current unflushed child of |cbb|. Neither the // child's contents nor the length prefix will be included in the output. OPENSSL_EXPORT void CBB_discard_child(CBB *cbb); diff --git a/src/include/openssl/cast.h b/src/include/openssl/cast.h index 2978a67..1a0f82d 100644 --- a/src/include/openssl/cast.h +++ b/src/include/openssl/cast.h @@ -82,11 +82,11 @@ OPENSSL_EXPORT void CAST_ecb_encrypt(const uint8_t *in, uint8_t *out, OPENSSL_EXPORT void CAST_encrypt(uint32_t *data, const CAST_KEY *key); OPENSSL_EXPORT void CAST_decrypt(uint32_t *data, const CAST_KEY *key); OPENSSL_EXPORT void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out, - long length, const CAST_KEY *ks, + size_t length, const CAST_KEY *ks, uint8_t *iv, int enc); OPENSSL_EXPORT void CAST_cfb64_encrypt(const uint8_t *in, uint8_t *out, - long length, const CAST_KEY *schedule, + size_t length, const CAST_KEY *schedule, uint8_t *ivec, int *num, int enc); #ifdef __cplusplus diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h index e9545c8..ea7a940 100644 --- a/src/include/openssl/cipher.h +++ b/src/include/openssl/cipher.h @@ -419,9 +419,27 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ctr(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_gcm(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ofb(void); +// EVP_des_ede3_ecb is an alias for |EVP_des_ede3|. Use the former instead. +OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_ecb(void); + // EVP_aes_128_cfb128 is only available in decrepit. OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void); +// EVP_bf_ecb is Blowfish in ECB mode and is only available in decrepit. +OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_ecb(void); + +// EVP_bf_cbc is Blowfish in CBC mode and is only available in decrepit. +OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_cbc(void); + +// EVP_bf_cfb is Blowfish in 64-bit CFB mode and is only available in decrepit. +OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_cfb(void); + +// EVP_cast5_ecb is CAST5 in ECB mode and is only available in decrepit. +OPENSSL_EXPORT const EVP_CIPHER *EVP_cast5_ecb(void); + +// EVP_cast5_cbc is CAST5 in CBC mode and is only available in decrepit. +OPENSSL_EXPORT const EVP_CIPHER *EVP_cast5_cbc(void); + // The following flags do nothing and are included only to make it easier to // compile code with BoringSSL. #define EVP_CIPH_CCM_MODE (-1) diff --git a/src/include/openssl/cpu.h b/src/include/openssl/cpu.h index edac98e..ad5fc94 100644 --- a/src/include/openssl/cpu.h +++ b/src/include/openssl/cpu.h @@ -190,6 +190,21 @@ extern unsigned long OPENSSL_ppc64le_hwcap2; #endif // OPENSSL_PPC64LE +#if !defined(NDEBUG) && !defined(BORINGSSL_FIPS) +// Runtime CPU dispatch testing support + +// BORINGSSL_function_hit is an array of flags. The following functions will +// set these flags in non-FIPS builds if NDEBUG is not defined. +// 0: aes_hw_ctr32_encrypt_blocks +// 1: aes_hw_encrypt +// 2: aesni_gcm_encrypt +// 3: aes_hw_set_encrypt_key +// 4: vpaes_encrypt +// 5: vpaes_set_encrypt_key +// 6: bsaes_ctr32_encrypt_blocks +extern uint8_t BORINGSSL_function_hit[7]; +#endif // !NDEBUG && !FIPS + #if defined(__cplusplus) } // extern C diff --git a/src/include/openssl/ec.h b/src/include/openssl/ec.h index 966393e..fcecb62 100644 --- a/src/include/openssl/ec.h +++ b/src/include/openssl/ec.h @@ -133,6 +133,9 @@ OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); // |group| that specifies the order of the group. OPENSSL_EXPORT const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); +// EC_GROUP_order_bits returns the number of bits of the order of |group|. +OPENSSL_EXPORT int EC_GROUP_order_bits(const EC_GROUP *group); + // EC_GROUP_get_cofactor sets |*cofactor| to the cofactor of |group| using // |ctx|, if it's not NULL. It returns one on success and zero otherwise. OPENSSL_EXPORT int EC_GROUP_get_cofactor(const EC_GROUP *group, @@ -159,6 +162,11 @@ OPENSSL_EXPORT unsigned EC_GROUP_get_degree(const EC_GROUP *group); // for |NID_X9_62_prime256v1|. OPENSSL_EXPORT const char *EC_curve_nid2nist(int nid); +// EC_curve_nist2nid returns the NID of the elliptic curve specified by the NIST +// name |name|, or |NID_undef| if |name| is not a recognized name. For example, +// it returns |NID_X9_62_prime256v1| for "P-256". +OPENSSL_EXPORT int EC_curve_nist2nid(const char *name); + // Points on elliptic curves. @@ -317,6 +325,7 @@ OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, OPENSSL_EXPORT void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); #define OPENSSL_EC_NAMED_CURVE 0 +#define OPENSSL_EC_EXPLICIT_CURVE 1 typedef struct ec_method_st EC_METHOD; diff --git a/src/include/openssl/ec_key.h b/src/include/openssl/ec_key.h index 9bc7887..3b1a566 100644 --- a/src/include/openssl/ec_key.h +++ b/src/include/openssl/ec_key.h @@ -177,6 +177,12 @@ OPENSSL_EXPORT int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); +// EC_KEY_key2buf encodes the public key in |key| to an allocated octet string +// and sets |*out_buf| to point to it. It returns the length of the encoded +// octet string or zero if an error occurred. +OPENSSL_EXPORT size_t EC_KEY_key2buf(EC_KEY *key, point_conversion_form_t form, + unsigned char **out_buf, BN_CTX *ctx); + // Key generation. diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h index 1d7192d..c446984 100644 --- a/src/include/openssl/evp.h +++ b/src/include/openssl/evp.h @@ -646,9 +646,23 @@ OPENSSL_EXPORT int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, uint8_t *key, OPENSSL_EXPORT int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); // EVP_PKEY_keygen performs a key generation operation using the values from -// |ctx| and sets |*ppkey| to a fresh |EVP_PKEY| containing the resulting key. +// |ctx|. If |*out_pkey| is non-NULL, it overwrites |*out_pkey| with the +// resulting key. Otherwise, it sets |*out_pkey| to a newly-allocated |EVP_PKEY| +// containing the result. It returns one on success or zero on error. +OPENSSL_EXPORT int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **out_pkey); + +// EVP_PKEY_paramgen_init initialises an |EVP_PKEY_CTX| for a parameter +// generation operation. It should be called before |EVP_PKEY_paramgen|. +// // It returns one on success or zero on error. -OPENSSL_EXPORT int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +OPENSSL_EXPORT int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); + +// EVP_PKEY_paramgen performs a parameter generation using the values from +// |ctx|. If |*out_pkey| is non-NULL, it overwrites |*out_pkey| with the +// resulting parameters, but no key. Otherwise, it sets |*out_pkey| to a +// newly-allocated |EVP_PKEY| containing the result. It returns one on success +// or zero on error. +OPENSSL_EXPORT int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **out_pkey); // Generic control functions. @@ -746,6 +760,15 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, const uint8_t **out_label); +// EC specific control functions. + +// EVP_PKEY_CTX_set_ec_paramgen_curve_nid sets the curve used for +// |EVP_PKEY_keygen| or |EVP_PKEY_paramgen| operations to |nid|. It returns one +// on success and zero on error. +OPENSSL_EXPORT int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, + int nid); + + // Deprecated functions. // EVP_PKEY_DH is defined for compatibility, but it is impossible to create an @@ -826,12 +849,31 @@ OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, OPENSSL_EXPORT EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len); +// d2i_PublicKey parse a public key from |len| bytes at |*inp| in a type- +// specific format specified by |type|. If |out| is not NULL then, on exit, a +// pointer to the result is in |*out|. Note that, even if |*out| is already non- +// NULL on entry, it will not be written to. Rather, a fresh |EVP_PKEY| is +// allocated and the previous one is freed. On successful exit, |*inp| is +// advanced past the decoded key. It returns the result or NULL on error. +// +// RSA keys are parsed as a DER-encoded RSAPublicKey (RFC 3447) structure. +// Parsing EC keys is not supported by this function. +// +// Use |RSA_parse_public_key| instead. +OPENSSL_EXPORT EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **out, + const uint8_t **inp, long len); + // EVP_PKEY_get0_DH returns NULL. OPENSSL_EXPORT DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); // EVP_PKEY_get1_DH returns NULL. OPENSSL_EXPORT DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey); +// EVP_PKEY_CTX_set_ec_param_enc returns one if |encoding| is +// |OPENSSL_EC_NAMED_CURVE| or zero with an error otherwise. +OPENSSL_EXPORT int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, + int encoding); + // Preprocessor compatibility section (hidden). // diff --git a/src/include/openssl/hrss.h b/src/include/openssl/hrss.h index cc5edff..5390696 100644 --- a/src/include/openssl/hrss.h +++ b/src/include/openssl/hrss.h @@ -38,9 +38,8 @@ struct HRSS_public_key { // HRSS_SAMPLE_BYTES is the number of bytes of entropy needed to generate a // short vector. There are 701 coefficients, but the final one is always set to -// zero when sampling. Otherwise, one byte of input is enough to generate two -// coefficients. -#define HRSS_SAMPLE_BYTES ((701 - 1) / 2) +// zero when sampling. Otherwise, we need one byte of input per coefficient. +#define HRSS_SAMPLE_BYTES (701 - 1) // HRSS_GENERATE_KEY_BYTES is the number of bytes of entropy needed to generate // an HRSS key pair. #define HRSS_GENERATE_KEY_BYTES (HRSS_SAMPLE_BYTES + HRSS_SAMPLE_BYTES + 32) @@ -80,7 +79,6 @@ OPENSSL_EXPORT void HRSS_encap(uint8_t out_ciphertext[HRSS_CIPHERTEXT_BYTES], // leak which was done via side-channels. Otherwise it should perform either // action in constant-time. OPENSSL_EXPORT void HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES], - const struct HRSS_public_key *in_pub, const struct HRSS_private_key *in_priv, const uint8_t *ciphertext, size_t ciphertext_len); diff --git a/src/include/openssl/lhash.h b/src/include/openssl/lhash.h index c82bb8e..29e09c8 100644 --- a/src/include/openssl/lhash.h +++ b/src/include/openssl/lhash.h @@ -77,7 +77,7 @@ extern "C" { // int bar; // }; // -// DEFINE_LHASH_OF(struct foo); +// DEFINE_LHASH_OF(struct foo) // // Although note that the hash table will contain /pointers/ to |foo|. // diff --git a/src/include/openssl/mem.h b/src/include/openssl/mem.h index 9f9c00d..4e1c2ca 100644 --- a/src/include/openssl/mem.h +++ b/src/include/openssl/mem.h @@ -136,6 +136,10 @@ OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format, #define CRYPTO_realloc OPENSSL_realloc #define CRYPTO_free OPENSSL_free +// OPENSSL_clear_free calls |OPENSSL_free|. BoringSSL automatically clears all +// allocations on free, but we define |OPENSSL_clear_free| for compatibility. +#define OPENSSL_clear_free(ptr, len) OPENSSL_free(ptr) + #if defined(__cplusplus) } // extern C diff --git a/src/include/openssl/sha.h b/src/include/openssl/sha.h index 2c0dcb7..c9b327d 100644 --- a/src/include/openssl/sha.h +++ b/src/include/openssl/sha.h @@ -244,10 +244,7 @@ OPENSSL_EXPORT void SHA512_Transform(SHA512_CTX *sha, const uint8_t *block); struct sha512_state_st { uint64_t h[8]; uint64_t Nl, Nh; - union { - uint64_t d[16]; - uint8_t p[128]; - } u; + uint8_t p[128]; unsigned num, md_len; }; diff --git a/src/include/openssl/span.h b/src/include/openssl/span.h index 298a722..1d732eb 100644 --- a/src/include/openssl/span.h +++ b/src/include/openssl/span.h @@ -131,8 +131,8 @@ class Span : private internal::SpanBase { T *begin() const { return data_; } const T *cbegin() const { return data_; } - T *end() const { return data_ + size_; }; - const T *cend() const { return end(); }; + T *end() const { return data_ + size_; } + const T *cend() const { return end(); } T &front() const { if (size_ == 0) { diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index 6898674..b28dcf6 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -394,6 +394,26 @@ OPENSSL_EXPORT int SSL_pending(const SSL *ssl); // https://crbug.com/466303. OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num); +// SSL_KEY_UPDATE_REQUESTED indicates that the peer should reply to a KeyUpdate +// message with its own, thus updating traffic secrets for both directions on +// the connection. +#define SSL_KEY_UPDATE_REQUESTED 1 + +// SSL_KEY_UPDATE_NOT_REQUESTED indicates that the peer should not reply with +// it's own KeyUpdate message. +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 + +// SSL_key_update queues a TLS 1.3 KeyUpdate message to be sent on |ssl| +// if one is not already queued. The |request_type| argument must one of the +// |SSL_KEY_UPDATE_*| values. This function requires that |ssl| have completed a +// TLS >= 1.3 handshake. It returns one on success or zero on error. +// +// Note that this function does not _send_ the message itself. The next call to +// |SSL_write| will cause the message to be sent. |SSL_write| may be called with +// a zero length to flush a KeyUpdate message when no application data is +// pending. +OPENSSL_EXPORT int SSL_key_update(SSL *ssl, int request_type); + // SSL_shutdown shuts down |ssl|. It runs in two stages. First, it sends // close_notify and returns zero or one on success or -1 on failure. Zero // indicates that close_notify was sent, but not received, and one additionally @@ -599,9 +619,6 @@ OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl); #define DTLS1_VERSION 0xfeff #define DTLS1_2_VERSION 0xfefd -#define TLS1_3_DRAFT23_VERSION 0x7f17 -#define TLS1_3_DRAFT28_VERSION 0x7f1c - // SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to // |version|. If |version| is zero, the default minimum version is used. It // returns one on success and zero if |version| is invalid. @@ -864,8 +881,9 @@ OPENSSL_EXPORT int SSL_clear_chain_certs(SSL *ssl); // |SSL_get_client_CA_list| for information on the server's certificate // request. // -// On the server, the callback will be called on non-resumption handshakes, -// after extensions have been processed. +// On the server, the callback will be called after extensions have been +// processed, but before the resumption decision has been made. This differs +// from OpenSSL which handles resumption before selecting the certificate. OPENSSL_EXPORT void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, void *arg), void *arg); @@ -878,6 +896,10 @@ OPENSSL_EXPORT void SSL_CTX_set_cert_cb(SSL_CTX *ctx, // On the client, the callback may call |SSL_get0_certificate_types| and // |SSL_get_client_CA_list| for information on the server's certificate // request. +// +// On the server, the callback will be called after extensions have been +// processed, but before the resumption decision has been made. This differs +// from OpenSSL which handles resumption before selecting the certificate. OPENSSL_EXPORT void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), void *arg); @@ -3037,6 +3059,41 @@ OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(const SSL *ssl, size_t *out_params_len); +// Delegated credentials. +// +// *** EXPERIMENTAL — PRONE TO CHANGE *** +// +// draft-ietf-tls-subcerts is a proposed extension for TLS 1.3 and above that +// allows an end point to use its certificate to delegate credentials for +// authentication. If the peer indicates support for this extension, then this +// host may use a delegated credential to sign the handshake. Once issued, +// credentials can't be revoked. In order to mitigate the damage in case the +// credential secret key is compromised, the credential is only valid for a +// short time (days, hours, or even minutes). This library implements draft-02 +// of the protocol spec. +// +// The extension ID has not been assigned; we're using 0xff02 for the time +// being. Currently only the server side is implemented. +// +// Servers configure a DC for use in the handshake via +// |SSL_set1_delegated_credential|. It must be signed by the host's end-entity +// certificate as defined in draft-ietf-tls-subcerts-03. + +// SSL_set1_delegated_credential configures the delegated credential (DC) that +// will be sent to the peer for the current connection. |dc| is the DC in wire +// format, and |pkey| or |key_method| is the corresponding private key. +// Currently (as of draft-02), only servers may configure a DC to use in the +// handshake. +// +// The DC will only be used if the protocol version is correct and the signature +// scheme is supported by the peer. If not, the DC will not be negotiated and +// the handshake will use the private key (or private key method) associated +// with the certificate. +OPENSSL_EXPORT int SSL_set1_delegated_credential( + SSL *ssl, CRYPTO_BUFFER *dc, EVP_PKEY *pkey, + const SSL_PRIVATE_KEY_METHOD *key_method); + + // QUIC integration. // // QUIC acts as an underlying transport for the TLS 1.3 handshake. The following @@ -3153,6 +3210,12 @@ OPENSSL_EXPORT int SSL_process_quic_post_handshake(SSL *ssl); OPENSSL_EXPORT int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); +// SSL_set_quic_method configures the QUIC hooks. This should only be +// configured with a minimum version of TLS 1.3. |quic_method| must remain valid +// for the lifetime of |ssl|. It returns one on success and zero on error. +OPENSSL_EXPORT int SSL_set_quic_method(SSL *ssl, + const SSL_QUIC_METHOD *quic_method); + // Early data. // @@ -3498,28 +3561,6 @@ OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl); // performed by |ssl|. This includes the pending renegotiation, if any. OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl); -// tls13_variant_t determines what TLS 1.3 variant to negotiate. -enum tls13_variant_t { - tls13_rfc = 0, - tls13_draft23, - tls13_draft28, - // tls13_all enables all variants of TLS 1.3, to keep the transition smooth as - // early adopters move to the final version. - tls13_all, -}; - -// SSL_CTX_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the -// server, if |variant| is not |tls13_default|, all variants are enabled. On the -// client, only the configured variant is enabled. -OPENSSL_EXPORT void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, - enum tls13_variant_t variant); - -// SSL_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the -// server, if |variant| is not |tls13_default|, all variants are enabled. On the -// client, only the configured variant is enabled. -OPENSSL_EXPORT void SSL_set_tls13_variant(SSL *ssl, - enum tls13_variant_t variant); - // SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer // certificate chain. #define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100) @@ -3630,6 +3671,12 @@ OPENSSL_EXPORT void SSL_CTX_set_dos_protection_cb( // respected on clients. OPENSSL_EXPORT void SSL_CTX_set_reverify_on_resume(SSL_CTX *ctx, int enabled); +// SSL_set_enforce_rsa_key_usage configures whether the keyUsage extension of +// RSA leaf certificates will be checked for consistency with the TLS +// usage. This parameter may be set late; it will not be read until after the +// certificate verification callback. +OPENSSL_EXPORT void SSL_set_enforce_rsa_key_usage(SSL *ssl, int enabled); + // SSL_ST_* are possible values for |SSL_state|, the bitmasks that make them up, // and some historical values for compatibility. Only |SSL_ST_INIT| and // |SSL_ST_OK| are ever returned. @@ -3793,12 +3840,12 @@ OPENSSL_EXPORT void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore); // mechanism would have aborted |ssl|'s handshake and zero otherwise. OPENSSL_EXPORT int SSL_is_tls13_downgrade(const SSL *ssl); -// SSL_set_jdk11_workaround configures whether to workaround a bug in JDK 11's -// TLS 1.3 implementation. Prior to 11.0.2, JDK 11 fails to send SNI in -// connections which offer a TLS 1.3 session. Enabling this workaround will -// disable TLS 1.3 on such clients. +// SSL_set_jdk11_workaround configures whether to workaround various bugs in +// JDK 11's TLS 1.3 implementation by disabling TLS 1.3 for such clients. // -// See also https://bugs.openjdk.java.net/browse/JDK-8211806. +// https://bugs.openjdk.java.net/browse/JDK-8211806 +// https://bugs.openjdk.java.net/browse/JDK-8212885 +// https://bugs.openjdk.java.net/browse/JDK-8213202 OPENSSL_EXPORT void SSL_set_jdk11_workaround(SSL *ssl, int enable); @@ -4146,6 +4193,7 @@ DEFINE_STACK_OF(SSL_COMP) #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0 #define SSL_OP_NO_COMPRESSION 0 +#define SSL_OP_NO_RENEGOTIATION 0 // ssl_renegotiate_never is the default #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0 #define SSL_OP_NO_SSLv2 0 #define SSL_OP_NO_SSLv3 0 @@ -4931,6 +4979,9 @@ BSSL_NAMESPACE_END #define SSL_R_TLS13_DOWNGRADE 297 #define SSL_R_QUIC_INTERNAL_ERROR 298 #define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED 299 +#define SSL_R_TOO_MUCH_READ_EARLY_DATA 300 +#define SSL_R_INVALID_DELEGATED_CREDENTIAL 301 +#define SSL_R_KEY_USAGE_BIT_INCORRECT 302 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 @@ -4963,6 +5014,5 @@ BSSL_NAMESPACE_END #define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 #define SSL_R_TLSV1_UNKNOWN_PSK_IDENTITY 1115 #define SSL_R_TLSV1_CERTIFICATE_REQUIRED 1116 -#define SSL_R_TOO_MUCH_READ_EARLY_DATA 1117 #endif // OPENSSL_HEADER_SSL_H diff --git a/src/include/openssl/stack.h b/src/include/openssl/stack.h index 924228a..04e942c 100644 --- a/src/include/openssl/stack.h +++ b/src/include/openssl/stack.h @@ -78,7 +78,7 @@ extern "C" { // int bar; // } FOO; // -// DEFINE_STACK_OF(FOO); +// DEFINE_STACK_OF(FOO) // // Although note that the stack will contain /pointers/ to |FOO|. // diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h index 937be6b..384d102 100644 --- a/src/include/openssl/tls1.h +++ b/src/include/openssl/tls1.h @@ -231,6 +231,10 @@ extern "C" { // ExtensionType value from RFC5746 #define TLSEXT_TYPE_renegotiate 0xff01 +// ExtensionType value from draft-ietf-tls-subcerts. This is not an IANA defined +// extension number. +#define TLSEXT_TYPE_delegated_credential 0xff02 + // ExtensionType value from RFC6962 #define TLSEXT_TYPE_certificate_timestamp 18 diff --git a/src/infra/config/README.md b/src/infra/config/README.md deleted file mode 100644 index fa0bbc4..0000000 --- a/src/infra/config/README.md +++ /dev/null @@ -1,6 +0,0 @@ -Infrastructure location. - -This contains Commit Queue config for automatic testing of changes before they -are committed. - -Initial set up bug: http://crbug.com/618641. diff --git a/src/infra/config/cq.cfg b/src/infra/config/cq.cfg deleted file mode 100644 index f4cb180..0000000 --- a/src/infra/config/cq.cfg +++ /dev/null @@ -1,74 +0,0 @@ -# See http://luci-config.appspot.com/schemas/projects/refs:cq.cfg for the -# documentation of this file format. -version: 1 -git_repo_url: "https://boringssl.googlesource.com/boringssl" -cq_status_url: "https://chromium-cq-status.appspot.com" -gerrit {} -verifiers { - gerrit_cq_ability { - committer_list: "project-boringssl-committers" - dry_run_access_list: "project-boringssl-tryjob-access" - } - try_job { - buckets { - name: "luci.boringssl.try" - - builders { - name: "android_aarch64" - experiment_percentage: 1 - } - builders { - name: "android_aarch64_rel" - experiment_percentage: 1 - } - builders { - name: "android_arm" - experiment_percentage: 1 - } - builders { - name: "android_arm_rel" - experiment_percentage: 1 - } - - builders { name: "linux" } - builders { name: "linux32" } - builders { name: "linux32_rel" } - builders { name: "linux_clang_rel" } - builders { name: "linux_fuzz" } - builders { name: "linux_noasm_asan" } - builders { name: "linux_nothreads" } - builders { name: "linux_rel" } - builders { name: "linux_shared" } - builders { name: "linux_small" } - - builders { name: "mac" } - builders { name: "mac_rel" } - builders { name: "mac_small" } - - builders { name: "win32" } - builders { name: "win32_rel" } - builders { name: "win32_small" } - builders { name: "win64" } - builders { name: "win64_rel" } - builders { name: "win64_small" } - builders { name: "win32_vs2017_compile" } - builders { name: "win64_vs2017_compile" } - builders { name: "win32_clang_vs2017_compile" } - builders { name: "win64_clang_vs2017_compile" } - - builders { name: "linux_fips" } - builders { name: "linux_fips_rel" } - builders { name: "linux_fips_clang" } - builders { name: "linux_fips_clang_rel" } - builders { name: "linux_fips_noasm_asan" } - - builders { name: "ios_compile" } - builders { name: "ios64_compile" } - - builders { name: "android_arm_compile" } - builders { name: "android_aarch64_compile" } - - builders { name: "docs" } - } - } -} diff --git a/src/ssl/CMakeLists.txt b/src/ssl/CMakeLists.txt index d6c1294..dc89dca 100644 --- a/src/ssl/CMakeLists.txt +++ b/src/ssl/CMakeLists.txt @@ -52,12 +52,11 @@ add_executable( ssl_test.cc $ - $ ) add_dependencies(ssl_test global_target) -target_link_libraries(ssl_test ssl crypto boringssl_gtest) +target_link_libraries(ssl_test test_support_lib boringssl_gtest ssl crypto) if(WIN32) target_link_libraries(ssl_test ws2_32) endif() diff --git a/src/ssl/handshake.cc b/src/ssl/handshake.cc index 058a793..89be48f 100644 --- a/src/ssl/handshake.cc +++ b/src/ssl/handshake.cc @@ -135,6 +135,7 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg) cert_request(false), certificate_status_expected(false), ocsp_stapling_requested(false), + delegated_credential_requested(false), should_ack_sni(false), in_false_start(false), in_early_data(false), @@ -544,7 +545,7 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) { case ssl_hs_read_server_hello: case ssl_hs_read_message: case ssl_hs_read_change_cipher_spec: { - if (ssl->ctx->quic_method) { + if (ssl->quic_method) { hs->wait = ssl_hs_ok; // The change cipher spec is omitted in QUIC. if (hs->wait != ssl_hs_read_change_cipher_spec) { diff --git a/src/ssl/handshake_client.cc b/src/ssl/handshake_client.cc index 0274dc2..b0de670 100644 --- a/src/ssl/handshake_client.cc +++ b/src/ssl/handshake_client.cc @@ -416,8 +416,6 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) { return ssl_hs_error; } - // Initialize a random session ID for the experimental TLS 1.3 variant - // requiring a session id. if (ssl->session != nullptr && !ssl->s3->initial_handshake_complete && ssl->session->session_id_length > 0) { @@ -425,6 +423,7 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) { OPENSSL_memcpy(hs->session_id, ssl->session->session_id, hs->session_id_len); } else if (hs->max_version >= TLS1_3_VERSION) { + // Initialize a random session ID. hs->session_id_len = sizeof(hs->session_id); if (!RAND_bytes(hs->session_id, hs->session_id_len)) { return ssl_hs_error; @@ -1219,7 +1218,7 @@ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) { } } - if (!ssl_has_certificate(hs->config)) { + if (!ssl_has_certificate(hs)) { // Without a client certificate, the handshake buffer may be released. hs->transcript.FreeBuffer(); } @@ -1249,6 +1248,27 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) { Array pms; uint32_t alg_k = hs->new_cipher->algorithm_mkey; uint32_t alg_a = hs->new_cipher->algorithm_auth; + if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) { + CRYPTO_BUFFER *leaf = + sk_CRYPTO_BUFFER_value(hs->new_session->certs.get(), 0); + CBS leaf_cbs; + CBS_init(&leaf_cbs, CRYPTO_BUFFER_data(leaf), CRYPTO_BUFFER_len(leaf)); + + // Check the key usage matches the cipher suite. We do this unconditionally + // for non-RSA certificates. In particular, it's needed to distinguish ECDH + // certificates, which we do not support, from ECDSA certificates. + // Historically, we have not checked RSA key usages, so it is controlled by + // a flag for now. See https://crbug.com/795089. + ssl_key_usage_t intended_use = (alg_k & SSL_kRSA) + ? key_usage_encipherment + : key_usage_digital_signature; + if (ssl->config->enforce_rsa_key_usage || + EVP_PKEY_id(hs->peer_pubkey.get()) != EVP_PKEY_RSA) { + if (!ssl_cert_check_key_usage(&leaf_cbs, intended_use)) { + return ssl_hs_error; + } + } + } // If using a PSK key exchange, prepare the pre-shared key. unsigned psk_len = 0; @@ -1386,12 +1406,12 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) { static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; - if (!hs->cert_request || !ssl_has_certificate(hs->config)) { + if (!hs->cert_request || !ssl_has_certificate(hs)) { hs->state = state_send_client_finished; return ssl_hs_ok; } - assert(ssl_has_private_key(hs->config)); + assert(ssl_has_private_key(hs)); ScopedCBB cbb; CBB body, child; if (!ssl->method->init_message(ssl, cbb.get(), &body, diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc index 8b3b942..cb4e9d1 100644 --- a/src/ssl/handshake_server.cc +++ b/src/ssl/handshake_server.cc @@ -303,7 +303,7 @@ static void ssl_get_compatible_server_ciphers(SSL_HANDSHAKE *hs, uint32_t mask_k = 0; uint32_t mask_a = 0; - if (ssl_has_certificate(hs->config)) { + if (ssl_has_certificate(hs)) { mask_a |= ssl_cipher_auth_mask_for_key(hs->local_pubkey.get()); if (EVP_PKEY_id(hs->local_pubkey.get()) == EVP_PKEY_RSA) { mask_k |= SSL_kRSA; @@ -402,8 +402,7 @@ static enum ssl_hs_wait_t do_start_accept(SSL_HANDSHAKE *hs) { } // is_probably_jdk11_with_tls13 returns whether |client_hello| was probably sent -// from a JDK 11 client (11.0.1 or earlier) with both TLS 1.3 and a prior -// version enabled. +// from a JDK 11 client with both TLS 1.3 and a prior version enabled. static bool is_probably_jdk11_with_tls13(const SSL_CLIENT_HELLO *client_hello) { // JDK 11 ClientHellos contain a number of unusual properties which should // limit false positives. @@ -868,7 +867,7 @@ static enum ssl_hs_wait_t do_send_server_certificate(SSL_HANDSHAKE *hs) { ScopedCBB cbb; if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) { - if (!ssl_has_certificate(hs->config)) { + if (!ssl_has_certificate(hs)) { OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_SET); return ssl_hs_error; } @@ -974,7 +973,7 @@ static enum ssl_hs_wait_t do_send_server_key_exchange(SSL_HANDSHAKE *hs) { // Add a signature. if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) { - if (!ssl_has_private_key(hs->config)) { + if (!ssl_has_private_key(hs)) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); return ssl_hs_error; } @@ -1226,6 +1225,8 @@ static enum ssl_hs_wait_t do_read_client_key_exchange(SSL_HANDSHAKE *hs) { return ssl_hs_error; } + CONSTTIME_SECRET(decrypt_buf.data(), decrypt_len); + // Prepare a random premaster, to be used on invalid padding. See RFC 5246, // section 7.4.7.1. if (!premaster_secret.Init(SSL_MAX_MASTER_KEY_LENGTH) || @@ -1348,6 +1349,8 @@ static enum ssl_hs_wait_t do_read_client_key_exchange(SSL_HANDSHAKE *hs) { return ssl_hs_error; } hs->new_session->extended_master_secret = hs->extended_master_secret; + CONSTTIME_DECLASSIFY(hs->new_session->master_key, + hs->new_session->master_key_length); ssl->method->next_message(ssl); hs->state = state12_read_client_certificate_verify; diff --git a/src/ssl/internal.h b/src/ssl/internal.h index bbce7ec..0df9a5f 100644 --- a/src/ssl/internal.h +++ b/src/ssl/internal.h @@ -359,8 +359,7 @@ OPENSSL_EXPORT bool CBBFinishArray(CBB *cbb, Array *out); // Protocol versions. // -// Due to DTLS's historical wire version differences and to support multiple -// variants of the same protocol during development, we maintain two notions of +// Due to DTLS's historical wire version differences, we maintain two notions of // version. // // The "version" or "wire version" is the actual 16-bit value that appears on @@ -369,9 +368,8 @@ OPENSSL_EXPORT bool CBBFinishArray(CBB *cbb, Array *out); // versions are opaque values and may not be compared numerically. // // The "protocol version" identifies the high-level handshake variant being -// used. DTLS versions map to the corresponding TLS versions. Draft TLS 1.3 -// variants all map to TLS 1.3. Protocol versions are sequential and may be -// compared numerically. +// used. DTLS versions map to the corresponding TLS versions. Protocol versions +// are sequential and may be compared numerically. // ssl_protocol_version_from_wire sets |*out| to the protocol version // corresponding to wire version |version| and returns true. If |version| is not @@ -408,10 +406,6 @@ bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert, // call this function before the version is determined. uint16_t ssl_protocol_version(const SSL *ssl); -// ssl_is_draft28 returns whether the version corresponds to a draft28 TLS 1.3 -// variant. -bool ssl_is_draft28(uint16_t version); - // Cipher suites. BSSL_NAMESPACE_END @@ -785,8 +779,6 @@ class SSLAEADContext { // omit_length_in_ad_ is true if the length should be omitted in the // AEAD's ad parameter. bool omit_length_in_ad_ : 1; - // omit_ad_ is true if the AEAD's ad parameter should be omitted. - bool omit_ad_ : 1; // ad_is_header_ is true if the AEAD's ad parameter is the record header. bool ad_is_header_ : 1; }; @@ -919,8 +911,8 @@ enum ssl_open_record_t ssl_process_alert(SSL *ssl, uint8_t *out_alert, // Private key operations. -// ssl_has_private_key returns whether |cfg| has a private key configured. -bool ssl_has_private_key(const SSL_CONFIG *cfg); +// ssl_has_private_key returns whether |hs| has a private key configured. +bool ssl_has_private_key(const SSL_HANDSHAKE *hs); // ssl_private_key_* perform the corresponding operation on // |SSL_PRIVATE_KEY_METHOD|. If there is a custom private key configured, they @@ -1173,7 +1165,7 @@ int ssl_write_buffer_flush(SSL *ssl); // ssl_has_certificate returns whether a certificate and private key are // configured. -bool ssl_has_certificate(const SSL_CONFIG *cfg); +bool ssl_has_certificate(const SSL_HANDSHAKE *hs); // ssl_parse_cert_chain parses a certificate list from |cbs| in the format used // by a TLS Certificate message. On success, it advances |cbs| and returns @@ -1197,11 +1189,15 @@ bool ssl_parse_cert_chain(uint8_t *out_alert, // an empty certificate list. It returns true on success and false on error. bool ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb); -// ssl_cert_check_digital_signature_key_usage parses the DER-encoded, X.509 -// certificate in |in| and returns true if doesn't specify a key usage or, if it -// does, if it includes digitalSignature. Otherwise it pushes to the error queue -// and returns false. -bool ssl_cert_check_digital_signature_key_usage(const CBS *in); +enum ssl_key_usage_t { + key_usage_digital_signature = 0, + key_usage_encipherment = 2, +}; + +// ssl_cert_check_key_usage parses the DER-encoded, X.509 certificate in |in| +// and returns true if doesn't specify a key usage or, if it does, if it +// includes |bit|. Otherwise it pushes to the error queue and returns false. +bool ssl_cert_check_key_usage(const CBS *in, enum ssl_key_usage_t bit); // ssl_cert_parse_pubkey extracts the public key from the DER-encoded, X.509 // certificate in |in|. It returns an allocated |EVP_PKEY| or else returns @@ -1299,8 +1295,7 @@ bool tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, // tls13_derive_session_psk calculates the PSK for this session based on the // resumption master secret and |nonce|. It returns true on success, and false // on failure. -bool tls13_derive_session_psk(SSL_SESSION *session, Span nonce, - bool use_quic); +bool tls13_derive_session_psk(SSL_SESSION *session, Span nonce); // tls13_write_psk_binder calculates the PSK binder value and replaces the last // bytes of |msg| with the resulting value. It returns true on success, and @@ -1379,6 +1374,46 @@ enum handback_t { handback_after_handshake, }; + +// Delegated credentials. + +// This structure stores a delegated credential (DC) as defined by +// draft-ietf-tls-subcerts-03. +struct DC { + static constexpr bool kAllowUniquePtr = true; + ~DC(); + + // Dup returns a copy of this DC and takes references to |raw| and |pkey|. + UniquePtr Dup(); + + // Parse parses the delegated credential stored in |in|. If successful it + // returns the parsed structure, otherwise it returns |nullptr| and sets + // |*out_alert|. + static UniquePtr Parse(CRYPTO_BUFFER *in, uint8_t *out_alert); + + // raw is the delegated credential encoded as specified in draft-ietf-tls- + // subcerts-02. + UniquePtr raw; + + // expected_cert_verify_algorithm is the signature scheme of the DC public + // key. + uint16_t expected_cert_verify_algorithm = 0; + + // pkey is the public key parsed from |public_key|. + UniquePtr pkey; + + private: + friend DC* New(); + DC(); +}; + +// ssl_signing_with_dc returns true if the peer has indicated support for +// delegated credentials and this host has sent a delegated credential in +// response. If this is true then we've committed to using the DC in the +// handshake. +bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs); + + struct SSL_HANDSHAKE { explicit SSL_HANDSHAKE(SSL *ssl); ~SSL_HANDSHAKE(); @@ -1550,6 +1585,10 @@ struct SSL_HANDSHAKE { // ocsp_stapling_requested is true if a client requested OCSP stapling. bool ocsp_stapling_requested : 1; + // delegated_credential_requested is true if the peer indicated support for + // the delegated credential extension. + bool delegated_credential_requested : 1; + // should_ack_sni is used by a server and indicates that the SNI extension // should be echoed in the ServerHello. bool should_ack_sni : 1; @@ -1614,8 +1653,7 @@ struct SSL_HANDSHAKE { // record layer. uint16_t early_data_written = 0; - // session_id is the session ID in the ClientHello, used for the experimental - // TLS 1.3 variant. + // session_id is the session ID in the ClientHello. uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH] = {0}; uint8_t session_id_len = 0; @@ -1649,6 +1687,11 @@ const char *ssl_server_handshake_state(SSL_HANDSHAKE *hs); const char *tls13_client_handshake_state(SSL_HANDSHAKE *hs); const char *tls13_server_handshake_state(SSL_HANDSHAKE *hs); +// tls13_add_key_update queues a KeyUpdate message on |ssl|. The +// |update_requested| argument must be one of |SSL_KEY_UPDATE_REQUESTED| or +// |SSL_KEY_UPDATE_NOT_REQUESTED|. +bool tls13_add_key_update(SSL *ssl, int update_requested); + // tls13_post_handshake processes a post-handshake message. It returns true on // success and false on failure. bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg); @@ -1791,6 +1834,15 @@ bool tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey); // supported. It returns true on success and false on error. bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out); +// tls1_get_peer_verify_algorithms returns the signature schemes for which the +// peer indicated support. +// +// NOTE: The related function |SSL_get0_peer_verify_algorithms| only has +// well-defined behavior during the callbacks set by |SSL_CTX_set_cert_cb| and +// |SSL_CTX_set_client_cert_cb|, or when the handshake is paused because of +// them. +Span tls1_get_peer_verify_algorithms(const SSL_HANDSHAKE *hs); + // tls12_add_verify_sigalgs adds the signature algorithms acceptable for the // peer signature to |out|. It returns true on success and false on error. If // |for_certs| is true, the potentially more restrictive list of algorithms for @@ -1884,6 +1936,19 @@ struct CERT { // ticket key. Only sessions with a matching value will be accepted. uint8_t sid_ctx_length = 0; uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH] = {0}; + + // Delegated credentials. + + // dc is the delegated credential to send to the peer (if requested). + UniquePtr dc = nullptr; + + // dc_privatekey is used instead of |privatekey| or |key_method| to + // authenticate the host if a delegated credential is used in the handshake. + UniquePtr dc_privatekey = nullptr; + + // dc_key_method, if not NULL, is used instead of |dc_privatekey| to + // authenticate the host. + const SSL_PRIVATE_KEY_METHOD *dc_key_method = nullptr; }; // |SSL_PROTOCOL_METHOD| abstracts between TLS and DTLS. @@ -2049,7 +2114,7 @@ BSSL_NAMESPACE_END DEFINE_LHASH_OF(SSL_SESSION) -DEFINE_NAMED_STACK_OF(CertCompressionAlg, bssl::CertCompressionAlg); +DEFINE_NAMED_STACK_OF(CertCompressionAlg, bssl::CertCompressionAlg) BSSL_NAMESPACE_BEGIN @@ -2479,6 +2544,11 @@ struct SSL_CONFIG { // advertise support. bool channel_id_enabled : 1; + // If enforce_rsa_key_usage is true, the handshake will fail if the + // keyUsage extension is present and incompatible with the TLS usage. + // This field is not read until after certificate verification. + bool enforce_rsa_key_usage : 1; + // retain_only_sha256_of_client_certs is true if we should compute the SHA256 // hash of the peer's certificate and then discard it to save memory and // session space. Only effective on the server side. @@ -2506,10 +2576,6 @@ struct SSL_CONFIG { // From RFC 8446, used in determining PSK modes. #define SSL_PSK_DHE_KE 0x1 -// From RFC 8446, used in determining whether to respond with a KeyUpdate. -#define SSL_KEY_UPDATE_NOT_REQUESTED 0 -#define SSL_KEY_UPDATE_REQUESTED 1 - // kMaxEarlyDataAccepted is the advertised number of plaintext bytes of early // data that will be accepted. This value should be slightly below // kMaxEarlyDataSkipped in tls_record.c, which is measured in ciphertext. @@ -2834,10 +2900,6 @@ struct ssl_ctx_st { // quic_method is the method table corresponding to the QUIC hooks. const SSL_QUIC_METHOD *quic_method = nullptr; - // tls13_variant is the variant of TLS 1.3 we are using for this - // configuration. - tls13_variant_t tls13_variant = tls13_rfc; - bssl::UniquePtr cipher_list; X509_STORE *cert_store = nullptr; @@ -3163,10 +3225,6 @@ struct ssl_st { // second. unsigned initial_timeout_duration_ms = 1000; - // tls13_variant is the variant of TLS 1.3 we are using for this - // configuration. - tls13_variant_t tls13_variant = tls13_rfc; - // session is the configured session to be offered by the client. This session // is immutable. bssl::UniquePtr session; @@ -3187,6 +3245,9 @@ struct ssl_st { uint32_t max_cert_list = 0; bssl::UniquePtr hostname; + // quic_method is the method table corresponding to the QUIC hooks. + const SSL_QUIC_METHOD *quic_method = nullptr; + // renegotiate_mode controls how peer renegotiation attempts are handled. ssl_renegotiate_mode_t renegotiate_mode = ssl_renegotiate_never; diff --git a/src/ssl/s3_both.cc b/src/ssl/s3_both.cc index f835dc2..aec6cae 100644 --- a/src/ssl/s3_both.cc +++ b/src/ssl/s3_both.cc @@ -188,14 +188,12 @@ bool ssl3_add_message(SSL *ssl, Array msg) { // unnecessary encryption overhead, notably in TLS 1.3 where we send several // encrypted messages in a row. For now, we do not do this for the null // cipher. The benefit is smaller and there is a risk of breaking buggy - // implementations. Additionally, we tie this to draft-28 as a sanity check, - // on the off chance middleboxes have fixated on sizes. + // implementations. // // TODO(davidben): See if we can do this uniformly. Span rest = msg; - if (ssl->ctx->quic_method == nullptr && - (ssl->s3->aead_write_ctx->is_null_cipher() || - ssl->version == TLS1_3_DRAFT23_VERSION)) { + if (ssl->quic_method == nullptr && + ssl->s3->aead_write_ctx->is_null_cipher()) { while (!rest.empty()) { Span chunk = rest.subspan(0, ssl->max_send_fragment); rest = rest.subspan(chunk.size()); @@ -250,9 +248,9 @@ bool tls_flush_pending_hs_data(SSL *ssl) { auto data = MakeConstSpan(reinterpret_cast(pending_hs_data->data), pending_hs_data->length); - if (ssl->ctx->quic_method) { - if (!ssl->ctx->quic_method->add_handshake_data(ssl, ssl->s3->write_level, - data.data(), data.size())) { + if (ssl->quic_method) { + if (!ssl->quic_method->add_handshake_data(ssl, ssl->s3->write_level, + data.data(), data.size())) { OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR); return false; } @@ -269,7 +267,7 @@ bool ssl3_add_change_cipher_spec(SSL *ssl) { return false; } - if (!ssl->ctx->quic_method && + if (!ssl->quic_method && !add_record_to_flight(ssl, SSL3_RT_CHANGE_CIPHER_SPEC, kChangeCipherSpec)) { return false; @@ -285,13 +283,13 @@ int ssl3_flush_flight(SSL *ssl) { return -1; } - if (ssl->ctx->quic_method) { + if (ssl->quic_method) { if (ssl->s3->write_shutdown != ssl_shutdown_none) { OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN); return -1; } - if (!ssl->ctx->quic_method->flush_flight(ssl)) { + if (!ssl->quic_method->flush_flight(ssl)) { OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR); return -1; } diff --git a/src/ssl/s3_pkt.cc b/src/ssl/s3_pkt.cc index f0ae8a2..abc6798 100644 --- a/src/ssl/s3_pkt.cc +++ b/src/ssl/s3_pkt.cc @@ -232,25 +232,29 @@ static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len) { return -1; } - if (len == 0) { - return 0; - } - if (!tls_flush_pending_hs_data(ssl)) { return -1; } + size_t flight_len = 0; if (ssl->s3->pending_flight != nullptr) { flight_len = ssl->s3->pending_flight->length - ssl->s3->pending_flight_offset; } - size_t max_out = len + SSL_max_seal_overhead(ssl); - if (max_out < len || max_out + flight_len < max_out) { - OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); - return -1; + size_t max_out = flight_len; + if (len > 0) { + const size_t max_ciphertext_len = len + SSL_max_seal_overhead(ssl); + if (max_ciphertext_len < len || max_out + max_ciphertext_len < max_out) { + OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); + return -1; + } + max_out += max_ciphertext_len; + } + + if (max_out == 0) { + return 0; } - max_out += flight_len; if (!buf->EnsureCap(flight_len + ssl_seal_align_prefix_len(ssl), max_out)) { return -1; @@ -270,12 +274,14 @@ static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len) { buf->DidWrite(flight_len); } - size_t ciphertext_len; - if (!tls_seal_record(ssl, buf->remaining().data(), &ciphertext_len, - buf->remaining().size(), type, in, len)) { - return -1; + if (len > 0) { + size_t ciphertext_len; + if (!tls_seal_record(ssl, buf->remaining().data(), &ciphertext_len, + buf->remaining().size(), type, in, len)) { + return -1; + } + buf->DidWrite(ciphertext_len); } - buf->DidWrite(ciphertext_len); // Now that we've made progress on the connection, uncork KeyUpdate // acknowledgments. @@ -404,9 +410,9 @@ int ssl_send_alert(SSL *ssl, int level, int desc) { } int ssl3_dispatch_alert(SSL *ssl) { - if (ssl->ctx->quic_method) { - if (!ssl->ctx->quic_method->send_alert(ssl, ssl->s3->write_level, - ssl->s3->send_alert[1])) { + if (ssl->quic_method) { + if (!ssl->quic_method->send_alert(ssl, ssl->s3->write_level, + ssl->s3->send_alert[1])) { OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR); return 0; } diff --git a/src/ssl/ssl_aead_ctx.cc b/src/ssl/ssl_aead_ctx.cc index f01b57d..0bad266 100644 --- a/src/ssl/ssl_aead_ctx.cc +++ b/src/ssl/ssl_aead_ctx.cc @@ -42,7 +42,6 @@ SSLAEADContext::SSLAEADContext(uint16_t version_arg, bool is_dtls_arg, random_variable_nonce_(false), xor_fixed_nonce_(false), omit_length_in_ad_(false), - omit_ad_(false), ad_is_header_(false) { OPENSSL_memset(fixed_nonce_, 0, sizeof(fixed_nonce_)); } @@ -134,11 +133,7 @@ UniquePtr SSLAEADContext::Create( aead_ctx->xor_fixed_nonce_ = true; aead_ctx->variable_nonce_len_ = 8; aead_ctx->variable_nonce_included_in_record_ = false; - if (ssl_is_draft28(version)) { - aead_ctx->ad_is_header_ = true; - } else { - aead_ctx->omit_ad_ = true; - } + aead_ctx->ad_is_header_ = true; assert(fixed_iv.size() >= aead_ctx->variable_nonce_len_); } } else { @@ -231,10 +226,6 @@ Span SSLAEADContext::GetAdditionalData( return header; } - if (omit_ad_) { - return {}; - } - OPENSSL_memcpy(storage, seqnum, 8); size_t len = 8; storage[len++] = type; diff --git a/src/ssl/ssl_cert.cc b/src/ssl/ssl_cert.cc index 37d6501..1b01e7f 100644 --- a/src/ssl/ssl_cert.cc +++ b/src/ssl/ssl_cert.cc @@ -180,6 +180,16 @@ UniquePtr ssl_cert_dup(CERT *cert) { ret->sid_ctx_length = cert->sid_ctx_length; OPENSSL_memcpy(ret->sid_ctx, cert->sid_ctx, sizeof(ret->sid_ctx)); + if (cert->dc) { + ret->dc = cert->dc->Dup(); + if (!ret->dc) { + return nullptr; + } + } + + ret->dc_privatekey = UpRef(cert->dc_privatekey); + ret->dc_key_method = cert->dc_key_method; + return ret; } @@ -194,6 +204,10 @@ void ssl_cert_clear_certs(CERT *cert) { cert->chain.reset(); cert->privatekey.reset(); cert->key_method = nullptr; + + cert->dc.reset(); + cert->dc_privatekey.reset(); + cert->dc_key_method = nullptr; } static void ssl_cert_set_cert_cb(CERT *cert, int (*cb)(SSL *ssl, void *arg), @@ -232,7 +246,7 @@ static enum leaf_cert_and_privkey_result_t check_leaf_cert_and_privkey( // An ECC certificate may be usable for ECDH or ECDSA. We only support ECDSA // certificates, so sanity-check the key usage extension. if (pubkey->type == EVP_PKEY_EC && - !ssl_cert_check_digital_signature_key_usage(&cert_cbs)) { + !ssl_cert_check_key_usage(&cert_cbs, key_usage_digital_signature)) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE); return leaf_cert_and_privkey_error; } @@ -324,10 +338,10 @@ bool ssl_set_cert(CERT *cert, UniquePtr buffer) { return true; } -bool ssl_has_certificate(const SSL_CONFIG *cfg) { - return cfg->cert->chain != nullptr && - sk_CRYPTO_BUFFER_value(cfg->cert->chain.get(), 0) != nullptr && - ssl_has_private_key(cfg); +bool ssl_has_certificate(const SSL_HANDSHAKE *hs) { + return hs->config->cert->chain != nullptr && + sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0) != nullptr && + ssl_has_private_key(hs); } bool ssl_parse_cert_chain(uint8_t *out_alert, @@ -395,7 +409,7 @@ bool ssl_parse_cert_chain(uint8_t *out_alert, } bool ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb) { - if (!ssl_has_certificate(hs->config)) { + if (!ssl_has_certificate(hs)) { return CBB_add_u24(cbb, 0); } @@ -526,7 +540,7 @@ bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey) { return ssl_compare_public_and_private_key(pubkey.get(), privkey); } -bool ssl_cert_check_digital_signature_key_usage(const CBS *in) { +bool ssl_cert_check_key_usage(const CBS *in, enum ssl_key_usage_t bit) { CBS buf = *in; CBS tbs_cert, outer_extensions; @@ -592,8 +606,8 @@ bool ssl_cert_check_digital_signature_key_usage(const CBS *in) { return false; } - if (!CBS_asn1_bitstring_has_bit(&bit_string, 0)) { - OPENSSL_PUT_ERROR(SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING); + if (!CBS_asn1_bitstring_has_bit(&bit_string, bit)) { + OPENSSL_PUT_ERROR(SSL, SSL_R_KEY_USAGE_BIT_INCORRECT); return false; } @@ -696,20 +710,6 @@ bool ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey, return false; } - // Check key usages for all key types but RSA. This is needed to distinguish - // ECDH certificates, which we do not support, from ECDSA certificates. In - // principle, we should check RSA key usages based on cipher, but this breaks - // buggy antivirus deployments. Other key types are always used for signing. - // - // TODO(davidben): Get more recent data on RSA key usages. - if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA) { - CBS leaf_cbs; - CBS_init(&leaf_cbs, CRYPTO_BUFFER_data(leaf), CRYPTO_BUFFER_len(leaf)); - if (!ssl_cert_check_digital_signature_key_usage(&leaf_cbs)) { - return false; - } - } - if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { // Check the key's group and point format are acceptable. EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey); @@ -728,7 +728,7 @@ bool ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey, bool ssl_on_certificate_selected(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; - if (!ssl_has_certificate(hs->config)) { + if (!ssl_has_certificate(hs)) { // Nothing to do. return true; } @@ -741,10 +741,143 @@ bool ssl_on_certificate_selected(SSL_HANDSHAKE *hs) { CRYPTO_BUFFER_init_CBS( sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0), &leaf); - hs->local_pubkey = ssl_cert_parse_pubkey(&leaf); + if (ssl_signing_with_dc(hs)) { + hs->local_pubkey = UpRef(hs->config->cert->dc->pkey); + } else { + hs->local_pubkey = ssl_cert_parse_pubkey(&leaf); + } return hs->local_pubkey != NULL; } + +// Delegated credentials. + +DC::DC() = default; +DC::~DC() = default; + +UniquePtr DC::Dup() { + bssl::UniquePtr ret = MakeUnique(); + if (!ret) { + return nullptr; + } + + ret->raw = UpRef(raw); + ret->expected_cert_verify_algorithm = expected_cert_verify_algorithm; + ret->pkey = UpRef(pkey); + return ret; +} + +// static +UniquePtr DC::Parse(CRYPTO_BUFFER *in, uint8_t *out_alert) { + UniquePtr dc = MakeUnique(); + if (!dc) { + *out_alert = SSL_AD_INTERNAL_ERROR; + return nullptr; + } + + dc->raw = UpRef(in); + + CBS pubkey, deleg, sig; + uint32_t valid_time; + uint16_t algorithm; + CRYPTO_BUFFER_init_CBS(dc->raw.get(), &deleg); + if (!CBS_get_u32(&deleg, &valid_time) || + !CBS_get_u16(&deleg, &dc->expected_cert_verify_algorithm) || + !CBS_get_u24_length_prefixed(&deleg, &pubkey) || + !CBS_get_u16(&deleg, &algorithm) || + !CBS_get_u16_length_prefixed(&deleg, &sig) || + CBS_len(&deleg) != 0) { + OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); + *out_alert = SSL_AD_DECODE_ERROR; + return nullptr; + } + + dc->pkey.reset(EVP_parse_public_key(&pubkey)); + if (dc->pkey == nullptr) { + OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); + *out_alert = SSL_AD_DECODE_ERROR; + return nullptr; + } + + return dc; +} + +// ssl_can_serve_dc returns true if the host has configured a DC that it can +// serve in the handshake. Specifically, it checks that a DC has been +// configured, that the DC protocol version is the same as the negotiated +// protocol version, and that the DC signature algorithm is supported by the +// peer. +static bool ssl_can_serve_dc(const SSL_HANDSHAKE *hs) { + // Check that a DC has been configured. + const CERT *cert = hs->config->cert.get(); + if (cert->dc == nullptr || + cert->dc->raw == nullptr || + (cert->dc_privatekey == nullptr && cert->dc_key_method == nullptr)) { + return false; + } + + // Check that 1.3 or higher has been negotiated. + const DC *dc = cert->dc.get(); + assert(hs->ssl->s3->have_version); + if (ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) { + return false; + } + + // Check that the DC signature algorithm is supported by the peer. + Span peer_sigalgs = tls1_get_peer_verify_algorithms(hs); + bool sigalg_found = false; + for (uint16_t peer_sigalg : peer_sigalgs) { + if (dc->expected_cert_verify_algorithm == peer_sigalg) { + sigalg_found = true; + break; + } + } + + return sigalg_found; +} + +bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs) { + // As of draft-ietf-tls-subcert-03, only the server may use delegated + // credentials to authenticate itself. + return hs->ssl->server && + hs->delegated_credential_requested && + ssl_can_serve_dc(hs); +} + +static int cert_set_dc(CERT *cert, CRYPTO_BUFFER *const raw, EVP_PKEY *privkey, + const SSL_PRIVATE_KEY_METHOD *key_method) { + if (privkey == nullptr && key_method == nullptr) { + OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (privkey != nullptr && key_method != nullptr) { + OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD); + return 0; + } + + uint8_t alert; + UniquePtr dc = DC::Parse(raw, &alert); + if (dc == nullptr) { + OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_DELEGATED_CREDENTIAL); + return 0; + } + + if (privkey) { + // Check that the public and private keys match. + if (!ssl_compare_public_and_private_key(dc->pkey.get(), privkey)) { + OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_AND_PRIVATE_KEY_MISMATCH); + return 0; + } + } + + cert->dc = std::move(dc); + cert->dc_privatekey = UpRef(privkey); + cert->dc_key_method = key_method; + + return 1; +} + BSSL_NAMESPACE_END using namespace bssl; @@ -870,3 +1003,12 @@ void SSL_set0_client_CAs(SSL *ssl, STACK_OF(CRYPTO_BUFFER) *name_list) { ssl->ctx->x509_method->ssl_flush_cached_client_CA(ssl->config.get()); ssl->config->client_CA.reset(name_list); } + +int SSL_set1_delegated_credential(SSL *ssl, CRYPTO_BUFFER *dc, EVP_PKEY *pkey, + const SSL_PRIVATE_KEY_METHOD *key_method) { + if (!ssl->config) { + return 0; + } + + return cert_set_dc(ssl->config->cert.get(), dc, pkey, key_method); +} diff --git a/src/ssl/ssl_key_share.cc b/src/ssl/ssl_key_share.cc index 108ea6a..78d2aa1 100644 --- a/src/ssl/ssl_key_share.cc +++ b/src/ssl/ssl_key_share.cc @@ -220,11 +220,12 @@ class CECPQ2KeyShare : public SSLKeyShare { X25519_keypair(x25519_public_key, x25519_private_key_); uint8_t hrss_entropy[HRSS_GENERATE_KEY_BYTES]; + HRSS_public_key hrss_public_key; RAND_bytes(hrss_entropy, sizeof(hrss_entropy)); - HRSS_generate_key(&hrss_public_key_, &hrss_private_key_, hrss_entropy); + HRSS_generate_key(&hrss_public_key, &hrss_private_key_, hrss_entropy); uint8_t hrss_public_key_bytes[HRSS_PUBLIC_KEY_BYTES]; - HRSS_marshal_public_key(hrss_public_key_bytes, &hrss_public_key_); + HRSS_marshal_public_key(hrss_public_key_bytes, &hrss_public_key); if (!CBB_add_bytes(out, x25519_public_key, sizeof(x25519_public_key)) || !CBB_add_bytes(out, hrss_public_key_bytes, @@ -233,7 +234,7 @@ class CECPQ2KeyShare : public SSLKeyShare { } return true; - }; + } bool Accept(CBB *out_public_key, Array *out_secret, uint8_t *out_alert, Span peer_key) override { @@ -287,16 +288,15 @@ class CECPQ2KeyShare : public SSLKeyShare { return false; } - HRSS_decap(secret.data() + 32, &hrss_public_key_, &hrss_private_key_, - peer_key.data() + 32, peer_key.size() - 32); + HRSS_decap(secret.data() + 32, &hrss_private_key_, peer_key.data() + 32, + peer_key.size() - 32); *out_secret = std::move(secret); return true; - }; + } private: uint8_t x25519_private_key_[32]; - HRSS_public_key hrss_public_key_; HRSS_private_key hrss_private_key_; }; diff --git a/src/ssl/ssl_lib.cc b/src/ssl/ssl_lib.cc index ceeba89..a4f2044 100644 --- a/src/ssl/ssl_lib.cc +++ b/src/ssl/ssl_lib.cc @@ -640,7 +640,6 @@ ssl_st::ssl_st(SSL_CTX *ctx_arg) max_send_fragment(ctx_arg->max_send_fragment), msg_callback(ctx_arg->msg_callback), msg_callback_arg(ctx_arg->msg_callback_arg), - tls13_variant(ctx_arg->tls13_variant), ctx(UpRef(ctx_arg)), session_ctx(UpRef(ctx_arg)), options(ctx->options), @@ -715,6 +714,7 @@ SSL *SSL_new(SSL_CTX *ctx) { ssl->config->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled; ssl->config->handoff = ctx->handoff; ssl->config->ignore_tls13_downgrade = ctx->ignore_tls13_downgrade; + ssl->quic_method = ctx->quic_method; if (!ssl->method->ssl_new(ssl.get()) || !ssl->ctx->x509_method->ssl_new(ssl->s3->hs.get())) { @@ -729,6 +729,7 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg) signed_cert_timestamps_enabled(false), ocsp_stapling_enabled(false), channel_id_enabled(false), + enforce_rsa_key_usage(false), retain_only_sha256_of_client_certs(false), handoff(false), shed_handshake_config(false), @@ -851,7 +852,7 @@ enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl) { int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, const uint8_t *data, size_t len) { - if (ssl->ctx->quic_method == nullptr) { + if (ssl->quic_method == nullptr) { OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -1078,7 +1079,7 @@ int SSL_read(SSL *ssl, void *buf, int num) { } int SSL_peek(SSL *ssl, void *buf, int num) { - if (ssl->ctx->quic_method != nullptr) { + if (ssl->quic_method != nullptr) { OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -1099,7 +1100,7 @@ int SSL_peek(SSL *ssl, void *buf, int num) { int SSL_write(SSL *ssl, const void *buf, int num) { ssl_reset_error_state(ssl); - if (ssl->ctx->quic_method != nullptr) { + if (ssl->quic_method != nullptr) { OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -1135,6 +1136,37 @@ int SSL_write(SSL *ssl, const void *buf, int num) { return ret; } +int SSL_key_update(SSL *ssl, int request_type) { + ssl_reset_error_state(ssl); + + if (ssl->do_handshake == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED); + return 0; + } + + if (ssl->ctx->quic_method != nullptr) { + OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + + if (!ssl->s3->initial_handshake_complete) { + OPENSSL_PUT_ERROR(SSL, SSL_R_HANDSHAKE_NOT_COMPLETE); + return 0; + } + + if (ssl_protocol_version(ssl) < TLS1_3_VERSION) { + OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION); + return 0; + } + + if (!ssl->s3->key_update_pending && + !tls13_add_key_update(ssl, request_type)) { + return 0; + } + + return 1; +} + int SSL_shutdown(SSL *ssl) { ssl_reset_error_state(ssl); @@ -1230,14 +1262,6 @@ void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) { ctx->enable_early_data = !!enabled; } -void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, enum tls13_variant_t variant) { - ctx->tls13_variant = variant; -} - -void SSL_set_tls13_variant(SSL *ssl, enum tls13_variant_t variant) { - ssl->tls13_variant = variant; -} - void SSL_set_early_data_enabled(SSL *ssl, int enabled) { ssl->enable_early_data = !!enabled; } @@ -1320,7 +1344,7 @@ int SSL_get_error(const SSL *ssl, int ret_code) { return SSL_ERROR_HANDBACK; case SSL_READING: { - if (ssl->ctx->quic_method) { + if (ssl->quic_method) { return SSL_ERROR_WANT_READ; } BIO *bio = SSL_get_rbio(ssl); @@ -2437,6 +2461,14 @@ int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) { return 1; } +int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) { + if (ssl->method->is_dtls) { + return 0; + } + ssl->quic_method = quic_method; + return 1; +} + int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) { int index; @@ -2666,6 +2698,13 @@ void SSL_CTX_set_reverify_on_resume(SSL_CTX *ctx, int enabled) { ctx->reverify_on_resume = !!enabled; } +void SSL_set_enforce_rsa_key_usage(SSL *ssl, int enabled) { + if (!ssl->config) { + return; + } + ssl->config->enforce_rsa_key_usage = !!enabled; +} + void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) { ssl->renegotiate_mode = mode; diff --git a/src/ssl/ssl_privkey.cc b/src/ssl/ssl_privkey.cc index e716c9a..1ddb1b1 100644 --- a/src/ssl/ssl_privkey.cc +++ b/src/ssl/ssl_privkey.cc @@ -133,8 +133,14 @@ static const SSL_SIGNATURE_ALGORITHM *get_signature_algorithm(uint16_t sigalg) { return NULL; } -bool ssl_has_private_key(const SSL_CONFIG *cfg) { - return cfg->cert->privatekey != nullptr || cfg->cert->key_method != nullptr; +bool ssl_has_private_key(const SSL_HANDSHAKE *hs) { + if (hs->config->cert->privatekey != nullptr || + hs->config->cert->key_method != nullptr || + ssl_signing_with_dc(hs)) { + return true; + } + + return false; } static bool pkey_supports_algorithm(const SSL *ssl, EVP_PKEY *pkey, @@ -195,13 +201,20 @@ enum ssl_private_key_result_t ssl_private_key_sign( SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, size_t max_out, uint16_t sigalg, Span in) { SSL *const ssl = hs->ssl; - if (hs->config->cert->key_method != NULL) { + const SSL_PRIVATE_KEY_METHOD *key_method = hs->config->cert->key_method; + EVP_PKEY *privatekey = hs->config->cert->privatekey.get(); + if (ssl_signing_with_dc(hs)) { + key_method = hs->config->cert->dc_key_method; + privatekey = hs->config->cert->dc_privatekey.get(); + } + + if (key_method != NULL) { enum ssl_private_key_result_t ret; if (hs->pending_private_key_op) { - ret = hs->config->cert->key_method->complete(ssl, out, out_len, max_out); + ret = key_method->complete(ssl, out, out_len, max_out); } else { - ret = hs->config->cert->key_method->sign(ssl, out, out_len, max_out, - sigalg, in.data(), in.size()); + ret = key_method->sign(ssl, out, out_len, max_out, + sigalg, in.data(), in.size()); } if (ret == ssl_private_key_failure) { OPENSSL_PUT_ERROR(SSL, SSL_R_PRIVATE_KEY_OPERATION_FAILED); @@ -212,8 +225,7 @@ enum ssl_private_key_result_t ssl_private_key_sign( *out_len = max_out; ScopedEVP_MD_CTX ctx; - if (!setup_ctx(ssl, ctx.get(), hs->config->cert->privatekey.get(), sigalg, - false /* sign */) || + if (!setup_ctx(ssl, ctx.get(), privatekey, sigalg, false /* sign */) || !EVP_DigestSign(ctx.get(), out, out_len, in.data(), in.size())) { return ssl_private_key_failure; } @@ -552,6 +564,10 @@ static int compare_uint16_t(const void *p1, const void *p2) { } static bool sigalgs_unique(Span in_sigalgs) { + if (in_sigalgs.size() < 2) { + return true; + } + Array sigalgs; if (!sigalgs.CopyFrom(in_sigalgs)) { return false; diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc index 8d01c03..f3f7923 100644 --- a/src/ssl/ssl_test.cc +++ b/src/ssl/ssl_test.cc @@ -2628,11 +2628,6 @@ TEST(SSLTest, SetVersion) { // SSL 3.0 is not available. EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION)); - // TLS1_3_DRAFT_VERSION is not an API-level version. - EXPECT_FALSE( - SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT23_VERSION)); - ERR_clear_error(); - ctx.reset(SSL_CTX_new(DTLS_method())); ASSERT_TRUE(ctx); @@ -4358,6 +4353,35 @@ TEST(SSLTest, ApplyHandoffRemovesUnsupportedCurves) { EXPECT_EQ(1u, server->config->supported_group_list.size()); } +TEST(SSLTest, ZeroSizedWiteFlushesHandshakeMessages) { + // If there are pending handshake mesages, an |SSL_write| of zero bytes should + // flush them. + bssl::UniquePtr server_ctx(SSL_CTX_new(TLS_method())); + EXPECT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), TLS1_3_VERSION)); + EXPECT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), TLS1_3_VERSION)); + bssl::UniquePtr cert = GetTestCertificate(); + bssl::UniquePtr key = GetTestKey(); + ASSERT_TRUE(cert); + ASSERT_TRUE(key); + ASSERT_TRUE(SSL_CTX_use_certificate(server_ctx.get(), cert.get())); + ASSERT_TRUE(SSL_CTX_use_PrivateKey(server_ctx.get(), key.get())); + + bssl::UniquePtr client_ctx(SSL_CTX_new(TLS_method())); + EXPECT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), TLS1_3_VERSION)); + EXPECT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), TLS1_3_VERSION)); + + bssl::UniquePtr client, server; + ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(), + server_ctx.get())); + + BIO *client_wbio = SSL_get_wbio(client.get()); + EXPECT_EQ(0u, BIO_wpending(client_wbio)); + EXPECT_TRUE(SSL_key_update(client.get(), SSL_KEY_UPDATE_NOT_REQUESTED)); + EXPECT_EQ(0u, BIO_wpending(client_wbio)); + EXPECT_EQ(0, SSL_write(client.get(), nullptr, 0)); + EXPECT_NE(0u, BIO_wpending(client_wbio)); +} + TEST_P(SSLVersionTest, VerifyBeforeCertRequest) { // Configure the server to request client certificates. SSL_CTX_set_custom_verify( diff --git a/src/ssl/ssl_versions.cc b/src/ssl/ssl_versions.cc index 8616967..e6dbc8d 100644 --- a/src/ssl/ssl_versions.cc +++ b/src/ssl/ssl_versions.cc @@ -34,11 +34,6 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) { *out = version; return true; - case TLS1_3_DRAFT23_VERSION: - case TLS1_3_DRAFT28_VERSION: - *out = TLS1_3_VERSION; - return true; - case DTLS1_VERSION: // DTLS 1.0 is analogous to TLS 1.1, not TLS 1.0. *out = TLS1_1_VERSION; @@ -58,8 +53,6 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) { static const uint16_t kTLSVersions[] = { TLS1_3_VERSION, - TLS1_3_DRAFT28_VERSION, - TLS1_3_DRAFT23_VERSION, TLS1_2_VERSION, TLS1_1_VERSION, TLS1_VERSION, @@ -95,14 +88,10 @@ bool ssl_method_supports_version(const SSL_PROTOCOL_METHOD *method, } // The following functions map between API versions and wire versions. The -// public API works on wire versions, except that TLS 1.3 draft versions all -// appear as TLS 1.3. This will get collapsed back down when TLS 1.3 is -// finalized. +// public API works on wire versions. static const char *ssl_version_to_string(uint16_t version) { switch (version) { - case TLS1_3_DRAFT23_VERSION: - case TLS1_3_DRAFT28_VERSION: case TLS1_3_VERSION: return "TLSv1.3"; @@ -127,26 +116,11 @@ static const char *ssl_version_to_string(uint16_t version) { } static uint16_t wire_version_to_api(uint16_t version) { - switch (version) { - // Report TLS 1.3 draft versions as TLS 1.3 in the public API. - case TLS1_3_DRAFT23_VERSION: - case TLS1_3_DRAFT28_VERSION: - case TLS1_3_VERSION: - return TLS1_3_VERSION; - default: - return version; - } + return version; } -// api_version_to_wire maps |version| to some representative wire version. In -// particular, it picks an arbitrary TLS 1.3 representative. This should only be -// used in context where that does not matter. +// api_version_to_wire maps |version| to some representative wire version. static bool api_version_to_wire(uint16_t *out, uint16_t version) { - if (version == TLS1_3_DRAFT23_VERSION || - version == TLS1_3_DRAFT28_VERSION) { - return false; - } - // Check it is a real protocol version. uint16_t unused; if (!ssl_protocol_version_from_wire(&unused, version)) { @@ -218,7 +192,7 @@ bool ssl_get_version_range(const SSL_HANDSHAKE *hs, uint16_t *out_min_version, uint16_t max_version = hs->config->conf_max_version; // QUIC requires TLS 1.3. - if (hs->ssl->ctx->quic_method && min_version < TLS1_3_VERSION) { + if (hs->ssl->quic_method && min_version < TLS1_3_VERSION) { min_version = TLS1_3_VERSION; } @@ -299,21 +273,6 @@ bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) { return false; } - // If the TLS 1.3 variant is set to |tls13_default|, all variants are enabled, - // otherwise only the matching version is enabled. - if (protocol_version == TLS1_3_VERSION) { - switch (ssl->tls13_variant) { - case tls13_draft23: - return version == TLS1_3_DRAFT23_VERSION; - case tls13_draft28: - return version == TLS1_3_DRAFT28_VERSION; - case tls13_rfc: - return version == TLS1_3_VERSION; - case tls13_all: - return true; - } - } - return true; } @@ -373,10 +332,6 @@ bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert, return false; } -bool ssl_is_draft28(uint16_t version) { - return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION; -} - BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/ssl_x509.cc b/src/ssl/ssl_x509.cc index eb3a38b..841482f 100644 --- a/src/ssl/ssl_x509.cc +++ b/src/ssl/ssl_x509.cc @@ -448,7 +448,7 @@ static int ssl_crypto_x509_ssl_auto_chain_if_needed(SSL_HANDSHAKE *hs) { // Only build a chain if there are no intermediates configured and the feature // isn't disabled. if ((hs->ssl->mode & SSL_MODE_NO_AUTO_CHAIN) || - !ssl_has_certificate(hs->config) || hs->config->cert->chain == NULL || + !ssl_has_certificate(hs) || hs->config->cert->chain == NULL || sk_CRYPTO_BUFFER_num(hs->config->cert->chain.get()) > 1) { return 1; } @@ -1223,7 +1223,8 @@ static int do_client_cert_cb(SSL *ssl, void *arg) { assert(ssl->config); return -1; } - if (ssl_has_certificate(ssl->config.get()) || + + if (ssl_has_certificate(ssl->s3->hs.get()) || ssl->ctx->client_cert_cb == NULL) { return 1; } diff --git a/src/ssl/t1_lib.cc b/src/ssl/t1_lib.cc index 5e65f81..3a08fe6 100644 --- a/src/ssl/t1_lib.cc +++ b/src/ssl/t1_lib.cc @@ -292,23 +292,10 @@ static const uint16_t kDefaultGroups[] = { SSL_CURVE_SECP384R1, }; -// TLS 1.3 servers will pick CECPQ2 if offered by a client, but it's not enabled -// by default for clients. -static const uint16_t kDefaultGroupsServer[] = { - // CECPQ2 is not yet enabled by default. - // SSL_CURVE_CECPQ2, - SSL_CURVE_X25519, - SSL_CURVE_SECP256R1, - SSL_CURVE_SECP384R1, -};; - Span tls1_get_grouplist(const SSL_HANDSHAKE *hs) { if (!hs->config->supported_group_list.empty()) { return hs->config->supported_group_list; } - if (hs->ssl->server) { - return Span(kDefaultGroupsServer); - } return Span(kDefaultGroups); } @@ -2715,6 +2702,36 @@ static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs, return true; } +// Delegated credentials. +// +// https://tools.ietf.org/html/draft-ietf-tls-subcerts + +static bool ext_delegated_credential_add_clienthello(SSL_HANDSHAKE *hs, + CBB *out) { + return true; +} + +static bool ext_delegated_credential_parse_clienthello(SSL_HANDSHAKE *hs, + uint8_t *out_alert, + CBS *contents) { + assert(TLSEXT_TYPE_delegated_credential == 0xff02); + // TODO: Check that the extension is empty. + // + // As of draft-02, the client sends an empty extension in order indicate + // support for delegated credentials. This could change, however, since the + // spec is not yet finalized. This assertion is here to remind us to enforce + // this check once the extension ID is assigned. + + if (contents == nullptr || ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) { + // Don't use delegated credentials unless we're negotiating TLS 1.3 or + // higher. + return true; + } + + hs->delegated_credential_requested = true; + return true; +} + // Certificate compression static bool cert_compression_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) { @@ -3003,6 +3020,14 @@ static const struct tls_extension kExtensions[] = { cert_compression_parse_clienthello, cert_compression_add_serverhello, }, + { + TLSEXT_TYPE_delegated_credential, + NULL, + ext_delegated_credential_add_clienthello, + forbid_parse_serverhello, + ext_delegated_credential_parse_clienthello, + dont_add_serverhello, + }, }; #define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension)) @@ -3629,6 +3654,7 @@ bool tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey) { bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) { SSL *const ssl = hs->ssl; CERT *cert = hs->config->cert.get(); + DC *dc = cert->dc.get(); // Before TLS 1.2, the signature algorithm isn't negotiated as part of the // handshake. @@ -3641,19 +3667,13 @@ bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) { } Span sigalgs = kSignSignatureAlgorithms; - if (!cert->sigalgs.empty()) { + if (ssl_signing_with_dc(hs)) { + sigalgs = MakeConstSpan(&dc->expected_cert_verify_algorithm, 1); + } else if (!cert->sigalgs.empty()) { sigalgs = cert->sigalgs; } - Span peer_sigalgs = hs->peer_sigalgs; - if (peer_sigalgs.empty() && ssl_protocol_version(ssl) < TLS1_3_VERSION) { - // If the client didn't specify any signature_algorithms extension then - // we can assume that it supports SHA1. See - // http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 - static const uint16_t kDefaultPeerAlgorithms[] = {SSL_SIGN_RSA_PKCS1_SHA1, - SSL_SIGN_ECDSA_SHA1}; - peer_sigalgs = kDefaultPeerAlgorithms; - } + Span peer_sigalgs = tls1_get_peer_verify_algorithms(hs); for (uint16_t sigalg : sigalgs) { // SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal value and should never be @@ -3675,6 +3695,19 @@ bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) { return false; } +Span tls1_get_peer_verify_algorithms(const SSL_HANDSHAKE *hs) { + Span peer_sigalgs = hs->peer_sigalgs; + if (peer_sigalgs.empty() && ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) { + // If the client didn't specify any signature_algorithms extension then + // we can assume that it supports SHA1. See + // http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 + static const uint16_t kDefaultPeerAlgorithms[] = {SSL_SIGN_RSA_PKCS1_SHA1, + SSL_SIGN_ECDSA_SHA1}; + peer_sigalgs = kDefaultPeerAlgorithms; + } + return peer_sigalgs; +} + bool tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) { SSL *const ssl = hs->ssl; // A Channel ID handshake message is structured to contain multiple diff --git a/src/ssl/test/CMakeLists.txt b/src/ssl/test/CMakeLists.txt index d86464c..ebc16f1 100644 --- a/src/ssl/test/CMakeLists.txt +++ b/src/ssl/test/CMakeLists.txt @@ -10,13 +10,11 @@ add_executable( settings_writer.cc test_config.cc test_state.cc - - $ ) add_dependencies(bssl_shim global_target) -target_link_libraries(bssl_shim ssl crypto) +target_link_libraries(bssl_shim test_support_lib ssl crypto) if(UNIX AND NOT APPLE AND NOT ANDROID) add_executable( @@ -29,13 +27,11 @@ if(UNIX AND NOT APPLE AND NOT ANDROID) settings_writer.cc test_config.cc test_state.cc - - $ ) add_dependencies(handshaker global_target) - target_link_libraries(handshaker ssl crypto) + target_link_libraries(handshaker test_support_lib ssl crypto) else() # Declare a dummy target for run_tests to depend on. add_custom_target(handshaker) diff --git a/src/ssl/test/bssl_shim.cc b/src/ssl/test/bssl_shim.cc index 77ed796..62db076 100644 --- a/src/ssl/test/bssl_shim.cc +++ b/src/ssl/test/bssl_shim.cc @@ -981,6 +981,12 @@ static bool DoExchange(bssl::UniquePtr *out_session, pending_initial_write = false; } + if (config->key_update && + !SSL_key_update(ssl, SSL_KEY_UPDATE_NOT_REQUESTED)) { + fprintf(stderr, "SSL_key_update failed.\n"); + return false; + } + for (int i = 0; i < n; i++) { buf[i] ^= 0xff; } diff --git a/src/ssl/test/fuzzer.h b/src/ssl/test/fuzzer.h index 1ca970d..f714d5d 100644 --- a/src/ssl/test/fuzzer.h +++ b/src/ssl/test/fuzzer.h @@ -414,6 +414,13 @@ class TLSFuzzer { return false; } + static const int kCurves[] = {NID_CECPQ2, NID_X25519, NID_X9_62_prime256v1, + NID_secp384r1, NID_secp521r1}; + if (!SSL_CTX_set1_curves(ctx_.get(), kCurves, + OPENSSL_ARRAY_SIZE(kCurves))) { + return false; + } + SSL_CTX_set_early_data_enabled(ctx_.get(), 1); SSL_CTX_set_next_proto_select_cb(ctx_.get(), NPNSelectCallback, nullptr); @@ -489,16 +496,6 @@ class TLSFuzzer { SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr); break; - case kTLS13Variant: { - uint8_t variant; - if (!CBS_get_u8(cbs, &variant)) { - return nullptr; - } - SSL_set_tls13_variant(ssl.get(), - static_cast(variant)); - break; - } - case kHandoffTag: { CBS handoff; if (!CBS_get_u24_length_prefixed(cbs, &handoff)) { diff --git a/src/ssl/test/fuzzer_tags.h b/src/ssl/test/fuzzer_tags.h index c21aca3..eb9991d 100644 --- a/src/ssl/test/fuzzer_tags.h +++ b/src/ssl/test/fuzzer_tags.h @@ -39,13 +39,10 @@ static const uint16_t kSessionTag = 1; // certificates. static const uint16_t kRequestClientCert = 2; -// kTLS13Variant is followed by a u8 denoting the TLS 1.3 variant to configure. -static const uint16_t kTLS13Variant = 3; - // kHandoffTag is followed by the output of |SSL_serialize_handoff|. -static const uint16_t kHandoffTag = 4; +static const uint16_t kHandoffTag = 3; // kHandbackTag is followed by te output of |SSL_serialize_handback|. -static const uint16_t kHandbackTag = 5; +static const uint16_t kHandbackTag = 4; #endif // HEADER_SSL_TEST_FUZZER_TAGS diff --git a/src/ssl/test/runner/cipher_suites.go b/src/ssl/test/runner/cipher_suites.go index 3246f0b..e827c52 100644 --- a/src/ssl/test/runner/cipher_suites.go +++ b/src/ssl/test/runner/cipher_suites.go @@ -33,7 +33,7 @@ type keyAgreement interface { // This method may not be called if the server doesn't send a // ServerKeyExchange message. - processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *x509.Certificate, *serverKeyExchangeMsg) error + processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, crypto.PublicKey, *serverKeyExchangeMsg) error generateClientKeyExchange(*Config, *clientHelloMsg, *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) // peerSignatureAlgorithm returns the signature algorithm used by the diff --git a/src/ssl/test/runner/common.go b/src/ssl/test/runner/common.go index d99518c..bbcacf5 100644 --- a/src/ssl/test/runner/common.go +++ b/src/ssl/test/runner/common.go @@ -32,23 +32,8 @@ const ( VersionDTLS12 = 0xfefd ) -// A draft version of TLS 1.3 that is sent over the wire for the current draft. -const ( - tls13Draft23Version = 0x7f17 - tls13Draft28Version = 0x7f1c -) - -const ( - TLS13RFC = 0 - TLS13Draft23 = 1 - TLS13Draft28 = 2 - TLS13All = 3 -) - var allTLSWireVersions = []uint16{ VersionTLS13, - tls13Draft28Version, - tls13Draft23Version, VersionTLS12, VersionTLS11, VersionTLS10, @@ -140,6 +125,7 @@ const ( extensionRenegotiationInfo uint16 = 0xff01 extensionQUICTransportParams uint16 = 0xffa5 // draft-ietf-quic-tls-13 extensionChannelID uint16 = 30032 // not IANA assigned + extensionDelegatedCredentials uint16 = 0xff02 // not IANA assigned ) // TLS signaling cipher suite values @@ -447,9 +433,6 @@ type Config struct { // which is currently TLS 1.2. MaxVersion uint16 - // TLS13Variant is the variant of TLS 1.3 to use. - TLS13Variant int - // CurvePreferences contains the elliptic curves that will be used in // an ECDHE handshake, in preference order. If empty, the default will // be used. @@ -1531,10 +1514,6 @@ type ProtocolBugs struct { // specified number of plaintext bytes per record. ExpectPackedEncryptedHandshake int - // ForbidHandshakePacking, if true, requires the peer place a record - // boundary after every handshake message. - ForbidHandshakePacking bool - // SendTicketLifetime, if non-zero, is the ticket lifetime to send in // NewSessionTicket messages. SendTicketLifetime time.Duration @@ -1658,6 +1637,18 @@ type ProtocolBugs struct { // ExpectKeyShares, if not nil, lists (in order) the curves that a ClientHello // should have key shares for. ExpectedKeyShares []CurveID + + // ExpectDelegatedCredentials, if true, requires that the handshake present + // delegated credentials. + ExpectDelegatedCredentials bool + + // FailIfDelegatedCredentials, if true, causes a handshake failure if the + // server returns delegated credentials. + FailIfDelegatedCredentials bool + + // DisableDelegatedCredentials, if true, disables client support for delegated + // credentials. + DisableDelegatedCredentials bool } func (c *Config) serverInit() { @@ -1770,18 +1761,12 @@ func wireToVersion(vers uint16, isDTLS bool) (uint16, bool) { switch vers { case VersionSSL30, VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13: return vers, true - case tls13Draft23Version, tls13Draft28Version: - return VersionTLS13, true } } return 0, false } -func isDraft28(vers uint16) bool { - return vers == tls13Draft28Version || vers == VersionTLS13 -} - // isSupportedVersion checks if the specified wire version is acceptable. If so, // it returns true and the corresponding protocol version. Otherwise, it returns // false. @@ -1790,26 +1775,6 @@ func (c *Config) isSupportedVersion(wireVers uint16, isDTLS bool) (uint16, bool) if !ok || c.minVersion(isDTLS) > vers || vers > c.maxVersion(isDTLS) { return 0, false } - if vers == VersionTLS13 { - switch c.TLS13Variant { - case TLS13Draft23: - if wireVers != tls13Draft23Version { - return 0, false - } - case TLS13Draft28: - if wireVers != tls13Draft28Version { - return 0, false - } - case TLS13RFC: - if wireVers != VersionTLS13 { - return 0, false - } - case TLS13All: - // Allow all of them. - default: - panic(c.TLS13Variant) - } - } return vers, true } diff --git a/src/ssl/test/runner/conn.go b/src/ssl/test/runner/conn.go index b6b6ffa..8a3ed5d 100644 --- a/src/ssl/test/runner/conn.go +++ b/src/ssl/test/runner/conn.go @@ -106,6 +106,7 @@ type Conn struct { pendingFragments [][]byte // pending outgoing handshake fragments. pendingPacket []byte // pending outgoing packet. + keyUpdateSeen bool keyUpdateRequested bool seenOneByteRecord bool @@ -453,7 +454,7 @@ func (hc *halfConn) decrypt(b *block) (ok bool, prefixLen int, contentType recor n := len(payload) - c.Overhead() additionalData[11] = byte(n >> 8) additionalData[12] = byte(n) - } else if isDraft28(hc.wireVersion) { + } else { additionalData = b.data[:recordHeaderLen] } var err error @@ -619,7 +620,7 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int, typ recordType) (bool, copy(additionalData[8:], b.data[:3]) additionalData[11] = byte(payloadLen >> 8) additionalData[12] = byte(payloadLen) - } else if isDraft28(hc.wireVersion) { + } else { additionalData = make([]byte, 5) copy(additionalData, b.data[:3]) n := len(b.data) - recordHeaderLen @@ -1321,9 +1322,6 @@ func (c *Conn) doReadHandshake() ([]byte, error) { return nil, err } } - if c.hand.Len() > 4+n && c.config.Bugs.ForbidHandshakePacking { - return nil, errors.New("tls: forbidden trailing data after a handshake message") - } return c.hand.Next(4 + n), nil } @@ -1635,6 +1633,8 @@ func (c *Conn) handlePostHandshakeMessage() error { } if keyUpdate, ok := msg.(*keyUpdateMsg); ok { + c.keyUpdateSeen = true + if c.config.Bugs.RejectUnsolicitedKeyUpdate { return errors.New("tls: unexpected KeyUpdate message") } @@ -1665,7 +1665,7 @@ func (c *Conn) ReadKeyUpdateACK() error { keyUpdate, ok := msg.(*keyUpdateMsg) if !ok { c.sendAlert(alertUnexpectedMessage) - return errors.New("tls: unexpected message when reading KeyUpdate") + return fmt.Errorf("tls: unexpected message (%T) when reading KeyUpdate", msg) } if keyUpdate.keyUpdateRequest != keyUpdateNotRequested { @@ -1708,13 +1708,12 @@ func (c *Conn) Read(b []byte) (n int, err error) { // Soft error, like EAGAIN return 0, err } - if c.hand.Len() > 0 { + for c.hand.Len() > 0 { // We received handshake bytes, indicating a // post-handshake message. if err := c.handlePostHandshakeMessage(); err != nil { return 0, err } - continue } } if err := c.in.err; err != nil { diff --git a/src/ssl/test/runner/handshake_client.go b/src/ssl/test/runner/handshake_client.go index 5234462..45dc75d 100644 --- a/src/ssl/test/runner/handshake_client.go +++ b/src/ssl/test/runner/handshake_client.go @@ -32,6 +32,8 @@ type clientHandshakeState struct { masterSecret []byte session *ClientSessionState finishedBytes []byte + peerPublicKey crypto.PublicKey + skxAlgo signatureAlgorithm } func mapClientHelloVersion(vers uint16, isDTLS bool) uint16 { @@ -126,6 +128,7 @@ func (c *Conn) clientHandshake() error { pskBinderFirst: c.config.Bugs.PSKBinderFirst, omitExtensions: c.config.Bugs.OmitExtensions, emptyExtensions: c.config.Bugs.EmptyExtensions, + delegatedCredentials: !c.config.Bugs.DisableDelegatedCredentials, } if maxVersion >= VersionTLS13 { @@ -424,10 +427,9 @@ NextCipherSuite: if len(hello.pskIdentities) > 0 { version := session.wireVersion // We may have a pre-1.3 session if SendBothTickets is - // set. Fill in an arbitrary TLS 1.3 version to compute - // the binder. + // set. if session.vers < VersionTLS13 { - version = tls13Draft23Version + version = VersionTLS13 } generatePSKBinders(version, hello, pskCipherSuite, session.masterSecret, []byte{}, []byte{}, c.config) } @@ -979,7 +981,6 @@ func (hs *clientHandshakeState) doTLS13Handshake() error { if err := hs.verifyCertificates(certMsg); err != nil { return err } - leaf := c.peerCertificates[0] c.ocspResponse = certMsg.certificates[0].ocspResponse c.sctList = certMsg.certificates[0].sctList @@ -995,7 +996,7 @@ func (hs *clientHandshakeState) doTLS13Handshake() error { c.peerSignatureAlgorithm = certVerifyMsg.signatureAlgorithm input := hs.finishedHash.certificateVerifyInput(serverCertificateVerifyContextTLS13) - err = verifyMessage(c.vers, getCertificatePublicKey(leaf), c.config, certVerifyMsg.signatureAlgorithm, input, certVerifyMsg.signature) + err = verifyMessage(c.vers, hs.peerPublicKey, c.config, certVerifyMsg.signatureAlgorithm, input, certVerifyMsg.signature) if err != nil { return err } @@ -1234,7 +1235,7 @@ func (hs *clientHandshakeState) doFullHandshake() error { skx, ok := msg.(*serverKeyExchangeMsg) if ok { hs.writeServerHash(skx.marshal()) - err = keyAgreement.processServerKeyExchange(c.config, hs.hello, hs.serverHello, leaf, skx) + err = keyAgreement.processServerKeyExchange(c.config, hs.hello, hs.serverHello, hs.peerPublicKey, skx) if err != nil { c.sendAlert(alertUnexpectedMessage) return err @@ -1378,6 +1379,23 @@ func (hs *clientHandshakeState) doFullHandshake() error { return nil } +// delegatedCredentialSignedMessage returns the bytes that are signed in order +// to authenticate a delegated credential. +func delegatedCredentialSignedMessage(credBytes []byte, algorithm signatureAlgorithm, leafDER []byte) []byte { + // https://tools.ietf.org/html/draft-ietf-tls-subcerts-03#section-3 + ret := make([]byte, 64, 128) + for i := range ret { + ret[i] = 0x20 + } + + ret = append(ret, []byte("TLS, server delegated credentials\x00")...) + ret = append(ret, leafDER...) + ret = append(ret, byte(algorithm>>8), byte(algorithm)) + ret = append(ret, credBytes...) + + return ret +} + func (hs *clientHandshakeState) verifyCertificates(certMsg *certificateMsg) error { c := hs.c @@ -1386,6 +1404,7 @@ func (hs *clientHandshakeState) verifyCertificates(certMsg *certificateMsg) erro return errors.New("tls: no certificates sent") } + var dc *delegatedCredential certs := make([]*x509.Certificate, len(certMsg.certificates)) for i, certEntry := range certMsg.certificates { cert, err := x509.ParseCertificate(certEntry.data) @@ -1394,6 +1413,22 @@ func (hs *clientHandshakeState) verifyCertificates(certMsg *certificateMsg) erro return errors.New("tls: failed to parse certificate from server: " + err.Error()) } certs[i] = cert + + if certEntry.delegatedCredential != nil { + if c.config.Bugs.FailIfDelegatedCredentials { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: unexpected delegated credential") + } + if i != 0 { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: non-leaf certificate has a delegated credential") + } + if c.config.Bugs.DisableDelegatedCredentials { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: server sent delegated credential without it being requested") + } + dc = certEntry.delegatedCredential + } } if !c.config.InsecureSkipVerify { @@ -1418,16 +1453,45 @@ func (hs *clientHandshakeState) verifyCertificates(certMsg *certificateMsg) erro } } - publicKey := getCertificatePublicKey(certs[0]) - switch publicKey.(type) { + leafPublicKey := getCertificatePublicKey(certs[0]) + switch leafPublicKey.(type) { case *rsa.PublicKey, *ecdsa.PublicKey, ed25519.PublicKey: break default: c.sendAlert(alertUnsupportedCertificate) - return fmt.Errorf("tls: server's certificate contains an unsupported type of public key: %T", publicKey) + return fmt.Errorf("tls: server's certificate contains an unsupported type of public key: %T", leafPublicKey) } c.peerCertificates = certs + + if dc != nil { + // Note that this doesn't check a) the delegated credential temporal + // validity nor b) that the certificate has the special OID asserted. + hs.skxAlgo = dc.expectedCertVerifyAlgo + + var err error + if hs.peerPublicKey, err = x509.ParsePKIXPublicKey(dc.pkixPublicKey); err != nil { + c.sendAlert(alertBadCertificate) + return errors.New("tls: failed to parse public key from delegated credential: " + err.Error()) + } + + verifier, err := getSigner(c.vers, hs.peerPublicKey, c.config, dc.algorithm, true) + if err != nil { + c.sendAlert(alertBadCertificate) + return errors.New("tls: failed to get verifier for delegated credential: " + err.Error()) + } + + if err := verifier.verifyMessage(leafPublicKey, delegatedCredentialSignedMessage(dc.signedBytes, dc.algorithm, certs[0].Raw), dc.signature); err != nil { + c.sendAlert(alertBadCertificate) + return errors.New("tls: failed to verify delegated credential: " + err.Error()) + } + } else if c.config.Bugs.ExpectDelegatedCredentials { + c.sendAlert(alertInternalError) + return errors.New("tls: delegated credentials missing") + } else { + hs.peerPublicKey = leafPublicKey + } + return nil } diff --git a/src/ssl/test/runner/handshake_messages.go b/src/ssl/test/runner/handshake_messages.go index 823c6c8..f12ca1a 100644 --- a/src/ssl/test/runner/handshake_messages.go +++ b/src/ssl/test/runner/handshake_messages.go @@ -297,6 +297,7 @@ type clientHelloMsg struct { emptyExtensions bool pad int compressedCertAlgs []uint16 + delegatedCredentials bool } func (m *clientHelloMsg) equal(i interface{}) bool { @@ -350,7 +351,8 @@ func (m *clientHelloMsg) equal(i interface{}) bool { m.omitExtensions == m1.omitExtensions && m.emptyExtensions == m1.emptyExtensions && m.pad == m1.pad && - eqUint16s(m.compressedCertAlgs, m1.compressedCertAlgs) + eqUint16s(m.compressedCertAlgs, m1.compressedCertAlgs) && + m.delegatedCredentials == m1.delegatedCredentials } func (m *clientHelloMsg) marshalKeyShares(bb *byteBuilder) { @@ -592,6 +594,10 @@ func (m *clientHelloMsg) marshal() []byte { algIDs.addU16(v) } } + if m.delegatedCredentials { + extensions.addU16(extensionDelegatedCredentials) + extensions.addU16(0) // Length is always 0 + } // The PSK extension must be last. See https://tools.ietf.org/html/rfc8446#section-4.2.11 if len(m.pskIdentities) > 0 && !m.pskBinderFirst { extensions.addU16(extensionPreSharedKey) @@ -717,6 +723,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { m.alpnProtocols = nil m.extendedMasterSecret = false m.customExtension = "" + m.delegatedCredentials = false if len(reader) == 0 { // ClientHello is optionally followed by extension data @@ -947,6 +954,11 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { return false } } + case extensionDelegatedCredentials: + if len(body) != 0 { + return false + } + m.delegatedCredentials = true } if isGREASEValue(extension) { @@ -1602,6 +1614,17 @@ type certificateEntry struct { sctList []byte duplicateExtensions bool extraExtension []byte + delegatedCredential *delegatedCredential +} + +type delegatedCredential struct { + // https://tools.ietf.org/html/draft-ietf-tls-subcerts-03#section-3 + signedBytes []byte + lifetimeSecs uint32 + expectedCertVerifyAlgo signatureAlgorithm + pkixPublicKey []byte + algorithm signatureAlgorithm + signature []byte } type certificateMsg struct { @@ -1700,6 +1723,29 @@ func (m *certificateMsg) unmarshal(data []byte) bool { } case extensionSignedCertificateTimestamp: cert.sctList = []byte(body) + case extensionDelegatedCredentials: + // https://tools.ietf.org/html/draft-ietf-tls-subcerts-03#section-3 + if cert.delegatedCredential != nil { + return false + } + + dc := new(delegatedCredential) + origBody := body + var expectedCertVerifyAlgo, algorithm uint16 + + if !body.readU32(&dc.lifetimeSecs) || + !body.readU16(&expectedCertVerifyAlgo) || + !body.readU24LengthPrefixedBytes(&dc.pkixPublicKey) || + !body.readU16(&algorithm) || + !body.readU16LengthPrefixedBytes(&dc.signature) || + len(body) != 0 { + return false + } + + dc.expectedCertVerifyAlgo = signatureAlgorithm(expectedCertVerifyAlgo) + dc.algorithm = signatureAlgorithm(algorithm) + dc.signedBytes = []byte(origBody)[:4+2+3+len(dc.pkixPublicKey)] + cert.delegatedCredential = dc default: return false } diff --git a/src/ssl/test/runner/handshake_server.go b/src/ssl/test/runner/handshake_server.go index 5486342..d2ef9b4 100644 --- a/src/ssl/test/runner/handshake_server.go +++ b/src/ssl/test/runner/handshake_server.go @@ -881,10 +881,10 @@ ResendHelloRetryRequest: data: certData, } if i == 0 { - if hs.clientHello.ocspStapling { + if hs.clientHello.ocspStapling && !c.config.Bugs.NoOCSPStapling { cert.ocspResponse = hs.cert.OCSPStaple } - if hs.clientHello.sctListSupported { + if hs.clientHello.sctListSupported && !c.config.Bugs.NoSignedCertificateTimestamps { cert.sctList = hs.cert.SignedCertificateTimestampList } cert.duplicateExtensions = config.Bugs.SendDuplicateCertExtensions @@ -1577,11 +1577,11 @@ func (hs *serverHandshakeState) doFullHandshake() error { c := hs.c isPSK := hs.suite.flags&suitePSK != 0 - if !isPSK && hs.clientHello.ocspStapling && len(hs.cert.OCSPStaple) > 0 { + if !isPSK && hs.clientHello.ocspStapling && len(hs.cert.OCSPStaple) > 0 && !c.config.Bugs.NoOCSPStapling { hs.hello.extensions.ocspStapling = true } - if hs.clientHello.sctListSupported && len(hs.cert.SignedCertificateTimestampList) > 0 { + if hs.clientHello.sctListSupported && len(hs.cert.SignedCertificateTimestampList) > 0 && !c.config.Bugs.NoSignedCertificateTimestamps { hs.hello.extensions.sctList = hs.cert.SignedCertificateTimestampList } diff --git a/src/ssl/test/runner/key_agreement.go b/src/ssl/test/runner/key_agreement.go index f40552d..13e78bc 100644 --- a/src/ssl/test/runner/key_agreement.go +++ b/src/ssl/test/runner/key_agreement.go @@ -5,6 +5,7 @@ package runner import ( + "crypto" "crypto/ecdsa" "crypto/elliptic" "crypto/rsa" @@ -133,7 +134,7 @@ func (ka *rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certif return preMasterSecret, nil } -func (ka *rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { +func (ka *rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, key crypto.PublicKey, skx *serverKeyExchangeMsg) error { return errors.New("tls: unexpected ServerKeyExchange") } @@ -456,7 +457,7 @@ func curveForCurveID(id CurveID, config *Config) (ecdhCurve, bool) { // to authenticate the ServerKeyExchange parameters. type keyAgreementAuthentication interface { signParameters(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg, params []byte) (*serverKeyExchangeMsg, error) - verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, params []byte, sig []byte) error + verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, key crypto.PublicKey, params []byte, sig []byte) error } // nilKeyAgreementAuthentication does not authenticate the key @@ -469,7 +470,7 @@ func (ka *nilKeyAgreementAuthentication) signParameters(config *Config, cert *Ce return skx, nil } -func (ka *nilKeyAgreementAuthentication) verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, params []byte, sig []byte) error { +func (ka *nilKeyAgreementAuthentication) verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, key crypto.PublicKey, params []byte, sig []byte) error { return nil } @@ -529,9 +530,8 @@ func (ka *signedKeyAgreement) signParameters(config *Config, cert *Certificate, return skx, nil } -func (ka *signedKeyAgreement) verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, params []byte, sig []byte) error { +func (ka *signedKeyAgreement) verifyParameters(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, publicKey crypto.PublicKey, params []byte, sig []byte) error { // The peer's key must match the cipher type. - publicKey := getCertificatePublicKey(cert) switch ka.keyType { case keyTypeECDSA: _, edsaOk := publicKey.(*ecdsa.PublicKey) @@ -646,7 +646,7 @@ func (ka *ecdheKeyAgreement) processClientKeyExchange(config *Config, cert *Cert return ka.curve.finish(ckx.ciphertext[1:]) } -func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { +func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, key crypto.PublicKey, skx *serverKeyExchangeMsg) error { if len(skx.key) < 4 { return errServerKeyExchange } @@ -671,7 +671,7 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell // Check the signature. serverECDHParams := skx.key[:4+publicLen] sig := skx.key[4+publicLen:] - return ka.auth.verifyParameters(config, clientHello, serverHello, cert, serverECDHParams, sig) + return ka.auth.verifyParameters(config, clientHello, serverHello, key, serverECDHParams, sig) } func (ka *ecdheKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { @@ -722,7 +722,7 @@ func (ka *nilKeyAgreement) processClientKeyExchange(config *Config, cert *Certif return nil, nil } -func (ka *nilKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { +func (ka *nilKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, key crypto.PublicKey, skx *serverKeyExchangeMsg) error { if len(skx.key) != 0 { return errServerKeyExchange } @@ -820,7 +820,7 @@ func (ka *pskKeyAgreement) processClientKeyExchange(config *Config, cert *Certif return makePSKPremaster(otherSecret, config.PreSharedKey), nil } -func (ka *pskKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { +func (ka *pskKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, key crypto.PublicKey, skx *serverKeyExchangeMsg) error { if len(skx.key) < 2 { return errServerKeyExchange } @@ -833,7 +833,7 @@ func (ka *pskKeyAgreement) processServerKeyExchange(config *Config, clientHello // Process the remainder of the ServerKeyExchange. newSkx := new(serverKeyExchangeMsg) newSkx.key = skx.key[2+identityLen:] - return ka.base.processServerKeyExchange(config, clientHello, serverHello, cert, newSkx) + return ka.base.processServerKeyExchange(config, clientHello, serverHello, key, newSkx) } func (ka *pskKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go index b5cc0a7..8461bd8 100644 --- a/src/ssl/test/runner/runner.go +++ b/src/ssl/test/runner/runner.go @@ -16,9 +16,11 @@ package runner import ( "bytes" + "crypto" "crypto/ecdsa" "crypto/elliptic" "crypto/rand" + "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/base64" @@ -246,6 +248,143 @@ func initCertificates() { garbageCertificate.PrivateKey = rsaCertificate.PrivateKey } +// delegatedCredentialConfig specifies the shape of a delegated credential, not +// including the keys themselves. +type delegatedCredentialConfig struct { + // lifetime is the amount of time, from the notBefore of the parent + // certificate, that the delegated credential is valid for. If zero, then 24 + // hours is assumed. + lifetime time.Duration + // expectedAlgo is the signature scheme that should be used with this + // delegated credential. If zero, ECDSA with P-256 is assumed. + expectedAlgo signatureAlgorithm + // tlsVersion is the version of TLS that should be used with this delegated + // credential. If zero, TLS 1.3 is assumed. + tlsVersion uint16 + // algo is the signature algorithm that the delegated credential itself is + // signed with. Cannot be zero. + algo signatureAlgorithm +} + +func loadRSAPrivateKey(filename string) (priv *rsa.PrivateKey, privPKCS8 []byte, err error) { + pemPath := path.Join(*resourceDir, filename) + pemBytes, err := ioutil.ReadFile(pemPath) + if err != nil { + return nil, nil, err + } + + block, _ := pem.Decode(pemBytes) + if block == nil { + return nil, nil, fmt.Errorf("no PEM block found in %q", pemPath) + } + privPKCS8 = block.Bytes + + parsed, err := x509.ParsePKCS8PrivateKey(privPKCS8) + if err != nil { + return nil, nil, fmt.Errorf("failed to parse PKCS#8 key from %q", pemPath) + } + + priv, ok := parsed.(*rsa.PrivateKey) + if !ok { + return nil, nil, fmt.Errorf("found %T in %q rather than an RSA private key", parsed, pemPath) + } + + return priv, privPKCS8, nil +} + +func createDelegatedCredential(config delegatedCredentialConfig, parentDER []byte, parentPriv crypto.PrivateKey) (dc, privPKCS8 []uint8, err error) { + expectedAlgo := config.expectedAlgo + if expectedAlgo == signatureAlgorithm(0) { + expectedAlgo = signatureECDSAWithP256AndSHA256 + } + + var pub crypto.PublicKey + + switch expectedAlgo { + case signatureRSAPKCS1WithMD5, signatureRSAPKCS1WithSHA1, signatureRSAPKCS1WithSHA256, signatureRSAPKCS1WithSHA384, signatureRSAPKCS1WithSHA512, signatureRSAPSSWithSHA256, signatureRSAPSSWithSHA384, signatureRSAPSSWithSHA512: + // RSA keys are expensive to generate so load from disk instead. + var priv *rsa.PrivateKey + if priv, privPKCS8, err = loadRSAPrivateKey(rsaKeyFile); err != nil { + return nil, nil, err + } + + pub = &priv.PublicKey + + case signatureECDSAWithSHA1, signatureECDSAWithP256AndSHA256, signatureECDSAWithP384AndSHA384, signatureECDSAWithP521AndSHA512: + var curve elliptic.Curve + switch expectedAlgo { + case signatureECDSAWithSHA1, signatureECDSAWithP256AndSHA256: + curve = elliptic.P256() + case signatureECDSAWithP384AndSHA384: + curve = elliptic.P384() + case signatureECDSAWithP521AndSHA512: + curve = elliptic.P521() + default: + panic("internal error") + } + + priv, err := ecdsa.GenerateKey(curve, rand.Reader) + if err != nil { + return nil, nil, err + } + + if privPKCS8, err = x509.MarshalPKCS8PrivateKey(priv); err != nil { + return nil, nil, err + } + + pub = &priv.PublicKey + + default: + return nil, nil, fmt.Errorf("unsupported expected signature algorithm: %x", expectedAlgo) + } + + lifetime := config.lifetime + if lifetime == 0 { + lifetime = 24 * time.Hour + } + lifetimeSecs := int64(lifetime.Seconds()) + if lifetimeSecs > 1<<32 { + return nil, nil, fmt.Errorf("lifetime %s is too long to be expressed", lifetime) + } + tlsVersion := config.tlsVersion + if tlsVersion == 0 { + tlsVersion = VersionTLS13 + } + + if tlsVersion < VersionTLS13 { + return nil, nil, fmt.Errorf("delegated credentials require TLS 1.3") + } + + // https://tools.ietf.org/html/draft-ietf-tls-subcerts-03#section-3 + dc = append(dc, byte(lifetimeSecs>>24), byte(lifetimeSecs>>16), byte(lifetimeSecs>>8), byte(lifetimeSecs)) + dc = append(dc, byte(expectedAlgo>>8), byte(expectedAlgo)) + + pubBytes, err := x509.MarshalPKIXPublicKey(pub) + if err != nil { + return nil, nil, err + } + + dc = append(dc, byte(len(pubBytes)>>16), byte(len(pubBytes)>>8), byte(len(pubBytes))) + dc = append(dc, pubBytes...) + + var dummyConfig Config + parentSigner, err := getSigner(tlsVersion, parentPriv, &dummyConfig, config.algo, false /* not for verification */) + if err != nil { + return nil, nil, err + } + + parentSignature, err := parentSigner.signMessage(parentPriv, &dummyConfig, delegatedCredentialSignedMessage(dc, config.algo, parentDER)) + if err != nil { + return nil, nil, err + } + + dc = append(dc, byte(config.algo>>8), byte(config.algo)) + dc = append(dc, byte(len(parentSignature)>>8), byte(len(parentSignature))) + dc = append(dc, parentSignature...) + + return dc, privPKCS8, nil +} + func getRunnerCertificate(t testCert) Certificate { for _, cert := range testCerts { if cert.id == t { @@ -473,6 +612,11 @@ type testCase struct { sendKeyUpdates int // keyUpdateRequest is the KeyUpdateRequest value to send in KeyUpdate messages. keyUpdateRequest byte + // expectUnsolicitedKeyUpdate makes the test expect a one or more KeyUpdate + // messages while reading data from the shim. Don't use this in combination + // with any of the fields that send a KeyUpdate otherwise any received + // KeyUpdate might not be as unsolicited as expected. + expectUnsolicitedKeyUpdate bool // expectMessageDropped, if true, means the test message is expected to // be dropped by the client rather than echoed back. expectMessageDropped bool @@ -484,10 +628,6 @@ type testCase struct { // resumeShimPrefix is the prefix that the shim will send to the server on a // resumption. resumeShimPrefix string - // tls13Variant, if non-zero, causes both runner and shim to be - // configured with the specified TLS 1.3 variant. This is a convenience - // option for configuring both concurrently. - tls13Variant int // expectedQUICTransportParams contains the QUIC transport // parameters that are expected to be sent by the peer. expectedQUICTransportParams []byte @@ -567,9 +707,6 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr if *deterministic { config.Time = func() time.Time { return time.Unix(1234, 1234) } } - if test.tls13Variant != 0 { - config.TLS13Variant = test.tls13Variant - } conn = &timeoutConn{conn, *idleTimeout} @@ -951,6 +1088,10 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr return fmt.Errorf("bad reply contents at byte %d; got %q and wanted %q", i, buf, testMessage) } } + + if seen := tlsConn.keyUpdateSeen; seen != test.expectUnsolicitedKeyUpdate { + return fmt.Errorf("keyUpdateSeen (%t) != expectUnsolicitedKeyUpdate", seen) + } } return nil @@ -1063,20 +1204,6 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error { if test.config.MaxVersion == 0 && test.config.MinVersion == 0 && test.expectedVersion == 0 { panic(fmt.Sprintf("The name of test %q suggests that it's version specific, but min/max version in the Config is %x/%x. One of them should probably be %x", test.name, test.config.MinVersion, test.config.MaxVersion, ver.version)) } - - if ver.tls13Variant != 0 { - var foundFlag bool - for _, flag := range test.flags { - if flag == "-tls13-variant" { - foundFlag = true - break - } - } - if !foundFlag && test.config.TLS13Variant != ver.tls13Variant && test.tls13Variant != ver.tls13Variant { - panic(fmt.Sprintf("The name of test %q suggests that uses an experimental TLS 1.3 variant, but neither the shim nor the runner configures it", test.name)) - } - } - } listener, err := net.ListenTCP("tcp", &net.TCPAddr{IP: net.IPv6loopback}) @@ -1165,10 +1292,6 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error { flags = append(flags, "-tls-unique") } - if test.tls13Variant != 0 { - flags = append(flags, "-tls13-variant", strconv.Itoa(test.tls13Variant)) - } - flags = append(flags, "-handshaker-path", *handshakerPath) var transcriptPrefix string @@ -1376,8 +1499,7 @@ type tlsVersion struct { // versionWire, if non-zero, is the wire representation of the // version. Otherwise the wire version is the protocol version or // versionDTLS. - versionWire uint16 - tls13Variant int + versionWire uint16 } func (vers tlsVersion) shimFlag(protocol protocol) string { @@ -1420,25 +1542,10 @@ var tlsVersions = []tlsVersion{ versionDTLS: VersionDTLS12, }, { - name: "TLS13", - version: VersionTLS13, - excludeFlag: "-no-tls13", - versionWire: VersionTLS13, - tls13Variant: TLS13RFC, - }, - { - name: "TLS13Draft23", - version: VersionTLS13, - excludeFlag: "-no-tls13", - versionWire: tls13Draft23Version, - tls13Variant: TLS13Draft23, - }, - { - name: "TLS13Draft28", - version: VersionTLS13, - excludeFlag: "-no-tls13", - versionWire: tls13Draft28Version, - tls13Variant: TLS13Draft28, + name: "TLS13", + version: VersionTLS13, + excludeFlag: "-no-tls13", + versionWire: VersionTLS13, }, } @@ -1456,23 +1563,6 @@ func allVersions(protocol protocol) []tlsVersion { return ret } -func allShimVersions(protocol protocol) []tlsVersion { - if protocol == dtls { - return allVersions(protocol) - } - tls13Default := tlsVersion{ - name: "TLS13All", - version: VersionTLS13, - excludeFlag: "-no-tls13", - versionWire: 0, - tls13Variant: TLS13All, - } - - var shimVersions []tlsVersion - shimVersions = append(shimVersions, allVersions(protocol)...) - return append(shimVersions, tls13Default) -} - type testCipherSuite struct { name string id uint16 @@ -2826,7 +2916,7 @@ read alert 1 0 expectedError: ":WRONG_VERSION_NUMBER:", }, { - name: "KeyUpdate-Client", + name: "KeyUpdate-ToClient", config: Config{ MaxVersion: VersionTLS13, }, @@ -2835,13 +2925,30 @@ read alert 1 0 }, { testType: serverTest, - name: "KeyUpdate-Server", + name: "KeyUpdate-ToServer", config: Config{ MaxVersion: VersionTLS13, }, sendKeyUpdates: 1, keyUpdateRequest: keyUpdateNotRequested, }, + { + name: "KeyUpdate-FromClient", + config: Config{ + MaxVersion: VersionTLS13, + }, + expectUnsolicitedKeyUpdate: true, + flags: []string{"-key-update"}, + }, + { + testType: serverTest, + name: "KeyUpdate-FromServer", + config: Config{ + MaxVersion: VersionTLS13, + }, + expectUnsolicitedKeyUpdate: true, + flags: []string{"-key-update"}, + }, { name: "KeyUpdate-InvalidRequestMode", config: Config{ @@ -2959,20 +3066,19 @@ read alert 1 0 }, { testType: clientTest, - name: "TLS13Draft23-InvalidCompressionMethod", + name: "TLS13-InvalidCompressionMethod", config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ SendCompressionMethod: 1, }, }, - tls13Variant: TLS13Draft23, shouldFail: true, expectedError: ":DECODE_ERROR:", }, { testType: clientTest, - name: "TLS13Draft23-HRR-InvalidCompressionMethod", + name: "TLS13-HRR-InvalidCompressionMethod", config: Config{ MaxVersion: VersionTLS13, CurvePreferences: []CurveID{CurveP384}, @@ -2980,7 +3086,6 @@ read alert 1 0 SendCompressionMethod: 1, }, }, - tls13Variant: TLS13Draft23, shouldFail: true, expectedError: ":DECODE_ERROR:", expectedLocalError: "remote error: error decoding message", @@ -3069,8 +3174,7 @@ read alert 1 0 ExpectPackedEncryptedHandshake: 512, }, }, - tls13Variant: TLS13Draft28, - messageLen: 1024, + messageLen: 1024, flags: []string{ "-max-send-fragment", "512", "-read-size", "1024", @@ -3098,30 +3202,15 @@ read alert 1 0 expectedLocalError: "local error: record overflow", }, { - // Test that handshake data is not packed in TLS 1.3 - // draft-23. - testType: serverTest, - name: "ForbidHandshakePacking-TLS13Draft23", - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - ForbidHandshakePacking: true, - }, - }, - tls13Variant: TLS13Draft23, - }, - { - // Test that handshake data is tightly packed in TLS 1.3 - // draft-28. + // Test that handshake data is tightly packed in TLS 1.3. testType: serverTest, - name: "PackedEncryptedHandshake-TLS13Draft28", + name: "PackedEncryptedHandshake-TLS13", config: Config{ MaxVersion: VersionTLS13, Bugs: ProtocolBugs{ ExpectPackedEncryptedHandshake: 16384, }, }, - tls13Variant: TLS13Draft28, }, { // Test that DTLS can handle multiple application data @@ -3280,7 +3369,6 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto AdvertiseAllConfiguredCiphers: true, }, }, - tls13Variant: ver.tls13Variant, certFile: certFile, keyFile: keyFile, flags: flags, @@ -3306,7 +3394,6 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto SendCipherSuite: sendCipherSuite, }, }, - tls13Variant: ver.tls13Variant, flags: flags, resumeSession: true, shouldFail: shouldFail, @@ -3330,9 +3417,8 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto PreSharedKey: []byte(psk), PreSharedKeyIdentity: pskIdentity, }, - tls13Variant: ver.tls13Variant, - flags: flags, - messageLen: maxPlaintext, + flags: flags, + messageLen: maxPlaintext, }) // Test bad records for all ciphers. Bad records are fatal in TLS @@ -3354,7 +3440,6 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto PreSharedKey: []byte(psk), PreSharedKeyIdentity: pskIdentity, }, - tls13Variant: ver.tls13Variant, flags: flags, damageFirstWrite: true, messageLen: maxPlaintext, @@ -3828,7 +3913,6 @@ func addClientAuthTests() { ClientAuth: RequireAnyClientCert, ClientCAs: certPool, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), @@ -3842,8 +3926,7 @@ func addClientAuthTests() { MaxVersion: ver.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: ver.tls13Variant, - flags: []string{"-require-any-client-certificate"}, + flags: []string{"-require-any-client-certificate"}, }) testCases = append(testCases, testCase{ testType: serverTest, @@ -3853,8 +3936,7 @@ func addClientAuthTests() { MaxVersion: ver.version, Certificates: []Certificate{ecdsaP256Certificate}, }, - tls13Variant: ver.tls13Variant, - flags: []string{"-require-any-client-certificate"}, + flags: []string{"-require-any-client-certificate"}, }) testCases = append(testCases, testCase{ testType: clientTest, @@ -3865,7 +3947,6 @@ func addClientAuthTests() { ClientAuth: RequireAnyClientCert, ClientCAs: certPool, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile), "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile), @@ -3879,7 +3960,6 @@ func addClientAuthTests() { MaxVersion: ver.version, ClientAuth: RequireAnyClientCert, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "client didn't provide a certificate", }) @@ -3893,7 +3973,6 @@ func addClientAuthTests() { MinVersion: ver.version, MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-expect-verify-result", }, @@ -3909,7 +3988,6 @@ func addClientAuthTests() { MinVersion: ver.version, MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-expect-verify-result", "-verify-peer", @@ -3931,7 +4009,6 @@ func addClientAuthTests() { MaxVersion: ver.version, }, flags: []string{"-require-any-client-certificate"}, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:", expectedLocalError: certificateRequired, @@ -3949,7 +4026,6 @@ func addClientAuthTests() { }, // Setting SSL_VERIFY_PEER allows anonymous clients. flags: []string{"-verify-peer"}, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":UNEXPECTED_MESSAGE:", }) @@ -3965,7 +4041,6 @@ func addClientAuthTests() { "-enable-channel-id", "-verify-peer-if-no-obc", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:", expectedLocalError: certificateRequired, @@ -3980,7 +4055,6 @@ func addClientAuthTests() { ChannelID: channelIDKey, }, expectChannelID: true, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-channel-id", "-verify-peer-if-no-obc", @@ -3998,7 +4072,6 @@ func addClientAuthTests() { ExpectCertificateReqNames: caNames, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-require-any-client-certificate", "-use-client-ca-list", encodeDERValues(caNames), @@ -4015,7 +4088,6 @@ func addClientAuthTests() { ClientAuth: RequireAnyClientCert, ClientCAs: certPool, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), @@ -4081,7 +4153,7 @@ func addClientAuthTests() { // Test that an empty client CA list doesn't send a CA extension. testCases = append(testCases, testCase{ testType: serverTest, - name: "TLS13Draft23-Empty-Client-CA-List", + name: "TLS13-Empty-Client-CA-List", config: Config{ MaxVersion: VersionTLS13, Certificates: []Certificate{rsaCertificate}, @@ -4089,7 +4161,6 @@ func addClientAuthTests() { ExpectNoCertificateAuthoritiesExtension: true, }, }, - tls13Variant: TLS13Draft23, flags: []string{ "-require-any-client-certificate", "-use-client-ca-list", "", @@ -4134,8 +4205,7 @@ func addExtendedMasterSecretTests() { RequireExtendedMasterSecret: with, }, }, - tls13Variant: ver.tls13Variant, - flags: flags, + flags: flags, }) } } @@ -4441,37 +4511,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { resumeSession: true, }) - tests = append(tests, testCase{ - name: "TLS13Draft23-HelloRetryRequest-Client", - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - // P-384 requires a HelloRetryRequest against BoringSSL's default - // configuration. Assert this with ExpectMissingKeyShare. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - ExpectMissingKeyShare: true, - }, - }, - tls13Variant: TLS13Draft23, - // Cover HelloRetryRequest during an ECDHE-PSK resumption. - resumeSession: true, - }) - - tests = append(tests, testCase{ - testType: serverTest, - name: "TLS13Draft23-HelloRetryRequest-Server", - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - // Require a HelloRetryRequest for every curve. - DefaultCurves: []CurveID{}, - }, - tls13Variant: TLS13Draft23, - // Cover HelloRetryRequest during an ECDHE-PSK resumption. - resumeSession: true, - }) - tests = append(tests, testCase{ testType: clientTest, name: "TLS13-EarlyData-TooMuchData-Client", @@ -4829,7 +4868,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-ocsp-stapling", "-expect-ocsp-response", @@ -4844,7 +4882,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, expectedOCSPResponse: testOCSPResponse, flags: []string{ "-ocsp-response", @@ -4862,7 +4899,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-ocsp-stapling", "-use-ocsp-callback", @@ -4881,7 +4917,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-ocsp-stapling", "-use-ocsp-callback", @@ -4902,7 +4937,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{certNoStaple}, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-ocsp-stapling", "-use-ocsp-callback", @@ -4921,7 +4955,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, expectedOCSPResponse: testOCSPResponse, flags: []string{ "-use-ocsp-callback", @@ -4941,7 +4974,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, expectedOCSPResponse: []byte{}, flags: []string{ "-use-ocsp-callback", @@ -4959,7 +4991,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-use-ocsp-callback", "-fail-ocsp-callback", @@ -5002,7 +5033,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: append([]string{"-expect-verify-result"}, flags...), resumeSession: true, }) @@ -5013,7 +5043,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: append([]string{"-verify-fail"}, flags...), shouldFail: true, expectedError: ":CERTIFICATE_VERIFY_FAILED:", @@ -5026,7 +5055,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: append([]string{"-on-resume-verify-fail"}, flags...), resumeSession: true, }) @@ -5038,7 +5066,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: append([]string{ "-on-resume-verify-fail", "-reverify-on-resume", @@ -5054,7 +5081,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: append([]string{ "-reverify-on-resume", }, flags...), @@ -5073,7 +5099,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxEarlyDataSize: 16384, SessionTicketsDisabled: true, }, - tls13Variant: vers.tls13Variant, resumeSession: true, expectResumeRejected: true, flags: append([]string{ @@ -5100,7 +5125,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { AlwaysRejectEarlyData: true, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, expectResumeRejected: false, flags: append([]string{ @@ -5123,7 +5147,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxEarlyDataSize: 16384, SessionTicketsDisabled: true, }, - tls13Variant: vers.tls13Variant, resumeSession: true, expectResumeRejected: true, shouldFail: true, @@ -5153,7 +5176,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { AlwaysRejectEarlyData: true, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, expectResumeRejected: false, shouldFail: true, @@ -5182,7 +5204,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { ExpectEarlyData: [][]byte{[]byte("hello")}, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, expectResumeRejected: false, flags: append([]string{ @@ -5206,7 +5227,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { ExpectEarlyData: [][]byte{[]byte("hello")}, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, shouldFail: true, expectedError: ":CERTIFICATE_VERIFY_FAILED:", @@ -5232,7 +5252,6 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) { MaxVersion: vers.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: vers.tls13Variant, flags: []string{ "-verify-fail", "-expect-verify-result", @@ -5404,7 +5423,6 @@ read alert 1 0 MaxVersion: ver.version, RequestChannelID: true, }, - tls13Variant: ver.tls13Variant, flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)}, resumeSession: true, expectChannelID: true, @@ -5418,7 +5436,6 @@ read alert 1 0 MaxVersion: ver.version, ChannelID: channelIDKey, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-expect-channel-id", base64.StdEncoding.EncodeToString(channelIDBytes), @@ -5437,7 +5454,6 @@ read alert 1 0 InvalidChannelIDSignature: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{"-enable-channel-id"}, shouldFail: true, expectedError: ":CHANNEL_ID_SIGNATURE_INVALID:", @@ -5759,7 +5775,7 @@ func addDDoSCallbackTests() { func addVersionNegotiationTests() { for _, protocol := range []protocol{tls, dtls} { - for _, shimVers := range allShimVersions(protocol) { + for _, shimVers := range allVersions(protocol) { // Assemble flags to disable all newer versions on the shim. var flags []string for _, vers := range allVersions(protocol) { @@ -5770,11 +5786,6 @@ func addVersionNegotiationTests() { flags2 := []string{"-max-version", shimVers.shimFlag(protocol)} - if shimVers.tls13Variant != 0 { - flags = append(flags, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant)) - flags2 = append(flags2, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant)) - } - // Test configuring the runner's maximum version. for _, runnerVers := range allVersions(protocol) { expectedVersion := shimVers.version @@ -5782,12 +5793,6 @@ func addVersionNegotiationTests() { expectedVersion = runnerVers.version } - if expectedVersion == VersionTLS13 && runnerVers.tls13Variant != shimVers.tls13Variant { - if shimVers.tls13Variant != TLS13All { - expectedVersion = VersionTLS12 - } - } - suffix := shimVers.name + "-" + runnerVers.name if protocol == dtls { suffix += "-DTLS" @@ -5810,8 +5815,7 @@ func addVersionNegotiationTests() { testType: clientTest, name: "VersionNegotiation-Client-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ ExpectInitialRecordVersion: clientVers, }, @@ -5824,8 +5828,7 @@ func addVersionNegotiationTests() { testType: clientTest, name: "VersionNegotiation-Client2-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ ExpectInitialRecordVersion: clientVers, }, @@ -5839,8 +5842,7 @@ func addVersionNegotiationTests() { testType: serverTest, name: "VersionNegotiation-Server-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ ExpectInitialRecordVersion: serverVers, }, @@ -5853,8 +5855,7 @@ func addVersionNegotiationTests() { testType: serverTest, name: "VersionNegotiation-Server2-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ ExpectInitialRecordVersion: serverVers, }, @@ -5883,14 +5884,12 @@ func addVersionNegotiationTests() { testType: serverTest, name: "VersionNegotiationExtension-" + suffix, config: Config{ - TLS13Variant: vers.tls13Variant, Bugs: ProtocolBugs{ SendSupportedVersions: []uint16{0x1111, vers.wire(protocol), 0x2222}, IgnoreTLS13DowngradeRandom: true, }, }, expectedVersion: vers.version, - flags: []string{"-tls13-variant", strconv.Itoa(vers.tls13Variant)}, }) } } @@ -6114,7 +6113,6 @@ func addVersionNegotiationTests() { NegotiateVersion: test.version, }, }, - tls13Variant: TLS13RFC, expectedVersion: test.version, shouldFail: true, expectedError: ":TLS13_DOWNGRADE:", @@ -6130,7 +6128,6 @@ func addVersionNegotiationTests() { NegotiateVersion: test.version, }, }, - tls13Variant: TLS13RFC, expectedVersion: test.version, flags: []string{ "-ignore-tls13-downgrade", @@ -6147,37 +6144,12 @@ func addVersionNegotiationTests() { SendSupportedVersions: []uint16{test.version}, }, }, - tls13Variant: TLS13RFC, expectedVersion: test.version, shouldFail: true, expectedLocalError: test.clientShimError, }) } - // Test that the draft TLS 1.3 variants don't trigger the downgrade logic. - testCases = append(testCases, testCase{ - name: "Downgrade-Draft-Client", - config: Config{ - Bugs: ProtocolBugs{ - NegotiateVersion: VersionTLS12, - SendTLS13DowngradeRandom: true, - }, - }, - tls13Variant: TLS13Draft28, - expectedVersion: VersionTLS12, - }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "Downgrade-Draft-Server", - config: Config{ - Bugs: ProtocolBugs{ - CheckTLS13DowngradeRandom: true, - }, - }, - tls13Variant: TLS13Draft28, - expectedVersion: VersionTLS13, - }) - // Test that False Start is disabled when the downgrade logic triggers. testCases = append(testCases, testCase{ name: "Downgrade-FalseStart", @@ -6189,7 +6161,6 @@ func addVersionNegotiationTests() { AlertBeforeFalseStartTest: alertAccessDenied, }, }, - tls13Variant: TLS13RFC, expectedVersion: VersionTLS12, flags: []string{ "-false-start", @@ -6202,29 +6173,6 @@ func addVersionNegotiationTests() { expectedLocalError: "tls: peer did not false start: EOF", }) - // Test that draft TLS 1.3 versions do not trigger disabling False Start. - testCases = append(testCases, testCase{ - name: "Downgrade-FalseStart-Draft", - config: Config{ - MaxVersion: VersionTLS13, - TLS13Variant: TLS13RFC, - NextProtos: []string{"foo"}, - Bugs: ProtocolBugs{ - ExpectFalseStart: true, - }, - }, - expectedVersion: VersionTLS12, - flags: []string{ - "-false-start", - "-advertise-alpn", "\x03foo", - "-expect-alpn", "foo", - "-ignore-tls13-downgrade", - "-tls13-variant", strconv.Itoa(TLS13Draft28), - "-max-version", strconv.Itoa(VersionTLS13), - }, - shimWritesFirst: true, - }) - // SSL 3.0 support has been removed. Test that the shim does not // support it. testCases = append(testCases, testCase{ @@ -6279,22 +6227,7 @@ func addMinimumVersionTests() { flags2 := []string{"-min-version", shimVers.shimFlag(protocol)} - if shimVers.tls13Variant != 0 { - flags = append(flags, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant)) - flags2 = append(flags2, "-tls13-variant", strconv.Itoa(shimVers.tls13Variant)) - } - for _, runnerVers := range allVersions(protocol) { - // Different TLS 1.3 variants are incompatible with each other and don't - // produce consistent minimum versions. - // - // TODO(davidben): Fold these tests (the main value is in the - // NegotiateVersion bug) into addVersionNegotiationTests and test based - // on intended shim behavior, not the shim + runner combination. - if shimVers.tls13Variant != runnerVers.tls13Variant { - continue - } - suffix := shimVers.name + "-" + runnerVers.name if protocol == dtls { suffix += "-DTLS" @@ -6316,8 +6249,7 @@ func addMinimumVersionTests() { testType: clientTest, name: "MinimumVersion-Client-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ // Ensure the server does not decline to // select a version (versions extension) or @@ -6337,8 +6269,7 @@ func addMinimumVersionTests() { testType: clientTest, name: "MinimumVersion-Client2-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, Bugs: ProtocolBugs{ // Ensure the server does not decline to // select a version (versions extension) or @@ -6359,8 +6290,7 @@ func addMinimumVersionTests() { testType: serverTest, name: "MinimumVersion-Server-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, }, flags: flags, expectedVersion: expectedVersion, @@ -6373,8 +6303,7 @@ func addMinimumVersionTests() { testType: serverTest, name: "MinimumVersion-Server2-" + suffix, config: Config{ - MaxVersion: runnerVers.version, - TLS13Variant: runnerVers.tls13Variant, + MaxVersion: runnerVers.version, }, flags: flags2, expectedVersion: expectedVersion, @@ -6404,7 +6333,6 @@ func addExtensionTests() { DuplicateExtension: true, }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "remote error: error decoding message", }) @@ -6417,7 +6345,6 @@ func addExtensionTests() { DuplicateExtension: true, }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "remote error: error decoding message", }) @@ -6432,8 +6359,7 @@ func addExtensionTests() { ExpectServerName: "example.com", }, }, - tls13Variant: ver.tls13Variant, - flags: []string{"-host-name", "example.com"}, + flags: []string{"-host-name", "example.com"}, }) testCases = append(testCases, testCase{ testType: clientTest, @@ -6445,7 +6371,6 @@ func addExtensionTests() { }, }, flags: []string{"-host-name", "example.com"}, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "tls: unexpected server name", }) @@ -6458,7 +6383,6 @@ func addExtensionTests() { ExpectServerName: "missing.com", }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "tls: unexpected server name", }) @@ -6471,7 +6395,6 @@ func addExtensionTests() { SendServerNameAck: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{"-host-name", "example.com"}, resumeSession: true, }) @@ -6484,7 +6407,6 @@ func addExtensionTests() { SendServerNameAck: true, }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":UNEXPECTED_EXTENSION:", expectedLocalError: "remote error: unsupported extension", @@ -6496,7 +6418,6 @@ func addExtensionTests() { MaxVersion: ver.version, ServerName: "example.com", }, - tls13Variant: ver.tls13Variant, flags: []string{"-expect-server-name", "example.com"}, resumeSession: true, }) @@ -6513,7 +6434,6 @@ func addExtensionTests() { "-advertise-alpn", "\x03foo\x03bar\x03baz", "-expect-alpn", "foo", }, - tls13Variant: ver.tls13Variant, expectedNextProto: "foo", expectedNextProtoType: alpn, resumeSession: true, @@ -6530,7 +6450,6 @@ func addExtensionTests() { flags: []string{ "-advertise-alpn", "\x03foo\x03bar", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":INVALID_ALPN_PROTOCOL:", expectedLocalError: "remote error: illegal parameter", @@ -6549,7 +6468,6 @@ func addExtensionTests() { "-allow-unknown-alpn-protos", "-expect-alpn", "baz", }, - tls13Variant: ver.tls13Variant, }) testCases = append(testCases, testCase{ testType: serverTest, @@ -6562,7 +6480,6 @@ func addExtensionTests() { "-expect-advertised-alpn", "\x03foo\x03bar\x03baz", "-select-alpn", "foo", }, - tls13Variant: ver.tls13Variant, expectedNextProto: "foo", expectedNextProtoType: alpn, resumeSession: true, @@ -6575,7 +6492,6 @@ func addExtensionTests() { NextProtos: []string{"foo", "bar", "baz"}, }, flags: []string{"-decline-alpn"}, - tls13Variant: ver.tls13Variant, expectNoNextProto: true, resumeSession: true, }) @@ -6592,7 +6508,6 @@ func addExtensionTests() { "-expect-advertised-alpn", "\x03foo\x03bar\x03baz", "-select-empty-alpn", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedLocalError: "remote error: internal error", expectedError: ":INVALID_ALPN_PROTOCOL:", @@ -6614,7 +6529,6 @@ func addExtensionTests() { "-select-alpn", "foo", "-async", }, - tls13Variant: ver.tls13Variant, expectedNextProto: "foo", expectedNextProtoType: alpn, resumeSession: true, @@ -6636,7 +6550,6 @@ func addExtensionTests() { flags: []string{ "-advertise-alpn", "\x03foo", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":PARSE_TLSEXT:", }) @@ -6652,7 +6565,6 @@ func addExtensionTests() { flags: []string{ "-select-alpn", "foo", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":PARSE_TLSEXT:", }) @@ -6672,7 +6584,6 @@ func addExtensionTests() { "-select-alpn", "foo", "-advertise-npn", "\x03foo\x03bar\x03baz", }, - tls13Variant: ver.tls13Variant, expectedNextProto: "foo", expectedNextProtoType: alpn, resumeSession: true, @@ -6692,7 +6603,6 @@ func addExtensionTests() { "-select-alpn", "foo", "-advertise-npn", "\x03foo\x03bar\x03baz", }, - tls13Variant: ver.tls13Variant, expectedNextProto: "foo", expectedNextProtoType: alpn, resumeSession: true, @@ -6712,7 +6622,6 @@ func addExtensionTests() { "-advertise-alpn", "\x03foo", "-select-next-proto", "foo", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:", }) @@ -6730,7 +6639,6 @@ func addExtensionTests() { "-advertise-alpn", "\x03foo", "-select-next-proto", "foo", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:", }) @@ -6752,7 +6660,6 @@ func addExtensionTests() { }, expectTokenBinding: true, expectedTokenBindingParam: 2, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6770,7 +6677,6 @@ func addExtensionTests() { TokenBindingParams: []byte{3}, TokenBindingVersion: maxTokenBindingVersion, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6786,7 +6692,6 @@ func addExtensionTests() { TokenBindingParams: []byte{0, 1, 2}, TokenBindingVersion: minTokenBindingVersion - 1, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6804,7 +6709,6 @@ func addExtensionTests() { }, expectTokenBinding: true, expectedTokenBindingParam: 2, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6822,7 +6726,6 @@ func addExtensionTests() { TokenBindingParams: []byte{}, TokenBindingVersion: maxTokenBindingVersion, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6842,7 +6745,6 @@ func addExtensionTests() { }, expectTokenBinding: true, expectedTokenBindingParam: 2, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -6861,7 +6763,6 @@ func addExtensionTests() { TokenBindingVersion: maxTokenBindingVersion, ExpectTokenBindingParams: []byte{0, 1, 2}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{0, 1, 2}), @@ -6879,7 +6780,6 @@ func addExtensionTests() { TokenBindingParams: []byte{2}, TokenBindingVersion: maxTokenBindingVersion, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":UNEXPECTED_EXTENSION:", }) @@ -6900,7 +6800,6 @@ func addExtensionTests() { "-expected-token-binding-param", "2", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":ERROR_PARSING_EXTENSION:", }) @@ -6921,7 +6820,6 @@ func addExtensionTests() { "-expected-token-binding-param", "2", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":ERROR_PARSING_EXTENSION:", }) @@ -6942,7 +6840,6 @@ func addExtensionTests() { "-expected-token-binding-param", "2", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":ERROR_PARSING_EXTENSION:", }) @@ -6961,7 +6858,6 @@ func addExtensionTests() { "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{0, 1, 2}), }, - tls13Variant: ver.tls13Variant, }) testCases = append(testCases, testCase{ testType: clientTest, @@ -6980,7 +6876,6 @@ func addExtensionTests() { "-expected-token-binding-param", "2", }, - tls13Variant: ver.tls13Variant, }) testCases = append(testCases, testCase{ testType: clientTest, @@ -6997,7 +6892,6 @@ func addExtensionTests() { "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{0, 1, 2}), }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: "ERROR_PARSING_EXTENSION", }) @@ -7016,7 +6910,6 @@ func addExtensionTests() { NoExtendedMasterSecret: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -7037,7 +6930,6 @@ func addExtensionTests() { NoExtendedMasterSecret: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -7059,7 +6951,6 @@ func addExtensionTests() { NoRenegotiationInfo: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -7080,7 +6971,6 @@ func addExtensionTests() { NoRenegotiationInfo: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-token-binding-params", base64.StdEncoding.EncodeToString([]byte{2, 1, 0}), @@ -7101,7 +6991,6 @@ func addExtensionTests() { MaxEarlyDataSize: 16384, }, resumeSession: true, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -7124,7 +7013,6 @@ func addExtensionTests() { resumeSession: true, expectTokenBinding: true, expectedTokenBindingParam: 2, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -7145,7 +7033,6 @@ func addExtensionTests() { MaxVersion: ver.version, QUICTransportParams: []byte{1, 2}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-quic-transport-params", base64.StdEncoding.EncodeToString([]byte{3, 4}), @@ -7163,7 +7050,6 @@ func addExtensionTests() { MaxVersion: ver.version, QUICTransportParams: []byte{1, 2}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-quic-transport-params", base64.StdEncoding.EncodeToString([]byte{3, 4}), @@ -7180,7 +7066,6 @@ func addExtensionTests() { MinVersion: ver.version, MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-max-version", strconv.Itoa(int(ver.version)), @@ -7196,7 +7081,6 @@ func addExtensionTests() { MaxVersion: ver.version, QUICTransportParams: []byte{1, 2}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-quic-transport-params", base64.StdEncoding.EncodeToString([]byte{3, 4}), @@ -7212,7 +7096,6 @@ func addExtensionTests() { MaxVersion: ver.version, QUICTransportParams: []byte{1, 2}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-expected-quic-transport-params", base64.StdEncoding.EncodeToString([]byte{1, 2}), @@ -7249,7 +7132,6 @@ func addExtensionTests() { }, }, }, - tls13Variant: ver.tls13Variant, resumeSession: true, expectResumeRejected: true, }) @@ -7260,7 +7142,6 @@ func addExtensionTests() { config: Config{ MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, resumeSession: true, flags: []string{"-use-ticket-callback"}, }) @@ -7273,7 +7154,6 @@ func addExtensionTests() { ExpectNewTicket: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{"-use-ticket-callback", "-renew-ticket"}, resumeSession: true, }) @@ -7293,7 +7173,6 @@ func addExtensionTests() { }, }, }, - tls13Variant: ver.tls13Variant, resumeSession: true, expectResumeRejected: true, flags: []string{ @@ -7449,7 +7328,6 @@ func addExtensionTests() { "-expect-signed-cert-timestamps", base64.StdEncoding.EncodeToString(testSCTList), }, - tls13Variant: ver.tls13Variant, resumeSession: true, }) @@ -7472,7 +7350,6 @@ func addExtensionTests() { "-expect-signed-cert-timestamps", base64.StdEncoding.EncodeToString(testSCTList), }, - tls13Variant: ver.tls13Variant, resumeSession: true, }) @@ -7486,7 +7363,6 @@ func addExtensionTests() { "-signed-cert-timestamps", base64.StdEncoding.EncodeToString(testSCTList), }, - tls13Variant: ver.tls13Variant, expectedSCTList: testSCTList, resumeSession: true, }) @@ -7505,7 +7381,6 @@ func addExtensionTests() { flags: []string{ "-enable-signed-cert-timestamps", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":ERROR_PARSING_EXTENSION:", }) @@ -7524,7 +7399,6 @@ func addExtensionTests() { flags: []string{ "-enable-signed-cert-timestamps", }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":ERROR_PARSING_EXTENSION:", }) @@ -7540,7 +7414,6 @@ func addExtensionTests() { NoSignedCertificateTimestamps: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-ocsp-response", base64.StdEncoding.EncodeToString(testOCSPResponse), @@ -7809,29 +7682,19 @@ func addResumptionVersionTests() { suffix += "-DTLS" } - // We can't resume across TLS 1.3 variants and error out earlier in the - // session resumption. - if sessionVers.tls13Variant != resumeVers.tls13Variant { - continue - } - if sessionVers.version == resumeVers.version { testCases = append(testCases, testCase{ protocol: protocol, name: "Resume-Client" + suffix, resumeSession: true, config: Config{ - MaxVersion: sessionVers.version, - TLS13Variant: sessionVers.tls13Variant, + MaxVersion: sessionVers.version, Bugs: ProtocolBugs{ ExpectNoTLS13PSK: sessionVers.version < VersionTLS13, }, }, expectedVersion: sessionVers.version, expectedResumeVersion: resumeVers.version, - flags: []string{ - "-tls13-variant", strconv.Itoa(sessionVers.tls13Variant), - }, }) } else { testCases = append(testCases, testCase{ @@ -7839,13 +7702,11 @@ func addResumptionVersionTests() { name: "Resume-Client-Mismatch" + suffix, resumeSession: true, config: Config{ - MaxVersion: sessionVers.version, - TLS13Variant: sessionVers.tls13Variant, + MaxVersion: sessionVers.version, }, expectedVersion: sessionVers.version, resumeConfig: &Config{ - MaxVersion: resumeVers.version, - TLS13Variant: resumeVers.tls13Variant, + MaxVersion: resumeVers.version, Bugs: ProtocolBugs{ AcceptAnySession: true, }, @@ -7853,10 +7714,6 @@ func addResumptionVersionTests() { expectedResumeVersion: resumeVers.version, shouldFail: true, expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:", - flags: []string{ - "-on-initial-tls13-variant", strconv.Itoa(sessionVers.tls13Variant), - "-on-resume-tls13-variant", strconv.Itoa(resumeVers.tls13Variant), - }, }) } @@ -7865,21 +7722,15 @@ func addResumptionVersionTests() { name: "Resume-Client-NoResume" + suffix, resumeSession: true, config: Config{ - MaxVersion: sessionVers.version, - TLS13Variant: sessionVers.tls13Variant, + MaxVersion: sessionVers.version, }, expectedVersion: sessionVers.version, resumeConfig: &Config{ - MaxVersion: resumeVers.version, - TLS13Variant: resumeVers.tls13Variant, + MaxVersion: resumeVers.version, }, newSessionsOnResume: true, expectResumeRejected: true, expectedResumeVersion: resumeVers.version, - flags: []string{ - "-on-initial-tls13-variant", strconv.Itoa(sessionVers.tls13Variant), - "-on-resume-tls13-variant", strconv.Itoa(resumeVers.tls13Variant), - }, }) testCases = append(testCases, testCase{ @@ -7888,23 +7739,17 @@ func addResumptionVersionTests() { name: "Resume-Server" + suffix, resumeSession: true, config: Config{ - MaxVersion: sessionVers.version, - TLS13Variant: sessionVers.tls13Variant, + MaxVersion: sessionVers.version, }, expectedVersion: sessionVers.version, expectResumeRejected: sessionVers != resumeVers, resumeConfig: &Config{ - MaxVersion: resumeVers.version, - TLS13Variant: resumeVers.tls13Variant, + MaxVersion: resumeVers.version, Bugs: ProtocolBugs{ SendBothTickets: true, }, }, expectedResumeVersion: resumeVers.version, - flags: []string{ - "-on-initial-tls13-variant", strconv.Itoa(sessionVers.tls13Variant), - "-on-resume-tls13-variant", strconv.Itoa(resumeVers.tls13Variant), - }, }) // Repeat the test using session IDs, rather than tickets. @@ -8352,15 +8197,14 @@ func addRenegotiationTests() { }, }) testCases = append(testCases, testCase{ - name: "Renegotiate-Client-TLS13Draft23", + name: "Renegotiate-Client-TLS12", config: Config{ MaxVersion: VersionTLS12, Bugs: ProtocolBugs{ FailIfResumeOnRenego: true, }, }, - tls13Variant: TLS13Draft23, - renegotiate: 1, + renegotiate: 1, // Test renegotiation after both an initial and resumption // handshake. resumeSession: true, @@ -8970,7 +8814,6 @@ func addSignatureAlgorithmTests() { "-enable-all-curves", "-enable-ed25519", }, - tls13Variant: ver.tls13Variant, shouldFail: shouldSignFail, expectedError: signError, expectedLocalError: signLocalError, @@ -8993,7 +8836,6 @@ func addSignatureAlgorithmTests() { IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-require-any-client-certificate", "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)), @@ -9020,7 +8862,6 @@ func addSignatureAlgorithmTests() { fakeSigAlg2, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)), "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)), @@ -9049,7 +8890,6 @@ func addSignatureAlgorithmTests() { IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)), "-enable-all-curves", @@ -9077,7 +8917,6 @@ func addSignatureAlgorithmTests() { InvalidSignature: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-require-any-client-certificate", "-enable-all-curves", @@ -9100,7 +8939,6 @@ func addSignatureAlgorithmTests() { InvalidSignature: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-all-curves", "-enable-ed25519", @@ -9118,7 +8956,6 @@ func addSignatureAlgorithmTests() { ClientAuth: RequireAnyClientCert, VerifySignatureAlgorithms: allAlgorithms, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)), "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)), @@ -9137,7 +8974,6 @@ func addSignatureAlgorithmTests() { CipherSuites: signingCiphers, VerifySignatureAlgorithms: allAlgorithms, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)), "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)), @@ -9167,7 +9003,6 @@ func addSignatureAlgorithmTests() { signatureECDSAWithP256AndSHA256, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), @@ -9188,7 +9023,6 @@ func addSignatureAlgorithmTests() { signatureECDSAWithP256AndSHA256, }, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaCertificateFile), "-key-file", path.Join(*resourceDir, rsaKeyFile), @@ -10006,7 +9840,6 @@ func addSignatureAlgorithmTests() { ExpectRSAPSSSupport: expect, }, }, - tls13Variant: ver.tls13Variant, flags: flags, shouldFail: shouldFail, expectedLocalError: localError, @@ -10025,7 +9858,6 @@ func addSignatureAlgorithmTests() { ExpectRSAPSSSupport: expect, }, }, - tls13Variant: ver.tls13Variant, flags: serverFlags, shouldFail: shouldFail, expectedLocalError: localError, @@ -10253,7 +10085,6 @@ func addExportKeyingMaterialTests() { // Test the exporter in both initial and resumption // handshakes. resumeSession: true, - tls13Variant: vers.tls13Variant, exportKeyingMaterial: 1024, exportLabel: "label", exportContext: "context", @@ -10264,7 +10095,6 @@ func addExportKeyingMaterialTests() { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, exportKeyingMaterial: 1024, }) testCases = append(testCases, testCase{ @@ -10272,7 +10102,6 @@ func addExportKeyingMaterialTests() { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, exportKeyingMaterial: 1024, useExportContext: true, }) @@ -10281,7 +10110,6 @@ func addExportKeyingMaterialTests() { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, exportKeyingMaterial: 1, exportLabel: "label", exportContext: "context", @@ -10298,7 +10126,6 @@ func addExportKeyingMaterialTests() { MaxEarlyDataSize: 16384, }, resumeSession: true, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -10330,7 +10157,6 @@ func addExportKeyingMaterialTests() { }, }, resumeSession: true, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -10355,7 +10181,6 @@ func addExportKeyingMaterialTests() { MaxEarlyDataSize: 16384, }, resumeSession: true, - tls13Variant: vers.tls13Variant, exportEarlyKeyingMaterial: 1024, exportLabel: "label", exportContext: "context", @@ -10376,7 +10201,6 @@ func addExportKeyingMaterialTests() { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, flags: []string{"-export-early-keying-material", "1024"}, shouldFail: true, expectedError: ":EARLY_DATA_NOT_IN_USE:", @@ -10387,7 +10211,6 @@ func addExportKeyingMaterialTests() { MaxVersion: vers.version, }, resumeSession: true, - tls13Variant: vers.tls13Variant, flags: []string{"-on-resume-export-early-keying-material", "1024"}, shouldFail: true, expectedError: ":EARLY_DATA_NOT_IN_USE:", @@ -10405,7 +10228,6 @@ func addExportKeyingMaterialTests() { }, }, resumeSession: true, - tls13Variant: vers.tls13Variant, flags: []string{ "-enable-early-data", "-expect-ticket-supports-early-data", @@ -10427,7 +10249,6 @@ func addExportKeyingMaterialTests() { ExpectEarlyDataAccepted: true, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, exportKeyingMaterial: 1024, exportLabel: "label", @@ -10447,7 +10268,6 @@ func addExportKeyingMaterialTests() { ExpectEarlyDataAccepted: true, }, }, - tls13Variant: vers.tls13Variant, resumeSession: true, exportEarlyKeyingMaterial: 1024, exportLabel: "label", @@ -10463,7 +10283,6 @@ func addExportKeyingMaterialTests() { config: Config{ MaxVersion: vers.version, }, - tls13Variant: vers.tls13Variant, flags: []string{"-export-early-keying-material", "1024"}, shouldFail: true, expectedError: ":EARLY_DATA_NOT_IN_USE:", @@ -10475,7 +10294,6 @@ func addExportKeyingMaterialTests() { MaxVersion: vers.version, }, resumeSession: true, - tls13Variant: vers.tls13Variant, flags: []string{"-on-resume-export-early-keying-material", "1024"}, shouldFail: true, expectedError: ":EARLY_DATA_NOT_IN_USE:", @@ -10488,7 +10306,6 @@ func addExportKeyingMaterialTests() { MaxVersion: vers.version, }, resumeSession: true, - tls13Variant: vers.tls13Variant, exportEarlyKeyingMaterial: 1024, exportLabel: "label", exportContext: "context", @@ -10502,7 +10319,6 @@ func addExportKeyingMaterialTests() { MaxVersion: vers.version, }, resumeSession: true, - tls13Variant: vers.tls13Variant, exportEarlyKeyingMaterial: 1024, exportLabel: "label", exportContext: "context", @@ -10788,7 +10604,6 @@ func addCurveTests() { }, CurvePreferences: []CurveID{curve.id}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-all-curves", "-expect-curve-id", strconv.Itoa(int(curve.id)), @@ -10807,7 +10622,6 @@ func addCurveTests() { }, CurvePreferences: []CurveID{curve.id}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-enable-all-curves", "-expect-curve-id", strconv.Itoa(int(curve.id)), @@ -10830,7 +10644,6 @@ func addCurveTests() { SendCompressedCoordinates: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{"-enable-all-curves"}, shouldFail: true, expectedError: ":BAD_ECPOINT:", @@ -10850,7 +10663,6 @@ func addCurveTests() { SendCompressedCoordinates: true, }, }, - tls13Variant: ver.tls13Variant, flags: []string{"-enable-all-curves"}, shouldFail: true, expectedError: ":BAD_ECPOINT:", @@ -11613,7 +11425,6 @@ func addSessionTicketTests() { }, }, resumeSession: useStatefulResumption, - tls13Variant: ver.tls13Variant, flags: []string{"-no-ticket"}, }) @@ -11625,7 +11436,6 @@ func addSessionTicketTests() { MinVersion: ver.version, MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, resumeSession: true, expectResumeRejected: true, // Set SSL_OP_NO_TICKET on the second connection, after the first @@ -12255,7 +12065,7 @@ func makePerMessageTests() []perMessageTest { messageType: typeEndOfEarlyData, test: testCase{ testType: serverTest, - name: "TLS13Draft23-EndOfEarlyData", + name: "TLS13-EndOfEarlyData", config: Config{ MaxVersion: VersionTLS13, }, @@ -12266,7 +12076,6 @@ func makePerMessageTests() []perMessageTest { ExpectEarlyDataAccepted: true, }, }, - tls13Variant: TLS13Draft23, resumeSession: true, flags: []string{"-enable-early-data"}, }, @@ -12345,1637 +12154,1539 @@ func addTrailingMessageDataTests() { } func addTLS13HandshakeTests() { - for _, version := range allVersions(tls) { - if version.version != VersionTLS13 { - continue - } - name := version.name - variant := version.tls13Variant + testCases = append(testCases, testCase{ + testType: clientTest, + name: "NegotiatePSKResumption-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + NegotiatePSKResumption: true, + }, + }, + resumeSession: true, + shouldFail: true, + expectedError: ":MISSING_KEY_SHARE:", + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "NegotiatePSKResumption-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - NegotiatePSKResumption: true, - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "MissingKeyShare-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + MissingKeyShare: true, }, - tls13Variant: variant, - resumeSession: true, - shouldFail: true, - expectedError: ":MISSING_KEY_SHARE:", - }) + }, + shouldFail: true, + expectedError: ":MISSING_KEY_SHARE:", + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "MissingKeyShare-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - MissingKeyShare: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "MissingKeyShare-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + MissingKeyShare: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":MISSING_KEY_SHARE:", - }) + }, + shouldFail: true, + expectedError: ":MISSING_KEY_SHARE:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "MissingKeyShare-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - MissingKeyShare: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "DuplicateKeyShares-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + DuplicateKeyShares: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":MISSING_KEY_SHARE:", - }) + }, + shouldFail: true, + expectedError: ":DUPLICATE_KEY_SHARE:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "DuplicateKeyShares-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - DuplicateKeyShares: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DUPLICATE_KEY_SHARE:", - }) + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - }, + // Test that enabling TLS 1.3 does not interfere with TLS 1.2 session ID + // resumption. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ResumeTLS12SessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS12, + SessionTicketsDisabled: true, + }, + resumeSession: true, + }) + + // Test that the client correctly handles a TLS 1.3 ServerHello which echoes + // a TLS 1.2 session ID. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "TLS12SessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS12, + SessionTicketsDisabled: true, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + }, + resumeSession: true, + expectResumeRejected: true, + }) + + // Test that the server correctly echoes back session IDs of + // various lengths. The first test additionally asserts that + // BoringSSL always sends the ChangeCipherSpec messages for + // compatibility mode, rather than negotiating it based on the + // ClientHello. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EmptySessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendClientHelloSessionID: []byte{}, }, - tls13Variant: variant, - }) + }, + }) - // Test that enabling a TLS 1.3 variant does not interfere with - // TLS 1.2 session ID resumption. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "ResumeTLS12SessionID-" + name, - config: Config{ - MaxVersion: VersionTLS12, - SessionTicketsDisabled: true, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ShortSessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendClientHelloSessionID: make([]byte, 16), }, - tls13Variant: variant, - resumeSession: true, - }) + }, + }) - // Test that the client correctly handles a TLS 1.3 ServerHello which echoes - // a TLS 1.2 session ID. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "TLS12SessionID-" + name, - config: Config{ - MaxVersion: VersionTLS12, - SessionTicketsDisabled: true, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "FullSessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendClientHelloSessionID: make([]byte, 32), }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, + }, + }) + + // Test that the client sends a fake session ID in TLS 1.3. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "TLS13SessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + ExpectClientHelloSessionID: true, }, - tls13Variant: variant, - resumeSession: true, - expectResumeRejected: true, - }) + }, + }) - // Test that the server correctly echoes back session IDs of - // various lengths. The first test additionally asserts that - // BoringSSL always sends the ChangeCipherSpec messages for - // compatibility mode, rather than negotiating it based on the - // ClientHello. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EmptySessionID-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendClientHelloSessionID: []byte{}, - }, + // Test that the client omits the fake session ID when the max version is TLS 1.2 and below. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "TLS12NoSessionID-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + ExpectNoTLS12Session: true, }, - tls13Variant: variant, - }) + }, + flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "ShortSessionID-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendClientHelloSessionID: make([]byte, 16), - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}}, }, - tls13Variant: variant, - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-accept-early-data", + "-on-resume-shim-writes-first", + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "FullSessionID-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendClientHelloSessionID: make([]byte, 32), - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-Reject-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + AlwaysRejectEarlyData: true, }, - tls13Variant: variant, - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + "-on-resume-shim-writes-first", + }, + }) - // Test that the client sends a fake session ID in TLS 1.3. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "TLS13SessionID-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - ExpectClientHelloSessionID: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, }, - tls13Variant: variant, - }) + }, + messageCount: 2, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-accept-early-data", + }, + }) - // Test that the client omits the fake session ID when the max version is TLS 1.2 and below. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "TLS12NoSessionID-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - ExpectNoTLS12Session: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-FirstTicket-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + Bugs: ProtocolBugs{ + UseFirstSessionTicket: true, + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, }, - tls13Variant: variant, - flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, - }) + }, + messageCount: 2, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-accept-early-data", + }, + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-OmitEarlyDataExtension-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, + OmitEarlyDataExtension: true, }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}}, - }, + }, + shouldFail: true, + expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", + }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-TooMuchData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 16384 + 1, }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-accept-early-data", - "-on-resume-shim-writes-first", + }, + shouldFail: true, + expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:", + }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-Interleaved-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, + InterleaveEarlyData: true, }, - }) + }, + shouldFail: true, + expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-Reject-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-EarlyDataInTLS12-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - AlwaysRejectEarlyData: true, - }, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_RECORD:", + flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, + }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-HRR-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-resume-shim-writes-first", - }, - }) + DefaultCurves: []CurveID{}, + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, - }, - tls13Variant: variant, - messageCount: 2, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-accept-early-data", + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-HRR-Interleaved-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 4, + InterleaveEarlyData: true, }, - }) + DefaultCurves: []CurveID{}, + }, + shouldFail: true, + expectedError: ":UNEXPECTED_RECORD:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-FirstTicket-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - Bugs: ProtocolBugs{ - UseFirstSessionTicket: true, - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, - }, - tls13Variant: variant, - messageCount: 2, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-accept-early-data", + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-HRR-TooMuchData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendFakeEarlyDataLength: 16384 + 1, }, - }) + DefaultCurves: []CurveID{}, + }, + shouldFail: true, + expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-OmitEarlyDataExtension-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - OmitEarlyDataExtension: true, - }, + // Test that skipping early data looking for cleartext correctly + // processes an alert record. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-HRR-FatalAlert-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyAlert: true, + SendFakeEarlyDataLength: 4, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", - }) + DefaultCurves: []CurveID{}, + }, + shouldFail: true, + expectedError: ":SSLV3_ALERT_HANDSHAKE_FAILURE:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-TooMuchData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 16384 + 1, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipEarlyData-SecondClientHelloEarlyData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyDataOnSecondClientHello: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:", - }) + DefaultCurves: []CurveID{}, + }, + shouldFail: true, + expectedLocalError: "remote error: bad record MAC", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-Interleaved-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - InterleaveEarlyData: true, - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EmptyEncryptedExtensions-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + EmptyEncryptedExtensions: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", - }) + }, + shouldFail: true, + expectedLocalError: "remote error: error decoding message", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-EarlyDataInTLS12-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EncryptedExtensionsWithKeyShare-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + EncryptedExtensionsWithKeyShare: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_RECORD:", - flags: []string{"-max-version", strconv.Itoa(VersionTLS12)}, - }) + }, + shouldFail: true, + expectedLocalError: "remote error: unsupported extension", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-HRR-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - }, - DefaultCurves: []CurveID{}, - }, - tls13Variant: variant, - }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SendHelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // Require a HelloRetryRequest for every curve. + DefaultCurves: []CurveID{}, + CurvePreferences: []CurveID{CurveX25519}, + }, + expectedCurveID: CurveX25519, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-HRR-Interleaved-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 4, - InterleaveEarlyData: true, - }, - DefaultCurves: []CurveID{}, - }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_RECORD:", - }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SendHelloRetryRequest-2-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + DefaultCurves: []CurveID{CurveP384}, + CurvePreferences: []CurveID{CurveX25519, CurveP384}, + }, + // Although the ClientHello did not predict our preferred curve, + // we always select it whether it is predicted or not. + expectedCurveID: CurveX25519, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-HRR-TooMuchData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendFakeEarlyDataLength: 16384 + 1, - }, - DefaultCurves: []CurveID{}, + testCases = append(testCases, testCase{ + name: "UnknownCurve-HelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCurve: bogusCurve, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:", - }) + }, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - // Test that skipping early data looking for cleartext correctly - // processes an alert record. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-HRR-FatalAlert-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyAlert: true, - SendFakeEarlyDataLength: 4, - }, - DefaultCurves: []CurveID{}, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-CipherChange-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SendCipherSuite: TLS_AES_128_GCM_SHA256, + SendHelloRetryRequestCipherSuite: TLS_CHACHA20_POLY1305_SHA256, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":SSLV3_ALERT_HANDSHAKE_FAILURE:", - }) + }, + shouldFail: true, + expectedError: ":WRONG_CIPHER_RETURNED:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipEarlyData-SecondClientHelloEarlyData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyDataOnSecondClientHello: true, - }, - DefaultCurves: []CurveID{}, + // Test that the client does not offer a PSK in the second ClientHello if the + // HelloRetryRequest is incompatible with it. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "HelloRetryRequest-NonResumableCipher-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + CipherSuites: []uint16{ + TLS_AES_128_GCM_SHA256, }, - tls13Variant: variant, - shouldFail: true, - expectedLocalError: "remote error: bad record MAC", - }) - - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EmptyEncryptedExtensions-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - EmptyEncryptedExtensions: true, - }, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + ExpectNoTLS13PSKAfterHRR: true, }, - tls13Variant: variant, - shouldFail: true, - expectedLocalError: "remote error: error decoding message", - }) - - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EncryptedExtensionsWithKeyShare-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - EncryptedExtensionsWithKeyShare: true, - }, + CipherSuites: []uint16{ + TLS_AES_256_GCM_SHA384, }, - tls13Variant: variant, - shouldFail: true, - expectedLocalError: "remote error: unsupported extension", - }) + }, + resumeSession: true, + expectResumeRejected: true, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SendHelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // Require a HelloRetryRequest for every curve. - DefaultCurves: []CurveID{}, + testCases = append(testCases, testCase{ + name: "DisabledCurve-HelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + CurvePreferences: []CurveID{CurveP256}, + Bugs: ProtocolBugs{ + IgnorePeerCurvePreferences: true, }, - tls13Variant: variant, - expectedCurveID: CurveX25519, - }) - - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SendHelloRetryRequest-2-" + name, - config: Config{ - MaxVersion: VersionTLS13, - DefaultCurves: []CurveID{CurveP384}, - }, - tls13Variant: variant, - // Although the ClientHello did not predict our preferred curve, - // we always select it whether it is predicted or not. - expectedCurveID: CurveX25519, - }) + }, + flags: []string{"-curves", strconv.Itoa(int(CurveP384))}, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - testCases = append(testCases, testCase{ - name: "UnknownCurve-HelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCurve: bogusCurve, - }, + testCases = append(testCases, testCase{ + name: "UnnecessaryHelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + CurvePreferences: []CurveID{CurveX25519}, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCurve: CurveX25519, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) + }, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-CipherChange-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SendCipherSuite: TLS_AES_128_GCM_SHA256, - SendHelloRetryRequestCipherSuite: TLS_CHACHA20_POLY1305_SHA256, - }, + testCases = append(testCases, testCase{ + name: "SecondHelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SecondHelloRetryRequest: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CIPHER_RETURNED:", - }) + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + }) - // Test that the client does not offer a PSK in the second ClientHello if the - // HelloRetryRequest is incompatible with it. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "HelloRetryRequest-NonResumableCipher-" + name, - config: Config{ - MaxVersion: VersionTLS13, - CipherSuites: []uint16{ - TLS_AES_128_GCM_SHA256, - }, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - ExpectNoTLS13PSKAfterHRR: true, - }, - CipherSuites: []uint16{ - TLS_AES_256_GCM_SHA384, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-Empty-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + AlwaysSendHelloRetryRequest: true, }, - tls13Variant: variant, - resumeSession: true, - expectResumeRejected: true, - }) + }, + shouldFail: true, + expectedError: ":EMPTY_HELLO_RETRY_REQUEST:", + expectedLocalError: "remote error: illegal parameter", + }) - testCases = append(testCases, testCase{ - name: "DisabledCurve-HelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - CurvePreferences: []CurveID{CurveP256}, - Bugs: ProtocolBugs{ - IgnorePeerCurvePreferences: true, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-DuplicateCurve-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires a HelloRetryRequest against BoringSSL's default + // configuration. Assert this ExpectMissingKeyShare. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + ExpectMissingKeyShare: true, + DuplicateHelloRetryRequestExtensions: true, }, - tls13Variant: variant, - flags: []string{"-curves", strconv.Itoa(int(CurveP384))}, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) + }, + shouldFail: true, + expectedError: ":DUPLICATE_EXTENSION:", + expectedLocalError: "remote error: illegal parameter", + }) - testCases = append(testCases, testCase{ - name: "UnnecessaryHelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - CurvePreferences: []CurveID{CurveX25519}, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCurve: CurveX25519, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-Cookie-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte("cookie"), }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) + }, + }) - testCases = append(testCases, testCase{ - name: "SecondHelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SecondHelloRetryRequest: true, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-DuplicateCookie-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte("cookie"), + DuplicateHelloRetryRequestExtensions: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_MESSAGE:", - }) + }, + shouldFail: true, + expectedError: ":DUPLICATE_EXTENSION:", + expectedLocalError: "remote error: illegal parameter", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-Empty-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - AlwaysSendHelloRetryRequest: true, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-EmptyCookie-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte{}, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":EMPTY_HELLO_RETRY_REQUEST:", - expectedLocalError: "remote error: illegal parameter", - }) + }, + shouldFail: true, + expectedError: ":DECODE_ERROR:", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-DuplicateCurve-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires a HelloRetryRequest against BoringSSL's default - // configuration. Assert this ExpectMissingKeyShare. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - ExpectMissingKeyShare: true, - DuplicateHelloRetryRequestExtensions: true, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-Cookie-Curve-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte("cookie"), + ExpectMissingKeyShare: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DUPLICATE_EXTENSION:", - expectedLocalError: "remote error: illegal parameter", - }) + }, + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-Cookie-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte("cookie"), - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequest-Unknown-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + CustomHelloRetryRequestExtension: "extension", }, - tls13Variant: variant, - }) + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + expectedLocalError: "remote error: unsupported extension", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-DuplicateCookie-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte("cookie"), - DuplicateHelloRetryRequestExtensions: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SecondClientHelloMissingKeyShare-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + DefaultCurves: []CurveID{}, + Bugs: ProtocolBugs{ + SecondClientHelloMissingKeyShare: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DUPLICATE_EXTENSION:", - expectedLocalError: "remote error: illegal parameter", - }) + }, + shouldFail: true, + expectedError: ":MISSING_KEY_SHARE:", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-EmptyCookie-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte{}, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SecondClientHelloWrongCurve-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + DefaultCurves: []CurveID{}, + Bugs: ProtocolBugs{ + MisinterpretHelloRetryRequestCurve: CurveP521, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DECODE_ERROR:", - }) + }, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-Cookie-Curve-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte("cookie"), - ExpectMissingKeyShare: true, - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequestVersionMismatch-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SendServerHelloVersion: 0x0305, }, - tls13Variant: variant, - }) + }, + shouldFail: true, + expectedError: ":WRONG_VERSION_NUMBER:", + }) - testCases = append(testCases, testCase{ - name: "HelloRetryRequest-Unknown-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - CustomHelloRetryRequestExtension: "extension", - }, + testCases = append(testCases, testCase{ + name: "HelloRetryRequestCurveMismatch-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + // Send P-384 (correct) in the HelloRetryRequest. + SendHelloRetryRequestCurve: CurveP384, + // But send P-256 in the ServerHello. + SendCurve: CurveP256, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION:", - expectedLocalError: "remote error: unsupported extension", - }) + }, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SecondClientHelloMissingKeyShare-" + name, - config: Config{ - MaxVersion: VersionTLS13, - DefaultCurves: []CurveID{}, - Bugs: ProtocolBugs{ - SecondClientHelloMissingKeyShare: true, - }, + // Test the server selecting a curve that requires a HelloRetryRequest + // without sending it. + testCases = append(testCases, testCase{ + name: "SkipHelloRetryRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SkipHelloRetryRequest: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":MISSING_KEY_SHARE:", - }) + }, + shouldFail: true, + expectedError: ":WRONG_CURVE:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SecondClientHelloWrongCurve-" + name, - config: Config{ - MaxVersion: VersionTLS13, - DefaultCurves: []CurveID{}, - Bugs: ProtocolBugs{ - MisinterpretHelloRetryRequestCurve: CurveP521, - }, - }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) - - testCases = append(testCases, testCase{ - name: "HelloRetryRequestVersionMismatch-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SendServerHelloVersion: 0x0305, - }, + testCases = append(testCases, testCase{ + name: "SecondServerHelloNoVersion-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + OmitServerSupportedVersionExtension: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_VERSION_NUMBER:", - }) - - testCases = append(testCases, testCase{ - name: "HelloRetryRequestCurveMismatch-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - // Send P-384 (correct) in the HelloRetryRequest. - SendHelloRetryRequestCurve: CurveP384, - // But send P-256 in the ServerHello. - SendCurve: CurveP256, - }, + }, + shouldFail: true, + expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:", + }) + testCases = append(testCases, testCase{ + name: "SecondServerHelloWrongVersion-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + // P-384 requires HelloRetryRequest in BoringSSL. + CurvePreferences: []CurveID{CurveP384}, + Bugs: ProtocolBugs{ + SendServerSupportedVersionExtension: 0x1234, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) + }, + shouldFail: true, + expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:", + }) - // Test the server selecting a curve that requires a HelloRetryRequest - // without sending it. - testCases = append(testCases, testCase{ - name: "SkipHelloRetryRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SkipHelloRetryRequest: true, - }, + testCases = append(testCases, testCase{ + name: "RequestContextInHandshake-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + ClientAuth: RequireAnyClientCert, + Bugs: ProtocolBugs{ + SendRequestContext: []byte("request context"), }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":WRONG_CURVE:", - }) - - // Test that the supported_versions extension is enforced in the - // second ServerHello. Note we only enforce this starting draft 28. - if isDraft28(version.versionWire) { - testCases = append(testCases, testCase{ - name: "SecondServerHelloNoVersion-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - OmitServerSupportedVersionExtension: true, - }, - }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:", - }) - testCases = append(testCases, testCase{ - name: "SecondServerHelloWrongVersion-" + name, - config: Config{ - MaxVersion: VersionTLS13, - // P-384 requires HelloRetryRequest in BoringSSL. - CurvePreferences: []CurveID{CurveP384}, - Bugs: ProtocolBugs{ - SendServerSupportedVersionExtension: 0x1234, - }, - }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":SECOND_SERVERHELLO_VERSION_MISMATCH:", - }) - } + }, + flags: []string{ + "-cert-file", path.Join(*resourceDir, rsaCertificateFile), + "-key-file", path.Join(*resourceDir, rsaKeyFile), + }, + shouldFail: true, + expectedError: ":DECODE_ERROR:", + }) - testCases = append(testCases, testCase{ - name: "RequestContextInHandshake-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - ClientAuth: RequireAnyClientCert, - Bugs: ProtocolBugs{ - SendRequestContext: []byte("request context"), - }, - }, - tls13Variant: variant, - flags: []string{ - "-cert-file", path.Join(*resourceDir, rsaCertificateFile), - "-key-file", path.Join(*resourceDir, rsaKeyFile), + testCases = append(testCases, testCase{ + name: "UnknownExtensionInCertificateRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + ClientAuth: RequireAnyClientCert, + Bugs: ProtocolBugs{ + SendCustomCertificateRequest: 0x1212, }, - shouldFail: true, - expectedError: ":DECODE_ERROR:", - }) + }, + flags: []string{ + "-cert-file", path.Join(*resourceDir, rsaCertificateFile), + "-key-file", path.Join(*resourceDir, rsaKeyFile), + }, + }) - testCases = append(testCases, testCase{ - name: "UnknownExtensionInCertificateRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - ClientAuth: RequireAnyClientCert, - Bugs: ProtocolBugs{ - SendCustomCertificateRequest: 0x1212, - }, - }, - tls13Variant: variant, - flags: []string{ - "-cert-file", path.Join(*resourceDir, rsaCertificateFile), - "-key-file", path.Join(*resourceDir, rsaKeyFile), + testCases = append(testCases, testCase{ + name: "MissingSignatureAlgorithmsInCertificateRequest-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MinVersion: VersionTLS13, + ClientAuth: RequireAnyClientCert, + Bugs: ProtocolBugs{ + OmitCertificateRequestAlgorithms: true, }, - }) + }, + flags: []string{ + "-cert-file", path.Join(*resourceDir, rsaCertificateFile), + "-key-file", path.Join(*resourceDir, rsaKeyFile), + }, + shouldFail: true, + expectedError: ":DECODE_ERROR:", + }) - testCases = append(testCases, testCase{ - name: "MissingSignatureAlgorithmsInCertificateRequest-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MinVersion: VersionTLS13, - ClientAuth: RequireAnyClientCert, - Bugs: ProtocolBugs{ - OmitCertificateRequestAlgorithms: true, - }, - }, - tls13Variant: variant, - flags: []string{ - "-cert-file", path.Join(*resourceDir, rsaCertificateFile), - "-key-file", path.Join(*resourceDir, rsaKeyFile), + testCases = append(testCases, testCase{ + testType: serverTest, + name: "TrailingKeyShareData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + TrailingKeyShareData: true, }, - shouldFail: true, - expectedError: ":DECODE_ERROR:", - }) + }, + shouldFail: true, + expectedError: ":DECODE_ERROR:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "TrailingKeyShareData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - TrailingKeyShareData: true, - }, + testCases = append(testCases, testCase{ + name: "AlwaysSelectPSKIdentity-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + AlwaysSelectPSKIdentity: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DECODE_ERROR:", - }) + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + }) - testCases = append(testCases, testCase{ - name: "AlwaysSelectPSKIdentity-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - AlwaysSelectPSKIdentity: true, - }, + testCases = append(testCases, testCase{ + name: "InvalidPSKIdentity-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SelectPSKIdentityOnResume: 1, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION:", - }) + }, + resumeSession: true, + shouldFail: true, + expectedError: ":PSK_IDENTITY_NOT_FOUND:", + }) - testCases = append(testCases, testCase{ - name: "InvalidPSKIdentity-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SelectPSKIdentityOnResume: 1, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ExtraPSKIdentity-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + ExtraPSKIdentity: true, + SendExtraPSKBinder: true, }, - tls13Variant: variant, - resumeSession: true, - shouldFail: true, - expectedError: ":PSK_IDENTITY_NOT_FOUND:", - }) + }, + resumeSession: true, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "ExtraPSKIdentity-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - ExtraPSKIdentity: true, - SendExtraPSKBinder: true, - }, + // Test that unknown NewSessionTicket extensions are tolerated. + testCases = append(testCases, testCase{ + name: "CustomTicketExtension-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + CustomTicketExtension: "1234", }, - tls13Variant: variant, - resumeSession: true, - }) + }, + }) + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-RejectTicket-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Certificates: []Certificate{rsaCertificate}, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Certificates: []Certificate{ecdsaP256Certificate}, + SessionTicketsDisabled: true, + }, + resumeSession: true, + expectResumeRejected: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + "-on-resume-shim-writes-first", + "-on-initial-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile), + "-on-resume-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile), + "-on-retry-expect-peer-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile), + // Session tickets are disabled, so the runner will not send a ticket. + "-on-retry-expect-no-session", + }, + }) - // Test that unknown NewSessionTicket extensions are tolerated. - testCases = append(testCases, testCase{ - name: "CustomTicketExtension-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - CustomTicketExtension: "1234", - }, - }, - tls13Variant: variant, - }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-RejectTicket-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Certificates: []Certificate{rsaCertificate}, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Certificates: []Certificate{ecdsaP256Certificate}, - SessionTicketsDisabled: true, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-HRR-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, }, - tls13Variant: variant, - resumeSession: true, - expectResumeRejected: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-resume-shim-writes-first", - "-on-initial-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile), - "-on-resume-expect-peer-cert-file", path.Join(*resourceDir, rsaCertificateFile), - "-on-retry-expect-peer-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile), - // Session tickets are disabled, so the runner will not send a ticket. - "-on-retry-expect-no-session", - }, - }) - - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-HRR-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - }, - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + }, + }) - // The client must check the server does not send the early_data - // extension while rejecting the session. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyDataWithoutResume-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - SessionTicketsDisabled: true, - Bugs: ProtocolBugs{ - SendEarlyDataExtension: true, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", + // The client must check the server does not send the early_data + // extension while rejecting the session. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyDataWithoutResume-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + SessionTicketsDisabled: true, + Bugs: ProtocolBugs{ + SendEarlyDataExtension: true, }, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION:", - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + }) - // The client must fail with a dedicated error code if the server - // responds with TLS 1.2 when offering 0-RTT. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyDataVersionDowngrade-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS12, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - }, - shouldFail: true, - expectedError: ":WRONG_VERSION_ON_EARLY_DATA:", - }) + // The client must fail with a dedicated error code if the server + // responds with TLS 1.2 when offering 0-RTT. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyDataVersionDowngrade-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS12, + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + }, + shouldFail: true, + expectedError: ":WRONG_VERSION_ON_EARLY_DATA:", + }) - // Test that the client rejects an (unsolicited) early_data extension if - // the server sent an HRR. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "ServerAcceptsEarlyDataOnHRR-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, - SendEarlyDataExtension: true, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", + // Test that the client rejects an (unsolicited) early_data extension if + // the server sent an HRR. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ServerAcceptsEarlyDataOnHRR-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + SendHelloRetryRequestCookie: []byte{1, 2, 3, 4}, + SendEarlyDataExtension: true, }, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION:", - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + }, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION:", + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "SkipChangeCipherSpec-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SkipChangeCipherSpec: true, - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "SkipChangeCipherSpec-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SkipChangeCipherSpec: true, }, - tls13Variant: variant, - }) + }, + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "SkipChangeCipherSpec-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SkipChangeCipherSpec: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "SkipChangeCipherSpec-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SkipChangeCipherSpec: true, }, - tls13Variant: variant, - }) + }, + }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "TooManyChangeCipherSpec-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendExtraChangeCipherSpec: 33, - }, + testCases = append(testCases, testCase{ + testType: clientTest, + name: "TooManyChangeCipherSpec-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendExtraChangeCipherSpec: 33, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:", - }) + }, + shouldFail: true, + expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "TooManyChangeCipherSpec-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendExtraChangeCipherSpec: 33, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "TooManyChangeCipherSpec-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendExtraChangeCipherSpec: 33, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:", - }) + }, + shouldFail: true, + expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:", + }) - testCases = append(testCases, testCase{ - name: "SendPostHandshakeChangeCipherSpec-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendPostHandshakeChangeCipherSpec: true, - }, + testCases = append(testCases, testCase{ + name: "SendPostHandshakeChangeCipherSpec-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendPostHandshakeChangeCipherSpec: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":UNEXPECTED_RECORD:", - expectedLocalError: "remote error: unexpected message", - }) + }, + shouldFail: true, + expectedError: ":UNEXPECTED_RECORD:", + expectedLocalError: "remote error: unexpected message", + }) - fooString := "foo" - barString := "bar" + fooString := "foo" + barString := "bar" - // Test that the client reports the correct ALPN after a 0-RTT reject - // that changed it. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-ALPNMismatch-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ALPNProtocol: &fooString, - }, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ALPNProtocol: &barString, - }, + // Test that the client reports the correct ALPN after a 0-RTT reject + // that changed it. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-ALPNMismatch-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + ALPNProtocol: &fooString, }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-initial-expect-alpn", "foo", - "-on-resume-expect-alpn", "foo", - "-on-retry-expect-alpn", "bar", + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + ALPNProtocol: &barString, }, - }) + }, + resumeSession: true, + flags: []string{ + "-advertise-alpn", "\x03foo\x03bar", + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + "-on-initial-expect-alpn", "foo", + "-on-resume-expect-alpn", "foo", + "-on-retry-expect-alpn", "bar", + }, + }) - // Test that the client reports the correct ALPN after a 0-RTT reject if - // ALPN was omitted from the first connection. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-ALPNOmitted1-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - NextProtos: []string{"foo"}, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-initial-expect-alpn", "", - "-on-resume-expect-alpn", "", - "-on-retry-expect-alpn", "foo", - "-on-resume-shim-writes-first", - }, - }) + // Test that the client reports the correct ALPN after a 0-RTT reject if + // ALPN was omitted from the first connection. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-ALPNOmitted1-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + NextProtos: []string{"foo"}, + }, + resumeSession: true, + flags: []string{ + "-advertise-alpn", "\x03foo\x03bar", + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + "-on-initial-expect-alpn", "", + "-on-resume-expect-alpn", "", + "-on-retry-expect-alpn", "foo", + "-on-resume-shim-writes-first", + }, + }) - // Test that the client reports the correct ALPN after a 0-RTT reject if - // ALPN was omitted from the second connection. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-ALPNOmitted2-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - NextProtos: []string{"foo"}, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-reject-early-data", - "-on-initial-expect-alpn", "foo", - "-on-resume-expect-alpn", "foo", - "-on-retry-expect-alpn", "", - "-on-resume-shim-writes-first", - }, - }) + // Test that the client reports the correct ALPN after a 0-RTT reject if + // ALPN was omitted from the second connection. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-ALPNOmitted2-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + NextProtos: []string{"foo"}, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeSession: true, + flags: []string{ + "-advertise-alpn", "\x03foo\x03bar", + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-reject-early-data", + "-on-initial-expect-alpn", "foo", + "-on-resume-expect-alpn", "foo", + "-on-retry-expect-alpn", "", + "-on-resume-shim-writes-first", + }, + }) - // Test that the client enforces ALPN match on 0-RTT accept. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-BadALPNMismatch-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - ALPNProtocol: &fooString, - }, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - AlwaysAcceptEarlyData: true, - ALPNProtocol: &barString, - }, + // Test that the client enforces ALPN match on 0-RTT accept. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-BadALPNMismatch-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + ALPNProtocol: &fooString, }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-advertise-alpn", "\x03foo\x03bar", - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-on-initial-expect-alpn", "foo", - "-on-resume-expect-alpn", "foo", - "-on-retry-expect-alpn", "bar", + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + AlwaysAcceptEarlyData: true, + ALPNProtocol: &barString, }, - shouldFail: true, - expectedError: ":ALPN_MISMATCH_ON_EARLY_DATA:", - }) + }, + resumeSession: true, + flags: []string{ + "-advertise-alpn", "\x03foo\x03bar", + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-on-initial-expect-alpn", "foo", + "-on-resume-expect-alpn", "foo", + "-on-retry-expect-alpn", "bar", + }, + shouldFail: true, + expectedError: ":ALPN_MISMATCH_ON_EARLY_DATA:", + }) - // Test that the client does not offer early data if it is incompatible - // with ALPN preferences. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-ALPNPreferenceChanged-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - NextProtos: []string{"foo", "bar"}, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-no-offer-early-data", - "-on-initial-advertise-alpn", "\x03foo", - "-on-resume-advertise-alpn", "\x03bar", - "-on-initial-expect-alpn", "foo", - "-on-resume-expect-alpn", "bar", - }, - }) + // Test that the client does not offer early data if it is incompatible + // with ALPN preferences. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-ALPNPreferenceChanged-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + NextProtos: []string{"foo", "bar"}, + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-no-offer-early-data", + "-on-initial-advertise-alpn", "\x03foo", + "-on-resume-advertise-alpn", "\x03bar", + "-on-initial-expect-alpn", "foo", + "-on-resume-expect-alpn", "bar", + }, + }) - // Test that the server correctly rejects 0-RTT when the previous - // session did not allow early data on resumption. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-NonZeroRTTSession-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-on-resume-enable-early-data", - "-expect-reject-early-data", + // Test that the server correctly rejects 0-RTT when the previous + // session did not allow early data on resumption. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-NonZeroRTTSession-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: false, }, - }) + }, + resumeSession: true, + flags: []string{ + "-on-resume-enable-early-data", + "-expect-reject-early-data", + }, + }) - // Test that we reject early data where ALPN is omitted from the first - // connection. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-ALPNOmitted1-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{}, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{"foo"}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-on-initial-select-alpn", "", - "-on-resume-select-alpn", "foo", + // Test that we reject early data where ALPN is omitted from the first + // connection. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-ALPNOmitted1-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{}, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{"foo"}, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: false, }, - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-on-initial-select-alpn", "", + "-on-resume-select-alpn", "foo", + }, + }) - // Test that we reject early data where ALPN is omitted from the second - // connection. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-ALPNOmitted2-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{"foo"}, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-on-initial-select-alpn", "foo", - "-on-resume-select-alpn", "", + // Test that we reject early data where ALPN is omitted from the second + // connection. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-ALPNOmitted2-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{"foo"}, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{}, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: false, }, - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-on-initial-select-alpn", "foo", + "-on-resume-select-alpn", "", + }, + }) - // Test that we reject early data with mismatched ALPN. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-ALPNMismatch-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{"foo"}, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - NextProtos: []string{"bar"}, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-on-initial-select-alpn", "foo", - "-on-resume-select-alpn", "bar", + // Test that we reject early data with mismatched ALPN. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-ALPNMismatch-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{"foo"}, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + NextProtos: []string{"bar"}, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: false, }, - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-on-initial-select-alpn", "foo", + "-on-resume-select-alpn", "bar", + }, + }) - // Test that the client offering 0-RTT and Channel ID forbids the server - // from accepting both. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyDataChannelID-AcceptBoth-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - RequestChannelID: true, - }, - tls13Variant: variant, - resumeSession: true, - expectChannelID: true, - shouldFail: true, - expectedError: ":UNEXPECTED_EXTENSION_ON_EARLY_DATA:", - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), - }, - }) + // Test that the client offering 0-RTT and Channel ID forbids the server + // from accepting both. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyDataChannelID-AcceptBoth-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + RequestChannelID: true, + }, + resumeSession: true, + expectChannelID: true, + shouldFail: true, + expectedError: ":UNEXPECTED_EXTENSION_ON_EARLY_DATA:", + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), + }, + }) - // Test that the client offering Channel ID and 0-RTT allows the server - // to decline 0-RTT. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyDataChannelID-AcceptChannelID-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - RequestChannelID: true, - Bugs: ProtocolBugs{ - AlwaysRejectEarlyData: true, - }, - }, - tls13Variant: variant, - resumeSession: true, - expectChannelID: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), - "-expect-reject-early-data", + // Test that the client offering Channel ID and 0-RTT allows the server + // to decline 0-RTT. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyDataChannelID-AcceptChannelID-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + RequestChannelID: true, + Bugs: ProtocolBugs{ + AlwaysRejectEarlyData: true, }, - }) + }, + resumeSession: true, + expectChannelID: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), + "-expect-reject-early-data", + }, + }) - // Test that the client offering Channel ID and 0-RTT allows the server - // to decline Channel ID. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyDataChannelID-AcceptEarlyData-Client-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), - "-expect-accept-early-data", - }, - }) + // Test that the client offering Channel ID and 0-RTT allows the server + // to decline Channel ID. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyDataChannelID-AcceptEarlyData-Client-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile), + "-expect-accept-early-data", + }, + }) - // Test that the server supporting Channel ID and 0-RTT declines 0-RTT - // if it would negotiate Channel ID. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyDataChannelID-OfferBoth-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - ChannelID: channelIDKey, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: false, - }, - }, - tls13Variant: variant, - resumeSession: true, - expectChannelID: true, - flags: []string{ - "-enable-early-data", - "-expect-reject-early-data", - "-expect-channel-id", - base64.StdEncoding.EncodeToString(channelIDBytes), + // Test that the server supporting Channel ID and 0-RTT declines 0-RTT + // if it would negotiate Channel ID. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyDataChannelID-OfferBoth-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + ChannelID: channelIDKey, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: false, }, - }) + }, + resumeSession: true, + expectChannelID: true, + flags: []string{ + "-enable-early-data", + "-expect-reject-early-data", + "-expect-channel-id", + base64.StdEncoding.EncodeToString(channelIDBytes), + }, + }) - // Test that the server supporting Channel ID and 0-RTT accepts 0-RTT - // if not offered Channel ID. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyDataChannelID-OfferEarlyData-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - }, - }, - tls13Variant: variant, - resumeSession: true, - expectChannelID: false, - flags: []string{ - "-enable-early-data", - "-expect-accept-early-data", - "-enable-channel-id", + // Test that the server supporting Channel ID and 0-RTT accepts 0-RTT + // if not offered Channel ID. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyDataChannelID-OfferEarlyData-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, }, - }) + }, + resumeSession: true, + expectChannelID: false, + flags: []string{ + "-enable-early-data", + "-expect-accept-early-data", + "-enable-channel-id", + }, + }) - // Test that the server rejects 0-RTT streams without end_of_early_data. - // The subsequent records should fail to decrypt. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-SkipEndOfEarlyData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - SkipEndOfEarlyData: true, - }, + // Test that the server rejects 0-RTT streams without end_of_early_data. + // The subsequent records should fail to decrypt. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-SkipEndOfEarlyData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + SkipEndOfEarlyData: true, }, - tls13Variant: variant, - resumeSession: true, - flags: []string{"-enable-early-data"}, - shouldFail: true, - expectedLocalError: "remote error: bad record MAC", - expectedError: ":BAD_DECRYPT:", - }) + }, + resumeSession: true, + flags: []string{"-enable-early-data"}, + shouldFail: true, + expectedLocalError: "remote error: bad record MAC", + expectedError: ":BAD_DECRYPT:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-UnexpectedHandshake-Server-" + name, - config: Config{ - MaxVersion: VersionTLS13, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - SendStrayEarlyHandshake: true, - ExpectEarlyDataAccepted: true, - }, - }, - tls13Variant: variant, - resumeSession: true, - shouldFail: true, - expectedError: ":UNEXPECTED_MESSAGE:", - expectedLocalError: "remote error: unexpected message", - flags: []string{ - "-enable-early-data", + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-UnexpectedHandshake-Server-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + SendStrayEarlyHandshake: true, + ExpectEarlyDataAccepted: true, }, - }) + }, + resumeSession: true, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + expectedLocalError: "remote error: unexpected message", + flags: []string{ + "-enable-early-data", + }, + }) - // Test that the client reports TLS 1.3 as the version while sending - // early data. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-Client-VersionAPI-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-accept-early-data", - "-expect-version", strconv.Itoa(VersionTLS13), - }, - }) + // Test that the client reports TLS 1.3 as the version while sending + // early data. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-Client-VersionAPI-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-accept-early-data", + "-expect-version", strconv.Itoa(VersionTLS13), + }, + }) - // Test that client and server both notice handshake errors after data - // has started flowing. - testCases = append(testCases, testCase{ - testType: clientTest, - name: "EarlyData-Client-BadFinished-" + name, - config: Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - MaxEarlyDataSize: 16384, - Bugs: ProtocolBugs{ - BadFinished: true, - }, - }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-accept-early-data", - }, - shouldFail: true, - expectedError: ":DIGEST_CHECK_FAILED:", - expectedLocalError: "remote error: error decrypting message", - }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "EarlyData-Server-BadFinished-" + name, - config: Config{ - MaxVersion: VersionTLS13, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, - BadFinished: true, - }, + // Test that client and server both notice handshake errors after data + // has started flowing. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "EarlyData-Client-BadFinished-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + MaxEarlyDataSize: 16384, + Bugs: ProtocolBugs{ + BadFinished: true, }, - tls13Variant: variant, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-accept-early-data", + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-accept-early-data", + }, + shouldFail: true, + expectedError: ":DIGEST_CHECK_FAILED:", + expectedLocalError: "remote error: error decrypting message", + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "EarlyData-Server-BadFinished-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}}, + BadFinished: true, }, - shouldFail: true, - expectedError: ":DIGEST_CHECK_FAILED:", - expectedLocalError: "remote error: error decrypting message", - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-accept-early-data", + }, + shouldFail: true, + expectedError: ":DIGEST_CHECK_FAILED:", + expectedLocalError: "remote error: error decrypting message", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "Server-NonEmptyEndOfEarlyData-" + name, - config: Config{ - MaxVersion: VersionTLS13, - }, - resumeConfig: &Config{ - MaxVersion: VersionTLS13, - Bugs: ProtocolBugs{ - SendEarlyData: [][]byte{{1, 2, 3, 4}}, - ExpectEarlyDataAccepted: true, - NonEmptyEndOfEarlyData: true, - }, - }, - resumeSession: true, - flags: []string{ - "-enable-early-data", - "-expect-ticket-supports-early-data", - "-expect-accept-early-data", + testCases = append(testCases, testCase{ + testType: serverTest, + name: "Server-NonEmptyEndOfEarlyData-TLS13", + config: Config{ + MaxVersion: VersionTLS13, + }, + resumeConfig: &Config{ + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + SendEarlyData: [][]byte{{1, 2, 3, 4}}, + ExpectEarlyDataAccepted: true, + NonEmptyEndOfEarlyData: true, }, - tls13Variant: variant, - shouldFail: true, - expectedError: ":DECODE_ERROR:", - }) + }, + resumeSession: true, + flags: []string{ + "-enable-early-data", + "-expect-ticket-supports-early-data", + "-expect-accept-early-data", + }, + shouldFail: true, + expectedError: ":DECODE_ERROR:", + }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "ServerSkipCertificateVerify-" + name, - config: Config{ - MinVersion: VersionTLS13, - MaxVersion: VersionTLS13, - Certificates: []Certificate{rsaChainCertificate}, - Bugs: ProtocolBugs{ - SkipCertificateVerify: true, - }, - }, - tls13Variant: variant, - expectPeerCertificate: &rsaChainCertificate, - flags: []string{ - "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), - "-key-file", path.Join(*resourceDir, rsaChainKeyFile), - "-require-any-client-certificate", - }, - shouldFail: true, - expectedError: ":UNEXPECTED_MESSAGE:", - expectedLocalError: "remote error: unexpected message", - }) - testCases = append(testCases, testCase{ - testType: clientTest, - name: "ClientSkipCertificateVerify-" + name, - config: Config{ - MinVersion: VersionTLS13, - MaxVersion: VersionTLS13, - Certificates: []Certificate{rsaChainCertificate}, - Bugs: ProtocolBugs{ - SkipCertificateVerify: true, - }, + testCases = append(testCases, testCase{ + testType: serverTest, + name: "ServerSkipCertificateVerify-TLS13", + config: Config{ + MinVersion: VersionTLS13, + MaxVersion: VersionTLS13, + Certificates: []Certificate{rsaChainCertificate}, + Bugs: ProtocolBugs{ + SkipCertificateVerify: true, }, - tls13Variant: variant, - expectPeerCertificate: &rsaChainCertificate, - flags: []string{ - "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), - "-key-file", path.Join(*resourceDir, rsaChainKeyFile), + }, + expectPeerCertificate: &rsaChainCertificate, + flags: []string{ + "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), + "-key-file", path.Join(*resourceDir, rsaChainKeyFile), + "-require-any-client-certificate", + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + expectedLocalError: "remote error: unexpected message", + }) + testCases = append(testCases, testCase{ + testType: clientTest, + name: "ClientSkipCertificateVerify-TLS13", + config: Config{ + MinVersion: VersionTLS13, + MaxVersion: VersionTLS13, + Certificates: []Certificate{rsaChainCertificate}, + Bugs: ProtocolBugs{ + SkipCertificateVerify: true, }, - shouldFail: true, - expectedError: ":UNEXPECTED_MESSAGE:", - expectedLocalError: "remote error: unexpected message", - }) - } + }, + expectPeerCertificate: &rsaChainCertificate, + flags: []string{ + "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), + "-key-file", path.Join(*resourceDir, rsaChainKeyFile), + }, + shouldFail: true, + expectedError: ":UNEXPECTED_MESSAGE:", + expectedLocalError: "remote error: unexpected message", + }) + } func addTLS13CipherPreferenceTests() { @@ -13990,6 +13701,7 @@ func addTLS13CipherPreferenceTests() { TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, }, + CurvePreferences: []CurveID{CurveX25519}, }, flags: []string{ "-expect-cipher-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)), @@ -14006,6 +13718,7 @@ func addTLS13CipherPreferenceTests() { TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, }, + CurvePreferences: []CurveID{CurveX25519}, }, flags: []string{ "-expect-cipher-aes", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)), @@ -14029,7 +13742,7 @@ func addTLS13CipherPreferenceTests() { }, }) - // Test that CECPQ2 cannot be used with TLS_AES_128_GCM_SHA256. + // CECPQ2 prefers 256-bit ciphers but will use AES-128 if there's nothing else. testCases = append(testCases, testCase{ testType: serverTest, name: "TLS13-CipherPreference-CECPQ2-AES128Only", @@ -14042,9 +13755,39 @@ func addTLS13CipherPreferenceTests() { flags: []string{ "-curves", strconv.Itoa(int(CurveCECPQ2)), }, - shouldFail: true, - expectedError: ":NO_SHARED_CIPHER:", - expectedLocalError: "remote error: handshake failure", + }) + // When a 256-bit cipher is offered, even if not in first place, it should be + // picked. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "TLS13-CipherPreference-CECPQ2-AES256Preferred", + config: Config{ + MaxVersion: VersionTLS13, + CipherSuites: []uint16{ + TLS_AES_128_GCM_SHA256, + TLS_AES_256_GCM_SHA384, + }, + }, + flags: []string{ + "-curves", strconv.Itoa(int(CurveCECPQ2)), + }, + expectedCipher: TLS_AES_256_GCM_SHA384, + }) + // ... but when CECPQ2 isn't being used, the client's preference controls. + testCases = append(testCases, testCase{ + testType: serverTest, + name: "TLS13-CipherPreference-CECPQ2-AES128PreferredOtherwise", + config: Config{ + MaxVersion: VersionTLS13, + CipherSuites: []uint16{ + TLS_AES_128_GCM_SHA256, + TLS_AES_256_GCM_SHA384, + }, + }, + flags: []string{ + "-curves", strconv.Itoa(int(CurveX25519)), + }, + expectedCipher: TLS_AES_128_GCM_SHA256, }) // Test that CECPQ2 continues to honor AES vs ChaCha20 logic. @@ -14166,7 +13909,6 @@ func addRecordVersionTests() { SendRecordVersion: 0x03ff, }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":WRONG_VERSION_NUMBER:", }) @@ -14183,7 +13925,6 @@ func addRecordVersionTests() { SendInitialRecordVersion: 0x03ff, }, }, - tls13Variant: ver.tls13Variant, }) // Test that garbage ClientHello record versions are rejected. @@ -14197,7 +13938,6 @@ func addRecordVersionTests() { SendInitialRecordVersion: 0xffff, }, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":WRONG_VERSION_NUMBER:", }) @@ -14217,7 +13957,6 @@ func addCertificateTests() { Certificates: []Certificate{rsaChainCertificate}, ClientAuth: RequireAnyClientCert, }, - tls13Variant: ver.tls13Variant, expectPeerCertificate: &rsaChainCertificate, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), @@ -14234,7 +13973,6 @@ func addCertificateTests() { MaxVersion: ver.version, Certificates: []Certificate{rsaChainCertificate}, }, - tls13Variant: ver.tls13Variant, expectPeerCertificate: &rsaChainCertificate, flags: []string{ "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile), @@ -14253,7 +13991,6 @@ func addCertificateTests() { MaxVersion: ver.version, Certificates: []Certificate{garbageCertificate}, }, - tls13Variant: ver.tls13Variant, shouldFail: true, expectedError: ":CANNOT_PARSE_LEAF_CERT:", expectedLocalError: "remote error: error decoding message", @@ -14267,7 +14004,6 @@ func addCertificateTests() { MaxVersion: ver.version, Certificates: []Certificate{garbageCertificate}, }, - tls13Variant: ver.tls13Variant, flags: []string{"-require-any-client-certificate"}, shouldFail: true, expectedError: ":CANNOT_PARSE_LEAF_CERT:", @@ -14288,7 +14024,6 @@ func addRetainOnlySHA256ClientCertTests() { MinVersion: ver.version, MaxVersion: ver.version, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-on-initial-retain-only-sha256-client-cert", "-on-resume-retain-only-sha256-client-cert", @@ -14306,7 +14041,6 @@ func addRetainOnlySHA256ClientCertTests() { MaxVersion: ver.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-verify-peer", "-on-initial-retain-only-sha256-client-cert", @@ -14328,7 +14062,6 @@ func addRetainOnlySHA256ClientCertTests() { MaxVersion: ver.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-verify-peer", "-on-initial-retain-only-sha256-client-cert", @@ -14349,7 +14082,6 @@ func addRetainOnlySHA256ClientCertTests() { MaxVersion: ver.version, Certificates: []Certificate{rsaCertificate}, }, - tls13Variant: ver.tls13Variant, flags: []string{ "-verify-peer", "-on-resume-retain-only-sha256-client-cert", @@ -14412,10 +14144,179 @@ func addECDSAKeyUsageTests() { MaxVersion: ver.version, Certificates: []Certificate{cert}, }, - tls13Variant: ver.tls13Variant, shouldFail: true, - expectedError: ":ECC_CERT_NOT_FOR_SIGNING:", + expectedError: ":KEY_USAGE_BIT_INCORRECT:", + }) + } +} + +func addRSAKeyUsageTests() { + priv := rsaCertificate.PrivateKey.(*rsa.PrivateKey) + + serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) + serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) + if err != nil { + panic(err) + } + + dsTemplate := x509.Certificate{ + SerialNumber: serialNumber, + Subject: pkix.Name{ + Organization: []string{"Acme Co"}, + }, + NotBefore: time.Now(), + NotAfter: time.Now(), + + KeyUsage: x509.KeyUsageDigitalSignature, + BasicConstraintsValid: true, + } + + encTemplate := x509.Certificate{ + SerialNumber: serialNumber, + Subject: pkix.Name{ + Organization: []string{"Acme Co"}, + }, + NotBefore: time.Now(), + NotAfter: time.Now(), + + KeyUsage: x509.KeyUsageKeyEncipherment, + BasicConstraintsValid: true, + } + + dsDerBytes, err := x509.CreateCertificate(rand.Reader, &dsTemplate, &dsTemplate, &priv.PublicKey, priv) + if err != nil { + panic(err) + } + + encDerBytes, err := x509.CreateCertificate(rand.Reader, &encTemplate, &encTemplate, &priv.PublicKey, priv) + if err != nil { + panic(err) + } + + dsCert := Certificate{ + Certificate: [][]byte{dsDerBytes}, + PrivateKey: priv, + } + + encCert := Certificate{ + Certificate: [][]byte{encDerBytes}, + PrivateKey: priv, + } + + dsSuites := []uint16{ + TLS_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + } + encSuites := []uint16{ + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA, + } + + for _, ver := range tlsVersions { + testCases = append(testCases, testCase{ + testType: clientTest, + name: "RSAKeyUsage-WantSignature-GotEncipherment-" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + Certificates: []Certificate{encCert}, + CipherSuites: dsSuites, + }, + shouldFail: true, + expectedError: ":KEY_USAGE_BIT_INCORRECT:", + flags: []string{ + "-enforce-rsa-key-usage", + }, + }) + + testCases = append(testCases, testCase{ + testType: clientTest, + name: "RSAKeyUsage-WantSignature-GotSignature-" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + Certificates: []Certificate{dsCert}, + CipherSuites: dsSuites, + }, + flags: []string{ + "-enforce-rsa-key-usage", + }, }) + + // TLS 1.3 removes the encipherment suites. + if ver.version < VersionTLS13 { + testCases = append(testCases, testCase{ + testType: clientTest, + name: "RSAKeyUsage-WantEncipherment-GotEncipherment" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + Certificates: []Certificate{encCert}, + CipherSuites: encSuites, + }, + flags: []string{ + "-enforce-rsa-key-usage", + }, + }) + + testCases = append(testCases, testCase{ + testType: clientTest, + name: "RSAKeyUsage-WantEncipherment-GotSignature-" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + Certificates: []Certificate{dsCert}, + CipherSuites: encSuites, + }, + shouldFail: true, + expectedError: ":KEY_USAGE_BIT_INCORRECT:", + flags: []string{ + "-enforce-rsa-key-usage", + }, + }) + + // In 1.2 and below, we should not enforce without the enforce-rsa-key-usage flag. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "RSAKeyUsage-WantSignature-GotEncipherment-Unenforced" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + Certificates: []Certificate{dsCert}, + CipherSuites: encSuites, + }, + }) + + testCases = append(testCases, testCase{ + testType: clientTest, + name: "RSAKeyUsage-WantEncipherment-GotSignature-Unenforced" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + Certificates: []Certificate{encCert}, + CipherSuites: dsSuites, + }, + }) + + } + + if ver.version >= VersionTLS13 { + // In 1.3 and above, we enforce keyUsage even without the flag. + testCases = append(testCases, testCase{ + testType: clientTest, + name: "RSAKeyUsage-WantSignature-GotEncipherment-Enforced" + ver.name, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + Certificates: []Certificate{encCert}, + CipherSuites: dsSuites, + }, + shouldFail: true, + expectedError: ":KEY_USAGE_BIT_INCORRECT:", + }) + + } } } @@ -14588,8 +14489,10 @@ func addOmitExtensionsTests() { OmitExtensions: true, // Disable all ServerHello extensions so // OmitExtensions works. - NoExtendedMasterSecret: true, - NoRenegotiationInfo: true, + NoExtendedMasterSecret: true, + NoRenegotiationInfo: true, + NoOCSPStapling: true, + NoSignedCertificateTimestamps: true, }, }, }) @@ -14605,8 +14508,10 @@ func addOmitExtensionsTests() { EmptyExtensions: true, // Disable all ServerHello extensions so // EmptyExtensions works. - NoExtendedMasterSecret: true, - NoRenegotiationInfo: true, + NoExtendedMasterSecret: true, + NoRenegotiationInfo: true, + NoOCSPStapling: true, + NoSignedCertificateTimestamps: true, }, }, }) @@ -14666,9 +14571,8 @@ func addCertCompressionTests() { // Duplicate compression algorithms is an error, even if nothing is // configured. testCases = append(testCases, testCase{ - testType: serverTest, - name: "DuplicateCertCompressionExt-" + ver.name, - tls13Variant: ver.tls13Variant, + testType: serverTest, + name: "DuplicateCertCompressionExt-" + ver.name, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14683,10 +14587,9 @@ func addCertCompressionTests() { // With compression algorithms configured, an duplicate values should still // be an error. testCases = append(testCases, testCase{ - testType: serverTest, - name: "DuplicateCertCompressionExt2-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: serverTest, + name: "DuplicateCertCompressionExt2-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14714,10 +14617,9 @@ func addCertCompressionTests() { } testCases = append(testCases, testCase{ - testType: serverTest, - name: "CertCompressionExpands-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: serverTest, + name: "CertCompressionExpands-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14729,10 +14631,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: serverTest, - name: "CertCompressionShrinks-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: serverTest, + name: "CertCompressionShrinks-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14746,10 +14647,9 @@ func addCertCompressionTests() { // With both algorithms configured, the server should pick its most // preferable. (Which is expandingAlgId.) testCases = append(testCases, testCase{ - testType: serverTest, - name: "CertCompressionPriority-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: serverTest, + name: "CertCompressionPriority-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14764,10 +14664,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: clientTest, - name: "CertCompressionExpandsClient-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: clientTest, + name: "CertCompressionExpandsClient-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14781,10 +14680,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: clientTest, - name: "CertCompressionShrinksClient-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: clientTest, + name: "CertCompressionShrinksClient-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14798,10 +14696,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: clientTest, - name: "CertCompressionBadAlgIdClient-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: clientTest, + name: "CertCompressionBadAlgIdClient-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14818,10 +14715,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: clientTest, - name: "CertCompressionTooSmallClient-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: clientTest, + name: "CertCompressionTooSmallClient-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -14838,10 +14734,9 @@ func addCertCompressionTests() { }) testCases = append(testCases, testCase{ - testType: clientTest, - name: "CertCompressionTooLargeClient-" + ver.name, - tls13Variant: ver.tls13Variant, - flags: []string{"-install-cert-compression-algs"}, + testType: clientTest, + name: "CertCompressionTooLargeClient-" + ver.name, + flags: []string{"-install-cert-compression-algs"}, config: Config{ MinVersion: ver.version, MaxVersion: ver.version, @@ -15015,6 +14910,109 @@ func addJDK11WorkaroundTests() { } } +func addDelegatedCredentialTests() { + certPath := path.Join(*resourceDir, rsaCertificateFile) + pemBytes, err := ioutil.ReadFile(certPath) + if err != nil { + panic(err) + } + + block, _ := pem.Decode(pemBytes) + if block == nil { + panic(fmt.Sprintf("no PEM block found in %q", certPath)) + } + parentDER := block.Bytes + + rsaPriv, _, err := loadRSAPrivateKey(rsaKeyFile) + if err != nil { + panic(err) + } + + ecdsaDC, ecdsaPKCS8, err := createDelegatedCredential(delegatedCredentialConfig{ + algo: signatureRSAPSSWithSHA256, + }, parentDER, rsaPriv) + if err != nil { + panic(err) + } + ecdsaFlagValue := fmt.Sprintf("%x,%x", ecdsaDC, ecdsaPKCS8) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "DelegatedCredentials-NoClientSupport", + config: Config{ + MinVersion: VersionTLS13, + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + DisableDelegatedCredentials: true, + }, + }, + flags: []string{ + "-delegated-credential", ecdsaFlagValue, + }, + }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "DelegatedCredentials-Basic", + config: Config{ + MinVersion: VersionTLS13, + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + ExpectDelegatedCredentials: true, + }, + }, + flags: []string{ + "-delegated-credential", ecdsaFlagValue, + }, + }) + + testCases = append(testCases, testCase{ + testType: serverTest, + name: "DelegatedCredentials-SigAlgoMissing", + config: Config{ + MinVersion: VersionTLS13, + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + FailIfDelegatedCredentials: true, + }, + // If the client doesn't support the delegated credential signature + // algorithm then the handshake should complete without using delegated + // credentials. + VerifySignatureAlgorithms: []signatureAlgorithm{signatureRSAPSSWithSHA256}, + }, + flags: []string{ + "-delegated-credential", ecdsaFlagValue, + }, + }) + + // This flag value has mismatched public and private keys which should cause a + // configuration error in the shim. + _, badTLSVersionPKCS8, err := createDelegatedCredential(delegatedCredentialConfig{ + algo: signatureRSAPSSWithSHA256, + tlsVersion: 0x1234, + }, parentDER, rsaPriv) + if err != nil { + panic(err) + } + mismatchFlagValue := fmt.Sprintf("%x,%x", ecdsaDC, badTLSVersionPKCS8) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "DelegatedCredentials-KeyMismatch", + config: Config{ + MinVersion: VersionTLS13, + MaxVersion: VersionTLS13, + Bugs: ProtocolBugs{ + FailIfDelegatedCredentials: true, + }, + }, + flags: []string{ + "-delegated-credential", mismatchFlagValue, + }, + shouldFail: true, + expectedError: ":KEY_VALUES_MISMATCH:", + }) +} + func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) { defer wg.Done() @@ -15146,10 +15144,12 @@ func main() { addCertificateTests() addRetainOnlySHA256ClientCertTests() addECDSAKeyUsageTests() + addRSAKeyUsageTests() addExtraHandshakeTests() addOmitExtensionsTests() addCertCompressionTests() addJDK11WorkaroundTests() + addDelegatedCredentialTests() testCases = append(testCases, convertToSplitHandshakeTests(testCases)...) diff --git a/src/ssl/test/settings_writer.cc b/src/ssl/test/settings_writer.cc index 66025f6..fe8d42e 100644 --- a/src/ssl/test/settings_writer.cc +++ b/src/ssl/test/settings_writer.cc @@ -59,12 +59,6 @@ bool SettingsWriter::Init(int i, const TestConfig *config, return false; } - if (config->tls13_variant != 0 && - (!CBB_add_u16(cbb_.get(), kTLS13Variant) || - !CBB_add_u8(cbb_.get(), static_cast(config->tls13_variant)))) { - return false; - } - return true; } diff --git a/src/ssl/test/test_config.cc b/src/ssl/test/test_config.cc index bed0501..70e061b 100644 --- a/src/ssl/test/test_config.cc +++ b/src/ssl/test/test_config.cc @@ -145,9 +145,11 @@ const Flag kBoolFlags[] = { { "-is-handshaker-supported", &TestConfig::is_handshaker_supported }, { "-handshaker-resume", &TestConfig::handshaker_resume }, { "-reverify-on-resume", &TestConfig::reverify_on_resume }, + { "-enforce-rsa-key-usage", &TestConfig::enforce_rsa_key_usage }, { "-jdk11-workaround", &TestConfig::jdk11_workaround }, { "-server-preference", &TestConfig::server_preference }, { "-export-traffic-secrets", &TestConfig::export_traffic_secrets }, + { "-key-update", &TestConfig::key_update }, }; const Flag kStringFlags[] = { @@ -176,6 +178,7 @@ const Flag kStringFlags[] = { { "-expect-client-ca-list", &TestConfig::expected_client_ca_list }, { "-expect-msg-callback", &TestConfig::expect_msg_callback }, { "-handshaker-path", &TestConfig::handshaker_path }, + { "-delegated-credential", &TestConfig::delegated_credential }, }; const Flag kBase64Flags[] = { @@ -217,7 +220,6 @@ const Flag kIntFlags[] = { { "-max-send-fragment", &TestConfig::max_send_fragment }, { "-read-size", &TestConfig::read_size }, { "-expect-ticket-age-skew", &TestConfig::expect_ticket_age_skew }, - { "-tls13-variant", &TestConfig::tls13_variant }, }; const Flag> kIntVectorFlags[] = { @@ -1246,9 +1248,6 @@ bssl::UniquePtr TestConfig::SetupCtx(SSL_CTX *old_ctx) const { SSL_CTX_set_early_data_enabled(ssl_ctx.get(), 1); } - SSL_CTX_set_tls13_variant(ssl_ctx.get(), - static_cast(tls13_variant)); - if (allow_unknown_alpn_protos) { SSL_CTX_set_allow_unknown_alpn_protos(ssl_ctx.get(), 1); } @@ -1503,6 +1502,9 @@ bssl::UniquePtr TestConfig::NewSSL( if (reverify_on_resume) { SSL_CTX_set_reverify_on_resume(ssl_ctx, 1); } + if (enforce_rsa_key_usage) { + SSL_set_enforce_rsa_key_usage(ssl.get(), 1); + } if (no_tls13) { SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_3); } @@ -1673,5 +1675,40 @@ bssl::UniquePtr TestConfig::NewSSL( } } + if (!delegated_credential.empty()) { + std::string::size_type comma = delegated_credential.find(','); + if (comma == std::string::npos) { + fprintf(stderr, "failed to find comma in delegated credential argument"); + return nullptr; + } + + const std::string dc_hex = delegated_credential.substr(0, comma); + const std::string pkcs8_hex = delegated_credential.substr(comma + 1); + std::string dc, pkcs8; + if (!HexDecode(&dc, dc_hex) || !HexDecode(&pkcs8, pkcs8_hex)) { + fprintf(stderr, "failed to hex decode delegated credential argument"); + return nullptr; + } + + CBS dc_cbs(bssl::Span( + reinterpret_cast(dc.data()), dc.size())); + CBS pkcs8_cbs(bssl::Span( + reinterpret_cast(pkcs8.data()), pkcs8.size())); + + bssl::UniquePtr priv(EVP_parse_private_key(&pkcs8_cbs)); + if (!priv) { + fprintf(stderr, "failed to parse delegated credential private key"); + return nullptr; + } + + bssl::UniquePtr dc_buf( + CRYPTO_BUFFER_new_from_CBS(&dc_cbs, nullptr)); + if (!SSL_set1_delegated_credential(ssl.get(), dc_buf.get(), + priv.get(), nullptr)) { + fprintf(stderr, "SSL_set1_delegated_credential failed.\n"); + return nullptr; + } + } + return ssl; } diff --git a/src/ssl/test/test_config.h b/src/ssl/test/test_config.h index 0d0753e..9221d6f 100644 --- a/src/ssl/test/test_config.h +++ b/src/ssl/test/test_config.h @@ -104,7 +104,6 @@ struct TestConfig { bool use_ticket_callback = false; bool renew_ticket = false; bool enable_early_data = false; - int tls13_variant = 0; bool enable_client_custom_extension = false; bool enable_server_custom_extension = false; bool custom_extension_skip = false; @@ -166,12 +165,15 @@ struct TestConfig { bool fail_ocsp_callback = false; bool install_cert_compression_algs = false; bool reverify_on_resume = false; + bool enforce_rsa_key_usage = false; bool is_handshaker_supported = false; bool handshaker_resume = false; std::string handshaker_path; bool jdk11_workaround = false; bool server_preference = false; bool export_traffic_secrets = false; + bool key_update = false; + std::string delegated_credential; int argc; char **argv; diff --git a/src/ssl/tls13_both.cc b/src/ssl/tls13_both.cc index 6baeaf7..ba5719f 100644 --- a/src/ssl/tls13_both.cc +++ b/src/ssl/tls13_both.cc @@ -212,7 +212,8 @@ bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, } // TLS 1.3 always uses certificate keys for signing thus the correct // keyUsage is enforced. - if (!ssl_cert_check_digital_signature_key_usage(&certificate)) { + if (!ssl_cert_check_key_usage(&certificate, + key_usage_digital_signature)) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); return false; } @@ -418,6 +419,7 @@ bool tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg, bool tls13_add_certificate(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; CERT *const cert = hs->config->cert.get(); + DC *const dc = cert->dc.get(); ScopedCBB cbb; CBB *body, body_storage, certificate_list; @@ -441,7 +443,7 @@ bool tls13_add_certificate(SSL_HANDSHAKE *hs) { return false; } - if (!ssl_has_certificate(hs->config)) { + if (!ssl_has_certificate(hs)) { return ssl_add_message_cbb(ssl, cbb.get()); } @@ -484,6 +486,19 @@ bool tls13_add_certificate(SSL_HANDSHAKE *hs) { } } + if (ssl_signing_with_dc(hs)) { + const CRYPTO_BUFFER *raw = dc->raw.get(); + if (!CBB_add_u16(&extensions, TLSEXT_TYPE_delegated_credential) || + !CBB_add_u16(&extensions, CRYPTO_BUFFER_len(raw)) || + !CBB_add_bytes(&extensions, + CRYPTO_BUFFER_data(raw), + CRYPTO_BUFFER_len(raw)) || + !CBB_flush(&extensions)) { + OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); + return 0; + } + } + for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(cert->chain.get()); i++) { CRYPTO_BUFFER *cert_buf = sk_CRYPTO_BUFFER_value(cert->chain.get(), i); CBB child; @@ -607,6 +622,25 @@ bool tls13_add_finished(SSL_HANDSHAKE *hs) { return true; } +bool tls13_add_key_update(SSL *ssl, int update_requested) { + ScopedCBB cbb; + CBB body_cbb; + if (!ssl->method->init_message(ssl, cbb.get(), &body_cbb, + SSL3_MT_KEY_UPDATE) || + !CBB_add_u8(&body_cbb, update_requested) || + !ssl_add_message_cbb(ssl, cbb.get()) || + !tls13_rotate_traffic_key(ssl, evp_aead_seal)) { + return false; + } + + // Suppress KeyUpdate acknowledgments until this change is written to the + // wire. This prevents us from accumulating write obligations when read and + // write progress at different rates. See RFC 8446, section 4.6.3. + ssl->s3->key_update_pending = true; + + return true; +} + static bool tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) { CBS body = msg.body; uint8_t key_update_request; @@ -625,21 +659,9 @@ static bool tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) { // Acknowledge the KeyUpdate if (key_update_request == SSL_KEY_UPDATE_REQUESTED && - !ssl->s3->key_update_pending) { - ScopedCBB cbb; - CBB body_cbb; - if (!ssl->method->init_message(ssl, cbb.get(), &body_cbb, - SSL3_MT_KEY_UPDATE) || - !CBB_add_u8(&body_cbb, SSL_KEY_UPDATE_NOT_REQUESTED) || - !ssl_add_message_cbb(ssl, cbb.get()) || - !tls13_rotate_traffic_key(ssl, evp_aead_seal)) { - return false; - } - - // Suppress KeyUpdate acknowledgments until this change is written to the - // wire. This prevents us from accumulating write obligations when read and - // write progress at different rates. See RFC 8446, section 4.6.3. - ssl->s3->key_update_pending = true; + !ssl->s3->key_update_pending && + !tls13_add_key_update(ssl, SSL_KEY_UPDATE_NOT_REQUESTED)) { + return false; } return true; @@ -648,7 +670,7 @@ static bool tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) { bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg) { if (msg.type == SSL3_MT_KEY_UPDATE) { ssl->s3->key_update_count++; - if (ssl->ctx->quic_method != nullptr || + if (ssl->quic_method != nullptr || ssl->s3->key_update_count > kMaxKeyUpdates) { OPENSSL_PUT_ERROR(SSL, SSL_R_TOO_MANY_KEY_UPDATES); ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); diff --git a/src/ssl/tls13_client.cc b/src/ssl/tls13_client.cc index 40913dc..ac97165 100644 --- a/src/ssl/tls13_client.cc +++ b/src/ssl/tls13_client.cc @@ -294,16 +294,14 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) { return ssl_hs_error; } - if (ssl_is_draft28(ssl->version)) { - // Recheck supported_versions, in case this is the second ServerHello. - uint16_t version; - if (!have_supported_versions || - !CBS_get_u16(&supported_versions, &version) || - version != ssl->version) { - OPENSSL_PUT_ERROR(SSL, SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH); - ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); - return ssl_hs_error; - } + // Recheck supported_versions, in case this is the second ServerHello. + uint16_t version; + if (!have_supported_versions || + !CBS_get_u16(&supported_versions, &version) || + version != ssl->version) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH); + ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + return ssl_hs_error; } alert = SSL_AD_DECODE_ERROR; @@ -685,7 +683,7 @@ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) { static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) { // Don't send CertificateVerify if there is no certificate. - if (!ssl_has_certificate(hs->config)) { + if (!ssl_has_certificate(hs)) { hs->tls13_state = state_complete_second_flight; return ssl_hs_ok; } @@ -883,8 +881,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { session->timeout = server_timeout; } - if (!tls13_derive_session_psk(session.get(), ticket_nonce, - ssl->ctx->quic_method != nullptr)) { + if (!tls13_derive_session_psk(session.get(), ticket_nonce)) { return false; } diff --git a/src/ssl/tls13_enc.cc b/src/ssl/tls13_enc.cc index f18084e..7353561 100644 --- a/src/ssl/tls13_enc.cc +++ b/src/ssl/tls13_enc.cc @@ -69,27 +69,19 @@ bool tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk, static bool hkdf_expand_label(uint8_t *out, const EVP_MD *digest, const uint8_t *secret, size_t secret_len, const char *label, size_t label_len, - const uint8_t *hash, size_t hash_len, size_t len, - bool use_quic_label) { + const uint8_t *hash, size_t hash_len, + size_t len) { static const char kTLS13ProtocolLabel[] = "tls13 "; - static const char kQUICProtocolLabel[] = "quic "; - - const char *protocol_label; - if (use_quic_label) { - protocol_label = kQUICProtocolLabel; - } else { - protocol_label = kTLS13ProtocolLabel; - } ScopedCBB cbb; CBB child; Array hkdf_label; - if (!CBB_init(cbb.get(), - 2 + 1 + strlen(protocol_label) + label_len + 1 + hash_len) || + if (!CBB_init(cbb.get(), 2 + 1 + strlen(kTLS13ProtocolLabel) + label_len + 1 + + hash_len) || !CBB_add_u16(cbb.get(), len) || !CBB_add_u8_length_prefixed(cbb.get(), &child) || - !CBB_add_bytes(&child, (const uint8_t *)protocol_label, - strlen(protocol_label)) || + !CBB_add_bytes(&child, (const uint8_t *)kTLS13ProtocolLabel, + strlen(kTLS13ProtocolLabel)) || !CBB_add_bytes(&child, (const uint8_t *)label, label_len) || !CBB_add_u8_length_prefixed(cbb.get(), &child) || !CBB_add_bytes(&child, hash, hash_len) || @@ -115,8 +107,7 @@ bool tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in, if (!hkdf_expand_label(hs->secret, hs->transcript.Digest(), hs->secret, hs->hash_len, kTLS13LabelDerived, strlen(kTLS13LabelDerived), derive_context, - derive_context_len, hs->hash_len, - hs->ssl->ctx->quic_method != nullptr)) { + derive_context_len, hs->hash_len)) { return false; } @@ -137,8 +128,7 @@ static bool derive_secret(SSL_HANDSHAKE *hs, uint8_t *out, size_t len, return hkdf_expand_label(out, hs->transcript.Digest(), hs->secret, hs->hash_len, label, label_len, context_hash, - context_hash_len, len, - hs->ssl->ctx->quic_method != nullptr); + context_hash_len, len); } bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level, @@ -154,7 +144,7 @@ bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level, } UniquePtr traffic_aead; - if (ssl->ctx->quic_method == nullptr) { + if (ssl->quic_method == nullptr) { // Look up cipher suite properties. const EVP_AEAD *aead; size_t discard; @@ -169,8 +159,7 @@ bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level, size_t key_len = EVP_AEAD_key_length(aead); uint8_t key[EVP_AEAD_MAX_KEY_LENGTH]; if (!hkdf_expand_label(key, digest, traffic_secret, traffic_secret_len, - "key", 3, NULL, 0, key_len, - ssl->ctx->quic_method != nullptr)) { + "key", 3, NULL, 0, key_len)) { return false; } @@ -178,8 +167,7 @@ bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level, size_t iv_len = EVP_AEAD_nonce_length(aead); uint8_t iv[EVP_AEAD_MAX_NONCE_LENGTH]; if (!hkdf_expand_label(iv, digest, traffic_secret, traffic_secret_len, "iv", - 2, NULL, 0, iv_len, - ssl->ctx->quic_method != nullptr)) { + 2, NULL, 0, iv_len)) { return false; } @@ -249,16 +237,16 @@ bool tls13_derive_early_secrets(SSL_HANDSHAKE *hs) { } ssl->s3->early_exporter_secret_len = hs->hash_len; - if (ssl->ctx->quic_method != nullptr) { + if (ssl->quic_method != nullptr) { if (ssl->server) { - if (!ssl->ctx->quic_method->set_encryption_secrets( + if (!ssl->quic_method->set_encryption_secrets( ssl, ssl_encryption_early_data, nullptr, hs->early_traffic_secret, hs->hash_len)) { OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR); return false; } } else { - if (!ssl->ctx->quic_method->set_encryption_secrets( + if (!ssl->quic_method->set_encryption_secrets( ssl, ssl_encryption_early_data, hs->early_traffic_secret, nullptr, hs->hash_len)) { OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR); @@ -285,16 +273,16 @@ bool tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs) { return false; } - if (ssl->ctx->quic_method != nullptr) { + if (ssl->quic_method != nullptr) { if (ssl->server) { - if (!ssl->ctx->quic_method->set_encryption_secrets( + if (!ssl->quic_method->set_encryption_secrets( ssl, ssl_encryption_handshake, hs->client_handshake_secret, hs->server_handshake_secret, hs->hash_len)) { OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR); return false; } } else { - if (!ssl->ctx->quic_method->set_encryption_secrets( + if (!ssl->quic_method->set_encryption_secrets( ssl, ssl_encryption_handshake, hs->server_handshake_secret, hs->client_handshake_secret, hs->hash_len)) { OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR); @@ -326,16 +314,16 @@ bool tls13_derive_application_secrets(SSL_HANDSHAKE *hs) { return false; } - if (ssl->ctx->quic_method != nullptr) { + if (ssl->quic_method != nullptr) { if (ssl->server) { - if (!ssl->ctx->quic_method->set_encryption_secrets( + if (!ssl->quic_method->set_encryption_secrets( ssl, ssl_encryption_application, hs->client_traffic_secret_0, hs->server_traffic_secret_0, hs->hash_len)) { OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR); return false; } } else { - if (!ssl->ctx->quic_method->set_encryption_secrets( + if (!ssl->quic_method->set_encryption_secrets( ssl, ssl_encryption_application, hs->server_traffic_secret_0, hs->client_traffic_secret_0, hs->hash_len)) { OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR); @@ -364,7 +352,7 @@ bool tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) { if (!hkdf_expand_label(secret, digest, secret, secret_len, kTLS13LabelApplicationTraffic, strlen(kTLS13LabelApplicationTraffic), NULL, 0, - secret_len, ssl->ctx->quic_method != nullptr)) { + secret_len)) { return false; } @@ -392,13 +380,11 @@ static const char kTLS13LabelFinished[] = "finished"; static bool tls13_verify_data(const EVP_MD *digest, uint16_t version, uint8_t *out, size_t *out_len, const uint8_t *secret, size_t hash_len, - uint8_t *context, size_t context_len, - bool use_quic) { + uint8_t *context, size_t context_len) { uint8_t key[EVP_MAX_MD_SIZE]; unsigned len; if (!hkdf_expand_label(key, digest, secret, hash_len, kTLS13LabelFinished, - strlen(kTLS13LabelFinished), NULL, 0, hash_len, - use_quic) || + strlen(kTLS13LabelFinished), NULL, 0, hash_len) || HMAC(digest, key, hash_len, context, context_len, out, &len) == NULL) { return false; } @@ -420,8 +406,7 @@ bool tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, if (!hs->transcript.GetHash(context_hash, &context_hash_len) || !tls13_verify_data(hs->transcript.Digest(), hs->ssl->version, out, out_len, traffic_secret, hs->hash_len, context_hash, - context_hash_len, - hs->ssl->ctx->quic_method != nullptr)) { + context_hash_len)) { return 0; } return 1; @@ -429,13 +414,12 @@ bool tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, static const char kTLS13LabelResumptionPSK[] = "resumption"; -bool tls13_derive_session_psk(SSL_SESSION *session, Span nonce, - bool use_quic) { +bool tls13_derive_session_psk(SSL_SESSION *session, Span nonce) { const EVP_MD *digest = ssl_session_get_digest(session); return hkdf_expand_label(session->master_key, digest, session->master_key, session->master_key_length, kTLS13LabelResumptionPSK, strlen(kTLS13LabelResumptionPSK), nonce.data(), - nonce.size(), session->master_key_length, use_quic); + nonce.size(), session->master_key_length); } static const char kTLS13LabelExportKeying[] = "exporter"; @@ -464,12 +448,11 @@ bool tls13_export_keying_material(SSL *ssl, Span out, nullptr) && hkdf_expand_label(derived_secret, digest, secret.data(), secret.size(), label.data(), label.size(), export_context, - export_context_len, derived_secret_len, - ssl->ctx->quic_method != nullptr) && + export_context_len, derived_secret_len) && hkdf_expand_label(out.data(), digest, derived_secret, derived_secret_len, kTLS13LabelExportKeying, strlen(kTLS13LabelExportKeying), hash, hash_len, - out.size(), ssl->ctx->quic_method != nullptr); + out.size()); } static const char kTLS13LabelPSKBinder[] = "res binder"; @@ -477,7 +460,7 @@ static const char kTLS13LabelPSKBinder[] = "res binder"; static bool tls13_psk_binder(uint8_t *out, uint16_t version, const EVP_MD *digest, uint8_t *psk, size_t psk_len, uint8_t *context, size_t context_len, - size_t hash_len, bool use_quic) { + size_t hash_len) { uint8_t binder_context[EVP_MAX_MD_SIZE]; unsigned binder_context_len; if (!EVP_Digest(NULL, 0, binder_context, &binder_context_len, digest, NULL)) { @@ -495,10 +478,9 @@ static bool tls13_psk_binder(uint8_t *out, uint16_t version, size_t len; if (!hkdf_expand_label(binder_key, digest, early_secret, hash_len, kTLS13LabelPSKBinder, strlen(kTLS13LabelPSKBinder), - binder_context, binder_context_len, hash_len, - use_quic) || + binder_context, binder_context_len, hash_len) || !tls13_verify_data(digest, version, out, &len, binder_key, hash_len, - context, context_len, use_quic)) { + context, context_len)) { return false; } @@ -531,7 +513,7 @@ bool tls13_write_psk_binder(SSL_HANDSHAKE *hs, uint8_t *msg, size_t len) { if (!tls13_psk_binder(verify_data, ssl->session->ssl_version, digest, ssl->session->master_key, ssl->session->master_key_length, context, context_len, - hash_len, ssl->ctx->quic_method != nullptr)) { + hash_len)) { return false; } @@ -563,8 +545,7 @@ bool tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session, CBS binder; if (!tls13_psk_binder(verify_data, hs->ssl->version, hs->transcript.Digest(), session->master_key, session->master_key_length, - context, context_len, hash_len, - hs->ssl->ctx->quic_method != nullptr) || + context, context_len, hash_len) || // We only consider the first PSK, so compare against the first binder. !CBS_get_u8_length_prefixed(binders, &binder)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); diff --git a/src/ssl/tls13_server.cc b/src/ssl/tls13_server.cc index 7073b57..caaf0c7 100644 --- a/src/ssl/tls13_server.cc +++ b/src/ssl/tls13_server.cc @@ -17,6 +17,8 @@ #include #include +#include + #include #include #include @@ -95,6 +97,37 @@ static int ssl_ext_supported_versions_add_serverhello(SSL_HANDSHAKE *hs, return 1; } +// CipherScorer produces a "score" for each possible cipher suite offered by +// the client. +class CipherScorer { + public: + CipherScorer(uint16_t group_id) + : aes_is_fine_(EVP_has_aes_hardware()), + security_128_is_fine_(group_id != SSL_CURVE_CECPQ2) {} + + typedef std::tuple Score; + + // MinScore returns a |Score| that will compare less than the score of all + // cipher suites. + Score MinScore() const { + return Score(false, false, false); + } + + Score Evaluate(const SSL_CIPHER *a) const { + return Score( + // Something is always preferable to nothing. + true, + // Either 128-bit is fine, or 256-bit is preferred. + security_128_is_fine_ || a->algorithm_enc != SSL_AES128GCM, + // Either AES is fine, or else ChaCha20 is preferred. + aes_is_fine_ || a->algorithm_enc == SSL_CHACHA20POLY1305); + } + + private: + const bool aes_is_fine_; + const bool security_128_is_fine_; +}; + static const SSL_CIPHER *choose_tls13_cipher( const SSL *ssl, const SSL_CLIENT_HELLO *client_hello, uint16_t group_id) { if (client_hello->cipher_suites_len % 2 != 0) { @@ -105,11 +138,12 @@ static const SSL_CIPHER *choose_tls13_cipher( CBS_init(&cipher_suites, client_hello->cipher_suites, client_hello->cipher_suites_len); - const bool aes_is_fine = EVP_has_aes_hardware(); - const bool require_256_bit = group_id == SSL_CURVE_CECPQ2; const uint16_t version = ssl_protocol_version(ssl); const SSL_CIPHER *best = nullptr; + CipherScorer scorer(group_id); + CipherScorer::Score best_score = scorer.MinScore(); + while (CBS_len(&cipher_suites) > 0) { uint16_t cipher_suite; if (!CBS_get_u16(&cipher_suites, &cipher_suite)) { @@ -124,23 +158,12 @@ static const SSL_CIPHER *choose_tls13_cipher( continue; } - // Post-quantum key exchanges should be paired with 256-bit ciphers. - if (require_256_bit && candidate->algorithm_enc == SSL_AES128GCM) { - continue; - } - - // TLS 1.3 removes legacy ciphers, so honor the client order, but prefer - // ChaCha20 if we do not have AES hardware. - if (aes_is_fine) { - return candidate; - } - - if (candidate->algorithm_enc == SSL_CHACHA20POLY1305) { - return candidate; - } - - if (best == nullptr) { + const CipherScorer::Score candidate_score = scorer.Evaluate(candidate); + // |candidate_score| must be larger to displace the current choice. That way + // the client's order controls between ciphers with an equal score. + if (candidate_score > best_score) { best = candidate; + best_score = candidate_score; } } @@ -194,8 +217,7 @@ static bool add_new_session_tickets(SSL_HANDSHAKE *hs, bool *out_sent_tickets) { !CBB_add_u8_length_prefixed(&body, &nonce_cbb) || !CBB_add_bytes(&nonce_cbb, nonce, sizeof(nonce)) || !CBB_add_u16_length_prefixed(&body, &ticket) || - !tls13_derive_session_psk(session.get(), nonce, - ssl->ctx->quic_method != nullptr) || + !tls13_derive_session_psk(session.get(), nonce) || !ssl_encrypt_ticket(hs, &ticket, session.get()) || !CBB_add_u16_length_prefixed(&body, &extensions)) { return false; @@ -663,7 +685,7 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) { // Send the server Certificate message, if necessary. if (!ssl->s3->session_reused) { - if (!ssl_has_certificate(hs->config)) { + if (!ssl_has_certificate(hs)) { OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_SET); return ssl_hs_error; } diff --git a/src/third_party/android-cmake/AndroidNdkGdb.cmake b/src/third_party/android-cmake/AndroidNdkGdb.cmake deleted file mode 100644 index 0677dcd..0000000 --- a/src/third_party/android-cmake/AndroidNdkGdb.cmake +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright (c) 2014, Pavel Rojtberg -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# 3. Neither the name of the copyright holder nor the names of its -# contributors may be used to endorse or promote products derived from this -# software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -# ------------------------------------------------------------------------------ -# Usage: -# 1. place AndroidNdkGdb.cmake somewhere inside ${CMAKE_MODULE_PATH} -# 2. inside your project add -# -# include(AndroidNdkGdb) -# android_ndk_gdb_enable() -# # for each target -# add_library(MyLibrary ...) -# android_ndk_gdb_debuggable(MyLibrary) - - -# add gdbserver and general gdb configuration to project -# also create a mininal NDK skeleton so ndk-gdb finds the paths -# -# the optional parameter defines the path to the android project. -# uses PROJECT_SOURCE_DIR by default. -macro(android_ndk_gdb_enable) - if(ANDROID) - # create custom target that depends on the real target so it gets executed afterwards - add_custom_target(NDK_GDB ALL) - - if(${ARGC}) - set(ANDROID_PROJECT_DIR ${ARGV0}) - else() - set(ANDROID_PROJECT_DIR ${PROJECT_SOURCE_DIR}) - endif() - - set(NDK_GDB_SOLIB_PATH ${ANDROID_PROJECT_DIR}/obj/local/${ANDROID_NDK_ABI_NAME}/) - file(MAKE_DIRECTORY ${NDK_GDB_SOLIB_PATH}) - - # 1. generate essential Android Makefiles - file(MAKE_DIRECTORY ${ANDROID_PROJECT_DIR}/jni) - if(NOT EXISTS ${ANDROID_PROJECT_DIR}/jni/Android.mk) - file(WRITE ${ANDROID_PROJECT_DIR}/jni/Android.mk "APP_ABI := ${ANDROID_NDK_ABI_NAME}\n") - endif() - if(NOT EXISTS ${ANDROID_PROJECT_DIR}/jni/Application.mk) - file(WRITE ${ANDROID_PROJECT_DIR}/jni/Application.mk "APP_ABI := ${ANDROID_NDK_ABI_NAME}\n") - endif() - - # 2. generate gdb.setup - get_directory_property(PROJECT_INCLUDES DIRECTORY ${PROJECT_SOURCE_DIR} INCLUDE_DIRECTORIES) - string(REGEX REPLACE ";" " " PROJECT_INCLUDES "${PROJECT_INCLUDES}") - file(WRITE ${LIBRARY_OUTPUT_PATH}/gdb.setup "set solib-search-path ${NDK_GDB_SOLIB_PATH}\n") - file(APPEND ${LIBRARY_OUTPUT_PATH}/gdb.setup "directory ${PROJECT_INCLUDES}\n") - - # 3. copy gdbserver executable - file(COPY ${ANDROID_NDK}/prebuilt/android-${ANDROID_ARCH_NAME}/gdbserver/gdbserver DESTINATION ${LIBRARY_OUTPUT_PATH}) - endif() -endmacro() - -# register a target for remote debugging -# copies the debug version to NDK_GDB_SOLIB_PATH then strips symbols of original -macro(android_ndk_gdb_debuggable TARGET_NAME) - if(ANDROID) - get_property(TARGET_LOCATION TARGET ${TARGET_NAME} PROPERTY LOCATION) - - # create custom target that depends on the real target so it gets executed afterwards - add_dependencies(NDK_GDB ${TARGET_NAME}) - - # 4. copy lib to obj - add_custom_command(TARGET NDK_GDB POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different ${TARGET_LOCATION} ${NDK_GDB_SOLIB_PATH}) - - # 5. strip symbols - add_custom_command(TARGET NDK_GDB POST_BUILD COMMAND ${CMAKE_STRIP} ${TARGET_LOCATION}) - endif() -endmacro() diff --git a/src/third_party/android-cmake/AndroidNdkModules.cmake b/src/third_party/android-cmake/AndroidNdkModules.cmake deleted file mode 100644 index 64f37fd..0000000 --- a/src/third_party/android-cmake/AndroidNdkModules.cmake +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright (c) 2014, Pavel Rojtberg -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# 3. Neither the name of the copyright holder nor the names of its -# contributors may be used to endorse or promote products derived from this -# software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -macro(android_ndk_import_module_cpufeatures) - if(ANDROID) - include_directories(${ANDROID_NDK}/sources/android/cpufeatures) - add_library(cpufeatures ${ANDROID_NDK}/sources/android/cpufeatures/cpu-features.c) - target_link_libraries(cpufeatures dl) - endif() -endmacro() - -macro(android_ndk_import_module_native_app_glue) - if(ANDROID) - include_directories(${ANDROID_NDK}/sources/android/native_app_glue) - add_library(native_app_glue ${ANDROID_NDK}/sources/android/native_app_glue/android_native_app_glue.c) - target_link_libraries(native_app_glue log) - endif() -endmacro() - -macro(android_ndk_import_module_ndk_helper) - if(ANDROID) - android_ndk_import_module_cpufeatures() - android_ndk_import_module_native_app_glue() - - include_directories(${ANDROID_NDK}/sources/android/ndk_helper) - file(GLOB _NDK_HELPER_SRCS ${ANDROID_NDK}/sources/android/ndk_helper/*.cpp ${ANDROID_NDK}/sources/android/ndk_helper/gl3stub.c) - add_library(ndk_helper ${_NDK_HELPER_SRCS}) - target_link_libraries(ndk_helper log android EGL GLESv2 cpufeatures native_app_glue) - - unset(_NDK_HELPER_SRCS) - endif() -endmacro() \ No newline at end of file diff --git a/src/third_party/android-cmake/LICENSE b/src/third_party/android-cmake/LICENSE deleted file mode 100644 index a96a369..0000000 --- a/src/third_party/android-cmake/LICENSE +++ /dev/null @@ -1,30 +0,0 @@ -Copyright (c) 2010-2011, Ethan Rublee -Copyright (c) 2011-2014, Andrey Kamaev -Copyright (c) 2014, Pavel Rojtberg -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its - contributors may be used to endorse or promote products derived from this - software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. diff --git a/src/third_party/android-cmake/METADATA b/src/third_party/android-cmake/METADATA deleted file mode 100644 index f5aafb8..0000000 --- a/src/third_party/android-cmake/METADATA +++ /dev/null @@ -1,15 +0,0 @@ -name: "android-cmake" -description: - "android-cmake is a collection of CMake scripts for building against the " - "Android NDK." - -third_party { - url { - type: GIT - value: "https://github.com/taka-no-me/android-cmake/" - } - version: "556cc14296c226f753a3778d99d8b60778b7df4f" - last_upgrade_date { year: 2016 month: 6 day: 2 } - - local_modifications: "LICENSE file has been created for compliance purposes. Not included in original distribution." -} diff --git a/src/third_party/android-cmake/README.md b/src/third_party/android-cmake/README.md deleted file mode 100644 index ee63021..0000000 --- a/src/third_party/android-cmake/README.md +++ /dev/null @@ -1,240 +0,0 @@ -# android-cmake - -CMake is great, and so is Android. This is a collection of CMake scripts that may be useful to the Android NDK community. It is based on experience from porting OpenCV library to Android: http://opencv.org/platforms/android.html - -Main goal is to share these scripts so that devs that use CMake as their build system may easily compile native code for Android. - -## TL;DR - - cmake -DCMAKE_TOOLCHAIN_FILE=android.toolchain.cmake \ - -DANDROID_NDK= \ - -DCMAKE_BUILD_TYPE=Release \ - -DANDROID_ABI="armeabi-v7a with NEON" \ - - cmake --build . - -One-liner: - - cmake -DCMAKE_TOOLCHAIN_FILE=android.toolchain.cmake -DANDROID_NDK= -DCMAKE_BUILD_TYPE=Release -DANDROID_ABI="armeabi-v7a with NEON" && cmake --build . - -_android-cmake_ will search for your NDK install in the following order: - -1. Value of `ANDROID_NDK` CMake variable; -1. Value of `ANDROID_NDK` environment variable; -1. Search under paths from `ANDROID_NDK_SEARCH_PATHS` CMake variable; -1. Search platform specific locations (home folder, Windows "Program Files", etc). - -So if you have installed the NDK as `~/android-ndk-r10d` then _android-cmake_ will locate it automatically. - -## Getting started - -To build a cmake-based C/C++ project for Android you need: - -* Android NDK (>= r5) http://developer.android.com/tools/sdk/ndk/index.html -* CMake (>= v2.6.3, >= v2.8.9 recommended) http://www.cmake.org/download - -The _android-cmake_ is also capable to build with NDK from AOSP or Linaro Android source tree, but you may be required to manually specify path to `libm` binary to link with. - -## Difference from traditional CMake - -Folowing the _ndk-build_ the _android-cmake_ supports **only two build targets**: - -* `-DCMAKE_BUILD_TYPE=Release` -* `-DCMAKE_BUILD_TYPE=Debug` - -So don't even try other targets that can be found in CMake documentation and don't forget to explicitly specify `Release` or `Debug` because CMake builds without a build configuration by default. - -## Difference from _ndk-build_ - -* Latest GCC available in NDK is used as the default compiler; -* `Release` builds with `-O3` instead of `-Os`; -* `Release` builds without debug info (without `-g`) (because _ndk-build_ always creates a stripped version but cmake delays this for `install/strip` target); -* `-fsigned-char` is added to compiler flags to make `char` signed by default as it is on x86/x86_64; -* GCC's stack protector is not used neither in `Debug` nor `Release` configurations; -* No builds for multiple platforms (e.g. building for both arm and x86 require to run cmake twice with different parameters); -* No file level Neon via `.neon` suffix; - -The following features of _ndk-build_ are not supported by the _android-cmake_ yet: - -* `armeabi-v7a-hard` ABI -* `libc++_static`/`libc++_shared` STL runtime - -## Basic options - -Similarly to the NDK build system _android-cmake_ allows to select between several compiler toolchains and target platforms. Most of the options can be set either as cmake arguments: `-D=` or as environment variables: - -* **ANDROID_NDK** - path to the Android NDK. If not set then _android-cmake_ will search for the most recent version of supported NDK in commonly used locations; -* **ANDROID_ABI** - specifies the target Application Binary Interface (ABI). This option nearly matches to the APP_ABI variable used by ndk-build tool from Android NDK. If not specified then set to `armeabi-v7a`. Possible target names are: - * `armeabi` - ARMv5TE based CPU with software floating point operations; - * **`armeabi-v7a`** - ARMv7 based devices with hardware FPU instructions (VFPv3_D16); - * `armeabi-v7a with NEON` - same as armeabi-v7a, but sets NEON as floating-point unit; - * `armeabi-v7a with VFPV3` - same as armeabi-v7a, but sets VFPv3_D32 as floating-point unit; - * `armeabi-v6 with VFP` - tuned for ARMv6 processors having VFP; - * `x86` - IA-32 instruction set - * `mips` - MIPS32 instruction set - * `arm64-v8a` - ARMv8 AArch64 instruction set - only for NDK r10 and newer - * `x86_64` - Intel64 instruction set (r1) - only for NDK r10 and newer - * `mips64` - MIPS64 instruction set (r6) - only for NDK r10 and newer -* **ANDROID_NATIVE_API_LEVEL** - level of android API to build for. Can be set either to full name (example: `android-8`) or a numeric value (example: `17`). The default API level depends on the target ABI: - * `android-8` for ARM; - * `android-9` for x86 and MIPS; - * `android-21` for 64-bit ABIs. - - Building for `android-L` is possible only when it is explicitly selected. -* **ANDROID_TOOLCHAIN_NAME** - the name of compiler toolchain to be used. This option allows to select between different GCC and Clang versions. The list of possible values depends on the NDK version and will be printed by toolchain file if an invalid value is set. By default _android-cmake_ selects the most recent version of GCC which can build for specified `ANDROID_ABI`. - - Example values are: - * `aarch64-linux-android-4.9` - * `aarch64-linux-android-clang3.5` - * `arm-linux-androideabi-4.8` - * `arm-linux-androideabi-4.9` - * `arm-linux-androideabi-clang3.5` - * `mips64el-linux-android-4.9` - * `mipsel-linux-android-4.8` - * `x86-4.9` - * `x86_64-4.9` - * etc. -* **ANDROID_STL** - the name of C++ runtime to use. The default is `gnustl_static`. - * `none` - do not configure the runtime. - * `system` - use the default minimal system C++ runtime library. - * Implies `-fno-rtti -fno-exceptions`. - * `system_re` - use the default minimal system C++ runtime library. - * Implies `-frtti -fexceptions`. - * `gabi++_static` - use the GAbi++ runtime as a static library. - * Implies `-frtti -fno-exceptions`. - * Available for NDK r7 and newer. - * `gabi++_shared` - use the GAbi++ runtime as a shared library. - * Implies `-frtti -fno-exceptions`. - * Available for NDK r7 and newer. - * `stlport_static` - use the STLport runtime as a static library. - * Implies `-fno-rtti -fno-exceptions` for NDK before r7. - * Implies `-frtti -fno-exceptions` for NDK r7 and newer. - * `stlport_shared` - use the STLport runtime as a shared library. - * Implies `-fno-rtti -fno-exceptions` for NDK before r7. - * Implies `-frtti -fno-exceptions` for NDK r7 and newer. - * **`gnustl_static`** - use the GNU STL as a static library. - * Implies `-frtti -fexceptions`. - * `gnustl_shared` - use the GNU STL as a shared library. - * Implies `-frtti -fno-exceptions`. - * Available for NDK r7b and newer. - * Silently degrades to `gnustl_static` if not available. -* **NDK_CCACHE** - path to `ccache` executable. If not set then initialized from `NDK_CCACHE` environment variable. - -## Advanced _android-cmake_ options - -Normally _android-cmake_ users are not supposed to touch these variables but they might be useful to workaround some build issues: - -* **ANDROID_FORCE_ARM_BUILD** = `OFF` - generate 32-bit ARM instructions instead of Thumb. Applicable only for arm ABIs and is forced to be `ON` for `armeabi-v6 with VFP`; -* **ANDROID_NO_UNDEFINED** = `ON` - show all undefined symbols as linker errors; -* **ANDROID_SO_UNDEFINED** = `OFF` - allow undefined symbols in shared libraries; - * actually it is turned `ON` by default for NDK older than `r7` -* **ANDROID_STL_FORCE_FEATURES** = `ON` - automatically configure rtti and exceptions support based on C++ runtime; -* **ANDROID_NDK_LAYOUT** = `RELEASE` - inner layout of Android NDK, should be detected automatically. Possible values are: - * `RELEASE` - public releases from Google; - * `LINARO` - NDK from Linaro project; - * `ANDROID` - NDK from AOSP. -* **ANDROID_FUNCTION_LEVEL_LINKING** = `ON` - enables saparate putting each function and data items into separate sections and enable garbage collection of unused input sections at link time (`-fdata-sections -ffunction-sections -Wl,--gc-sections`); -* **ANDROID_GOLD_LINKER** = `ON` - use gold linker with GCC 4.6 for NDK r8b and newer (only for ARM and x86); -* **ANDROID_NOEXECSTACK** = `ON` - enables or disables stack execution protection code (`-Wl,-z,noexecstack`); -* **ANDROID_RELRO** = `ON` - Enables RELRO - a memory corruption mitigation technique (`-Wl,-z,relro -Wl,-z,now`); -* **ANDROID_LIBM_PATH** - path to `libm.so` (set to something like `$(TOP)/out/target/product//obj/lib/libm.so`) to workaround unresolved `sincos`. - -## Fine-tuning `CMakeLists.txt` for _android-cmake_ - -### Recognizing Android build - -_android-cmake_ defines `ANDROID` CMake variable which can be used to add Android-specific stuff: - - if (ANDROID) - message(STATUS "Hello from Android build!") - endif() - -The recommended way to identify ARM/MIPS/x86 architecture is examining `CMAKE_SYSTEM_PROCESSOR` which is set to the appropriate value: - -* `armv5te` - for `armeabi` ABI -* `armv6` - for `armeabi-v6 with VFP` ABI -* `armv7-a` - for `armeabi-v7a`, `armeabi-v7a with VFPV3` and `armeabi-v7a with NEON` ABIs -* `aarch64` - for `arm64-v8a` ABI -* `i686` - for `x86` ABI -* `x86_64` - for `x86_64` ABI -* `mips` - for `mips` ABI -* `mips64` - for `mips64` ABI - -Other variables that are set by _android-cmake_ and can be used for the fine-grained build configuration are: - -* `NEON` - set if target ABI supports Neon; -* `ANDROID_NATIVE_API_LEVEL` - native Android API level we are building for (note: Java part of Andoid application can be built for another API level) -* `ANDROID_NDK_RELEASE` - version of the Android NDK -* `ANDROID_NDK_HOST_SYSTEM_NAME` - "windows", "linux-x86" or "darwin-x86" depending on the host platform -* `ANDROID_RTTI` - set if rtti is enabled by the runtime -* `ANDROID_EXCEPTIONS` - set if exceptions are enabled by the runtime - -### Finding packages - -When crosscompiling CMake `find_*` commands are normally expected to find libraries and packages belonging to the same build target. So _android-cmake_ configures CMake to search in Android-specific paths only and ignore your host system locations. So - - find_package(ZLIB) - -will surely find libz.so within the Android NDK. - -However sometimes you need to locate a host package even when cross-compiling. For example you can be searching for your documentation generator. The _android-cmake_ recommends you to use `find_host_package` and `find_host_program` macro defined in the `android.toolchain.cmake`: - - find_host_package(Doxygen) - find_host_program(PDFLATEX pdflatex) - -However this will break regular builds so instead of wrapping package search into platform-specific logic you can copy the following snippet into your project (put it after your top-level `project()` command): - - # Search packages for host system instead of packages for target system - # in case of cross compilation these macro should be defined by toolchain file - if(NOT COMMAND find_host_package) - macro(find_host_package) - find_package(${ARGN}) - endmacro() - endif() - if(NOT COMMAND find_host_program) - macro(find_host_program) - find_program(${ARGN}) - endmacro() - endif() - -### Compiler flags recycling - -Make sure to do the following in your scripts: - - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${my_cxx_flags}") - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${my_cxx_flags}") - -The flags will be prepopulated with critical flags, so don't loose them. Also be aware that _android-cmake_ also sets configuration-specific compiler and linker flags. - -## Troubleshooting - -### Building on Windows - -First of all `cygwin` builds are **NOT supported** and will not be supported by _android-cmake_. To build natively on Windows you need a port of make but I recommend http://martine.github.io/ninja/ instead. - -To build with Ninja you need: - -* Ensure you are using CMake newer than 2.8.9; -* Download the latest Ninja from https://github.com/martine/ninja/releases; -* Put the `ninja.exe` into your PATH (or add path to `ninja.exe` to your PATH environment variable); -* Pass `-GNinja` to `cmake` alongside with other arguments (or choose Ninja generator in `cmake-gui`). -* Enjoy the fast native multithreaded build :) - -But if you still want to stick to old make then: - -* Get a Windows port of GNU Make: - * Android NDK r7 (and newer) already has `make.exe` on board; - * `mingw-make` should work as fine; - * Download some other port. For example, this one: http://gnuwin32.sourceforge.net/packages/make.htm. -* Add path to your `make.exe` to system PATH or always use full path; -* Pass `-G"MinGW Makefiles"` and `-DCMAKE_MAKE_PROGRAM="make.exe"` - * It must be `MinGW Makefiles` and not `Unix Makefiles` even if your `make.exe` is not a MinGW's make. -* Run `make.exe` or `cmake --build .` for single-threaded build. - -### Projects with assembler files - -The _android-cmake_ should correctly handle projects with assembler sources (`*.s` or `*.S`). But if you still facing problems with assembler then try to upgrade your CMake to version newer than 2.8.5 - -## Copying - -_android-cmake_ is distributed under the terms of [BSD 3-Clause License](http://opensource.org/licenses/BSD-3-Clause) \ No newline at end of file diff --git a/src/third_party/android-cmake/android.toolchain.cmake b/src/third_party/android-cmake/android.toolchain.cmake deleted file mode 100644 index ffa2612..0000000 --- a/src/third_party/android-cmake/android.toolchain.cmake +++ /dev/null @@ -1,1693 +0,0 @@ -# Copyright (c) 2010-2011, Ethan Rublee -# Copyright (c) 2011-2014, Andrey Kamaev -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# 3. Neither the name of the copyright holder nor the names of its -# contributors may be used to endorse or promote products derived from this -# software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -# ------------------------------------------------------------------------------ -# Android CMake toolchain file, for use with the Android NDK r5-r10d -# Requires cmake 2.6.3 or newer (2.8.9 or newer is recommended). -# See home page: https://github.com/taka-no-me/android-cmake -# -# Usage Linux: -# $ export ANDROID_NDK=/absolute/path/to/the/android-ndk -# $ mkdir build && cd build -# $ cmake -DCMAKE_TOOLCHAIN_FILE=path/to/the/android.toolchain.cmake .. -# $ make -j8 -# -# Usage Windows: -# You need native port of make to build your project. -# Android NDK r7 (and newer) already has make.exe on board. -# For older NDK you have to install it separately. -# For example, this one: http://gnuwin32.sourceforge.net/packages/make.htm -# -# $ SET ANDROID_NDK=C:\absolute\path\to\the\android-ndk -# $ mkdir build && cd build -# $ cmake.exe -G"MinGW Makefiles" -# -DCMAKE_TOOLCHAIN_FILE=path\to\the\android.toolchain.cmake -# -DCMAKE_MAKE_PROGRAM="%ANDROID_NDK%\prebuilt\windows\bin\make.exe" .. -# $ cmake.exe --build . -# -# -# Options (can be set as cmake parameters: -D=): -# ANDROID_NDK=/opt/android-ndk - path to the NDK root. -# Can be set as environment variable. Can be set only at first cmake run. -# -# ANDROID_ABI=armeabi-v7a - specifies the target Application Binary -# Interface (ABI). This option nearly matches to the APP_ABI variable -# used by ndk-build tool from Android NDK. -# -# Possible targets are: -# "armeabi" - ARMv5TE based CPU with software floating point operations -# "armeabi-v7a" - ARMv7 based devices with hardware FPU instructions -# this ABI target is used by default -# "armeabi-v7a with NEON" - same as armeabi-v7a, but -# sets NEON as floating-point unit -# "armeabi-v7a with VFPV3" - same as armeabi-v7a, but -# sets VFPV3 as floating-point unit (has 32 registers instead of 16) -# "armeabi-v6 with VFP" - tuned for ARMv6 processors having VFP -# "x86" - IA-32 instruction set -# "mips" - MIPS32 instruction set -# -# 64-bit ABIs for NDK r10 and newer: -# "arm64-v8a" - ARMv8 AArch64 instruction set -# "x86_64" - Intel64 instruction set (r1) -# "mips64" - MIPS64 instruction set (r6) -# -# ANDROID_NATIVE_API_LEVEL=android-8 - level of Android API compile for. -# Option is read-only when standalone toolchain is used. -# Note: building for "android-L" requires explicit configuration. -# -# ANDROID_TOOLCHAIN_NAME=arm-linux-androideabi-4.9 - the name of compiler -# toolchain to be used. The list of possible values depends on the NDK -# version. For NDK r10c the possible values are: -# -# * aarch64-linux-android-4.9 -# * aarch64-linux-android-clang3.4 -# * aarch64-linux-android-clang3.5 -# * arm-linux-androideabi-4.6 -# * arm-linux-androideabi-4.8 -# * arm-linux-androideabi-4.9 (default) -# * arm-linux-androideabi-clang3.4 -# * arm-linux-androideabi-clang3.5 -# * mips64el-linux-android-4.9 -# * mips64el-linux-android-clang3.4 -# * mips64el-linux-android-clang3.5 -# * mipsel-linux-android-4.6 -# * mipsel-linux-android-4.8 -# * mipsel-linux-android-4.9 -# * mipsel-linux-android-clang3.4 -# * mipsel-linux-android-clang3.5 -# * x86-4.6 -# * x86-4.8 -# * x86-4.9 -# * x86-clang3.4 -# * x86-clang3.5 -# * x86_64-4.9 -# * x86_64-clang3.4 -# * x86_64-clang3.5 -# -# ANDROID_FORCE_ARM_BUILD=OFF - set ON to generate 32-bit ARM instructions -# instead of Thumb. Is not available for "armeabi-v6 with VFP" -# (is forced to be ON) ABI. -# -# ANDROID_NO_UNDEFINED=ON - set ON to show all undefined symbols as linker -# errors even if they are not used. -# -# ANDROID_SO_UNDEFINED=OFF - set ON to allow undefined symbols in shared -# libraries. Automatically turned for NDK r5x and r6x due to GLESv2 -# problems. -# -# ANDROID_STL=gnustl_static - specify the runtime to use. -# -# Possible values are: -# none -> Do not configure the runtime. -# system -> Use the default minimal system C++ runtime library. -# Implies -fno-rtti -fno-exceptions. -# Is not available for standalone toolchain. -# system_re -> Use the default minimal system C++ runtime library. -# Implies -frtti -fexceptions. -# Is not available for standalone toolchain. -# gabi++_static -> Use the GAbi++ runtime as a static library. -# Implies -frtti -fno-exceptions. -# Available for NDK r7 and newer. -# Is not available for standalone toolchain. -# gabi++_shared -> Use the GAbi++ runtime as a shared library. -# Implies -frtti -fno-exceptions. -# Available for NDK r7 and newer. -# Is not available for standalone toolchain. -# stlport_static -> Use the STLport runtime as a static library. -# Implies -fno-rtti -fno-exceptions for NDK before r7. -# Implies -frtti -fno-exceptions for NDK r7 and newer. -# Is not available for standalone toolchain. -# stlport_shared -> Use the STLport runtime as a shared library. -# Implies -fno-rtti -fno-exceptions for NDK before r7. -# Implies -frtti -fno-exceptions for NDK r7 and newer. -# Is not available for standalone toolchain. -# gnustl_static -> Use the GNU STL as a static library. -# Implies -frtti -fexceptions. -# gnustl_shared -> Use the GNU STL as a shared library. -# Implies -frtti -fno-exceptions. -# Available for NDK r7b and newer. -# Silently degrades to gnustl_static if not available. -# -# ANDROID_STL_FORCE_FEATURES=ON - turn rtti and exceptions support based on -# chosen runtime. If disabled, then the user is responsible for settings -# these options. -# -# What?: -# android-cmake toolchain searches for NDK/toolchain in the following order: -# ANDROID_NDK - cmake parameter -# ANDROID_NDK - environment variable -# ANDROID_STANDALONE_TOOLCHAIN - cmake parameter -# ANDROID_STANDALONE_TOOLCHAIN - environment variable -# ANDROID_NDK - default locations -# ANDROID_STANDALONE_TOOLCHAIN - default locations -# -# Make sure to do the following in your scripts: -# SET( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${my_cxx_flags}" ) -# SET( CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${my_cxx_flags}" ) -# The flags will be prepopulated with critical flags, so don't loose them. -# Also be aware that toolchain also sets configuration-specific compiler -# flags and linker flags. -# -# ANDROID and BUILD_ANDROID will be set to true, you may test any of these -# variables to make necessary Android-specific configuration changes. -# -# Also ARMEABI or ARMEABI_V7A or X86 or MIPS or ARM64_V8A or X86_64 or MIPS64 -# will be set true, mutually exclusive. NEON option will be set true -# if VFP is set to NEON. -# -# ------------------------------------------------------------------------------ - -cmake_minimum_required( VERSION 2.6.3 ) - -if( DEFINED CMAKE_CROSSCOMPILING ) - # subsequent toolchain loading is not really needed - return() -endif() - -if( CMAKE_TOOLCHAIN_FILE ) - # touch toolchain variable to suppress "unused variable" warning -endif() - -# inherit settings in recursive loads -get_property( _CMAKE_IN_TRY_COMPILE GLOBAL PROPERTY IN_TRY_COMPILE ) -if( _CMAKE_IN_TRY_COMPILE ) - include( "${CMAKE_CURRENT_SOURCE_DIR}/../android.toolchain.config.cmake" OPTIONAL ) -endif() - -# this one is important -if( CMAKE_VERSION VERSION_GREATER "3.0.99" ) - set( CMAKE_SYSTEM_NAME Android ) -else() - set( CMAKE_SYSTEM_NAME Linux ) -endif() - -# this one not so much -set( CMAKE_SYSTEM_VERSION 1 ) - -# rpath makes low sense for Android -set( CMAKE_SHARED_LIBRARY_RUNTIME_C_FLAG "" ) -set( CMAKE_SKIP_RPATH TRUE CACHE BOOL "If set, runtime paths are not added when using shared libraries." ) - -# NDK search paths -set( ANDROID_SUPPORTED_NDK_VERSIONS ${ANDROID_EXTRA_NDK_VERSIONS} -r10d -r10c -r10b -r10 -r9d -r9c -r9b -r9 -r8e -r8d -r8c -r8b -r8 -r7c -r7b -r7 -r6b -r6 -r5c -r5b -r5 "" ) -if( NOT DEFINED ANDROID_NDK_SEARCH_PATHS ) - if( CMAKE_HOST_WIN32 ) - file( TO_CMAKE_PATH "$ENV{PROGRAMFILES}" ANDROID_NDK_SEARCH_PATHS ) - set( ANDROID_NDK_SEARCH_PATHS "${ANDROID_NDK_SEARCH_PATHS}" "$ENV{SystemDrive}/NVPACK" ) - else() - file( TO_CMAKE_PATH "$ENV{HOME}" ANDROID_NDK_SEARCH_PATHS ) - set( ANDROID_NDK_SEARCH_PATHS /opt "${ANDROID_NDK_SEARCH_PATHS}/NVPACK" ) - endif() -endif() -if( NOT DEFINED ANDROID_STANDALONE_TOOLCHAIN_SEARCH_PATH ) - set( ANDROID_STANDALONE_TOOLCHAIN_SEARCH_PATH /opt/android-toolchain ) -endif() - -# known ABIs -set( ANDROID_SUPPORTED_ABIS_arm "armeabi-v7a;armeabi;armeabi-v7a with NEON;armeabi-v7a with VFPV3;armeabi-v6 with VFP" ) -set( ANDROID_SUPPORTED_ABIS_arm64 "arm64-v8a" ) -set( ANDROID_SUPPORTED_ABIS_x86 "x86" ) -set( ANDROID_SUPPORTED_ABIS_x86_64 "x86_64" ) -set( ANDROID_SUPPORTED_ABIS_mips "mips" ) -set( ANDROID_SUPPORTED_ABIS_mips64 "mips64" ) - -# API level defaults -set( ANDROID_DEFAULT_NDK_API_LEVEL 8 ) -set( ANDROID_DEFAULT_NDK_API_LEVEL_arm64 21 ) -set( ANDROID_DEFAULT_NDK_API_LEVEL_x86 9 ) -set( ANDROID_DEFAULT_NDK_API_LEVEL_x86_64 21 ) -set( ANDROID_DEFAULT_NDK_API_LEVEL_mips 9 ) -set( ANDROID_DEFAULT_NDK_API_LEVEL_mips64 21 ) - - -macro( __LIST_FILTER listvar regex ) - if( ${listvar} ) - foreach( __val ${${listvar}} ) - if( __val MATCHES "${regex}" ) - list( REMOVE_ITEM ${listvar} "${__val}" ) - endif() - endforeach() - endif() -endmacro() - -macro( __INIT_VARIABLE var_name ) - set( __test_path 0 ) - foreach( __var ${ARGN} ) - if( __var STREQUAL "PATH" ) - set( __test_path 1 ) - break() - endif() - endforeach() - - if( __test_path AND NOT EXISTS "${${var_name}}" ) - unset( ${var_name} CACHE ) - endif() - - if( " ${${var_name}}" STREQUAL " " ) - set( __values 0 ) - foreach( __var ${ARGN} ) - if( __var STREQUAL "VALUES" ) - set( __values 1 ) - elseif( NOT __var STREQUAL "PATH" ) - if( __var MATCHES "^ENV_.*$" ) - string( REPLACE "ENV_" "" __var "${__var}" ) - set( __value "$ENV{${__var}}" ) - elseif( DEFINED ${__var} ) - set( __value "${${__var}}" ) - elseif( __values ) - set( __value "${__var}" ) - else() - set( __value "" ) - endif() - - if( NOT " ${__value}" STREQUAL " " AND (NOT __test_path OR EXISTS "${__value}") ) - set( ${var_name} "${__value}" ) - break() - endif() - endif() - endforeach() - unset( __value ) - unset( __values ) - endif() - - if( __test_path ) - file( TO_CMAKE_PATH "${${var_name}}" ${var_name} ) - endif() - unset( __test_path ) -endmacro() - -macro( __DETECT_NATIVE_API_LEVEL _var _path ) - set( __ndkApiLevelRegex "^[\t ]*#define[\t ]+__ANDROID_API__[\t ]+([0-9]+)[\t ]*.*$" ) - file( STRINGS ${_path} __apiFileContent REGEX "${__ndkApiLevelRegex}" ) - if( NOT __apiFileContent ) - message( SEND_ERROR "Could not get Android native API level. Probably you have specified invalid level value, or your copy of NDK/toolchain is broken." ) - endif() - string( REGEX REPLACE "${__ndkApiLevelRegex}" "\\1" ${_var} "${__apiFileContent}" ) - unset( __apiFileContent ) - unset( __ndkApiLevelRegex ) -endmacro() - -macro( __DETECT_TOOLCHAIN_MACHINE_NAME _var _root ) - if( EXISTS "${_root}" ) - file( GLOB __gccExePath RELATIVE "${_root}/bin/" "${_root}/bin/*-gcc${TOOL_OS_SUFFIX}" ) - __LIST_FILTER( __gccExePath "^[.].*" ) - list( LENGTH __gccExePath __gccExePathsCount ) - if( NOT __gccExePathsCount EQUAL 1 AND NOT _CMAKE_IN_TRY_COMPILE ) - message( WARNING "Could not determine machine name for compiler from ${_root}" ) - set( ${_var} "" ) - else() - get_filename_component( __gccExeName "${__gccExePath}" NAME_WE ) - string( REPLACE "-gcc" "" ${_var} "${__gccExeName}" ) - endif() - unset( __gccExePath ) - unset( __gccExePathsCount ) - unset( __gccExeName ) - else() - set( ${_var} "" ) - endif() -endmacro() - - -# fight against cygwin -set( ANDROID_FORBID_SYGWIN TRUE CACHE BOOL "Prevent cmake from working under cygwin and using cygwin tools") -mark_as_advanced( ANDROID_FORBID_SYGWIN ) -if( ANDROID_FORBID_SYGWIN ) - if( CYGWIN ) - message( FATAL_ERROR "Android NDK and android-cmake toolchain are not welcome Cygwin. It is unlikely that this cmake toolchain will work under cygwin. But if you want to try then you can set cmake variable ANDROID_FORBID_SYGWIN to FALSE and rerun cmake." ) - endif() - - if( CMAKE_HOST_WIN32 ) - # remove cygwin from PATH - set( __new_path "$ENV{PATH}") - __LIST_FILTER( __new_path "cygwin" ) - set(ENV{PATH} "${__new_path}") - unset(__new_path) - endif() -endif() - - -# detect current host platform -if( NOT DEFINED ANDROID_NDK_HOST_X64 AND (CMAKE_HOST_SYSTEM_PROCESSOR MATCHES "amd64|x86_64|AMD64" OR CMAKE_HOST_APPLE) ) - set( ANDROID_NDK_HOST_X64 1 CACHE BOOL "Try to use 64-bit compiler toolchain" ) - mark_as_advanced( ANDROID_NDK_HOST_X64 ) -endif() - -set( TOOL_OS_SUFFIX "" ) -if( CMAKE_HOST_APPLE ) - set( ANDROID_NDK_HOST_SYSTEM_NAME "darwin-x86_64" ) - set( ANDROID_NDK_HOST_SYSTEM_NAME2 "darwin-x86" ) -elseif( CMAKE_HOST_WIN32 ) - set( ANDROID_NDK_HOST_SYSTEM_NAME "windows-x86_64" ) - set( ANDROID_NDK_HOST_SYSTEM_NAME2 "windows" ) - set( TOOL_OS_SUFFIX ".exe" ) -elseif( CMAKE_HOST_UNIX ) - set( ANDROID_NDK_HOST_SYSTEM_NAME "linux-x86_64" ) - set( ANDROID_NDK_HOST_SYSTEM_NAME2 "linux-x86" ) -else() - message( FATAL_ERROR "Cross-compilation on your platform is not supported by this cmake toolchain" ) -endif() - -if( NOT ANDROID_NDK_HOST_X64 ) - set( ANDROID_NDK_HOST_SYSTEM_NAME ${ANDROID_NDK_HOST_SYSTEM_NAME2} ) -endif() - -# see if we have path to Android NDK -if( NOT ANDROID_NDK AND NOT ANDROID_STANDALONE_TOOLCHAIN ) - __INIT_VARIABLE( ANDROID_NDK PATH ENV_ANDROID_NDK ) -endif() -if( NOT ANDROID_NDK ) - # see if we have path to Android standalone toolchain - __INIT_VARIABLE( ANDROID_STANDALONE_TOOLCHAIN PATH ENV_ANDROID_STANDALONE_TOOLCHAIN ) - - if( NOT ANDROID_STANDALONE_TOOLCHAIN ) - #try to find Android NDK in one of the the default locations - set( __ndkSearchPaths ) - foreach( __ndkSearchPath ${ANDROID_NDK_SEARCH_PATHS} ) - foreach( suffix ${ANDROID_SUPPORTED_NDK_VERSIONS} ) - list( APPEND __ndkSearchPaths "${__ndkSearchPath}/android-ndk${suffix}" ) - endforeach() - endforeach() - __INIT_VARIABLE( ANDROID_NDK PATH VALUES ${__ndkSearchPaths} ) - unset( __ndkSearchPaths ) - - if( ANDROID_NDK ) - message( STATUS "Using default path for Android NDK: ${ANDROID_NDK}" ) - message( STATUS " If you prefer to use a different location, please define a cmake or environment variable: ANDROID_NDK" ) - else() - #try to find Android standalone toolchain in one of the the default locations - __INIT_VARIABLE( ANDROID_STANDALONE_TOOLCHAIN PATH ANDROID_STANDALONE_TOOLCHAIN_SEARCH_PATH ) - - if( ANDROID_STANDALONE_TOOLCHAIN ) - message( STATUS "Using default path for standalone toolchain ${ANDROID_STANDALONE_TOOLCHAIN}" ) - message( STATUS " If you prefer to use a different location, please define the variable: ANDROID_STANDALONE_TOOLCHAIN" ) - endif( ANDROID_STANDALONE_TOOLCHAIN ) - endif( ANDROID_NDK ) - endif( NOT ANDROID_STANDALONE_TOOLCHAIN ) -endif( NOT ANDROID_NDK ) - -# remember found paths -if( ANDROID_NDK ) - get_filename_component( ANDROID_NDK "${ANDROID_NDK}" ABSOLUTE ) - set( ANDROID_NDK "${ANDROID_NDK}" CACHE INTERNAL "Path of the Android NDK" FORCE ) - set( BUILD_WITH_ANDROID_NDK True ) - if( EXISTS "${ANDROID_NDK}/RELEASE.TXT" ) - file( STRINGS "${ANDROID_NDK}/RELEASE.TXT" ANDROID_NDK_RELEASE_FULL LIMIT_COUNT 1 REGEX "r[0-9]+[a-z]?" ) - string( REGEX MATCH "r([0-9]+)([a-z]?)" ANDROID_NDK_RELEASE "${ANDROID_NDK_RELEASE_FULL}" ) - else() - set( ANDROID_NDK_RELEASE "r1x" ) - set( ANDROID_NDK_RELEASE_FULL "unreleased" ) - endif() - string( REGEX REPLACE "r([0-9]+)([a-z]?)" "\\1*1000" ANDROID_NDK_RELEASE_NUM "${ANDROID_NDK_RELEASE}" ) - string( FIND " abcdefghijklmnopqastuvwxyz" "${CMAKE_MATCH_2}" __ndkReleaseLetterNum ) - math( EXPR ANDROID_NDK_RELEASE_NUM "${ANDROID_NDK_RELEASE_NUM}+${__ndkReleaseLetterNum}" ) -elseif( ANDROID_STANDALONE_TOOLCHAIN ) - get_filename_component( ANDROID_STANDALONE_TOOLCHAIN "${ANDROID_STANDALONE_TOOLCHAIN}" ABSOLUTE ) - # try to detect change - if( CMAKE_AR ) - string( LENGTH "${ANDROID_STANDALONE_TOOLCHAIN}" __length ) - string( SUBSTRING "${CMAKE_AR}" 0 ${__length} __androidStandaloneToolchainPreviousPath ) - if( NOT __androidStandaloneToolchainPreviousPath STREQUAL ANDROID_STANDALONE_TOOLCHAIN ) - message( FATAL_ERROR "It is not possible to change path to the Android standalone toolchain on subsequent run." ) - endif() - unset( __androidStandaloneToolchainPreviousPath ) - unset( __length ) - endif() - set( ANDROID_STANDALONE_TOOLCHAIN "${ANDROID_STANDALONE_TOOLCHAIN}" CACHE INTERNAL "Path of the Android standalone toolchain" FORCE ) - set( BUILD_WITH_STANDALONE_TOOLCHAIN True ) -else() - list(GET ANDROID_NDK_SEARCH_PATHS 0 ANDROID_NDK_SEARCH_PATH) - message( FATAL_ERROR "Could not find neither Android NDK nor Android standalone toolchain. - You should either set an environment variable: - export ANDROID_NDK=~/my-android-ndk - or - export ANDROID_STANDALONE_TOOLCHAIN=~/my-android-toolchain - or put the toolchain or NDK in the default path: - sudo ln -s ~/my-android-ndk ${ANDROID_NDK_SEARCH_PATH}/android-ndk - sudo ln -s ~/my-android-toolchain ${ANDROID_STANDALONE_TOOLCHAIN_SEARCH_PATH}" ) -endif() - -# android NDK layout -if( BUILD_WITH_ANDROID_NDK ) - if( NOT DEFINED ANDROID_NDK_LAYOUT ) - # try to automatically detect the layout - if( EXISTS "${ANDROID_NDK}/RELEASE.TXT") - set( ANDROID_NDK_LAYOUT "RELEASE" ) - elseif( EXISTS "${ANDROID_NDK}/../../linux-x86/toolchain/" ) - set( ANDROID_NDK_LAYOUT "LINARO" ) - elseif( EXISTS "${ANDROID_NDK}/../../gcc/" ) - set( ANDROID_NDK_LAYOUT "ANDROID" ) - endif() - endif() - set( ANDROID_NDK_LAYOUT "${ANDROID_NDK_LAYOUT}" CACHE STRING "The inner layout of NDK" ) - mark_as_advanced( ANDROID_NDK_LAYOUT ) - if( ANDROID_NDK_LAYOUT STREQUAL "LINARO" ) - set( ANDROID_NDK_HOST_SYSTEM_NAME ${ANDROID_NDK_HOST_SYSTEM_NAME2} ) # only 32-bit at the moment - set( ANDROID_NDK_TOOLCHAINS_PATH "${ANDROID_NDK}/../../${ANDROID_NDK_HOST_SYSTEM_NAME}/toolchain" ) - set( ANDROID_NDK_TOOLCHAINS_SUBPATH "" ) - set( ANDROID_NDK_TOOLCHAINS_SUBPATH2 "" ) - elseif( ANDROID_NDK_LAYOUT STREQUAL "ANDROID" ) - set( ANDROID_NDK_HOST_SYSTEM_NAME ${ANDROID_NDK_HOST_SYSTEM_NAME2} ) # only 32-bit at the moment - set( ANDROID_NDK_TOOLCHAINS_PATH "${ANDROID_NDK}/../../gcc/${ANDROID_NDK_HOST_SYSTEM_NAME}/arm" ) - set( ANDROID_NDK_TOOLCHAINS_SUBPATH "" ) - set( ANDROID_NDK_TOOLCHAINS_SUBPATH2 "" ) - else() # ANDROID_NDK_LAYOUT STREQUAL "RELEASE" - set( ANDROID_NDK_TOOLCHAINS_PATH "${ANDROID_NDK}/toolchains" ) - set( ANDROID_NDK_TOOLCHAINS_SUBPATH "/prebuilt/${ANDROID_NDK_HOST_SYSTEM_NAME}" ) - set( ANDROID_NDK_TOOLCHAINS_SUBPATH2 "/prebuilt/${ANDROID_NDK_HOST_SYSTEM_NAME2}" ) - endif() - get_filename_component( ANDROID_NDK_TOOLCHAINS_PATH "${ANDROID_NDK_TOOLCHAINS_PATH}" ABSOLUTE ) - - # try to detect change of NDK - if( CMAKE_AR ) - string( LENGTH "${ANDROID_NDK_TOOLCHAINS_PATH}" __length ) - string( SUBSTRING "${CMAKE_AR}" 0 ${__length} __androidNdkPreviousPath ) - if( NOT __androidNdkPreviousPath STREQUAL ANDROID_NDK_TOOLCHAINS_PATH ) - message( FATAL_ERROR "It is not possible to change the path to the NDK on subsequent CMake run. You must remove all generated files from your build folder first. - " ) - endif() - unset( __androidNdkPreviousPath ) - unset( __length ) - endif() -endif() - - -# get all the details about standalone toolchain -if( BUILD_WITH_STANDALONE_TOOLCHAIN ) - __DETECT_NATIVE_API_LEVEL( ANDROID_SUPPORTED_NATIVE_API_LEVELS "${ANDROID_STANDALONE_TOOLCHAIN}/sysroot/usr/include/android/api-level.h" ) - set( ANDROID_STANDALONE_TOOLCHAIN_API_LEVEL ${ANDROID_SUPPORTED_NATIVE_API_LEVELS} ) - set( __availableToolchains "standalone" ) - __DETECT_TOOLCHAIN_MACHINE_NAME( __availableToolchainMachines "${ANDROID_STANDALONE_TOOLCHAIN}" ) - if( NOT __availableToolchainMachines ) - message( FATAL_ERROR "Could not determine machine name of your toolchain. Probably your Android standalone toolchain is broken." ) - endif() - if( __availableToolchainMachines MATCHES x86_64 ) - set( __availableToolchainArchs "x86_64" ) - elseif( __availableToolchainMachines MATCHES i686 ) - set( __availableToolchainArchs "x86" ) - elseif( __availableToolchainMachines MATCHES aarch64 ) - set( __availableToolchainArchs "arm64" ) - elseif( __availableToolchainMachines MATCHES arm ) - set( __availableToolchainArchs "arm" ) - elseif( __availableToolchainMachines MATCHES mips64el ) - set( __availableToolchainArchs "mips64" ) - elseif( __availableToolchainMachines MATCHES mipsel ) - set( __availableToolchainArchs "mips" ) - endif() - execute_process( COMMAND "${ANDROID_STANDALONE_TOOLCHAIN}/bin/${__availableToolchainMachines}-gcc${TOOL_OS_SUFFIX}" -dumpversion - OUTPUT_VARIABLE __availableToolchainCompilerVersions OUTPUT_STRIP_TRAILING_WHITESPACE ) - string( REGEX MATCH "[0-9]+[.][0-9]+([.][0-9]+)?" __availableToolchainCompilerVersions "${__availableToolchainCompilerVersions}" ) - if( EXISTS "${ANDROID_STANDALONE_TOOLCHAIN}/bin/clang${TOOL_OS_SUFFIX}" ) - list( APPEND __availableToolchains "standalone-clang" ) - list( APPEND __availableToolchainMachines ${__availableToolchainMachines} ) - list( APPEND __availableToolchainArchs ${__availableToolchainArchs} ) - list( APPEND __availableToolchainCompilerVersions ${__availableToolchainCompilerVersions} ) - endif() -endif() - -macro( __GLOB_NDK_TOOLCHAINS __availableToolchainsVar __availableToolchainsLst __toolchain_subpath ) - foreach( __toolchain ${${__availableToolchainsLst}} ) - if( "${__toolchain}" MATCHES "-clang3[.][0-9]$" AND NOT EXISTS "${ANDROID_NDK_TOOLCHAINS_PATH}/${__toolchain}${__toolchain_subpath}" ) - SET( __toolchainVersionRegex "^TOOLCHAIN_VERSION[\t ]+:=[\t ]+(.*)$" ) - FILE( STRINGS "${ANDROID_NDK_TOOLCHAINS_PATH}/${__toolchain}/setup.mk" __toolchainVersionStr REGEX "${__toolchainVersionRegex}" ) - if( __toolchainVersionStr ) - string( REGEX REPLACE "${__toolchainVersionRegex}" "\\1" __toolchainVersionStr "${__toolchainVersionStr}" ) - string( REGEX REPLACE "-clang3[.][0-9]$" "-${__toolchainVersionStr}" __gcc_toolchain "${__toolchain}" ) - else() - string( REGEX REPLACE "-clang3[.][0-9]$" "-4.6" __gcc_toolchain "${__toolchain}" ) - endif() - unset( __toolchainVersionStr ) - unset( __toolchainVersionRegex ) - else() - set( __gcc_toolchain "${__toolchain}" ) - endif() - __DETECT_TOOLCHAIN_MACHINE_NAME( __machine "${ANDROID_NDK_TOOLCHAINS_PATH}/${__gcc_toolchain}${__toolchain_subpath}" ) - if( __machine ) - string( REGEX MATCH "[0-9]+[.][0-9]+([.][0-9x]+)?$" __version "${__gcc_toolchain}" ) - if( __machine MATCHES x86_64 ) - set( __arch "x86_64" ) - elseif( __machine MATCHES i686 ) - set( __arch "x86" ) - elseif( __machine MATCHES aarch64 ) - set( __arch "arm64" ) - elseif( __machine MATCHES arm ) - set( __arch "arm" ) - elseif( __machine MATCHES mips64el ) - set( __arch "mips64" ) - elseif( __machine MATCHES mipsel ) - set( __arch "mips" ) - else() - set( __arch "" ) - endif() - #message("machine: !${__machine}!\narch: !${__arch}!\nversion: !${__version}!\ntoolchain: !${__toolchain}!\n") - if (__arch) - list( APPEND __availableToolchainMachines "${__machine}" ) - list( APPEND __availableToolchainArchs "${__arch}" ) - list( APPEND __availableToolchainCompilerVersions "${__version}" ) - list( APPEND ${__availableToolchainsVar} "${__toolchain}" ) - endif() - endif() - unset( __gcc_toolchain ) - endforeach() -endmacro() - -# get all the details about NDK -if( BUILD_WITH_ANDROID_NDK ) - file( GLOB ANDROID_SUPPORTED_NATIVE_API_LEVELS RELATIVE "${ANDROID_NDK}/platforms" "${ANDROID_NDK}/platforms/android-*" ) - string( REPLACE "android-" "" ANDROID_SUPPORTED_NATIVE_API_LEVELS "${ANDROID_SUPPORTED_NATIVE_API_LEVELS}" ) - set( __availableToolchains "" ) - set( __availableToolchainMachines "" ) - set( __availableToolchainArchs "" ) - set( __availableToolchainCompilerVersions "" ) - if( ANDROID_TOOLCHAIN_NAME AND EXISTS "${ANDROID_NDK_TOOLCHAINS_PATH}/${ANDROID_TOOLCHAIN_NAME}/" ) - # do not go through all toolchains if we know the name - set( __availableToolchainsLst "${ANDROID_TOOLCHAIN_NAME}" ) - __GLOB_NDK_TOOLCHAINS( __availableToolchains __availableToolchainsLst "${ANDROID_NDK_TOOLCHAINS_SUBPATH}" ) - if( NOT __availableToolchains AND NOT ANDROID_NDK_TOOLCHAINS_SUBPATH STREQUAL ANDROID_NDK_TOOLCHAINS_SUBPATH2 ) - __GLOB_NDK_TOOLCHAINS( __availableToolchains __availableToolchainsLst "${ANDROID_NDK_TOOLCHAINS_SUBPATH2}" ) - if( __availableToolchains ) - set( ANDROID_NDK_TOOLCHAINS_SUBPATH ${ANDROID_NDK_TOOLCHAINS_SUBPATH2} ) - endif() - endif() - endif() - if( NOT __availableToolchains ) - file( GLOB __availableToolchainsLst RELATIVE "${ANDROID_NDK_TOOLCHAINS_PATH}" "${ANDROID_NDK_TOOLCHAINS_PATH}/*" ) - if( __availableToolchainsLst ) - list(SORT __availableToolchainsLst) # we need clang to go after gcc - endif() - __LIST_FILTER( __availableToolchainsLst "^[.]" ) - __LIST_FILTER( __availableToolchainsLst "llvm" ) - __LIST_FILTER( __availableToolchainsLst "renderscript" ) - __GLOB_NDK_TOOLCHAINS( __availableToolchains __availableToolchainsLst "${ANDROID_NDK_TOOLCHAINS_SUBPATH}" ) - if( NOT __availableToolchains AND NOT ANDROID_NDK_TOOLCHAINS_SUBPATH STREQUAL ANDROID_NDK_TOOLCHAINS_SUBPATH2 ) - __GLOB_NDK_TOOLCHAINS( __availableToolchains __availableToolchainsLst "${ANDROID_NDK_TOOLCHAINS_SUBPATH2}" ) - if( __availableToolchains ) - set( ANDROID_NDK_TOOLCHAINS_SUBPATH ${ANDROID_NDK_TOOLCHAINS_SUBPATH2} ) - endif() - endif() - endif() - if( NOT __availableToolchains ) - message( FATAL_ERROR "Could not find any working toolchain in the NDK. Probably your Android NDK is broken." ) - endif() -endif() - -# build list of available ABIs -set( ANDROID_SUPPORTED_ABIS "" ) -set( __uniqToolchainArchNames ${__availableToolchainArchs} ) -list( REMOVE_DUPLICATES __uniqToolchainArchNames ) -list( SORT __uniqToolchainArchNames ) -foreach( __arch ${__uniqToolchainArchNames} ) - list( APPEND ANDROID_SUPPORTED_ABIS ${ANDROID_SUPPORTED_ABIS_${__arch}} ) -endforeach() -unset( __uniqToolchainArchNames ) -if( NOT ANDROID_SUPPORTED_ABIS ) - message( FATAL_ERROR "No one of known Android ABIs is supported by this cmake toolchain." ) -endif() - -# choose target ABI -__INIT_VARIABLE( ANDROID_ABI VALUES ${ANDROID_SUPPORTED_ABIS} ) -# verify that target ABI is supported -list( FIND ANDROID_SUPPORTED_ABIS "${ANDROID_ABI}" __androidAbiIdx ) -if( __androidAbiIdx EQUAL -1 ) - string( REPLACE ";" "\", \"" PRINTABLE_ANDROID_SUPPORTED_ABIS "${ANDROID_SUPPORTED_ABIS}" ) - message( FATAL_ERROR "Specified ANDROID_ABI = \"${ANDROID_ABI}\" is not supported by this cmake toolchain or your NDK/toolchain. - Supported values are: \"${PRINTABLE_ANDROID_SUPPORTED_ABIS}\" - " ) -endif() -unset( __androidAbiIdx ) - -# set target ABI options -if( ANDROID_ABI STREQUAL "x86" ) - set( X86 true ) - set( ANDROID_NDK_ABI_NAME "x86" ) - set( ANDROID_ARCH_NAME "x86" ) - set( ANDROID_LLVM_TRIPLE "i686-none-linux-android" ) - set( CMAKE_SYSTEM_PROCESSOR "i686" ) -elseif( ANDROID_ABI STREQUAL "x86_64" ) - set( X86 true ) - set( X86_64 true ) - set( ANDROID_NDK_ABI_NAME "x86_64" ) - set( ANDROID_ARCH_NAME "x86_64" ) - set( CMAKE_SYSTEM_PROCESSOR "x86_64" ) - set( ANDROID_LLVM_TRIPLE "x86_64-none-linux-android" ) -elseif( ANDROID_ABI STREQUAL "mips64" ) - set( MIPS64 true ) - set( ANDROID_NDK_ABI_NAME "mips64" ) - set( ANDROID_ARCH_NAME "mips64" ) - set( ANDROID_LLVM_TRIPLE "mips64el-none-linux-android" ) - set( CMAKE_SYSTEM_PROCESSOR "mips64" ) -elseif( ANDROID_ABI STREQUAL "mips" ) - set( MIPS true ) - set( ANDROID_NDK_ABI_NAME "mips" ) - set( ANDROID_ARCH_NAME "mips" ) - set( ANDROID_LLVM_TRIPLE "mipsel-none-linux-android" ) - set( CMAKE_SYSTEM_PROCESSOR "mips" ) -elseif( ANDROID_ABI STREQUAL "arm64-v8a" ) - set( ARM64_V8A true ) - set( ANDROID_NDK_ABI_NAME "arm64-v8a" ) - set( ANDROID_ARCH_NAME "arm64" ) - set( ANDROID_LLVM_TRIPLE "aarch64-none-linux-android" ) - set( CMAKE_SYSTEM_PROCESSOR "aarch64" ) - set( VFPV3 true ) - set( NEON true ) -elseif( ANDROID_ABI STREQUAL "armeabi" ) - set( ARMEABI true ) - set( ANDROID_NDK_ABI_NAME "armeabi" ) - set( ANDROID_ARCH_NAME "arm" ) - set( ANDROID_LLVM_TRIPLE "armv5te-none-linux-androideabi" ) - set( CMAKE_SYSTEM_PROCESSOR "armv5te" ) -elseif( ANDROID_ABI STREQUAL "armeabi-v6 with VFP" ) - set( ARMEABI_V6 true ) - set( ANDROID_NDK_ABI_NAME "armeabi" ) - set( ANDROID_ARCH_NAME "arm" ) - set( ANDROID_LLVM_TRIPLE "armv5te-none-linux-androideabi" ) - set( CMAKE_SYSTEM_PROCESSOR "armv6" ) - # need always fallback to older platform - set( ARMEABI true ) -elseif( ANDROID_ABI STREQUAL "armeabi-v7a") - set( ARMEABI_V7A true ) - set( ANDROID_NDK_ABI_NAME "armeabi-v7a" ) - set( ANDROID_ARCH_NAME "arm" ) - set( ANDROID_LLVM_TRIPLE "armv7-none-linux-androideabi" ) - set( CMAKE_SYSTEM_PROCESSOR "armv7-a" ) -elseif( ANDROID_ABI STREQUAL "armeabi-v7a with VFPV3" ) - set( ARMEABI_V7A true ) - set( ANDROID_NDK_ABI_NAME "armeabi-v7a" ) - set( ANDROID_ARCH_NAME "arm" ) - set( ANDROID_LLVM_TRIPLE "armv7-none-linux-androideabi" ) - set( CMAKE_SYSTEM_PROCESSOR "armv7-a" ) - set( VFPV3 true ) -elseif( ANDROID_ABI STREQUAL "armeabi-v7a with NEON" ) - set( ARMEABI_V7A true ) - set( ANDROID_NDK_ABI_NAME "armeabi-v7a" ) - set( ANDROID_ARCH_NAME "arm" ) - set( ANDROID_LLVM_TRIPLE "armv7-none-linux-androideabi" ) - set( CMAKE_SYSTEM_PROCESSOR "armv7-a" ) - set( VFPV3 true ) - set( NEON true ) -else() - message( SEND_ERROR "Unknown ANDROID_ABI=\"${ANDROID_ABI}\" is specified." ) -endif() - -if( CMAKE_BINARY_DIR AND EXISTS "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeSystem.cmake" ) - # really dirty hack - # it is not possible to change CMAKE_SYSTEM_PROCESSOR after the first run... - file( APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeSystem.cmake" "SET(CMAKE_SYSTEM_PROCESSOR \"${CMAKE_SYSTEM_PROCESSOR}\")\n" ) -endif() - -if( ANDROID_ARCH_NAME STREQUAL "arm" AND NOT ARMEABI_V6 ) - __INIT_VARIABLE( ANDROID_FORCE_ARM_BUILD VALUES OFF ) - set( ANDROID_FORCE_ARM_BUILD ${ANDROID_FORCE_ARM_BUILD} CACHE BOOL "Use 32-bit ARM instructions instead of Thumb-1" FORCE ) - mark_as_advanced( ANDROID_FORCE_ARM_BUILD ) -else() - unset( ANDROID_FORCE_ARM_BUILD CACHE ) -endif() - -# choose toolchain -if( ANDROID_TOOLCHAIN_NAME ) - list( FIND __availableToolchains "${ANDROID_TOOLCHAIN_NAME}" __toolchainIdx ) - if( __toolchainIdx EQUAL -1 ) - list( SORT __availableToolchains ) - string( REPLACE ";" "\n * " toolchains_list "${__availableToolchains}" ) - set( toolchains_list " * ${toolchains_list}") - message( FATAL_ERROR "Specified toolchain \"${ANDROID_TOOLCHAIN_NAME}\" is missing in your NDK or broken. Please verify that your NDK is working or select another compiler toolchain. -To configure the toolchain set CMake variable ANDROID_TOOLCHAIN_NAME to one of the following values:\n${toolchains_list}\n" ) - endif() - list( GET __availableToolchainArchs ${__toolchainIdx} __toolchainArch ) - if( NOT __toolchainArch STREQUAL ANDROID_ARCH_NAME ) - message( SEND_ERROR "Selected toolchain \"${ANDROID_TOOLCHAIN_NAME}\" is not able to compile binaries for the \"${ANDROID_ARCH_NAME}\" platform." ) - endif() -else() - set( __toolchainIdx -1 ) - set( __applicableToolchains "" ) - set( __toolchainMaxVersion "0.0.0" ) - list( LENGTH __availableToolchains __availableToolchainsCount ) - math( EXPR __availableToolchainsCount "${__availableToolchainsCount}-1" ) - foreach( __idx RANGE ${__availableToolchainsCount} ) - list( GET __availableToolchainArchs ${__idx} __toolchainArch ) - if( __toolchainArch STREQUAL ANDROID_ARCH_NAME ) - list( GET __availableToolchainCompilerVersions ${__idx} __toolchainVersion ) - string( REPLACE "x" "99" __toolchainVersion "${__toolchainVersion}") - if( __toolchainVersion VERSION_GREATER __toolchainMaxVersion ) - set( __toolchainMaxVersion "${__toolchainVersion}" ) - set( __toolchainIdx ${__idx} ) - endif() - endif() - endforeach() - unset( __availableToolchainsCount ) - unset( __toolchainMaxVersion ) - unset( __toolchainVersion ) -endif() -unset( __toolchainArch ) -if( __toolchainIdx EQUAL -1 ) - message( FATAL_ERROR "No one of available compiler toolchains is able to compile for ${ANDROID_ARCH_NAME} platform." ) -endif() -list( GET __availableToolchains ${__toolchainIdx} ANDROID_TOOLCHAIN_NAME ) -list( GET __availableToolchainMachines ${__toolchainIdx} ANDROID_TOOLCHAIN_MACHINE_NAME ) -list( GET __availableToolchainCompilerVersions ${__toolchainIdx} ANDROID_COMPILER_VERSION ) - -unset( __toolchainIdx ) -unset( __availableToolchains ) -unset( __availableToolchainMachines ) -unset( __availableToolchainArchs ) -unset( __availableToolchainCompilerVersions ) - -# choose native API level -__INIT_VARIABLE( ANDROID_NATIVE_API_LEVEL ENV_ANDROID_NATIVE_API_LEVEL ANDROID_API_LEVEL ENV_ANDROID_API_LEVEL ANDROID_STANDALONE_TOOLCHAIN_API_LEVEL ANDROID_DEFAULT_NDK_API_LEVEL_${ANDROID_ARCH_NAME} ANDROID_DEFAULT_NDK_API_LEVEL ) -string( REPLACE "android-" "" ANDROID_NATIVE_API_LEVEL "${ANDROID_NATIVE_API_LEVEL}" ) -string( STRIP "${ANDROID_NATIVE_API_LEVEL}" ANDROID_NATIVE_API_LEVEL ) -# adjust API level -set( __real_api_level ${ANDROID_DEFAULT_NDK_API_LEVEL_${ANDROID_ARCH_NAME}} ) -foreach( __level ${ANDROID_SUPPORTED_NATIVE_API_LEVELS} ) - if( (__level LESS ANDROID_NATIVE_API_LEVEL OR __level STREQUAL ANDROID_NATIVE_API_LEVEL) AND NOT __level LESS __real_api_level ) - set( __real_api_level ${__level} ) - endif() -endforeach() -if( __real_api_level AND NOT ANDROID_NATIVE_API_LEVEL STREQUAL __real_api_level ) - message( STATUS "Adjusting Android API level 'android-${ANDROID_NATIVE_API_LEVEL}' to 'android-${__real_api_level}'") - set( ANDROID_NATIVE_API_LEVEL ${__real_api_level} ) -endif() -unset(__real_api_level) -# validate -list( FIND ANDROID_SUPPORTED_NATIVE_API_LEVELS "${ANDROID_NATIVE_API_LEVEL}" __levelIdx ) -if( __levelIdx EQUAL -1 ) - message( SEND_ERROR "Specified Android native API level 'android-${ANDROID_NATIVE_API_LEVEL}' is not supported by your NDK/toolchain." ) -else() - if( BUILD_WITH_ANDROID_NDK ) - __DETECT_NATIVE_API_LEVEL( __realApiLevel "${ANDROID_NDK}/platforms/android-${ANDROID_NATIVE_API_LEVEL}/arch-${ANDROID_ARCH_NAME}/usr/include/android/api-level.h" ) - if( NOT __realApiLevel EQUAL ANDROID_NATIVE_API_LEVEL AND NOT __realApiLevel GREATER 9000 ) - message( SEND_ERROR "Specified Android API level (${ANDROID_NATIVE_API_LEVEL}) does not match to the level found (${__realApiLevel}). Probably your copy of NDK is broken." ) - endif() - unset( __realApiLevel ) - endif() - set( ANDROID_NATIVE_API_LEVEL "${ANDROID_NATIVE_API_LEVEL}" CACHE STRING "Android API level for native code" FORCE ) - set( CMAKE_ANDROID_API ${ANDROID_NATIVE_API_LEVEL} ) - if( CMAKE_VERSION VERSION_GREATER "2.8" ) - list( SORT ANDROID_SUPPORTED_NATIVE_API_LEVELS ) - set_property( CACHE ANDROID_NATIVE_API_LEVEL PROPERTY STRINGS ${ANDROID_SUPPORTED_NATIVE_API_LEVELS} ) - endif() -endif() -unset( __levelIdx ) - - -# remember target ABI -set( ANDROID_ABI "${ANDROID_ABI}" CACHE STRING "The target ABI for Android. If arm, then armeabi-v7a is recommended for hardware floating point." FORCE ) -if( CMAKE_VERSION VERSION_GREATER "2.8" ) - list( SORT ANDROID_SUPPORTED_ABIS_${ANDROID_ARCH_NAME} ) - set_property( CACHE ANDROID_ABI PROPERTY STRINGS ${ANDROID_SUPPORTED_ABIS_${ANDROID_ARCH_NAME}} ) -endif() - - -# runtime choice (STL, rtti, exceptions) -if( NOT ANDROID_STL ) - set( ANDROID_STL gnustl_static ) -endif() -set( ANDROID_STL "${ANDROID_STL}" CACHE STRING "C++ runtime" ) -set( ANDROID_STL_FORCE_FEATURES ON CACHE BOOL "automatically configure rtti and exceptions support based on C++ runtime" ) -mark_as_advanced( ANDROID_STL ANDROID_STL_FORCE_FEATURES ) - -if( BUILD_WITH_ANDROID_NDK ) - if( NOT "${ANDROID_STL}" MATCHES "^(none|system|system_re|gabi\\+\\+_static|gabi\\+\\+_shared|stlport_static|stlport_shared|gnustl_static|gnustl_shared)$") - message( FATAL_ERROR "ANDROID_STL is set to invalid value \"${ANDROID_STL}\". -The possible values are: - none -> Do not configure the runtime. - system -> Use the default minimal system C++ runtime library. - system_re -> Same as system but with rtti and exceptions. - gabi++_static -> Use the GAbi++ runtime as a static library. - gabi++_shared -> Use the GAbi++ runtime as a shared library. - stlport_static -> Use the STLport runtime as a static library. - stlport_shared -> Use the STLport runtime as a shared library. - gnustl_static -> (default) Use the GNU STL as a static library. - gnustl_shared -> Use the GNU STL as a shared library. -" ) - endif() -elseif( BUILD_WITH_STANDALONE_TOOLCHAIN ) - if( NOT "${ANDROID_STL}" MATCHES "^(none|gnustl_static|gnustl_shared)$") - message( FATAL_ERROR "ANDROID_STL is set to invalid value \"${ANDROID_STL}\". -The possible values are: - none -> Do not configure the runtime. - gnustl_static -> (default) Use the GNU STL as a static library. - gnustl_shared -> Use the GNU STL as a shared library. -" ) - endif() -endif() - -unset( ANDROID_RTTI ) -unset( ANDROID_EXCEPTIONS ) -unset( ANDROID_STL_INCLUDE_DIRS ) -unset( __libstl ) -unset( __libsupcxx ) - -if( NOT _CMAKE_IN_TRY_COMPILE AND ANDROID_NDK_RELEASE STREQUAL "r7b" AND ARMEABI_V7A AND NOT VFPV3 AND ANDROID_STL MATCHES "gnustl" ) - message( WARNING "The GNU STL armeabi-v7a binaries from NDK r7b can crash non-NEON devices. The files provided with NDK r7b were not configured properly, resulting in crashes on Tegra2-based devices and others when trying to use certain floating-point functions (e.g., cosf, sinf, expf). -You are strongly recommended to switch to another NDK release. -" ) -endif() - -if( NOT _CMAKE_IN_TRY_COMPILE AND X86 AND ANDROID_STL MATCHES "gnustl" AND ANDROID_NDK_RELEASE STREQUAL "r6" ) - message( WARNING "The x86 system header file from NDK r6 has incorrect definition for ptrdiff_t. You are recommended to upgrade to a newer NDK release or manually patch the header: -See https://android.googlesource.com/platform/development.git f907f4f9d4e56ccc8093df6fee54454b8bcab6c2 - diff --git a/ndk/platforms/android-9/arch-x86/include/machine/_types.h b/ndk/platforms/android-9/arch-x86/include/machine/_types.h - index 5e28c64..65892a1 100644 - --- a/ndk/platforms/android-9/arch-x86/include/machine/_types.h - +++ b/ndk/platforms/android-9/arch-x86/include/machine/_types.h - @@ -51,7 +51,11 @@ typedef long int ssize_t; - #endif - #ifndef _PTRDIFF_T - #define _PTRDIFF_T - -typedef long ptrdiff_t; - +# ifdef __ANDROID__ - + typedef int ptrdiff_t; - +# else - + typedef long ptrdiff_t; - +# endif - #endif -" ) -endif() - - -# setup paths and STL for standalone toolchain -if( BUILD_WITH_STANDALONE_TOOLCHAIN ) - set( ANDROID_TOOLCHAIN_ROOT "${ANDROID_STANDALONE_TOOLCHAIN}" ) - set( ANDROID_CLANG_TOOLCHAIN_ROOT "${ANDROID_STANDALONE_TOOLCHAIN}" ) - set( ANDROID_SYSROOT "${ANDROID_STANDALONE_TOOLCHAIN}/sysroot" ) - - if( NOT ANDROID_STL STREQUAL "none" ) - set( ANDROID_STL_INCLUDE_DIRS "${ANDROID_STANDALONE_TOOLCHAIN}/include/c++/${ANDROID_COMPILER_VERSION}" ) - if( NOT EXISTS "${ANDROID_STL_INCLUDE_DIRS}" ) - # old location ( pre r8c ) - set( ANDROID_STL_INCLUDE_DIRS "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/include/c++/${ANDROID_COMPILER_VERSION}" ) - endif() - if( ARMEABI_V7A AND EXISTS "${ANDROID_STL_INCLUDE_DIRS}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/${CMAKE_SYSTEM_PROCESSOR}/bits" ) - list( APPEND ANDROID_STL_INCLUDE_DIRS "${ANDROID_STL_INCLUDE_DIRS}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/${CMAKE_SYSTEM_PROCESSOR}" ) - elseif( ARMEABI AND NOT ANDROID_FORCE_ARM_BUILD AND EXISTS "${ANDROID_STL_INCLUDE_DIRS}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/thumb/bits" ) - list( APPEND ANDROID_STL_INCLUDE_DIRS "${ANDROID_STL_INCLUDE_DIRS}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/thumb" ) - else() - list( APPEND ANDROID_STL_INCLUDE_DIRS "${ANDROID_STL_INCLUDE_DIRS}/${ANDROID_TOOLCHAIN_MACHINE_NAME}" ) - endif() - # always search static GNU STL to get the location of libsupc++.a - if( ARMEABI_V7A AND NOT ANDROID_FORCE_ARM_BUILD AND EXISTS "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/${CMAKE_SYSTEM_PROCESSOR}/thumb/libstdc++.a" ) - set( __libstl "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/${CMAKE_SYSTEM_PROCESSOR}/thumb" ) - elseif( ARMEABI_V7A AND EXISTS "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/${CMAKE_SYSTEM_PROCESSOR}/libstdc++.a" ) - set( __libstl "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/${CMAKE_SYSTEM_PROCESSOR}" ) - elseif( ARMEABI AND NOT ANDROID_FORCE_ARM_BUILD AND EXISTS "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/thumb/libstdc++.a" ) - set( __libstl "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/thumb" ) - elseif( EXISTS "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/libstdc++.a" ) - set( __libstl "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib" ) - endif() - if( __libstl ) - set( __libsupcxx "${__libstl}/libsupc++.a" ) - set( __libstl "${__libstl}/libstdc++.a" ) - endif() - if( NOT EXISTS "${__libsupcxx}" ) - message( FATAL_ERROR "The required libstdsupc++.a is missing in your standalone toolchain. - Usually it happens because of bug in make-standalone-toolchain.sh script from NDK r7, r7b and r7c. - You need to either upgrade to newer NDK or manually copy - $ANDROID_NDK/sources/cxx-stl/gnu-libstdc++/libs/${ANDROID_NDK_ABI_NAME}/libsupc++.a - to - ${__libsupcxx} - " ) - endif() - if( ANDROID_STL STREQUAL "gnustl_shared" ) - if( ARMEABI_V7A AND EXISTS "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/${CMAKE_SYSTEM_PROCESSOR}/libgnustl_shared.so" ) - set( __libstl "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/${CMAKE_SYSTEM_PROCESSOR}/libgnustl_shared.so" ) - elseif( ARMEABI AND NOT ANDROID_FORCE_ARM_BUILD AND EXISTS "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/thumb/libgnustl_shared.so" ) - set( __libstl "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/thumb/libgnustl_shared.so" ) - elseif( EXISTS "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/libgnustl_shared.so" ) - set( __libstl "${ANDROID_STANDALONE_TOOLCHAIN}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/libgnustl_shared.so" ) - endif() - endif() - endif() -endif() - -# clang -if( "${ANDROID_TOOLCHAIN_NAME}" STREQUAL "standalone-clang" ) - set( ANDROID_COMPILER_IS_CLANG 1 ) - execute_process( COMMAND "${ANDROID_CLANG_TOOLCHAIN_ROOT}/bin/clang${TOOL_OS_SUFFIX}" --version OUTPUT_VARIABLE ANDROID_CLANG_VERSION OUTPUT_STRIP_TRAILING_WHITESPACE ) - string( REGEX MATCH "[0-9]+[.][0-9]+" ANDROID_CLANG_VERSION "${ANDROID_CLANG_VERSION}") -elseif( "${ANDROID_TOOLCHAIN_NAME}" MATCHES "-clang3[.][0-9]?$" ) - string( REGEX MATCH "3[.][0-9]$" ANDROID_CLANG_VERSION "${ANDROID_TOOLCHAIN_NAME}") - string( REGEX REPLACE "-clang${ANDROID_CLANG_VERSION}$" "-${ANDROID_COMPILER_VERSION}" ANDROID_GCC_TOOLCHAIN_NAME "${ANDROID_TOOLCHAIN_NAME}" ) - if( NOT EXISTS "${ANDROID_NDK_TOOLCHAINS_PATH}/llvm-${ANDROID_CLANG_VERSION}${ANDROID_NDK_TOOLCHAINS_SUBPATH}/bin/clang${TOOL_OS_SUFFIX}" ) - message( FATAL_ERROR "Could not find the Clang compiler driver" ) - endif() - set( ANDROID_COMPILER_IS_CLANG 1 ) - set( ANDROID_CLANG_TOOLCHAIN_ROOT "${ANDROID_NDK_TOOLCHAINS_PATH}/llvm-${ANDROID_CLANG_VERSION}${ANDROID_NDK_TOOLCHAINS_SUBPATH}" ) -else() - set( ANDROID_GCC_TOOLCHAIN_NAME "${ANDROID_TOOLCHAIN_NAME}" ) - unset( ANDROID_COMPILER_IS_CLANG CACHE ) -endif() - -string( REPLACE "." "" _clang_name "clang${ANDROID_CLANG_VERSION}" ) -if( NOT EXISTS "${ANDROID_CLANG_TOOLCHAIN_ROOT}/bin/${_clang_name}${TOOL_OS_SUFFIX}" ) - set( _clang_name "clang" ) -endif() - - -# setup paths and STL for NDK -if( BUILD_WITH_ANDROID_NDK ) - set( ANDROID_TOOLCHAIN_ROOT "${ANDROID_NDK_TOOLCHAINS_PATH}/${ANDROID_GCC_TOOLCHAIN_NAME}${ANDROID_NDK_TOOLCHAINS_SUBPATH}" ) - set( ANDROID_SYSROOT "${ANDROID_NDK}/platforms/android-${ANDROID_NATIVE_API_LEVEL}/arch-${ANDROID_ARCH_NAME}" ) - - if( ANDROID_STL STREQUAL "none" ) - # do nothing - elseif( ANDROID_STL STREQUAL "system" ) - set( ANDROID_RTTI OFF ) - set( ANDROID_EXCEPTIONS OFF ) - set( ANDROID_STL_INCLUDE_DIRS "${ANDROID_NDK}/sources/cxx-stl/system/include" ) - elseif( ANDROID_STL STREQUAL "system_re" ) - set( ANDROID_RTTI ON ) - set( ANDROID_EXCEPTIONS ON ) - set( ANDROID_STL_INCLUDE_DIRS "${ANDROID_NDK}/sources/cxx-stl/system/include" ) - elseif( ANDROID_STL MATCHES "gabi" ) - if( ANDROID_NDK_RELEASE_NUM LESS 7000 ) # before r7 - message( FATAL_ERROR "gabi++ is not available in your NDK. You have to upgrade to NDK r7 or newer to use gabi++.") - endif() - set( ANDROID_RTTI ON ) - set( ANDROID_EXCEPTIONS OFF ) - set( ANDROID_STL_INCLUDE_DIRS "${ANDROID_NDK}/sources/cxx-stl/gabi++/include" ) - set( __libstl "${ANDROID_NDK}/sources/cxx-stl/gabi++/libs/${ANDROID_NDK_ABI_NAME}/libgabi++_static.a" ) - elseif( ANDROID_STL MATCHES "stlport" ) - if( NOT ANDROID_NDK_RELEASE_NUM LESS 8004 ) # before r8d - set( ANDROID_EXCEPTIONS ON ) - else() - set( ANDROID_EXCEPTIONS OFF ) - endif() - if( ANDROID_NDK_RELEASE_NUM LESS 7000 ) # before r7 - set( ANDROID_RTTI OFF ) - else() - set( ANDROID_RTTI ON ) - endif() - set( ANDROID_STL_INCLUDE_DIRS "${ANDROID_NDK}/sources/cxx-stl/stlport/stlport" ) - set( __libstl "${ANDROID_NDK}/sources/cxx-stl/stlport/libs/${ANDROID_NDK_ABI_NAME}/libstlport_static.a" ) - elseif( ANDROID_STL MATCHES "gnustl" ) - set( ANDROID_EXCEPTIONS ON ) - set( ANDROID_RTTI ON ) - if( EXISTS "${ANDROID_NDK}/sources/cxx-stl/gnu-libstdc++/${ANDROID_COMPILER_VERSION}" ) - if( ARMEABI_V7A AND ANDROID_COMPILER_VERSION VERSION_EQUAL "4.7" AND ANDROID_NDK_RELEASE STREQUAL "r8d" ) - # gnustl binary for 4.7 compiler is buggy :( - # TODO: look for right fix - set( __libstl "${ANDROID_NDK}/sources/cxx-stl/gnu-libstdc++/4.6" ) - else() - set( __libstl "${ANDROID_NDK}/sources/cxx-stl/gnu-libstdc++/${ANDROID_COMPILER_VERSION}" ) - endif() - else() - set( __libstl "${ANDROID_NDK}/sources/cxx-stl/gnu-libstdc++" ) - endif() - set( ANDROID_STL_INCLUDE_DIRS "${__libstl}/include" "${__libstl}/libs/${ANDROID_NDK_ABI_NAME}/include" "${__libstl}/include/backward" ) - if( EXISTS "${__libstl}/libs/${ANDROID_NDK_ABI_NAME}/libgnustl_static.a" ) - set( __libstl "${__libstl}/libs/${ANDROID_NDK_ABI_NAME}/libgnustl_static.a" ) - else() - set( __libstl "${__libstl}/libs/${ANDROID_NDK_ABI_NAME}/libstdc++.a" ) - endif() - else() - message( FATAL_ERROR "Unknown runtime: ${ANDROID_STL}" ) - endif() - # find libsupc++.a - rtti & exceptions - if( ANDROID_STL STREQUAL "system_re" OR ANDROID_STL MATCHES "gnustl" ) - set( __libsupcxx "${ANDROID_NDK}/sources/cxx-stl/gnu-libstdc++/${ANDROID_COMPILER_VERSION}/libs/${ANDROID_NDK_ABI_NAME}/libsupc++.a" ) # r8b or newer - if( NOT EXISTS "${__libsupcxx}" ) - set( __libsupcxx "${ANDROID_NDK}/sources/cxx-stl/gnu-libstdc++/libs/${ANDROID_NDK_ABI_NAME}/libsupc++.a" ) # r7-r8 - endif() - if( NOT EXISTS "${__libsupcxx}" ) # before r7 - if( ARMEABI_V7A ) - if( ANDROID_FORCE_ARM_BUILD ) - set( __libsupcxx "${ANDROID_TOOLCHAIN_ROOT}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/${CMAKE_SYSTEM_PROCESSOR}/libsupc++.a" ) - else() - set( __libsupcxx "${ANDROID_TOOLCHAIN_ROOT}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/${CMAKE_SYSTEM_PROCESSOR}/thumb/libsupc++.a" ) - endif() - elseif( ARMEABI AND NOT ANDROID_FORCE_ARM_BUILD ) - set( __libsupcxx "${ANDROID_TOOLCHAIN_ROOT}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/thumb/libsupc++.a" ) - else() - set( __libsupcxx "${ANDROID_TOOLCHAIN_ROOT}/${ANDROID_TOOLCHAIN_MACHINE_NAME}/lib/libsupc++.a" ) - endif() - endif() - if( NOT EXISTS "${__libsupcxx}") - message( ERROR "Could not find libsupc++.a for a chosen platform. Either your NDK is not supported or is broken.") - endif() - endif() -endif() - - -# case of shared STL linkage -if( ANDROID_STL MATCHES "shared" AND DEFINED __libstl ) - string( REPLACE "_static.a" "_shared.so" __libstl "${__libstl}" ) - # TODO: check if .so file exists before the renaming -endif() - - -# ccache support -__INIT_VARIABLE( _ndk_ccache NDK_CCACHE ENV_NDK_CCACHE ) -if( _ndk_ccache ) - if( DEFINED NDK_CCACHE AND NOT EXISTS NDK_CCACHE ) - unset( NDK_CCACHE CACHE ) - endif() - find_program( NDK_CCACHE "${_ndk_ccache}" DOC "The path to ccache binary") -else() - unset( NDK_CCACHE CACHE ) -endif() -unset( _ndk_ccache ) - - -# setup the cross-compiler -if( NOT CMAKE_C_COMPILER ) - if( NDK_CCACHE AND NOT ANDROID_SYSROOT MATCHES "[ ;\"]" ) - set( CMAKE_C_COMPILER "${NDK_CCACHE}" CACHE PATH "ccache as C compiler" ) - set( CMAKE_CXX_COMPILER "${NDK_CCACHE}" CACHE PATH "ccache as C++ compiler" ) - if( ANDROID_COMPILER_IS_CLANG ) - set( CMAKE_C_COMPILER_ARG1 "${ANDROID_CLANG_TOOLCHAIN_ROOT}/bin/${_clang_name}${TOOL_OS_SUFFIX}" CACHE PATH "C compiler") - set( CMAKE_CXX_COMPILER_ARG1 "${ANDROID_CLANG_TOOLCHAIN_ROOT}/bin/${_clang_name}++${TOOL_OS_SUFFIX}" CACHE PATH "C++ compiler") - else() - set( CMAKE_C_COMPILER_ARG1 "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-gcc${TOOL_OS_SUFFIX}" CACHE PATH "C compiler") - set( CMAKE_CXX_COMPILER_ARG1 "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-g++${TOOL_OS_SUFFIX}" CACHE PATH "C++ compiler") - endif() - else() - if( ANDROID_COMPILER_IS_CLANG ) - set( CMAKE_C_COMPILER "${ANDROID_CLANG_TOOLCHAIN_ROOT}/bin/${_clang_name}${TOOL_OS_SUFFIX}" CACHE PATH "C compiler") - set( CMAKE_CXX_COMPILER "${ANDROID_CLANG_TOOLCHAIN_ROOT}/bin/${_clang_name}++${TOOL_OS_SUFFIX}" CACHE PATH "C++ compiler") - else() - set( CMAKE_C_COMPILER "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-gcc${TOOL_OS_SUFFIX}" CACHE PATH "C compiler" ) - set( CMAKE_CXX_COMPILER "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-g++${TOOL_OS_SUFFIX}" CACHE PATH "C++ compiler" ) - endif() - endif() - set( CMAKE_ASM_COMPILER "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-gcc${TOOL_OS_SUFFIX}" CACHE PATH "assembler" ) - set( CMAKE_STRIP "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-strip${TOOL_OS_SUFFIX}" CACHE PATH "strip" ) - if( EXISTS "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-gcc-ar${TOOL_OS_SUFFIX}" ) - # Use gcc-ar if we have it for better LTO support. - set( CMAKE_AR "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-gcc-ar${TOOL_OS_SUFFIX}" CACHE PATH "archive" ) - else() - set( CMAKE_AR "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-ar${TOOL_OS_SUFFIX}" CACHE PATH "archive" ) - endif() - set( CMAKE_LINKER "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-ld${TOOL_OS_SUFFIX}" CACHE PATH "linker" ) - set( CMAKE_NM "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-nm${TOOL_OS_SUFFIX}" CACHE PATH "nm" ) - set( CMAKE_OBJCOPY "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-objcopy${TOOL_OS_SUFFIX}" CACHE PATH "objcopy" ) - set( CMAKE_OBJDUMP "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-objdump${TOOL_OS_SUFFIX}" CACHE PATH "objdump" ) - set( CMAKE_RANLIB "${ANDROID_TOOLCHAIN_ROOT}/bin/${ANDROID_TOOLCHAIN_MACHINE_NAME}-ranlib${TOOL_OS_SUFFIX}" CACHE PATH "ranlib" ) -endif() - -set( _CMAKE_TOOLCHAIN_PREFIX "${ANDROID_TOOLCHAIN_MACHINE_NAME}-" ) -if( CMAKE_VERSION VERSION_LESS 2.8.5 ) - set( CMAKE_ASM_COMPILER_ARG1 "-c" ) -endif() -if( APPLE ) - find_program( CMAKE_INSTALL_NAME_TOOL NAMES install_name_tool ) - if( NOT CMAKE_INSTALL_NAME_TOOL ) - message( FATAL_ERROR "Could not find install_name_tool, please check your installation." ) - endif() - mark_as_advanced( CMAKE_INSTALL_NAME_TOOL ) -endif() - -# Force set compilers because standard identification works badly for us -include( CMakeForceCompiler ) -CMAKE_FORCE_C_COMPILER( "${CMAKE_C_COMPILER}" GNU ) -if( ANDROID_COMPILER_IS_CLANG ) - set( CMAKE_C_COMPILER_ID Clang ) -endif() -set( CMAKE_C_PLATFORM_ID Linux ) -if( X86_64 OR MIPS64 OR ARM64_V8A ) - set( CMAKE_C_SIZEOF_DATA_PTR 8 ) -else() - set( CMAKE_C_SIZEOF_DATA_PTR 4 ) -endif() -set( CMAKE_C_HAS_ISYSROOT 1 ) -set( CMAKE_C_COMPILER_ABI ELF ) -CMAKE_FORCE_CXX_COMPILER( "${CMAKE_CXX_COMPILER}" GNU ) -if( ANDROID_COMPILER_IS_CLANG ) - set( CMAKE_CXX_COMPILER_ID Clang) -endif() -set( CMAKE_CXX_PLATFORM_ID Linux ) -set( CMAKE_CXX_SIZEOF_DATA_PTR ${CMAKE_C_SIZEOF_DATA_PTR} ) -set( CMAKE_CXX_HAS_ISYSROOT 1 ) -set( CMAKE_CXX_COMPILER_ABI ELF ) -set( CMAKE_CXX_SOURCE_FILE_EXTENSIONS cc cp cxx cpp CPP c++ C ) -# force ASM compiler (required for CMake < 2.8.5) -set( CMAKE_ASM_COMPILER_ID_RUN TRUE ) -set( CMAKE_ASM_COMPILER_ID GNU ) -set( CMAKE_ASM_COMPILER_WORKS TRUE ) -set( CMAKE_ASM_COMPILER_FORCED TRUE ) -set( CMAKE_COMPILER_IS_GNUASM 1) -set( CMAKE_ASM_SOURCE_FILE_EXTENSIONS s S asm ) - -foreach( lang C CXX ASM ) - if( ANDROID_COMPILER_IS_CLANG ) - set( CMAKE_${lang}_COMPILER_VERSION ${ANDROID_CLANG_VERSION} ) - else() - set( CMAKE_${lang}_COMPILER_VERSION ${ANDROID_COMPILER_VERSION} ) - endif() -endforeach() - -# flags and definitions -remove_definitions( -DANDROID ) -add_definitions( -DANDROID ) - -if( ANDROID_SYSROOT MATCHES "[ ;\"]" ) - if( CMAKE_HOST_WIN32 ) - # try to convert path to 8.3 form - file( WRITE "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/cvt83.cmd" "@echo %~s1" ) - execute_process( COMMAND "$ENV{ComSpec}" /c "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/cvt83.cmd" "${ANDROID_SYSROOT}" - OUTPUT_VARIABLE __path OUTPUT_STRIP_TRAILING_WHITESPACE - RESULT_VARIABLE __result ERROR_QUIET ) - if( __result EQUAL 0 ) - file( TO_CMAKE_PATH "${__path}" ANDROID_SYSROOT ) - set( ANDROID_CXX_FLAGS "--sysroot=${ANDROID_SYSROOT}" ) - else() - set( ANDROID_CXX_FLAGS "--sysroot=\"${ANDROID_SYSROOT}\"" ) - endif() - else() - set( ANDROID_CXX_FLAGS "'--sysroot=${ANDROID_SYSROOT}'" ) - endif() - if( NOT _CMAKE_IN_TRY_COMPILE ) - # quotes can break try_compile and compiler identification - message(WARNING "Path to your Android NDK (or toolchain) has non-alphanumeric symbols.\nThe build might be broken.\n") - endif() -else() - set( ANDROID_CXX_FLAGS "--sysroot=${ANDROID_SYSROOT}" ) -endif() - -# NDK flags -if (ARM64_V8A ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -funwind-tables" ) - set( ANDROID_CXX_FLAGS_RELEASE "-fomit-frame-pointer -fstrict-aliasing" ) - set( ANDROID_CXX_FLAGS_DEBUG "-fno-omit-frame-pointer -fno-strict-aliasing" ) - if( NOT ANDROID_COMPILER_IS_CLANG ) - set( ANDROID_CXX_FLAGS_RELEASE "${ANDROID_CXX_FLAGS_RELEASE} -funswitch-loops -finline-limit=300" ) - endif() -elseif( ARMEABI OR ARMEABI_V7A) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -funwind-tables" ) - if( NOT ANDROID_FORCE_ARM_BUILD AND NOT ARMEABI_V6 ) - set( ANDROID_CXX_FLAGS_RELEASE "-mthumb -fomit-frame-pointer -fno-strict-aliasing" ) - set( ANDROID_CXX_FLAGS_DEBUG "-marm -fno-omit-frame-pointer -fno-strict-aliasing" ) - if( NOT ANDROID_COMPILER_IS_CLANG ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -finline-limit=64" ) - endif() - else() - # always compile ARMEABI_V6 in arm mode; otherwise there is no difference from ARMEABI - set( ANDROID_CXX_FLAGS_RELEASE "-marm -fomit-frame-pointer -fstrict-aliasing" ) - set( ANDROID_CXX_FLAGS_DEBUG "-marm -fno-omit-frame-pointer -fno-strict-aliasing" ) - if( NOT ANDROID_COMPILER_IS_CLANG ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -funswitch-loops -finline-limit=300" ) - endif() - endif() -elseif( X86 OR X86_64 ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -funwind-tables" ) - if( NOT ANDROID_COMPILER_IS_CLANG ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -funswitch-loops -finline-limit=300" ) - endif() - set( ANDROID_CXX_FLAGS_RELEASE "-fomit-frame-pointer -fstrict-aliasing" ) - set( ANDROID_CXX_FLAGS_DEBUG "-fno-omit-frame-pointer -fno-strict-aliasing" ) -elseif( MIPS OR MIPS64 ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -fno-strict-aliasing -finline-functions -funwind-tables -fmessage-length=0" ) - set( ANDROID_CXX_FLAGS_RELEASE "-fomit-frame-pointer" ) - set( ANDROID_CXX_FLAGS_DEBUG "-fno-omit-frame-pointer" ) - if( NOT ANDROID_COMPILER_IS_CLANG ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -fno-inline-functions-called-once -fgcse-after-reload -frerun-cse-after-loop -frename-registers" ) - set( ANDROID_CXX_FLAGS_RELEASE "${ANDROID_CXX_FLAGS_RELEASE} -funswitch-loops -finline-limit=300" ) - endif() -elseif() - set( ANDROID_CXX_FLAGS_RELEASE "" ) - set( ANDROID_CXX_FLAGS_DEBUG "" ) -endif() - -set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -fsigned-char" ) # good/necessary when porting desktop libraries - -if( NOT X86 AND NOT ANDROID_COMPILER_IS_CLANG ) - set( ANDROID_CXX_FLAGS "-Wno-psabi ${ANDROID_CXX_FLAGS}" ) -endif() - -if( NOT ANDROID_COMPILER_VERSION VERSION_LESS "4.6" ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -no-canonical-prefixes" ) # see https://android-review.googlesource.com/#/c/47564/ -endif() - -# ABI-specific flags -if( ARMEABI_V7A ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -march=armv7-a -mfloat-abi=softfp" ) - if( NEON ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -mfpu=neon" ) - elseif( VFPV3 ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -mfpu=vfpv3" ) - else() - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -mfpu=vfpv3-d16" ) - endif() -elseif( ARMEABI_V6 ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -march=armv6 -mfloat-abi=softfp -mfpu=vfp" ) # vfp == vfpv2 -elseif( ARMEABI ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -march=armv5te -mtune=xscale -msoft-float" ) -endif() - -if( ANDROID_STL MATCHES "gnustl" AND (EXISTS "${__libstl}" OR EXISTS "${__libsupcxx}") ) - set( CMAKE_CXX_CREATE_SHARED_LIBRARY " -o " ) - set( CMAKE_CXX_CREATE_SHARED_MODULE " -o " ) - set( CMAKE_CXX_LINK_EXECUTABLE " -o " ) -else() - set( CMAKE_CXX_CREATE_SHARED_LIBRARY " -o " ) - set( CMAKE_CXX_CREATE_SHARED_MODULE " -o " ) - set( CMAKE_CXX_LINK_EXECUTABLE " -o " ) -endif() - -# STL -if( EXISTS "${__libstl}" OR EXISTS "${__libsupcxx}" ) - if( EXISTS "${__libstl}" ) - set( CMAKE_CXX_CREATE_SHARED_LIBRARY "${CMAKE_CXX_CREATE_SHARED_LIBRARY} \"${__libstl}\"" ) - set( CMAKE_CXX_CREATE_SHARED_MODULE "${CMAKE_CXX_CREATE_SHARED_MODULE} \"${__libstl}\"" ) - set( CMAKE_CXX_LINK_EXECUTABLE "${CMAKE_CXX_LINK_EXECUTABLE} \"${__libstl}\"" ) - endif() - if( EXISTS "${__libsupcxx}" ) - set( CMAKE_CXX_CREATE_SHARED_LIBRARY "${CMAKE_CXX_CREATE_SHARED_LIBRARY} \"${__libsupcxx}\"" ) - set( CMAKE_CXX_CREATE_SHARED_MODULE "${CMAKE_CXX_CREATE_SHARED_MODULE} \"${__libsupcxx}\"" ) - set( CMAKE_CXX_LINK_EXECUTABLE "${CMAKE_CXX_LINK_EXECUTABLE} \"${__libsupcxx}\"" ) - # C objects: - set( CMAKE_C_CREATE_SHARED_LIBRARY " -o " ) - set( CMAKE_C_CREATE_SHARED_MODULE " -o " ) - set( CMAKE_C_LINK_EXECUTABLE " -o " ) - set( CMAKE_C_CREATE_SHARED_LIBRARY "${CMAKE_C_CREATE_SHARED_LIBRARY} \"${__libsupcxx}\"" ) - set( CMAKE_C_CREATE_SHARED_MODULE "${CMAKE_C_CREATE_SHARED_MODULE} \"${__libsupcxx}\"" ) - set( CMAKE_C_LINK_EXECUTABLE "${CMAKE_C_LINK_EXECUTABLE} \"${__libsupcxx}\"" ) - endif() - if( ANDROID_STL MATCHES "gnustl" ) - if( NOT EXISTS "${ANDROID_LIBM_PATH}" ) - set( ANDROID_LIBM_PATH -lm ) - endif() - set( CMAKE_CXX_CREATE_SHARED_LIBRARY "${CMAKE_CXX_CREATE_SHARED_LIBRARY} ${ANDROID_LIBM_PATH}" ) - set( CMAKE_CXX_CREATE_SHARED_MODULE "${CMAKE_CXX_CREATE_SHARED_MODULE} ${ANDROID_LIBM_PATH}" ) - set( CMAKE_CXX_LINK_EXECUTABLE "${CMAKE_CXX_LINK_EXECUTABLE} ${ANDROID_LIBM_PATH}" ) - endif() -endif() - -# variables controlling optional build flags -if( ANDROID_NDK_RELEASE_NUM LESS 7000 ) # before r7 - # libGLESv2.so in NDK's prior to r7 refers to missing external symbols. - # So this flag option is required for all projects using OpenGL from native. - __INIT_VARIABLE( ANDROID_SO_UNDEFINED VALUES ON ) -else() - __INIT_VARIABLE( ANDROID_SO_UNDEFINED VALUES OFF ) -endif() -__INIT_VARIABLE( ANDROID_NO_UNDEFINED VALUES ON ) -__INIT_VARIABLE( ANDROID_FUNCTION_LEVEL_LINKING VALUES ON ) -__INIT_VARIABLE( ANDROID_GOLD_LINKER VALUES ON ) -__INIT_VARIABLE( ANDROID_NOEXECSTACK VALUES ON ) -__INIT_VARIABLE( ANDROID_RELRO VALUES ON ) - -set( ANDROID_NO_UNDEFINED ${ANDROID_NO_UNDEFINED} CACHE BOOL "Show all undefined symbols as linker errors" ) -set( ANDROID_SO_UNDEFINED ${ANDROID_SO_UNDEFINED} CACHE BOOL "Allows or disallows undefined symbols in shared libraries" ) -set( ANDROID_FUNCTION_LEVEL_LINKING ${ANDROID_FUNCTION_LEVEL_LINKING} CACHE BOOL "Put each function in separate section and enable garbage collection of unused input sections at link time" ) -set( ANDROID_GOLD_LINKER ${ANDROID_GOLD_LINKER} CACHE BOOL "Enables gold linker" ) -set( ANDROID_NOEXECSTACK ${ANDROID_NOEXECSTACK} CACHE BOOL "Allows or disallows undefined symbols in shared libraries" ) -set( ANDROID_RELRO ${ANDROID_RELRO} CACHE BOOL "Enables RELRO - a memory corruption mitigation technique" ) -mark_as_advanced( ANDROID_NO_UNDEFINED ANDROID_SO_UNDEFINED ANDROID_FUNCTION_LEVEL_LINKING ANDROID_GOLD_LINKER ANDROID_NOEXECSTACK ANDROID_RELRO ) - -# linker flags -set( ANDROID_LINKER_FLAGS "" ) - -if( ARMEABI_V7A ) - # this is *required* to use the following linker flags that routes around - # a CPU bug in some Cortex-A8 implementations: - set( ANDROID_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} -Wl,--fix-cortex-a8" ) -endif() - -if( ANDROID_NO_UNDEFINED ) - if( MIPS ) - # there is some sysroot-related problem in mips linker... - if( NOT ANDROID_SYSROOT MATCHES "[ ;\"]" ) - set( ANDROID_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} -Wl,--no-undefined -Wl,-rpath-link,${ANDROID_SYSROOT}/usr/lib" ) - endif() - else() - set( ANDROID_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} -Wl,--no-undefined" ) - endif() -endif() - -if( ANDROID_SO_UNDEFINED ) - set( ANDROID_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} -Wl,-allow-shlib-undefined" ) -endif() - -if( ANDROID_FUNCTION_LEVEL_LINKING ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -fdata-sections -ffunction-sections" ) - set( ANDROID_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} -Wl,--gc-sections" ) -endif() - -if( ANDROID_COMPILER_VERSION VERSION_EQUAL "4.6" ) - if( ANDROID_GOLD_LINKER AND (CMAKE_HOST_UNIX OR ANDROID_NDK_RELEASE_NUM GREATER 8002) AND (ARMEABI OR ARMEABI_V7A OR X86) ) - set( ANDROID_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} -fuse-ld=gold" ) - elseif( ANDROID_NDK_RELEASE_NUM GREATER 8002 ) # after r8b - set( ANDROID_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} -fuse-ld=bfd" ) - elseif( ANDROID_NDK_RELEASE STREQUAL "r8b" AND ARMEABI AND NOT _CMAKE_IN_TRY_COMPILE ) - message( WARNING "The default bfd linker from arm GCC 4.6 toolchain can fail with 'unresolvable R_ARM_THM_CALL relocation' error message. See https://code.google.com/p/android/issues/detail?id=35342 - On Linux and OS X host platform you can workaround this problem using gold linker (default). - Rerun cmake with -DANDROID_GOLD_LINKER=ON option in case of problems. -" ) - endif() -endif() # version 4.6 - -if( ANDROID_NOEXECSTACK ) - if( ANDROID_COMPILER_IS_CLANG ) - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -Xclang -mnoexecstack" ) - else() - set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS} -Wa,--noexecstack" ) - endif() - set( ANDROID_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} -Wl,-z,noexecstack" ) -endif() - -if( ANDROID_RELRO ) - set( ANDROID_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now" ) -endif() - -if( ANDROID_COMPILER_IS_CLANG ) - set( ANDROID_CXX_FLAGS "-target ${ANDROID_LLVM_TRIPLE} -Qunused-arguments ${ANDROID_CXX_FLAGS}" ) - if( BUILD_WITH_ANDROID_NDK ) - set( ANDROID_CXX_FLAGS "-gcc-toolchain ${ANDROID_TOOLCHAIN_ROOT} ${ANDROID_CXX_FLAGS}" ) - endif() -endif() - -# cache flags -set( CMAKE_CXX_FLAGS "" CACHE STRING "c++ flags" ) -set( CMAKE_C_FLAGS "" CACHE STRING "c flags" ) -set( CMAKE_CXX_FLAGS_RELEASE "-O3 -DNDEBUG" CACHE STRING "c++ Release flags" ) -set( CMAKE_C_FLAGS_RELEASE "-O3 -DNDEBUG" CACHE STRING "c Release flags" ) -set( CMAKE_CXX_FLAGS_DEBUG "-O0 -g -DDEBUG -D_DEBUG" CACHE STRING "c++ Debug flags" ) -set( CMAKE_C_FLAGS_DEBUG "-O0 -g -DDEBUG -D_DEBUG" CACHE STRING "c Debug flags" ) -set( CMAKE_SHARED_LINKER_FLAGS "" CACHE STRING "shared linker flags" ) -set( CMAKE_MODULE_LINKER_FLAGS "" CACHE STRING "module linker flags" ) -set( CMAKE_EXE_LINKER_FLAGS "-Wl,-z,nocopyreloc" CACHE STRING "executable linker flags" ) - -# put flags to cache (for debug purpose only) -set( ANDROID_CXX_FLAGS "${ANDROID_CXX_FLAGS}" CACHE INTERNAL "Android specific c/c++ flags" ) -set( ANDROID_CXX_FLAGS_RELEASE "${ANDROID_CXX_FLAGS_RELEASE}" CACHE INTERNAL "Android specific c/c++ Release flags" ) -set( ANDROID_CXX_FLAGS_DEBUG "${ANDROID_CXX_FLAGS_DEBUG}" CACHE INTERNAL "Android specific c/c++ Debug flags" ) -set( ANDROID_LINKER_FLAGS "${ANDROID_LINKER_FLAGS}" CACHE INTERNAL "Android specific c/c++ linker flags" ) - -# finish flags -set( CMAKE_CXX_FLAGS "${ANDROID_CXX_FLAGS} ${CMAKE_CXX_FLAGS}" ) -set( CMAKE_C_FLAGS "${ANDROID_CXX_FLAGS} ${CMAKE_C_FLAGS}" ) -set( CMAKE_CXX_FLAGS_RELEASE "${ANDROID_CXX_FLAGS_RELEASE} ${CMAKE_CXX_FLAGS_RELEASE}" ) -set( CMAKE_C_FLAGS_RELEASE "${ANDROID_CXX_FLAGS_RELEASE} ${CMAKE_C_FLAGS_RELEASE}" ) -set( CMAKE_CXX_FLAGS_DEBUG "${ANDROID_CXX_FLAGS_DEBUG} ${CMAKE_CXX_FLAGS_DEBUG}" ) -set( CMAKE_C_FLAGS_DEBUG "${ANDROID_CXX_FLAGS_DEBUG} ${CMAKE_C_FLAGS_DEBUG}" ) -set( CMAKE_SHARED_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} ${CMAKE_SHARED_LINKER_FLAGS}" ) -set( CMAKE_MODULE_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} ${CMAKE_MODULE_LINKER_FLAGS}" ) -set( CMAKE_EXE_LINKER_FLAGS "${ANDROID_LINKER_FLAGS} ${CMAKE_EXE_LINKER_FLAGS}" ) - -if( MIPS AND BUILD_WITH_ANDROID_NDK AND ANDROID_NDK_RELEASE STREQUAL "r8" ) - set( CMAKE_SHARED_LINKER_FLAGS "-Wl,-T,${ANDROID_NDK_TOOLCHAINS_PATH}/${ANDROID_GCC_TOOLCHAIN_NAME}/mipself.xsc ${CMAKE_SHARED_LINKER_FLAGS}" ) - set( CMAKE_MODULE_LINKER_FLAGS "-Wl,-T,${ANDROID_NDK_TOOLCHAINS_PATH}/${ANDROID_GCC_TOOLCHAIN_NAME}/mipself.xsc ${CMAKE_MODULE_LINKER_FLAGS}" ) - set( CMAKE_EXE_LINKER_FLAGS "-Wl,-T,${ANDROID_NDK_TOOLCHAINS_PATH}/${ANDROID_GCC_TOOLCHAIN_NAME}/mipself.x ${CMAKE_EXE_LINKER_FLAGS}" ) -endif() - -# pie/pic -if( NOT (ANDROID_NATIVE_API_LEVEL LESS 16) AND (NOT DEFINED ANDROID_APP_PIE OR ANDROID_APP_PIE) AND (CMAKE_VERSION VERSION_GREATER 2.8.8) ) - set( CMAKE_POSITION_INDEPENDENT_CODE TRUE ) - set( CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -pie") -else() - set( CMAKE_POSITION_INDEPENDENT_CODE FALSE ) - set( CMAKE_CXX_FLAGS "-fpic ${CMAKE_CXX_FLAGS}" ) - set( CMAKE_C_FLAGS "-fpic ${CMAKE_C_FLAGS}" ) -endif() - -# configure rtti -if( DEFINED ANDROID_RTTI AND ANDROID_STL_FORCE_FEATURES ) - if( ANDROID_RTTI ) - set( CMAKE_CXX_FLAGS "-frtti ${CMAKE_CXX_FLAGS}" ) - else() - set( CMAKE_CXX_FLAGS "-fno-rtti ${CMAKE_CXX_FLAGS}" ) - endif() -endif() - -# configure exceptios -if( DEFINED ANDROID_EXCEPTIONS AND ANDROID_STL_FORCE_FEATURES ) - if( ANDROID_EXCEPTIONS ) - set( CMAKE_CXX_FLAGS "-fexceptions ${CMAKE_CXX_FLAGS}" ) - set( CMAKE_C_FLAGS "-fexceptions ${CMAKE_C_FLAGS}" ) - else() - set( CMAKE_CXX_FLAGS "-fno-exceptions ${CMAKE_CXX_FLAGS}" ) - set( CMAKE_C_FLAGS "-fno-exceptions ${CMAKE_C_FLAGS}" ) - endif() -endif() - -# global includes and link directories -include_directories( SYSTEM "${ANDROID_SYSROOT}/usr/include" ${ANDROID_STL_INCLUDE_DIRS} ) -get_filename_component(__android_install_path "${CMAKE_INSTALL_PREFIX}/libs/${ANDROID_NDK_ABI_NAME}" ABSOLUTE) # avoid CMP0015 policy warning -link_directories( "${__android_install_path}" ) - -# detect if need link crtbegin_so.o explicitly -if( NOT DEFINED ANDROID_EXPLICIT_CRT_LINK ) - set( __cmd "${CMAKE_CXX_CREATE_SHARED_LIBRARY}" ) - string( REPLACE "" "${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1}" __cmd "${__cmd}" ) - string( REPLACE "" "${CMAKE_C_COMPILER} ${CMAKE_C_COMPILER_ARG1}" __cmd "${__cmd}" ) - string( REPLACE "" "${CMAKE_CXX_FLAGS}" __cmd "${__cmd}" ) - string( REPLACE "" "" __cmd "${__cmd}" ) - string( REPLACE "" "${CMAKE_SHARED_LINKER_FLAGS}" __cmd "${__cmd}" ) - string( REPLACE "" "-shared" __cmd "${__cmd}" ) - string( REPLACE "" "" __cmd "${__cmd}" ) - string( REPLACE "" "" __cmd "${__cmd}" ) - string( REPLACE "" "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/toolchain_crtlink_test.so" __cmd "${__cmd}" ) - string( REPLACE "" "\"${ANDROID_SYSROOT}/usr/lib/crtbegin_so.o\"" __cmd "${__cmd}" ) - string( REPLACE "" "" __cmd "${__cmd}" ) - separate_arguments( __cmd ) - foreach( __var ANDROID_NDK ANDROID_NDK_TOOLCHAINS_PATH ANDROID_STANDALONE_TOOLCHAIN ) - if( ${__var} ) - set( __tmp "${${__var}}" ) - separate_arguments( __tmp ) - string( REPLACE "${__tmp}" "${${__var}}" __cmd "${__cmd}") - endif() - endforeach() - string( REPLACE "'" "" __cmd "${__cmd}" ) - string( REPLACE "\"" "" __cmd "${__cmd}" ) - execute_process( COMMAND ${__cmd} RESULT_VARIABLE __cmd_result OUTPUT_QUIET ERROR_QUIET ) - if( __cmd_result EQUAL 0 ) - set( ANDROID_EXPLICIT_CRT_LINK ON ) - else() - set( ANDROID_EXPLICIT_CRT_LINK OFF ) - endif() -endif() - -if( ANDROID_EXPLICIT_CRT_LINK ) - set( CMAKE_CXX_CREATE_SHARED_LIBRARY "${CMAKE_CXX_CREATE_SHARED_LIBRARY} \"${ANDROID_SYSROOT}/usr/lib/crtbegin_so.o\"" ) - set( CMAKE_CXX_CREATE_SHARED_MODULE "${CMAKE_CXX_CREATE_SHARED_MODULE} \"${ANDROID_SYSROOT}/usr/lib/crtbegin_so.o\"" ) -endif() - -# setup output directories -set( CMAKE_INSTALL_PREFIX "${ANDROID_TOOLCHAIN_ROOT}/user" CACHE STRING "path for installing" ) - -if( DEFINED LIBRARY_OUTPUT_PATH_ROOT - OR EXISTS "${CMAKE_SOURCE_DIR}/AndroidManifest.xml" - OR (EXISTS "${CMAKE_SOURCE_DIR}/../AndroidManifest.xml" AND EXISTS "${CMAKE_SOURCE_DIR}/../jni/") ) - set( LIBRARY_OUTPUT_PATH_ROOT ${CMAKE_SOURCE_DIR} CACHE PATH "Root for binaries output, set this to change where Android libs are installed to" ) - if( NOT _CMAKE_IN_TRY_COMPILE ) - if( EXISTS "${CMAKE_SOURCE_DIR}/jni/CMakeLists.txt" ) - set( EXECUTABLE_OUTPUT_PATH "${LIBRARY_OUTPUT_PATH_ROOT}/bin/${ANDROID_NDK_ABI_NAME}" CACHE PATH "Output directory for applications" ) - else() - set( EXECUTABLE_OUTPUT_PATH "${LIBRARY_OUTPUT_PATH_ROOT}/bin" CACHE PATH "Output directory for applications" ) - endif() - set( LIBRARY_OUTPUT_PATH "${LIBRARY_OUTPUT_PATH_ROOT}/libs/${ANDROID_NDK_ABI_NAME}" CACHE PATH "Output directory for Android libs" ) - endif() -endif() - -# copy shaed stl library to build directory -if( NOT _CMAKE_IN_TRY_COMPILE AND __libstl MATCHES "[.]so$" AND DEFINED LIBRARY_OUTPUT_PATH ) - get_filename_component( __libstlname "${__libstl}" NAME ) - execute_process( COMMAND "${CMAKE_COMMAND}" -E copy_if_different "${__libstl}" "${LIBRARY_OUTPUT_PATH}/${__libstlname}" RESULT_VARIABLE __fileCopyProcess ) - if( NOT __fileCopyProcess EQUAL 0 OR NOT EXISTS "${LIBRARY_OUTPUT_PATH}/${__libstlname}") - message( SEND_ERROR "Failed copying of ${__libstl} to the ${LIBRARY_OUTPUT_PATH}/${__libstlname}" ) - endif() - unset( __fileCopyProcess ) - unset( __libstlname ) -endif() - - -# set these global flags for cmake client scripts to change behavior -set( ANDROID True ) -set( BUILD_ANDROID True ) - -# where is the target environment -set( CMAKE_FIND_ROOT_PATH "${ANDROID_TOOLCHAIN_ROOT}/bin" "${ANDROID_TOOLCHAIN_ROOT}/${ANDROID_TOOLCHAIN_MACHINE_NAME}" "${ANDROID_SYSROOT}" "${CMAKE_INSTALL_PREFIX}" "${CMAKE_INSTALL_PREFIX}/share" ) - -# only search for libraries and includes in the ndk toolchain -set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM ONLY ) -set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY ) -set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY ) - - -# macro to find packages on the host OS -macro( find_host_package ) - set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER ) - set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY NEVER ) - set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE NEVER ) - if( CMAKE_HOST_WIN32 ) - SET( WIN32 1 ) - SET( UNIX ) - elseif( CMAKE_HOST_APPLE ) - SET( APPLE 1 ) - SET( UNIX ) - endif() - find_package( ${ARGN} ) - SET( WIN32 ) - SET( APPLE ) - SET( UNIX 1 ) - set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM ONLY ) - set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY ) - set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY ) -endmacro() - - -# macro to find programs on the host OS -macro( find_host_program ) - set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER ) - set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY NEVER ) - set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE NEVER ) - if( CMAKE_HOST_WIN32 ) - SET( WIN32 1 ) - SET( UNIX ) - elseif( CMAKE_HOST_APPLE ) - SET( APPLE 1 ) - SET( UNIX ) - endif() - find_program( ${ARGN} ) - SET( WIN32 ) - SET( APPLE ) - SET( UNIX 1 ) - set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM ONLY ) - set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY ) - set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY ) -endmacro() - - -# export toolchain settings for the try_compile() command -if( NOT _CMAKE_IN_TRY_COMPILE ) - set( __toolchain_config "") - foreach( __var NDK_CCACHE LIBRARY_OUTPUT_PATH_ROOT ANDROID_FORBID_SYGWIN - ANDROID_NDK_HOST_X64 - ANDROID_NDK - ANDROID_NDK_LAYOUT - ANDROID_STANDALONE_TOOLCHAIN - ANDROID_TOOLCHAIN_NAME - ANDROID_ABI - ANDROID_NATIVE_API_LEVEL - ANDROID_STL - ANDROID_STL_FORCE_FEATURES - ANDROID_FORCE_ARM_BUILD - ANDROID_NO_UNDEFINED - ANDROID_SO_UNDEFINED - ANDROID_FUNCTION_LEVEL_LINKING - ANDROID_GOLD_LINKER - ANDROID_NOEXECSTACK - ANDROID_RELRO - ANDROID_LIBM_PATH - ANDROID_EXPLICIT_CRT_LINK - ANDROID_APP_PIE - ) - if( DEFINED ${__var} ) - if( ${__var} MATCHES " ") - set( __toolchain_config "${__toolchain_config}set( ${__var} \"${${__var}}\" CACHE INTERNAL \"\" )\n" ) - else() - set( __toolchain_config "${__toolchain_config}set( ${__var} ${${__var}} CACHE INTERNAL \"\" )\n" ) - endif() - endif() - endforeach() - file( WRITE "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/android.toolchain.config.cmake" "${__toolchain_config}" ) - unset( __toolchain_config ) -endif() - - -# force cmake to produce / instead of \ in build commands for Ninja generator -if( CMAKE_GENERATOR MATCHES "Ninja" AND CMAKE_HOST_WIN32 ) - # it is a bad hack after all - # CMake generates Ninja makefiles with UNIX paths only if it thinks that we are going to build with MinGW - set( CMAKE_COMPILER_IS_MINGW TRUE ) # tell CMake that we are MinGW - set( CMAKE_CROSSCOMPILING TRUE ) # stop recursion - enable_language( C ) - enable_language( CXX ) - # unset( CMAKE_COMPILER_IS_MINGW ) # can't unset because CMake does not convert back-slashes in response files without it - unset( MINGW ) -endif() - - -# Variables controlling behavior or set by cmake toolchain: -# ANDROID_ABI : "armeabi-v7a" (default), "armeabi", "armeabi-v7a with NEON", "armeabi-v7a with VFPV3", "armeabi-v6 with VFP", "x86", "mips", "arm64-v8a", "x86_64", "mips64" -# ANDROID_NATIVE_API_LEVEL : 3,4,5,8,9,14,15,16,17,18,19,21 (depends on NDK version) -# ANDROID_STL : gnustl_static/gnustl_shared/stlport_static/stlport_shared/gabi++_static/gabi++_shared/system_re/system/none -# ANDROID_FORBID_SYGWIN : ON/OFF -# ANDROID_NO_UNDEFINED : ON/OFF -# ANDROID_SO_UNDEFINED : OFF/ON (default depends on NDK version) -# ANDROID_FUNCTION_LEVEL_LINKING : ON/OFF -# ANDROID_GOLD_LINKER : ON/OFF -# ANDROID_NOEXECSTACK : ON/OFF -# ANDROID_RELRO : ON/OFF -# ANDROID_FORCE_ARM_BUILD : ON/OFF -# ANDROID_STL_FORCE_FEATURES : ON/OFF -# ANDROID_LIBM_PATH : path to libm.so (set to something like $(TOP)/out/target/product//obj/lib/libm.so) to workaround unresolved `sincos` -# Can be set only at the first run: -# ANDROID_NDK : path to your NDK install -# NDK_CCACHE : path to your ccache executable -# ANDROID_TOOLCHAIN_NAME : the NDK name of compiler toolchain -# ANDROID_NDK_HOST_X64 : try to use x86_64 toolchain (default for x64 host systems) -# ANDROID_NDK_LAYOUT : the inner NDK structure (RELEASE, LINARO, ANDROID) -# LIBRARY_OUTPUT_PATH_ROOT : -# ANDROID_STANDALONE_TOOLCHAIN -# -# Primary read-only variables: -# ANDROID : always TRUE -# ARMEABI : TRUE for arm v6 and older devices -# ARMEABI_V6 : TRUE for arm v6 -# ARMEABI_V7A : TRUE for arm v7a -# ARM64_V8A : TRUE for arm64-v8a -# NEON : TRUE if NEON unit is enabled -# VFPV3 : TRUE if VFP version 3 is enabled -# X86 : TRUE if configured for x86 -# X86_64 : TRUE if configured for x86_64 -# MIPS : TRUE if configured for mips -# MIPS64 : TRUE if configured for mips64 -# BUILD_WITH_ANDROID_NDK : TRUE if NDK is used -# BUILD_WITH_STANDALONE_TOOLCHAIN : TRUE if standalone toolchain is used -# ANDROID_NDK_HOST_SYSTEM_NAME : "windows", "linux-x86" or "darwin-x86" depending on host platform -# ANDROID_NDK_ABI_NAME : "armeabi", "armeabi-v7a", "x86", "mips", "arm64-v8a", "x86_64", "mips64" depending on ANDROID_ABI -# ANDROID_NDK_RELEASE : from r5 to r10d; set only for NDK -# ANDROID_NDK_RELEASE_NUM : numeric ANDROID_NDK_RELEASE version (1000*major+minor) -# ANDROID_ARCH_NAME : "arm", "x86", "mips", "arm64", "x86_64", "mips64" depending on ANDROID_ABI -# ANDROID_SYSROOT : path to the compiler sysroot -# TOOL_OS_SUFFIX : "" or ".exe" depending on host platform -# ANDROID_COMPILER_IS_CLANG : TRUE if clang compiler is used -# -# Secondary (less stable) read-only variables: -# ANDROID_COMPILER_VERSION : GCC version used (not Clang version) -# ANDROID_CLANG_VERSION : version of clang compiler if clang is used -# ANDROID_CXX_FLAGS : C/C++ compiler flags required by Android platform -# ANDROID_SUPPORTED_ABIS : list of currently allowed values for ANDROID_ABI -# ANDROID_TOOLCHAIN_MACHINE_NAME : "arm-linux-androideabi", "arm-eabi" or "i686-android-linux" -# ANDROID_TOOLCHAIN_ROOT : path to the top level of toolchain (standalone or placed inside NDK) -# ANDROID_CLANG_TOOLCHAIN_ROOT : path to clang tools -# ANDROID_SUPPORTED_NATIVE_API_LEVELS : list of native API levels found inside NDK -# ANDROID_STL_INCLUDE_DIRS : stl include paths -# ANDROID_RTTI : if rtti is enabled by the runtime -# ANDROID_EXCEPTIONS : if exceptions are enabled by the runtime -# ANDROID_GCC_TOOLCHAIN_NAME : read-only, differs from ANDROID_TOOLCHAIN_NAME only if clang is used -# -# Defaults: -# ANDROID_DEFAULT_NDK_API_LEVEL -# ANDROID_DEFAULT_NDK_API_LEVEL_${ARCH} -# ANDROID_NDK_SEARCH_PATHS -# ANDROID_SUPPORTED_ABIS_${ARCH} -# ANDROID_SUPPORTED_NDK_VERSIONS diff --git a/src/third_party/android-cmake/ndk_links.md b/src/third_party/android-cmake/ndk_links.md deleted file mode 100644 index 6d93d61..0000000 --- a/src/third_party/android-cmake/ndk_links.md +++ /dev/null @@ -1,211 +0,0 @@ - -============== r1 ============== (dead links) - -* http://dl.google.com/android/ndk/android-ndk-1.5_r1-windows.zip -* http://dl.google.com/android/ndk/android-ndk-1.5_r1-darwin-x86.zip -* http://dl.google.com/android/ndk/android-ndk-1.5_r1-linux-x86.zip - -============== r2 ============== - -* http://dl.google.com/android/ndk/android-ndk-1.6_r1-windows.zip -* http://dl.google.com/android/ndk/android-ndk-1.6_r1-darwin-x86.zip -* http://dl.google.com/android/ndk/android-ndk-1.6_r1-linux-x86.zip - -============== r3 ============== - -* http://dl.google.com/android/ndk/android-ndk-r3-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r3-darwin-x86.zip -* http://dl.google.com/android/ndk/android-ndk-r3-linux-x86.zip - -============== r4 ============== - -* http://dl.google.com/android/ndk/android-ndk-r4-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r4-darwin-x86.zip -* http://dl.google.com/android/ndk/android-ndk-r4-linux-x86.zip - -============== r4b ============== - -* http://dl.google.com/android/ndk/android-ndk-r4b-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r4b-darwin-x86.zip -* http://dl.google.com/android/ndk/android-ndk-r4b-linux-x86.zip - -============== r5 ============== - -* http://dl.google.com/android/ndk/android-ndk-r5-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r5-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r5-linux-x86.tar.bz2 - -============== r5b ============== - -* http://dl.google.com/android/ndk/android-ndk-r5b-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r5b-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r5b-linux-x86.tar.bz2 - -============== r5c ============== - -* http://dl.google.com/android/ndk/android-ndk-r5c-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r5c-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r5c-linux-x86.tar.bz2 - -============== r6 ============== - -* http://dl.google.com/android/ndk/android-ndk-r6-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r6-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r6-linux-x86.tar.bz2 - -============== r6b ============== - -* http://dl.google.com/android/ndk/android-ndk-r6b-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r6b-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r6b-linux-x86.tar.bz2 - -============== r7 ============== - -* http://dl.google.com/android/ndk/android-ndk-r7-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r7-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r7-linux-x86.tar.bz2 - -============== r7b ============== - -* http://dl.google.com/android/ndk/android-ndk-r7b-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r7b-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r7b-linux-x86.tar.bz2 - -============== r7c ============== - -* http://dl.google.com/android/ndk/android-ndk-r7c-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r7c-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r7c-linux-x86.tar.bz2 - -============== r8 ============== - -* http://dl.google.com/android/ndk/android-ndk-r8-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r8-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r8-linux-x86.tar.bz2 - -============== r8b ============== - -* http://dl.google.com/android/ndk/android-ndk-r8b-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r8b-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r8b-linux-x86.tar.bz2 - -============== r8c ============== - -* http://dl.google.com/android/ndk/android-ndk-r8c-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r8c-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r8c-linux-x86.tar.bz2 - -============== r8d ============== - -* http://dl.google.com/android/ndk/android-ndk-r8d-windows.zip -* http://dl.google.com/android/ndk/android-ndk-r8d-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r8d-linux-x86.tar.bz2 - -============== r8e ============== - -* http://dl.google.com/android/ndk/android-ndk-r8e-windows-x86.zip -* http://dl.google.com/android/ndk/android-ndk-r8e-windows-x86_64.zip -* http://dl.google.com/android/ndk/android-ndk-r8e-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r8e-darwin-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r8e-linux-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r8e-linux-x86_64.tar.bz2 - -============== r9 ============== - -* http://dl.google.com/android/ndk/android-ndk-r9-windows-x86.zip -* http://dl.google.com/android/ndk/android-ndk-r9-windows-x86-legacy-toolchains.zip -* http://dl.google.com/android/ndk/android-ndk-r9-windows-x86_64.zip -* http://dl.google.com/android/ndk/android-ndk-r9-windows-x86_64-legacy-toolchains.zip -* http://dl.google.com/android/ndk/android-ndk-r9-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9-darwin-x86-legacy-toolchains.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9-darwin-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9-darwin-x86_64-legacy-toolchains.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9-linux-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9-linux-x86-legacy-toolchains.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9-linux-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9-linux-x86_64-legacy-toolchains.tar.bz2 - -============== r9b ============== - -* http://dl.google.com/android/ndk/android-ndk-r9b-windows-x86.zip -* http://dl.google.com/android/ndk/android-ndk-r9b-windows-x86-legacy-toolchains.zip -* http://dl.google.com/android/ndk/android-ndk-r9b-windows-x86_64.zip -* http://dl.google.com/android/ndk/android-ndk-r9b-windows-x86_64-legacy-toolchains.zip -* http://dl.google.com/android/ndk/android-ndk-r9b-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9b-darwin-x86-legacy-toolchains.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9b-darwin-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9b-darwin-x86_64-legacy-toolchains.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9b-linux-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9b-linux-x86-legacy-toolchains.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9b-linux-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9b-linux-x86_64-legacy-toolchains.tar.bz2 - -============== r9c ============== - -* http://dl.google.com/android/ndk/android-ndk-r9c-windows-x86.zip -* http://dl.google.com/android/ndk/android-ndk-r9c-windows-x86_64.zip -* http://dl.google.com/android/ndk/android-ndk-r9c-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9c-darwin-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9c-linux-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9c-linux-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9c-cxx-stl-libs-with-debugging-info.zip - -============== r9d ============== - -* http://dl.google.com/android/ndk/android-ndk-r9d-windows-x86.zip -* http://dl.google.com/android/ndk/android-ndk-r9d-windows-x86_64.zip -* http://dl.google.com/android/ndk/android-ndk-r9d-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9d-darwin-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9d-linux-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9d-linux-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r9d-cxx-stl-libs-with-debug-info.zip - -============== r10 ============== - -* http://dl.google.com/android/ndk/android-ndk32-r10-windows-x86.zip -* http://dl.google.com/android/ndk/android-ndk32-r10-windows-x86_64.zip -* http://dl.google.com/android/ndk/android-ndk32-r10-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk32-r10-darwin-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk32-r10-linux-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk32-r10-linux-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk64-r10-windows-x86.zip -* http://dl.google.com/android/ndk/android-ndk64-r10-windows-x86_64.zip -* http://dl.google.com/android/ndk/android-ndk64-r10-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk64-r10-darwin-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk64-r10-linux-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk64-r10-linux-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r10-cxx-stl-libs-with-debug-info.zip - -============== r10b ============== - -* http://dl.google.com/android/ndk/android-ndk32-r10b-windows-x86.zip -* http://dl.google.com/android/ndk/android-ndk32-r10b-windows-x86_64.zip -* http://dl.google.com/android/ndk/android-ndk32-r10b-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk32-r10b-darwin-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk32-r10b-linux-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk32-r10b-linux-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk64-r10b-windows-x86.zip -* http://dl.google.com/android/ndk/android-ndk64-r10b-windows-x86_64.zip -* http://dl.google.com/android/ndk/android-ndk64-r10b-darwin-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk64-r10b-darwin-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk64-r10b-linux-x86.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk64-r10b-linux-x86_64.tar.bz2 -* http://dl.google.com/android/ndk/android-ndk-r10b-cxx-stl-libs-with-debug-info.zip - -============== r10c ============== - -* http://dl.google.com/android/ndk/android-ndk-r10c-windows-x86.exe -* http://dl.google.com/android/ndk/android-ndk-r10c-windows-x86_64.exe -* http://dl.google.com/android/ndk/android-ndk-r10c-darwin-x86.bin -* http://dl.google.com/android/ndk/android-ndk-r10c-darwin-x86_64.bin -* http://dl.google.com/android/ndk/android-ndk-r10c-linux-x86.bin -* http://dl.google.com/android/ndk/android-ndk-r10c-linux-x86_64.bin - -============== r10d ============== - -* http://dl.google.com/android/ndk/android-ndk-r10d-windows-x86.exe -* http://dl.google.com/android/ndk/android-ndk-r10d-windows-x86_64.exe -* http://dl.google.com/android/ndk/android-ndk-r10d-darwin-x86.bin -* http://dl.google.com/android/ndk/android-ndk-r10d-darwin-x86_64.bin -* http://dl.google.com/android/ndk/android-ndk-r10d-linux-x86.bin -* http://dl.google.com/android/ndk/android-ndk-r10d-linux-x86_64.bin diff --git a/src/third_party/fiat/METADATA b/src/third_party/fiat/METADATA index 6cd1612..0e4012f 100644 --- a/src/third_party/fiat/METADATA +++ b/src/third_party/fiat/METADATA @@ -6,8 +6,8 @@ third_party { type: GIT value: "https://github.com/mit-plv/fiat-crypto" } - version: "6c4d4afb26de639718fcac39094353ca7feec365" - last_upgrade_date { year: 2017 month: 11 day: 3 } + version: "4441785fb44b88bb6943ddbf639d872c8c903281" + last_upgrade_date { year: 2019 month: 1 day: 16 } local_modifications: "Fiat-generated code has been integrated into existing BoringSSL code" } diff --git a/src/third_party/fiat/curve25519.c b/src/third_party/fiat/curve25519.c index 15623c6..564becb 100644 --- a/src/third_party/fiat/curve25519.c +++ b/src/third_party/fiat/curve25519.c @@ -45,8 +45,14 @@ // Various pre-computed constants. #include "./curve25519_tables.h" +#if defined(BORINGSSL_CURVE25519_64BIT) +#include "./curve25519_64.h" +#else +#include "./curve25519_32.h" +#endif // BORINGSSL_CURVE25519_64BIT -// Low-level intrinsic operations (hand-written). + +// Low-level intrinsic operations static uint64_t load_3(const uint8_t *in) { uint64_t result; @@ -65,706 +71,111 @@ static uint64_t load_4(const uint8_t *in) { return result; } -#if defined(BORINGSSL_CURVE25519_64BIT) -static uint64_t load_8(const uint8_t *in) { - uint64_t result; - result = (uint64_t)in[0]; - result |= ((uint64_t)in[1]) << 8; - result |= ((uint64_t)in[2]) << 16; - result |= ((uint64_t)in[3]) << 24; - result |= ((uint64_t)in[4]) << 32; - result |= ((uint64_t)in[5]) << 40; - result |= ((uint64_t)in[6]) << 48; - result |= ((uint64_t)in[7]) << 56; - return result; -} - -static uint8_t /*bool*/ addcarryx_u51(uint8_t /*bool*/ c, uint64_t a, - uint64_t b, uint64_t *low) { - // This function extracts 51 bits of result and 1 bit of carry (52 total), so - // a 64-bit intermediate is sufficient. - uint64_t x = a + b + c; - *low = x & ((UINT64_C(1) << 51) - 1); - return (x >> 51) & 1; -} - -static uint8_t /*bool*/ subborrow_u51(uint8_t /*bool*/ c, uint64_t a, - uint64_t b, uint64_t *low) { - // This function extracts 51 bits of result and 1 bit of borrow (52 total), so - // a 64-bit intermediate is sufficient. - uint64_t x = a - b - c; - *low = x & ((UINT64_C(1) << 51) - 1); - return x >> 63; -} - -static uint64_t cmovznz64(uint64_t t, uint64_t z, uint64_t nz) { - t = -!!t; // all set if nonzero, 0 if 0 - return (t&nz) | ((~t)&z); -} - -#else - -static uint8_t /*bool*/ addcarryx_u25(uint8_t /*bool*/ c, uint32_t a, - uint32_t b, uint32_t *low) { - // This function extracts 25 bits of result and 1 bit of carry (26 total), so - // a 32-bit intermediate is sufficient. - uint32_t x = a + b + c; - *low = x & ((1 << 25) - 1); - return (x >> 25) & 1; -} - -static uint8_t /*bool*/ addcarryx_u26(uint8_t /*bool*/ c, uint32_t a, - uint32_t b, uint32_t *low) { - // This function extracts 26 bits of result and 1 bit of carry (27 total), so - // a 32-bit intermediate is sufficient. - uint32_t x = a + b + c; - *low = x & ((1 << 26) - 1); - return (x >> 26) & 1; -} - -static uint8_t /*bool*/ subborrow_u25(uint8_t /*bool*/ c, uint32_t a, - uint32_t b, uint32_t *low) { - // This function extracts 25 bits of result and 1 bit of borrow (26 total), so - // a 32-bit intermediate is sufficient. - uint32_t x = a - b - c; - *low = x & ((1 << 25) - 1); - return x >> 31; -} - -static uint8_t /*bool*/ subborrow_u26(uint8_t /*bool*/ c, uint32_t a, - uint32_t b, uint32_t *low) { - // This function extracts 26 bits of result and 1 bit of borrow (27 total), so - // a 32-bit intermediate is sufficient. - uint32_t x = a - b - c; - *low = x & ((1 << 26) - 1); - return x >> 31; -} - -static uint32_t cmovznz32(uint32_t t, uint32_t z, uint32_t nz) { - t = -!!t; // all set if nonzero, 0 if 0 - return (t&nz) | ((~t)&z); -} - -#endif - // Field operations. #if defined(BORINGSSL_CURVE25519_64BIT) -#define assert_fe(f) do { \ - for (unsigned _assert_fe_i = 0; _assert_fe_i< 5; _assert_fe_i++) { \ - assert(f[_assert_fe_i] < 1.125*(UINT64_C(1)<<51)); \ - } \ -} while (0) - -#define assert_fe_loose(f) do { \ - for (unsigned _assert_fe_i = 0; _assert_fe_i< 5; _assert_fe_i++) { \ - assert(f[_assert_fe_i] < 3.375*(UINT64_C(1)<<51)); \ - } \ -} while (0) - -#define assert_fe_frozen(f) do { \ - for (unsigned _assert_fe_i = 0; _assert_fe_i< 5; _assert_fe_i++) { \ - assert(f[_assert_fe_i] < (UINT64_C(1)<<51)); \ - } \ -} while (0) - -static void fe_frombytes_impl(uint64_t h[5], const uint8_t *s) { - // Ignores top bit of s. - uint64_t a0 = load_8(s); - uint64_t a1 = load_8(s+8); - uint64_t a2 = load_8(s+16); - uint64_t a3 = load_8(s+24); - // Use 51 bits, 64-51 = 13 left. - h[0] = a0 & ((UINT64_C(1) << 51) - 1); - // (64-51) + 38 = 13 + 38 = 51 - h[1] = (a0 >> 51) | ((a1 & ((UINT64_C(1) << 38) - 1)) << 13); - // (64-38) + 25 = 26 + 25 = 51 - h[2] = (a1 >> 38) | ((a2 & ((UINT64_C(1) << 25) - 1)) << 26); - // (64-25) + 12 = 39 + 12 = 51 - h[3] = (a2 >> 25) | ((a3 & ((UINT64_C(1) << 12) - 1)) << 39); - // (64-12) = 52, ignore top bit - h[4] = (a3 >> 12) & ((UINT64_C(1) << 51) - 1); - assert_fe(h); -} - -static void fe_frombytes(fe *h, const uint8_t *s) { - fe_frombytes_impl(h->v, s); -} - -static void fe_freeze(uint64_t out[5], const uint64_t in1[5]) { - { const uint64_t x7 = in1[4]; - { const uint64_t x8 = in1[3]; - { const uint64_t x6 = in1[2]; - { const uint64_t x4 = in1[1]; - { const uint64_t x2 = in1[0]; - { uint64_t x10; uint8_t/*bool*/ x11 = subborrow_u51(0x0, x2, 0x7ffffffffffed, &x10); - { uint64_t x13; uint8_t/*bool*/ x14 = subborrow_u51(x11, x4, 0x7ffffffffffff, &x13); - { uint64_t x16; uint8_t/*bool*/ x17 = subborrow_u51(x14, x6, 0x7ffffffffffff, &x16); - { uint64_t x19; uint8_t/*bool*/ x20 = subborrow_u51(x17, x8, 0x7ffffffffffff, &x19); - { uint64_t x22; uint8_t/*bool*/ x23 = subborrow_u51(x20, x7, 0x7ffffffffffff, &x22); - { uint64_t x24 = cmovznz64(x23, 0x0, 0xffffffffffffffffL); - { uint64_t x25 = (x24 & 0x7ffffffffffed); - { uint64_t x27; uint8_t/*bool*/ x28 = addcarryx_u51(0x0, x10, x25, &x27); - { uint64_t x29 = (x24 & 0x7ffffffffffff); - { uint64_t x31; uint8_t/*bool*/ x32 = addcarryx_u51(x28, x13, x29, &x31); - { uint64_t x33 = (x24 & 0x7ffffffffffff); - { uint64_t x35; uint8_t/*bool*/ x36 = addcarryx_u51(x32, x16, x33, &x35); - { uint64_t x37 = (x24 & 0x7ffffffffffff); - { uint64_t x39; uint8_t/*bool*/ x40 = addcarryx_u51(x36, x19, x37, &x39); - { uint64_t x41 = (x24 & 0x7ffffffffffff); - { uint64_t x43; addcarryx_u51(x40, x22, x41, &x43); - out[0] = x27; - out[1] = x31; - out[2] = x35; - out[3] = x39; - out[4] = x43; - }}}}}}}}}}}}}}}}}}}}} -} - -static void fe_tobytes(uint8_t s[32], const fe *f) { - assert_fe(f->v); - uint64_t h[5]; - fe_freeze(h, f->v); - assert_fe_frozen(h); - - s[0] = h[0] >> 0; - s[1] = h[0] >> 8; - s[2] = h[0] >> 16; - s[3] = h[0] >> 24; - s[4] = h[0] >> 32; - s[5] = h[0] >> 40; - s[6] = (h[0] >> 48) | (h[1] << 3); - s[7] = h[1] >> 5; - s[8] = h[1] >> 13; - s[9] = h[1] >> 21; - s[10] = h[1] >> 29; - s[11] = h[1] >> 37; - s[12] = (h[1] >> 45) | (h[2] << 6); - s[13] = h[2] >> 2; - s[14] = h[2] >> 10; - s[15] = h[2] >> 18; - s[16] = h[2] >> 26; - s[17] = h[2] >> 34; - s[18] = h[2] >> 42; - s[19] = (h[2] >> 50) | (h[3] << 1); - s[20] = h[3] >> 7; - s[21] = h[3] >> 15; - s[22] = h[3] >> 23; - s[23] = h[3] >> 31; - s[24] = h[3] >> 39; - s[25] = (h[3] >> 47) | (h[4] << 4); - s[26] = h[4] >> 4; - s[27] = h[4] >> 12; - s[28] = h[4] >> 20; - s[29] = h[4] >> 28; - s[30] = h[4] >> 36; - s[31] = h[4] >> 44; -} - -// h = 0 -static void fe_0(fe *h) { - OPENSSL_memset(h, 0, sizeof(fe)); -} - -static void fe_loose_0(fe_loose *h) { - OPENSSL_memset(h, 0, sizeof(fe_loose)); -} +typedef uint64_t fe_limb_t; +#define FE_NUM_LIMBS 5 -// h = 1 -static void fe_1(fe *h) { - OPENSSL_memset(h, 0, sizeof(fe)); - h->v[0] = 1; -} - -static void fe_loose_1(fe_loose *h) { - OPENSSL_memset(h, 0, sizeof(fe_loose)); - h->v[0] = 1; -} - -static void fe_add_impl(uint64_t out[5], const uint64_t in1[5], const uint64_t in2[5]) { - { const uint64_t x10 = in1[4]; - { const uint64_t x11 = in1[3]; - { const uint64_t x9 = in1[2]; - { const uint64_t x7 = in1[1]; - { const uint64_t x5 = in1[0]; - { const uint64_t x18 = in2[4]; - { const uint64_t x19 = in2[3]; - { const uint64_t x17 = in2[2]; - { const uint64_t x15 = in2[1]; - { const uint64_t x13 = in2[0]; - out[0] = (x5 + x13); - out[1] = (x7 + x15); - out[2] = (x9 + x17); - out[3] = (x11 + x19); - out[4] = (x10 + x18); - }}}}}}}}}} -} - -// h = f + g -// Can overlap h with f or g. -static void fe_add(fe_loose *h, const fe *f, const fe *g) { - assert_fe(f->v); - assert_fe(g->v); - fe_add_impl(h->v, f->v, g->v); - assert_fe_loose(h->v); -} - -static void fe_sub_impl(uint64_t out[5], const uint64_t in1[5], const uint64_t in2[5]) { - { const uint64_t x10 = in1[4]; - { const uint64_t x11 = in1[3]; - { const uint64_t x9 = in1[2]; - { const uint64_t x7 = in1[1]; - { const uint64_t x5 = in1[0]; - { const uint64_t x18 = in2[4]; - { const uint64_t x19 = in2[3]; - { const uint64_t x17 = in2[2]; - { const uint64_t x15 = in2[1]; - { const uint64_t x13 = in2[0]; - out[0] = ((0xfffffffffffda + x5) - x13); - out[1] = ((0xffffffffffffe + x7) - x15); - out[2] = ((0xffffffffffffe + x9) - x17); - out[3] = ((0xffffffffffffe + x11) - x19); - out[4] = ((0xffffffffffffe + x10) - x18); - }}}}}}}}}} -} - -// h = f - g -// Can overlap h with f or g. -static void fe_sub(fe_loose *h, const fe *f, const fe *g) { - assert_fe(f->v); - assert_fe(g->v); - fe_sub_impl(h->v, f->v, g->v); - assert_fe_loose(h->v); -} - -static void fe_carry_impl(uint64_t out[5], const uint64_t in1[5]) { - { const uint64_t x7 = in1[4]; - { const uint64_t x8 = in1[3]; - { const uint64_t x6 = in1[2]; - { const uint64_t x4 = in1[1]; - { const uint64_t x2 = in1[0]; - { uint64_t x9 = (x2 >> 0x33); - { uint64_t x10 = (x2 & 0x7ffffffffffff); - { uint64_t x11 = (x9 + x4); - { uint64_t x12 = (x11 >> 0x33); - { uint64_t x13 = (x11 & 0x7ffffffffffff); - { uint64_t x14 = (x12 + x6); - { uint64_t x15 = (x14 >> 0x33); - { uint64_t x16 = (x14 & 0x7ffffffffffff); - { uint64_t x17 = (x15 + x8); - { uint64_t x18 = (x17 >> 0x33); - { uint64_t x19 = (x17 & 0x7ffffffffffff); - { uint64_t x20 = (x18 + x7); - { uint64_t x21 = (x20 >> 0x33); - { uint64_t x22 = (x20 & 0x7ffffffffffff); - { uint64_t x23 = (x10 + (0x13 * x21)); - { uint64_t x24 = (x23 >> 0x33); - { uint64_t x25 = (x23 & 0x7ffffffffffff); - { uint64_t x26 = (x24 + x13); - { uint64_t x27 = (x26 >> 0x33); - { uint64_t x28 = (x26 & 0x7ffffffffffff); - out[0] = x25; - out[1] = x28; - out[2] = (x27 + x16); - out[3] = x19; - out[4] = x22; - }}}}}}}}}}}}}}}}}}}}}}}}} -} - -static void fe_carry(fe *h, const fe_loose* f) { - assert_fe_loose(f->v); - fe_carry_impl(h->v, f->v); - assert_fe(h->v); -} - -static void fe_mul_impl(uint64_t out[5], const uint64_t in1[5], const uint64_t in2[5]) { - assert_fe_loose(in1); - assert_fe_loose(in2); - { const uint64_t x10 = in1[4]; - { const uint64_t x11 = in1[3]; - { const uint64_t x9 = in1[2]; - { const uint64_t x7 = in1[1]; - { const uint64_t x5 = in1[0]; - { const uint64_t x18 = in2[4]; - { const uint64_t x19 = in2[3]; - { const uint64_t x17 = in2[2]; - { const uint64_t x15 = in2[1]; - { const uint64_t x13 = in2[0]; - { uint128_t x20 = ((uint128_t)x5 * x13); - { uint128_t x21 = (((uint128_t)x5 * x15) + ((uint128_t)x7 * x13)); - { uint128_t x22 = ((((uint128_t)x5 * x17) + ((uint128_t)x9 * x13)) + ((uint128_t)x7 * x15)); - { uint128_t x23 = (((((uint128_t)x5 * x19) + ((uint128_t)x11 * x13)) + ((uint128_t)x7 * x17)) + ((uint128_t)x9 * x15)); - { uint128_t x24 = ((((((uint128_t)x5 * x18) + ((uint128_t)x10 * x13)) + ((uint128_t)x11 * x15)) + ((uint128_t)x7 * x19)) + ((uint128_t)x9 * x17)); - { uint64_t x25 = (x10 * 0x13); - { uint64_t x26 = (x7 * 0x13); - { uint64_t x27 = (x9 * 0x13); - { uint64_t x28 = (x11 * 0x13); - { uint128_t x29 = ((((x20 + ((uint128_t)x25 * x15)) + ((uint128_t)x26 * x18)) + ((uint128_t)x27 * x19)) + ((uint128_t)x28 * x17)); - { uint128_t x30 = (((x21 + ((uint128_t)x25 * x17)) + ((uint128_t)x27 * x18)) + ((uint128_t)x28 * x19)); - { uint128_t x31 = ((x22 + ((uint128_t)x25 * x19)) + ((uint128_t)x28 * x18)); - { uint128_t x32 = (x23 + ((uint128_t)x25 * x18)); - { uint64_t x33 = (uint64_t) (x29 >> 0x33); - { uint64_t x34 = ((uint64_t)x29 & 0x7ffffffffffff); - { uint128_t x35 = (x33 + x30); - { uint64_t x36 = (uint64_t) (x35 >> 0x33); - { uint64_t x37 = ((uint64_t)x35 & 0x7ffffffffffff); - { uint128_t x38 = (x36 + x31); - { uint64_t x39 = (uint64_t) (x38 >> 0x33); - { uint64_t x40 = ((uint64_t)x38 & 0x7ffffffffffff); - { uint128_t x41 = (x39 + x32); - { uint64_t x42 = (uint64_t) (x41 >> 0x33); - { uint64_t x43 = ((uint64_t)x41 & 0x7ffffffffffff); - { uint128_t x44 = (x42 + x24); - { uint64_t x45 = (uint64_t) (x44 >> 0x33); - { uint64_t x46 = ((uint64_t)x44 & 0x7ffffffffffff); - { uint64_t x47 = (x34 + (0x13 * x45)); - { uint64_t x48 = (x47 >> 0x33); - { uint64_t x49 = (x47 & 0x7ffffffffffff); - { uint64_t x50 = (x48 + x37); - { uint64_t x51 = (x50 >> 0x33); - { uint64_t x52 = (x50 & 0x7ffffffffffff); - out[0] = x49; - out[1] = x52; - out[2] = (x51 + x40); - out[3] = x43; - out[4] = x46; - }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} - assert_fe(out); -} - -static void fe_mul_ltt(fe_loose *h, const fe *f, const fe *g) { - fe_mul_impl(h->v, f->v, g->v); -} - -static void fe_mul_llt(fe_loose *h, const fe_loose *f, const fe *g) { - fe_mul_impl(h->v, f->v, g->v); -} - -static void fe_mul_ttt(fe *h, const fe *f, const fe *g) { - fe_mul_impl(h->v, f->v, g->v); -} - -static void fe_mul_tlt(fe *h, const fe_loose *f, const fe *g) { - fe_mul_impl(h->v, f->v, g->v); -} - -static void fe_mul_ttl(fe *h, const fe *f, const fe_loose *g) { - fe_mul_impl(h->v, f->v, g->v); -} - -static void fe_mul_tll(fe *h, const fe_loose *f, const fe_loose *g) { - fe_mul_impl(h->v, f->v, g->v); -} - -static void fe_sqr_impl(uint64_t out[5], const uint64_t in1[5]) { - assert_fe_loose(in1); - { const uint64_t x7 = in1[4]; - { const uint64_t x8 = in1[3]; - { const uint64_t x6 = in1[2]; - { const uint64_t x4 = in1[1]; - { const uint64_t x2 = in1[0]; - { uint64_t x9 = (x2 * 0x2); - { uint64_t x10 = (x4 * 0x2); - { uint64_t x11 = ((x6 * 0x2) * 0x13); - { uint64_t x12 = (x7 * 0x13); - { uint64_t x13 = (x12 * 0x2); - { uint128_t x14 = ((((uint128_t)x2 * x2) + ((uint128_t)x13 * x4)) + ((uint128_t)x11 * x8)); - { uint128_t x15 = ((((uint128_t)x9 * x4) + ((uint128_t)x13 * x6)) + ((uint128_t)x8 * (x8 * 0x13))); - { uint128_t x16 = ((((uint128_t)x9 * x6) + ((uint128_t)x4 * x4)) + ((uint128_t)x13 * x8)); - { uint128_t x17 = ((((uint128_t)x9 * x8) + ((uint128_t)x10 * x6)) + ((uint128_t)x7 * x12)); - { uint128_t x18 = ((((uint128_t)x9 * x7) + ((uint128_t)x10 * x8)) + ((uint128_t)x6 * x6)); - { uint64_t x19 = (uint64_t) (x14 >> 0x33); - { uint64_t x20 = ((uint64_t)x14 & 0x7ffffffffffff); - { uint128_t x21 = (x19 + x15); - { uint64_t x22 = (uint64_t) (x21 >> 0x33); - { uint64_t x23 = ((uint64_t)x21 & 0x7ffffffffffff); - { uint128_t x24 = (x22 + x16); - { uint64_t x25 = (uint64_t) (x24 >> 0x33); - { uint64_t x26 = ((uint64_t)x24 & 0x7ffffffffffff); - { uint128_t x27 = (x25 + x17); - { uint64_t x28 = (uint64_t) (x27 >> 0x33); - { uint64_t x29 = ((uint64_t)x27 & 0x7ffffffffffff); - { uint128_t x30 = (x28 + x18); - { uint64_t x31 = (uint64_t) (x30 >> 0x33); - { uint64_t x32 = ((uint64_t)x30 & 0x7ffffffffffff); - { uint64_t x33 = (x20 + (0x13 * x31)); - { uint64_t x34 = (x33 >> 0x33); - { uint64_t x35 = (x33 & 0x7ffffffffffff); - { uint64_t x36 = (x34 + x23); - { uint64_t x37 = (x36 >> 0x33); - { uint64_t x38 = (x36 & 0x7ffffffffffff); - out[0] = x35; - out[1] = x38; - out[2] = (x37 + x26); - out[3] = x29; - out[4] = x32; - }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} - assert_fe(out); -} +// assert_fe asserts that |f| satisfies bounds: +// +// [[0x0 ~> 0x8cccccccccccc], +// [0x0 ~> 0x8cccccccccccc], +// [0x0 ~> 0x8cccccccccccc], +// [0x0 ~> 0x8cccccccccccc], +// [0x0 ~> 0x8cccccccccccc]] +// +// See comments in curve25519_64.h for which functions use these bounds for +// inputs or outputs. +#define assert_fe(f) \ + do { \ + for (unsigned _assert_fe_i = 0; _assert_fe_i < 5; _assert_fe_i++) { \ + assert(f[_assert_fe_i] <= UINT64_C(0x8cccccccccccc)); \ + } \ + } while (0) + +// assert_fe_loose asserts that |f| satisfies bounds: +// +// [[0x0 ~> 0x1a666666666664], +// [0x0 ~> 0x1a666666666664], +// [0x0 ~> 0x1a666666666664], +// [0x0 ~> 0x1a666666666664], +// [0x0 ~> 0x1a666666666664]] +// +// See comments in curve25519_64.h for which functions use these bounds for +// inputs or outputs. +#define assert_fe_loose(f) \ + do { \ + for (unsigned _assert_fe_i = 0; _assert_fe_i < 5; _assert_fe_i++) { \ + assert(f[_assert_fe_i] <= UINT64_C(0x1a666666666664)); \ + } \ + } while (0) -static void fe_sq_tl(fe *h, const fe_loose *f) { - fe_sqr_impl(h->v, f->v); -} +#else -static void fe_sq_tt(fe *h, const fe *f) { - fe_sqr_impl(h->v, f->v); -} +typedef uint32_t fe_limb_t; +#define FE_NUM_LIMBS 10 -// Replace (f,g) with (g,f) if b == 1; -// replace (f,g) with (f,g) if b == 0. +// assert_fe asserts that |f| satisfies bounds: // -// Preconditions: b in {0,1}. -static void fe_cswap(fe *f, fe *g, uint64_t b) { - b = 0-b; - for (unsigned i = 0; i < 5; i++) { - uint64_t x = f->v[i] ^ g->v[i]; - x &= b; - f->v[i] ^= x; - g->v[i] ^= x; - } -} - -// NOTE: based on fiat-crypto fe_mul, edited for in2=121666, 0, 0.. -static void fe_mul_121666_impl(uint64_t out[5], const uint64_t in1[5]) { - { const uint64_t x10 = in1[4]; - { const uint64_t x11 = in1[3]; - { const uint64_t x9 = in1[2]; - { const uint64_t x7 = in1[1]; - { const uint64_t x5 = in1[0]; - { const uint64_t x18 = 0; - { const uint64_t x19 = 0; - { const uint64_t x17 = 0; - { const uint64_t x15 = 0; - { const uint64_t x13 = 121666; - { uint128_t x20 = ((uint128_t)x5 * x13); - { uint128_t x21 = (((uint128_t)x5 * x15) + ((uint128_t)x7 * x13)); - { uint128_t x22 = ((((uint128_t)x5 * x17) + ((uint128_t)x9 * x13)) + ((uint128_t)x7 * x15)); - { uint128_t x23 = (((((uint128_t)x5 * x19) + ((uint128_t)x11 * x13)) + ((uint128_t)x7 * x17)) + ((uint128_t)x9 * x15)); - { uint128_t x24 = ((((((uint128_t)x5 * x18) + ((uint128_t)x10 * x13)) + ((uint128_t)x11 * x15)) + ((uint128_t)x7 * x19)) + ((uint128_t)x9 * x17)); - { uint64_t x25 = (x10 * 0x13); - { uint64_t x26 = (x7 * 0x13); - { uint64_t x27 = (x9 * 0x13); - { uint64_t x28 = (x11 * 0x13); - { uint128_t x29 = ((((x20 + ((uint128_t)x25 * x15)) + ((uint128_t)x26 * x18)) + ((uint128_t)x27 * x19)) + ((uint128_t)x28 * x17)); - { uint128_t x30 = (((x21 + ((uint128_t)x25 * x17)) + ((uint128_t)x27 * x18)) + ((uint128_t)x28 * x19)); - { uint128_t x31 = ((x22 + ((uint128_t)x25 * x19)) + ((uint128_t)x28 * x18)); - { uint128_t x32 = (x23 + ((uint128_t)x25 * x18)); - { uint64_t x33 = (uint64_t) (x29 >> 0x33); - { uint64_t x34 = ((uint64_t)x29 & 0x7ffffffffffff); - { uint128_t x35 = (x33 + x30); - { uint64_t x36 = (uint64_t) (x35 >> 0x33); - { uint64_t x37 = ((uint64_t)x35 & 0x7ffffffffffff); - { uint128_t x38 = (x36 + x31); - { uint64_t x39 = (uint64_t) (x38 >> 0x33); - { uint64_t x40 = ((uint64_t)x38 & 0x7ffffffffffff); - { uint128_t x41 = (x39 + x32); - { uint64_t x42 = (uint64_t) (x41 >> 0x33); - { uint64_t x43 = ((uint64_t)x41 & 0x7ffffffffffff); - { uint128_t x44 = (x42 + x24); - { uint64_t x45 = (uint64_t) (x44 >> 0x33); - { uint64_t x46 = ((uint64_t)x44 & 0x7ffffffffffff); - { uint64_t x47 = (x34 + (0x13 * x45)); - { uint64_t x48 = (x47 >> 0x33); - { uint64_t x49 = (x47 & 0x7ffffffffffff); - { uint64_t x50 = (x48 + x37); - { uint64_t x51 = (x50 >> 0x33); - { uint64_t x52 = (x50 & 0x7ffffffffffff); - out[0] = x49; - out[1] = x52; - out[2] = (x51 + x40); - out[3] = x43; - out[4] = x46; - }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} -} - -static void fe_mul121666(fe *h, const fe_loose *f) { - assert_fe_loose(f->v); - fe_mul_121666_impl(h->v, f->v); - assert_fe(h->v); -} +// [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], +// [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], +// [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], +// [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], +// [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] +// +// See comments in curve25519_32.h for which functions use these bounds for +// inputs or outputs. +#define assert_fe(f) \ + do { \ + for (unsigned _assert_fe_i = 0; _assert_fe_i < 10; _assert_fe_i++) { \ + assert(f[_assert_fe_i] <= \ + ((_assert_fe_i & 1) ? 0x2333333u : 0x4666666u)); \ + } \ + } while (0) + +// assert_fe_loose asserts that |f| satisfies bounds: +// +// [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], +// [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], +// [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], +// [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], +// [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]] +// +// See comments in curve25519_32.h for which functions use these bounds for +// inputs or outputs. +#define assert_fe_loose(f) \ + do { \ + for (unsigned _assert_fe_i = 0; _assert_fe_i < 10; _assert_fe_i++) { \ + assert(f[_assert_fe_i] <= \ + ((_assert_fe_i & 1) ? 0x6999999u : 0xd333332u)); \ + } \ + } while (0) -// Adapted from Fiat-synthesized |fe_sub_impl| with |out| = 0. -static void fe_neg_impl(uint64_t out[5], const uint64_t in2[5]) { - { const uint64_t x10 = 0; - { const uint64_t x11 = 0; - { const uint64_t x9 = 0; - { const uint64_t x7 = 0; - { const uint64_t x5 = 0; - { const uint64_t x18 = in2[4]; - { const uint64_t x19 = in2[3]; - { const uint64_t x17 = in2[2]; - { const uint64_t x15 = in2[1]; - { const uint64_t x13 = in2[0]; - out[0] = ((0xfffffffffffda + x5) - x13); - out[1] = ((0xffffffffffffe + x7) - x15); - out[2] = ((0xffffffffffffe + x9) - x17); - out[3] = ((0xffffffffffffe + x11) - x19); - out[4] = ((0xffffffffffffe + x10) - x18); - }}}}}}}}}} -} +#endif // BORINGSSL_CURVE25519_64BIT -// h = -f -static void fe_neg(fe_loose *h, const fe *f) { - assert_fe(f->v); - fe_neg_impl(h->v, f->v); - assert_fe_loose(h->v); -} +OPENSSL_STATIC_ASSERT(sizeof(fe) == sizeof(fe_limb_t) * FE_NUM_LIMBS, + "fe_limb_t[FE_NUM_LIMBS] is inconsistent with fe"); -// Replace (f,g) with (g,g) if b == 1; -// replace (f,g) with (f,g) if b == 0. -// -// Preconditions: b in {0,1}. -static void fe_cmov(fe_loose *f, const fe_loose *g, uint64_t b) { - b = 0-b; - for (unsigned i = 0; i < 5; i++) { - uint64_t x = f->v[i] ^ g->v[i]; - x &= b; - f->v[i] ^= x; - } +static void fe_frombytes_strict(fe *h, const uint8_t s[32]) { + // |fiat_25519_from_bytes| requires the top-most bit be clear. + assert((s[31] & 0x80) == 0); + fiat_25519_from_bytes(h->v, s); + assert_fe(h->v); } -#else - -#define assert_fe(f) do { \ - for (unsigned _assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \ - assert(f[_assert_fe_i] < 1.125*(1<<(26-(_assert_fe_i&1)))); \ - } \ -} while (0) - -#define assert_fe_loose(f) do { \ - for (unsigned _assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \ - assert(f[_assert_fe_i] < 3.375*(1<<(26-(_assert_fe_i&1)))); \ - } \ -} while (0) - -#define assert_fe_frozen(f) do { \ - for (unsigned _assert_fe_i = 0; _assert_fe_i< 10; _assert_fe_i++) { \ - assert(f[_assert_fe_i] < (1u<<(26-(_assert_fe_i&1)))); \ - } \ -} while (0) - -static void fe_frombytes_impl(uint32_t h[10], const uint8_t *s) { - // Ignores top bit of s. - uint32_t a0 = load_4(s); - uint32_t a1 = load_4(s+4); - uint32_t a2 = load_4(s+8); - uint32_t a3 = load_4(s+12); - uint32_t a4 = load_4(s+16); - uint32_t a5 = load_4(s+20); - uint32_t a6 = load_4(s+24); - uint32_t a7 = load_4(s+28); - h[0] = a0&((1<<26)-1); // 26 used, 32-26 left. 26 - h[1] = (a0>>26) | ((a1&((1<<19)-1))<< 6); // (32-26) + 19 = 6+19 = 25 - h[2] = (a1>>19) | ((a2&((1<<13)-1))<<13); // (32-19) + 13 = 13+13 = 26 - h[3] = (a2>>13) | ((a3&((1<< 6)-1))<<19); // (32-13) + 6 = 19+ 6 = 25 - h[4] = (a3>> 6); // (32- 6) = 26 - h[5] = a4&((1<<25)-1); // 25 - h[6] = (a4>>25) | ((a5&((1<<19)-1))<< 7); // (32-25) + 19 = 7+19 = 26 - h[7] = (a5>>19) | ((a6&((1<<12)-1))<<13); // (32-19) + 12 = 13+12 = 25 - h[8] = (a6>>12) | ((a7&((1<< 6)-1))<<20); // (32-12) + 6 = 20+ 6 = 26 - h[9] = (a7>> 6)&((1<<25)-1); // 25 - assert_fe(h); -} - -static void fe_frombytes(fe *h, const uint8_t *s) { - fe_frombytes_impl(h->v, s); -} - -static void fe_freeze(uint32_t out[10], const uint32_t in1[10]) { - { const uint32_t x17 = in1[9]; - { const uint32_t x18 = in1[8]; - { const uint32_t x16 = in1[7]; - { const uint32_t x14 = in1[6]; - { const uint32_t x12 = in1[5]; - { const uint32_t x10 = in1[4]; - { const uint32_t x8 = in1[3]; - { const uint32_t x6 = in1[2]; - { const uint32_t x4 = in1[1]; - { const uint32_t x2 = in1[0]; - { uint32_t x20; uint8_t/*bool*/ x21 = subborrow_u26(0x0, x2, 0x3ffffed, &x20); - { uint32_t x23; uint8_t/*bool*/ x24 = subborrow_u25(x21, x4, 0x1ffffff, &x23); - { uint32_t x26; uint8_t/*bool*/ x27 = subborrow_u26(x24, x6, 0x3ffffff, &x26); - { uint32_t x29; uint8_t/*bool*/ x30 = subborrow_u25(x27, x8, 0x1ffffff, &x29); - { uint32_t x32; uint8_t/*bool*/ x33 = subborrow_u26(x30, x10, 0x3ffffff, &x32); - { uint32_t x35; uint8_t/*bool*/ x36 = subborrow_u25(x33, x12, 0x1ffffff, &x35); - { uint32_t x38; uint8_t/*bool*/ x39 = subborrow_u26(x36, x14, 0x3ffffff, &x38); - { uint32_t x41; uint8_t/*bool*/ x42 = subborrow_u25(x39, x16, 0x1ffffff, &x41); - { uint32_t x44; uint8_t/*bool*/ x45 = subborrow_u26(x42, x18, 0x3ffffff, &x44); - { uint32_t x47; uint8_t/*bool*/ x48 = subborrow_u25(x45, x17, 0x1ffffff, &x47); - { uint32_t x49 = cmovznz32(x48, 0x0, 0xffffffff); - { uint32_t x50 = (x49 & 0x3ffffed); - { uint32_t x52; uint8_t/*bool*/ x53 = addcarryx_u26(0x0, x20, x50, &x52); - { uint32_t x54 = (x49 & 0x1ffffff); - { uint32_t x56; uint8_t/*bool*/ x57 = addcarryx_u25(x53, x23, x54, &x56); - { uint32_t x58 = (x49 & 0x3ffffff); - { uint32_t x60; uint8_t/*bool*/ x61 = addcarryx_u26(x57, x26, x58, &x60); - { uint32_t x62 = (x49 & 0x1ffffff); - { uint32_t x64; uint8_t/*bool*/ x65 = addcarryx_u25(x61, x29, x62, &x64); - { uint32_t x66 = (x49 & 0x3ffffff); - { uint32_t x68; uint8_t/*bool*/ x69 = addcarryx_u26(x65, x32, x66, &x68); - { uint32_t x70 = (x49 & 0x1ffffff); - { uint32_t x72; uint8_t/*bool*/ x73 = addcarryx_u25(x69, x35, x70, &x72); - { uint32_t x74 = (x49 & 0x3ffffff); - { uint32_t x76; uint8_t/*bool*/ x77 = addcarryx_u26(x73, x38, x74, &x76); - { uint32_t x78 = (x49 & 0x1ffffff); - { uint32_t x80; uint8_t/*bool*/ x81 = addcarryx_u25(x77, x41, x78, &x80); - { uint32_t x82 = (x49 & 0x3ffffff); - { uint32_t x84; uint8_t/*bool*/ x85 = addcarryx_u26(x81, x44, x82, &x84); - { uint32_t x86 = (x49 & 0x1ffffff); - { uint32_t x88; addcarryx_u25(x85, x47, x86, &x88); - out[0] = x52; - out[1] = x56; - out[2] = x60; - out[3] = x64; - out[4] = x68; - out[5] = x72; - out[6] = x76; - out[7] = x80; - out[8] = x84; - out[9] = x88; - }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} +static void fe_frombytes(fe *h, const uint8_t s[32]) { + uint8_t s_copy[32]; + OPENSSL_memcpy(s_copy, s, 32); + s_copy[31] &= 0x7f; + fe_frombytes_strict(h, s_copy); } static void fe_tobytes(uint8_t s[32], const fe *f) { assert_fe(f->v); - uint32_t h[10]; - fe_freeze(h, f->v); - assert_fe_frozen(h); - - s[0] = h[0] >> 0; - s[1] = h[0] >> 8; - s[2] = h[0] >> 16; - s[3] = (h[0] >> 24) | (h[1] << 2); - s[4] = h[1] >> 6; - s[5] = h[1] >> 14; - s[6] = (h[1] >> 22) | (h[2] << 3); - s[7] = h[2] >> 5; - s[8] = h[2] >> 13; - s[9] = (h[2] >> 21) | (h[3] << 5); - s[10] = h[3] >> 3; - s[11] = h[3] >> 11; - s[12] = (h[3] >> 19) | (h[4] << 6); - s[13] = h[4] >> 2; - s[14] = h[4] >> 10; - s[15] = h[4] >> 18; - s[16] = h[5] >> 0; - s[17] = h[5] >> 8; - s[18] = h[5] >> 16; - s[19] = (h[5] >> 24) | (h[6] << 1); - s[20] = h[6] >> 7; - s[21] = h[6] >> 15; - s[22] = (h[6] >> 23) | (h[7] << 3); - s[23] = h[7] >> 5; - s[24] = h[7] >> 13; - s[25] = (h[7] >> 21) | (h[8] << 4); - s[26] = h[8] >> 4; - s[27] = h[8] >> 12; - s[28] = (h[8] >> 20) | (h[9] << 6); - s[29] = h[9] >> 2; - s[30] = h[9] >> 10; - s[31] = h[9] >> 18; + fiat_25519_to_bytes(s, f->v); } // h = 0 @@ -787,272 +198,36 @@ static void fe_loose_1(fe_loose *h) { h->v[0] = 1; } -static void fe_add_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) { - { const uint32_t x20 = in1[9]; - { const uint32_t x21 = in1[8]; - { const uint32_t x19 = in1[7]; - { const uint32_t x17 = in1[6]; - { const uint32_t x15 = in1[5]; - { const uint32_t x13 = in1[4]; - { const uint32_t x11 = in1[3]; - { const uint32_t x9 = in1[2]; - { const uint32_t x7 = in1[1]; - { const uint32_t x5 = in1[0]; - { const uint32_t x38 = in2[9]; - { const uint32_t x39 = in2[8]; - { const uint32_t x37 = in2[7]; - { const uint32_t x35 = in2[6]; - { const uint32_t x33 = in2[5]; - { const uint32_t x31 = in2[4]; - { const uint32_t x29 = in2[3]; - { const uint32_t x27 = in2[2]; - { const uint32_t x25 = in2[1]; - { const uint32_t x23 = in2[0]; - out[0] = (x5 + x23); - out[1] = (x7 + x25); - out[2] = (x9 + x27); - out[3] = (x11 + x29); - out[4] = (x13 + x31); - out[5] = (x15 + x33); - out[6] = (x17 + x35); - out[7] = (x19 + x37); - out[8] = (x21 + x39); - out[9] = (x20 + x38); - }}}}}}}}}}}}}}}}}}}} -} - // h = f + g // Can overlap h with f or g. static void fe_add(fe_loose *h, const fe *f, const fe *g) { assert_fe(f->v); assert_fe(g->v); - fe_add_impl(h->v, f->v, g->v); + fiat_25519_add(h->v, f->v, g->v); assert_fe_loose(h->v); } -static void fe_sub_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) { - { const uint32_t x20 = in1[9]; - { const uint32_t x21 = in1[8]; - { const uint32_t x19 = in1[7]; - { const uint32_t x17 = in1[6]; - { const uint32_t x15 = in1[5]; - { const uint32_t x13 = in1[4]; - { const uint32_t x11 = in1[3]; - { const uint32_t x9 = in1[2]; - { const uint32_t x7 = in1[1]; - { const uint32_t x5 = in1[0]; - { const uint32_t x38 = in2[9]; - { const uint32_t x39 = in2[8]; - { const uint32_t x37 = in2[7]; - { const uint32_t x35 = in2[6]; - { const uint32_t x33 = in2[5]; - { const uint32_t x31 = in2[4]; - { const uint32_t x29 = in2[3]; - { const uint32_t x27 = in2[2]; - { const uint32_t x25 = in2[1]; - { const uint32_t x23 = in2[0]; - out[0] = ((0x7ffffda + x5) - x23); - out[1] = ((0x3fffffe + x7) - x25); - out[2] = ((0x7fffffe + x9) - x27); - out[3] = ((0x3fffffe + x11) - x29); - out[4] = ((0x7fffffe + x13) - x31); - out[5] = ((0x3fffffe + x15) - x33); - out[6] = ((0x7fffffe + x17) - x35); - out[7] = ((0x3fffffe + x19) - x37); - out[8] = ((0x7fffffe + x21) - x39); - out[9] = ((0x3fffffe + x20) - x38); - }}}}}}}}}}}}}}}}}}}} -} - // h = f - g // Can overlap h with f or g. static void fe_sub(fe_loose *h, const fe *f, const fe *g) { assert_fe(f->v); assert_fe(g->v); - fe_sub_impl(h->v, f->v, g->v); + fiat_25519_sub(h->v, f->v, g->v); assert_fe_loose(h->v); } -static void fe_carry_impl(uint32_t out[10], const uint32_t in1[10]) { - { const uint32_t x17 = in1[9]; - { const uint32_t x18 = in1[8]; - { const uint32_t x16 = in1[7]; - { const uint32_t x14 = in1[6]; - { const uint32_t x12 = in1[5]; - { const uint32_t x10 = in1[4]; - { const uint32_t x8 = in1[3]; - { const uint32_t x6 = in1[2]; - { const uint32_t x4 = in1[1]; - { const uint32_t x2 = in1[0]; - { uint32_t x19 = (x2 >> 0x1a); - { uint32_t x20 = (x2 & 0x3ffffff); - { uint32_t x21 = (x19 + x4); - { uint32_t x22 = (x21 >> 0x19); - { uint32_t x23 = (x21 & 0x1ffffff); - { uint32_t x24 = (x22 + x6); - { uint32_t x25 = (x24 >> 0x1a); - { uint32_t x26 = (x24 & 0x3ffffff); - { uint32_t x27 = (x25 + x8); - { uint32_t x28 = (x27 >> 0x19); - { uint32_t x29 = (x27 & 0x1ffffff); - { uint32_t x30 = (x28 + x10); - { uint32_t x31 = (x30 >> 0x1a); - { uint32_t x32 = (x30 & 0x3ffffff); - { uint32_t x33 = (x31 + x12); - { uint32_t x34 = (x33 >> 0x19); - { uint32_t x35 = (x33 & 0x1ffffff); - { uint32_t x36 = (x34 + x14); - { uint32_t x37 = (x36 >> 0x1a); - { uint32_t x38 = (x36 & 0x3ffffff); - { uint32_t x39 = (x37 + x16); - { uint32_t x40 = (x39 >> 0x19); - { uint32_t x41 = (x39 & 0x1ffffff); - { uint32_t x42 = (x40 + x18); - { uint32_t x43 = (x42 >> 0x1a); - { uint32_t x44 = (x42 & 0x3ffffff); - { uint32_t x45 = (x43 + x17); - { uint32_t x46 = (x45 >> 0x19); - { uint32_t x47 = (x45 & 0x1ffffff); - { uint32_t x48 = (x20 + (0x13 * x46)); - { uint32_t x49 = (x48 >> 0x1a); - { uint32_t x50 = (x48 & 0x3ffffff); - { uint32_t x51 = (x49 + x23); - { uint32_t x52 = (x51 >> 0x19); - { uint32_t x53 = (x51 & 0x1ffffff); - out[0] = x50; - out[1] = x53; - out[2] = (x52 + x26); - out[3] = x29; - out[4] = x32; - out[5] = x35; - out[6] = x38; - out[7] = x41; - out[8] = x44; - out[9] = x47; - }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} -} - static void fe_carry(fe *h, const fe_loose* f) { assert_fe_loose(f->v); - fe_carry_impl(h->v, f->v); + fiat_25519_carry(h->v, f->v); assert_fe(h->v); } -static void fe_mul_impl(uint32_t out[10], const uint32_t in1[10], const uint32_t in2[10]) { +static void fe_mul_impl(fe_limb_t out[FE_NUM_LIMBS], + const fe_limb_t in1[FE_NUM_LIMBS], + const fe_limb_t in2[FE_NUM_LIMBS]) { assert_fe_loose(in1); assert_fe_loose(in2); - { const uint32_t x20 = in1[9]; - { const uint32_t x21 = in1[8]; - { const uint32_t x19 = in1[7]; - { const uint32_t x17 = in1[6]; - { const uint32_t x15 = in1[5]; - { const uint32_t x13 = in1[4]; - { const uint32_t x11 = in1[3]; - { const uint32_t x9 = in1[2]; - { const uint32_t x7 = in1[1]; - { const uint32_t x5 = in1[0]; - { const uint32_t x38 = in2[9]; - { const uint32_t x39 = in2[8]; - { const uint32_t x37 = in2[7]; - { const uint32_t x35 = in2[6]; - { const uint32_t x33 = in2[5]; - { const uint32_t x31 = in2[4]; - { const uint32_t x29 = in2[3]; - { const uint32_t x27 = in2[2]; - { const uint32_t x25 = in2[1]; - { const uint32_t x23 = in2[0]; - { uint64_t x40 = ((uint64_t)x23 * x5); - { uint64_t x41 = (((uint64_t)x23 * x7) + ((uint64_t)x25 * x5)); - { uint64_t x42 = ((((uint64_t)(0x2 * x25) * x7) + ((uint64_t)x23 * x9)) + ((uint64_t)x27 * x5)); - { uint64_t x43 = (((((uint64_t)x25 * x9) + ((uint64_t)x27 * x7)) + ((uint64_t)x23 * x11)) + ((uint64_t)x29 * x5)); - { uint64_t x44 = (((((uint64_t)x27 * x9) + (0x2 * (((uint64_t)x25 * x11) + ((uint64_t)x29 * x7)))) + ((uint64_t)x23 * x13)) + ((uint64_t)x31 * x5)); - { uint64_t x45 = (((((((uint64_t)x27 * x11) + ((uint64_t)x29 * x9)) + ((uint64_t)x25 * x13)) + ((uint64_t)x31 * x7)) + ((uint64_t)x23 * x15)) + ((uint64_t)x33 * x5)); - { uint64_t x46 = (((((0x2 * ((((uint64_t)x29 * x11) + ((uint64_t)x25 * x15)) + ((uint64_t)x33 * x7))) + ((uint64_t)x27 * x13)) + ((uint64_t)x31 * x9)) + ((uint64_t)x23 * x17)) + ((uint64_t)x35 * x5)); - { uint64_t x47 = (((((((((uint64_t)x29 * x13) + ((uint64_t)x31 * x11)) + ((uint64_t)x27 * x15)) + ((uint64_t)x33 * x9)) + ((uint64_t)x25 * x17)) + ((uint64_t)x35 * x7)) + ((uint64_t)x23 * x19)) + ((uint64_t)x37 * x5)); - { uint64_t x48 = (((((((uint64_t)x31 * x13) + (0x2 * (((((uint64_t)x29 * x15) + ((uint64_t)x33 * x11)) + ((uint64_t)x25 * x19)) + ((uint64_t)x37 * x7)))) + ((uint64_t)x27 * x17)) + ((uint64_t)x35 * x9)) + ((uint64_t)x23 * x21)) + ((uint64_t)x39 * x5)); - { uint64_t x49 = (((((((((((uint64_t)x31 * x15) + ((uint64_t)x33 * x13)) + ((uint64_t)x29 * x17)) + ((uint64_t)x35 * x11)) + ((uint64_t)x27 * x19)) + ((uint64_t)x37 * x9)) + ((uint64_t)x25 * x21)) + ((uint64_t)x39 * x7)) + ((uint64_t)x23 * x20)) + ((uint64_t)x38 * x5)); - { uint64_t x50 = (((((0x2 * ((((((uint64_t)x33 * x15) + ((uint64_t)x29 * x19)) + ((uint64_t)x37 * x11)) + ((uint64_t)x25 * x20)) + ((uint64_t)x38 * x7))) + ((uint64_t)x31 * x17)) + ((uint64_t)x35 * x13)) + ((uint64_t)x27 * x21)) + ((uint64_t)x39 * x9)); - { uint64_t x51 = (((((((((uint64_t)x33 * x17) + ((uint64_t)x35 * x15)) + ((uint64_t)x31 * x19)) + ((uint64_t)x37 * x13)) + ((uint64_t)x29 * x21)) + ((uint64_t)x39 * x11)) + ((uint64_t)x27 * x20)) + ((uint64_t)x38 * x9)); - { uint64_t x52 = (((((uint64_t)x35 * x17) + (0x2 * (((((uint64_t)x33 * x19) + ((uint64_t)x37 * x15)) + ((uint64_t)x29 * x20)) + ((uint64_t)x38 * x11)))) + ((uint64_t)x31 * x21)) + ((uint64_t)x39 * x13)); - { uint64_t x53 = (((((((uint64_t)x35 * x19) + ((uint64_t)x37 * x17)) + ((uint64_t)x33 * x21)) + ((uint64_t)x39 * x15)) + ((uint64_t)x31 * x20)) + ((uint64_t)x38 * x13)); - { uint64_t x54 = (((0x2 * ((((uint64_t)x37 * x19) + ((uint64_t)x33 * x20)) + ((uint64_t)x38 * x15))) + ((uint64_t)x35 * x21)) + ((uint64_t)x39 * x17)); - { uint64_t x55 = (((((uint64_t)x37 * x21) + ((uint64_t)x39 * x19)) + ((uint64_t)x35 * x20)) + ((uint64_t)x38 * x17)); - { uint64_t x56 = (((uint64_t)x39 * x21) + (0x2 * (((uint64_t)x37 * x20) + ((uint64_t)x38 * x19)))); - { uint64_t x57 = (((uint64_t)x39 * x20) + ((uint64_t)x38 * x21)); - { uint64_t x58 = ((uint64_t)(0x2 * x38) * x20); - { uint64_t x59 = (x48 + (x58 << 0x4)); - { uint64_t x60 = (x59 + (x58 << 0x1)); - { uint64_t x61 = (x60 + x58); - { uint64_t x62 = (x47 + (x57 << 0x4)); - { uint64_t x63 = (x62 + (x57 << 0x1)); - { uint64_t x64 = (x63 + x57); - { uint64_t x65 = (x46 + (x56 << 0x4)); - { uint64_t x66 = (x65 + (x56 << 0x1)); - { uint64_t x67 = (x66 + x56); - { uint64_t x68 = (x45 + (x55 << 0x4)); - { uint64_t x69 = (x68 + (x55 << 0x1)); - { uint64_t x70 = (x69 + x55); - { uint64_t x71 = (x44 + (x54 << 0x4)); - { uint64_t x72 = (x71 + (x54 << 0x1)); - { uint64_t x73 = (x72 + x54); - { uint64_t x74 = (x43 + (x53 << 0x4)); - { uint64_t x75 = (x74 + (x53 << 0x1)); - { uint64_t x76 = (x75 + x53); - { uint64_t x77 = (x42 + (x52 << 0x4)); - { uint64_t x78 = (x77 + (x52 << 0x1)); - { uint64_t x79 = (x78 + x52); - { uint64_t x80 = (x41 + (x51 << 0x4)); - { uint64_t x81 = (x80 + (x51 << 0x1)); - { uint64_t x82 = (x81 + x51); - { uint64_t x83 = (x40 + (x50 << 0x4)); - { uint64_t x84 = (x83 + (x50 << 0x1)); - { uint64_t x85 = (x84 + x50); - { uint64_t x86 = (x85 >> 0x1a); - { uint32_t x87 = ((uint32_t)x85 & 0x3ffffff); - { uint64_t x88 = (x86 + x82); - { uint64_t x89 = (x88 >> 0x19); - { uint32_t x90 = ((uint32_t)x88 & 0x1ffffff); - { uint64_t x91 = (x89 + x79); - { uint64_t x92 = (x91 >> 0x1a); - { uint32_t x93 = ((uint32_t)x91 & 0x3ffffff); - { uint64_t x94 = (x92 + x76); - { uint64_t x95 = (x94 >> 0x19); - { uint32_t x96 = ((uint32_t)x94 & 0x1ffffff); - { uint64_t x97 = (x95 + x73); - { uint64_t x98 = (x97 >> 0x1a); - { uint32_t x99 = ((uint32_t)x97 & 0x3ffffff); - { uint64_t x100 = (x98 + x70); - { uint64_t x101 = (x100 >> 0x19); - { uint32_t x102 = ((uint32_t)x100 & 0x1ffffff); - { uint64_t x103 = (x101 + x67); - { uint64_t x104 = (x103 >> 0x1a); - { uint32_t x105 = ((uint32_t)x103 & 0x3ffffff); - { uint64_t x106 = (x104 + x64); - { uint64_t x107 = (x106 >> 0x19); - { uint32_t x108 = ((uint32_t)x106 & 0x1ffffff); - { uint64_t x109 = (x107 + x61); - { uint64_t x110 = (x109 >> 0x1a); - { uint32_t x111 = ((uint32_t)x109 & 0x3ffffff); - { uint64_t x112 = (x110 + x49); - { uint64_t x113 = (x112 >> 0x19); - { uint32_t x114 = ((uint32_t)x112 & 0x1ffffff); - { uint64_t x115 = (x87 + (0x13 * x113)); - { uint32_t x116 = (uint32_t) (x115 >> 0x1a); - { uint32_t x117 = ((uint32_t)x115 & 0x3ffffff); - { uint32_t x118 = (x116 + x90); - { uint32_t x119 = (x118 >> 0x19); - { uint32_t x120 = (x118 & 0x1ffffff); - out[0] = x117; - out[1] = x120; - out[2] = (x119 + x93); - out[3] = x96; - out[4] = x99; - out[5] = x102; - out[6] = x105; - out[7] = x108; - out[8] = x111; - out[9] = x114; - }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} + fiat_25519_carry_mul(out, in1, in2); assert_fe(out); } @@ -1080,297 +255,42 @@ static void fe_mul_tll(fe *h, const fe_loose *f, const fe_loose *g) { fe_mul_impl(h->v, f->v, g->v); } -static void fe_sqr_impl(uint32_t out[10], const uint32_t in1[10]) { - assert_fe_loose(in1); - { const uint32_t x17 = in1[9]; - { const uint32_t x18 = in1[8]; - { const uint32_t x16 = in1[7]; - { const uint32_t x14 = in1[6]; - { const uint32_t x12 = in1[5]; - { const uint32_t x10 = in1[4]; - { const uint32_t x8 = in1[3]; - { const uint32_t x6 = in1[2]; - { const uint32_t x4 = in1[1]; - { const uint32_t x2 = in1[0]; - { uint64_t x19 = ((uint64_t)x2 * x2); - { uint64_t x20 = ((uint64_t)(0x2 * x2) * x4); - { uint64_t x21 = (0x2 * (((uint64_t)x4 * x4) + ((uint64_t)x2 * x6))); - { uint64_t x22 = (0x2 * (((uint64_t)x4 * x6) + ((uint64_t)x2 * x8))); - { uint64_t x23 = ((((uint64_t)x6 * x6) + ((uint64_t)(0x4 * x4) * x8)) + ((uint64_t)(0x2 * x2) * x10)); - { uint64_t x24 = (0x2 * ((((uint64_t)x6 * x8) + ((uint64_t)x4 * x10)) + ((uint64_t)x2 * x12))); - { uint64_t x25 = (0x2 * (((((uint64_t)x8 * x8) + ((uint64_t)x6 * x10)) + ((uint64_t)x2 * x14)) + ((uint64_t)(0x2 * x4) * x12))); - { uint64_t x26 = (0x2 * (((((uint64_t)x8 * x10) + ((uint64_t)x6 * x12)) + ((uint64_t)x4 * x14)) + ((uint64_t)x2 * x16))); - { uint64_t x27 = (((uint64_t)x10 * x10) + (0x2 * ((((uint64_t)x6 * x14) + ((uint64_t)x2 * x18)) + (0x2 * (((uint64_t)x4 * x16) + ((uint64_t)x8 * x12)))))); - { uint64_t x28 = (0x2 * ((((((uint64_t)x10 * x12) + ((uint64_t)x8 * x14)) + ((uint64_t)x6 * x16)) + ((uint64_t)x4 * x18)) + ((uint64_t)x2 * x17))); - { uint64_t x29 = (0x2 * (((((uint64_t)x12 * x12) + ((uint64_t)x10 * x14)) + ((uint64_t)x6 * x18)) + (0x2 * (((uint64_t)x8 * x16) + ((uint64_t)x4 * x17))))); - { uint64_t x30 = (0x2 * (((((uint64_t)x12 * x14) + ((uint64_t)x10 * x16)) + ((uint64_t)x8 * x18)) + ((uint64_t)x6 * x17))); - { uint64_t x31 = (((uint64_t)x14 * x14) + (0x2 * (((uint64_t)x10 * x18) + (0x2 * (((uint64_t)x12 * x16) + ((uint64_t)x8 * x17)))))); - { uint64_t x32 = (0x2 * ((((uint64_t)x14 * x16) + ((uint64_t)x12 * x18)) + ((uint64_t)x10 * x17))); - { uint64_t x33 = (0x2 * ((((uint64_t)x16 * x16) + ((uint64_t)x14 * x18)) + ((uint64_t)(0x2 * x12) * x17))); - { uint64_t x34 = (0x2 * (((uint64_t)x16 * x18) + ((uint64_t)x14 * x17))); - { uint64_t x35 = (((uint64_t)x18 * x18) + ((uint64_t)(0x4 * x16) * x17)); - { uint64_t x36 = ((uint64_t)(0x2 * x18) * x17); - { uint64_t x37 = ((uint64_t)(0x2 * x17) * x17); - { uint64_t x38 = (x27 + (x37 << 0x4)); - { uint64_t x39 = (x38 + (x37 << 0x1)); - { uint64_t x40 = (x39 + x37); - { uint64_t x41 = (x26 + (x36 << 0x4)); - { uint64_t x42 = (x41 + (x36 << 0x1)); - { uint64_t x43 = (x42 + x36); - { uint64_t x44 = (x25 + (x35 << 0x4)); - { uint64_t x45 = (x44 + (x35 << 0x1)); - { uint64_t x46 = (x45 + x35); - { uint64_t x47 = (x24 + (x34 << 0x4)); - { uint64_t x48 = (x47 + (x34 << 0x1)); - { uint64_t x49 = (x48 + x34); - { uint64_t x50 = (x23 + (x33 << 0x4)); - { uint64_t x51 = (x50 + (x33 << 0x1)); - { uint64_t x52 = (x51 + x33); - { uint64_t x53 = (x22 + (x32 << 0x4)); - { uint64_t x54 = (x53 + (x32 << 0x1)); - { uint64_t x55 = (x54 + x32); - { uint64_t x56 = (x21 + (x31 << 0x4)); - { uint64_t x57 = (x56 + (x31 << 0x1)); - { uint64_t x58 = (x57 + x31); - { uint64_t x59 = (x20 + (x30 << 0x4)); - { uint64_t x60 = (x59 + (x30 << 0x1)); - { uint64_t x61 = (x60 + x30); - { uint64_t x62 = (x19 + (x29 << 0x4)); - { uint64_t x63 = (x62 + (x29 << 0x1)); - { uint64_t x64 = (x63 + x29); - { uint64_t x65 = (x64 >> 0x1a); - { uint32_t x66 = ((uint32_t)x64 & 0x3ffffff); - { uint64_t x67 = (x65 + x61); - { uint64_t x68 = (x67 >> 0x19); - { uint32_t x69 = ((uint32_t)x67 & 0x1ffffff); - { uint64_t x70 = (x68 + x58); - { uint64_t x71 = (x70 >> 0x1a); - { uint32_t x72 = ((uint32_t)x70 & 0x3ffffff); - { uint64_t x73 = (x71 + x55); - { uint64_t x74 = (x73 >> 0x19); - { uint32_t x75 = ((uint32_t)x73 & 0x1ffffff); - { uint64_t x76 = (x74 + x52); - { uint64_t x77 = (x76 >> 0x1a); - { uint32_t x78 = ((uint32_t)x76 & 0x3ffffff); - { uint64_t x79 = (x77 + x49); - { uint64_t x80 = (x79 >> 0x19); - { uint32_t x81 = ((uint32_t)x79 & 0x1ffffff); - { uint64_t x82 = (x80 + x46); - { uint64_t x83 = (x82 >> 0x1a); - { uint32_t x84 = ((uint32_t)x82 & 0x3ffffff); - { uint64_t x85 = (x83 + x43); - { uint64_t x86 = (x85 >> 0x19); - { uint32_t x87 = ((uint32_t)x85 & 0x1ffffff); - { uint64_t x88 = (x86 + x40); - { uint64_t x89 = (x88 >> 0x1a); - { uint32_t x90 = ((uint32_t)x88 & 0x3ffffff); - { uint64_t x91 = (x89 + x28); - { uint64_t x92 = (x91 >> 0x19); - { uint32_t x93 = ((uint32_t)x91 & 0x1ffffff); - { uint64_t x94 = (x66 + (0x13 * x92)); - { uint32_t x95 = (uint32_t) (x94 >> 0x1a); - { uint32_t x96 = ((uint32_t)x94 & 0x3ffffff); - { uint32_t x97 = (x95 + x69); - { uint32_t x98 = (x97 >> 0x19); - { uint32_t x99 = (x97 & 0x1ffffff); - out[0] = x96; - out[1] = x99; - out[2] = (x98 + x72); - out[3] = x75; - out[4] = x78; - out[5] = x81; - out[6] = x84; - out[7] = x87; - out[8] = x90; - out[9] = x93; - }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} - assert_fe(out); -} - static void fe_sq_tl(fe *h, const fe_loose *f) { - fe_sqr_impl(h->v, f->v); + assert_fe_loose(f->v); + fiat_25519_carry_square(h->v, f->v); + assert_fe(h->v); } static void fe_sq_tt(fe *h, const fe *f) { - fe_sqr_impl(h->v, f->v); + assert_fe_loose(f->v); + fiat_25519_carry_square(h->v, f->v); + assert_fe(h->v); } // Replace (f,g) with (g,f) if b == 1; // replace (f,g) with (f,g) if b == 0. // // Preconditions: b in {0,1}. -static void fe_cswap(fe *f, fe *g, unsigned int b) { +static void fe_cswap(fe *f, fe *g, fe_limb_t b) { b = 0-b; - unsigned i; - for (i = 0; i < 10; i++) { - uint32_t x = f->v[i] ^ g->v[i]; + for (unsigned i = 0; i < FE_NUM_LIMBS; i++) { + fe_limb_t x = f->v[i] ^ g->v[i]; x &= b; f->v[i] ^= x; g->v[i] ^= x; } } -// NOTE: based on fiat-crypto fe_mul, edited for in2=121666, 0, 0.. -static void fe_mul_121666_impl(uint32_t out[10], const uint32_t in1[10]) { - { const uint32_t x20 = in1[9]; - { const uint32_t x21 = in1[8]; - { const uint32_t x19 = in1[7]; - { const uint32_t x17 = in1[6]; - { const uint32_t x15 = in1[5]; - { const uint32_t x13 = in1[4]; - { const uint32_t x11 = in1[3]; - { const uint32_t x9 = in1[2]; - { const uint32_t x7 = in1[1]; - { const uint32_t x5 = in1[0]; - { const uint32_t x38 = 0; - { const uint32_t x39 = 0; - { const uint32_t x37 = 0; - { const uint32_t x35 = 0; - { const uint32_t x33 = 0; - { const uint32_t x31 = 0; - { const uint32_t x29 = 0; - { const uint32_t x27 = 0; - { const uint32_t x25 = 0; - { const uint32_t x23 = 121666; - { uint64_t x40 = ((uint64_t)x23 * x5); - { uint64_t x41 = (((uint64_t)x23 * x7) + ((uint64_t)x25 * x5)); - { uint64_t x42 = ((((uint64_t)(0x2 * x25) * x7) + ((uint64_t)x23 * x9)) + ((uint64_t)x27 * x5)); - { uint64_t x43 = (((((uint64_t)x25 * x9) + ((uint64_t)x27 * x7)) + ((uint64_t)x23 * x11)) + ((uint64_t)x29 * x5)); - { uint64_t x44 = (((((uint64_t)x27 * x9) + (0x2 * (((uint64_t)x25 * x11) + ((uint64_t)x29 * x7)))) + ((uint64_t)x23 * x13)) + ((uint64_t)x31 * x5)); - { uint64_t x45 = (((((((uint64_t)x27 * x11) + ((uint64_t)x29 * x9)) + ((uint64_t)x25 * x13)) + ((uint64_t)x31 * x7)) + ((uint64_t)x23 * x15)) + ((uint64_t)x33 * x5)); - { uint64_t x46 = (((((0x2 * ((((uint64_t)x29 * x11) + ((uint64_t)x25 * x15)) + ((uint64_t)x33 * x7))) + ((uint64_t)x27 * x13)) + ((uint64_t)x31 * x9)) + ((uint64_t)x23 * x17)) + ((uint64_t)x35 * x5)); - { uint64_t x47 = (((((((((uint64_t)x29 * x13) + ((uint64_t)x31 * x11)) + ((uint64_t)x27 * x15)) + ((uint64_t)x33 * x9)) + ((uint64_t)x25 * x17)) + ((uint64_t)x35 * x7)) + ((uint64_t)x23 * x19)) + ((uint64_t)x37 * x5)); - { uint64_t x48 = (((((((uint64_t)x31 * x13) + (0x2 * (((((uint64_t)x29 * x15) + ((uint64_t)x33 * x11)) + ((uint64_t)x25 * x19)) + ((uint64_t)x37 * x7)))) + ((uint64_t)x27 * x17)) + ((uint64_t)x35 * x9)) + ((uint64_t)x23 * x21)) + ((uint64_t)x39 * x5)); - { uint64_t x49 = (((((((((((uint64_t)x31 * x15) + ((uint64_t)x33 * x13)) + ((uint64_t)x29 * x17)) + ((uint64_t)x35 * x11)) + ((uint64_t)x27 * x19)) + ((uint64_t)x37 * x9)) + ((uint64_t)x25 * x21)) + ((uint64_t)x39 * x7)) + ((uint64_t)x23 * x20)) + ((uint64_t)x38 * x5)); - { uint64_t x50 = (((((0x2 * ((((((uint64_t)x33 * x15) + ((uint64_t)x29 * x19)) + ((uint64_t)x37 * x11)) + ((uint64_t)x25 * x20)) + ((uint64_t)x38 * x7))) + ((uint64_t)x31 * x17)) + ((uint64_t)x35 * x13)) + ((uint64_t)x27 * x21)) + ((uint64_t)x39 * x9)); - { uint64_t x51 = (((((((((uint64_t)x33 * x17) + ((uint64_t)x35 * x15)) + ((uint64_t)x31 * x19)) + ((uint64_t)x37 * x13)) + ((uint64_t)x29 * x21)) + ((uint64_t)x39 * x11)) + ((uint64_t)x27 * x20)) + ((uint64_t)x38 * x9)); - { uint64_t x52 = (((((uint64_t)x35 * x17) + (0x2 * (((((uint64_t)x33 * x19) + ((uint64_t)x37 * x15)) + ((uint64_t)x29 * x20)) + ((uint64_t)x38 * x11)))) + ((uint64_t)x31 * x21)) + ((uint64_t)x39 * x13)); - { uint64_t x53 = (((((((uint64_t)x35 * x19) + ((uint64_t)x37 * x17)) + ((uint64_t)x33 * x21)) + ((uint64_t)x39 * x15)) + ((uint64_t)x31 * x20)) + ((uint64_t)x38 * x13)); - { uint64_t x54 = (((0x2 * ((((uint64_t)x37 * x19) + ((uint64_t)x33 * x20)) + ((uint64_t)x38 * x15))) + ((uint64_t)x35 * x21)) + ((uint64_t)x39 * x17)); - { uint64_t x55 = (((((uint64_t)x37 * x21) + ((uint64_t)x39 * x19)) + ((uint64_t)x35 * x20)) + ((uint64_t)x38 * x17)); - { uint64_t x56 = (((uint64_t)x39 * x21) + (0x2 * (((uint64_t)x37 * x20) + ((uint64_t)x38 * x19)))); - { uint64_t x57 = (((uint64_t)x39 * x20) + ((uint64_t)x38 * x21)); - { uint64_t x58 = ((uint64_t)(0x2 * x38) * x20); - { uint64_t x59 = (x48 + (x58 << 0x4)); - { uint64_t x60 = (x59 + (x58 << 0x1)); - { uint64_t x61 = (x60 + x58); - { uint64_t x62 = (x47 + (x57 << 0x4)); - { uint64_t x63 = (x62 + (x57 << 0x1)); - { uint64_t x64 = (x63 + x57); - { uint64_t x65 = (x46 + (x56 << 0x4)); - { uint64_t x66 = (x65 + (x56 << 0x1)); - { uint64_t x67 = (x66 + x56); - { uint64_t x68 = (x45 + (x55 << 0x4)); - { uint64_t x69 = (x68 + (x55 << 0x1)); - { uint64_t x70 = (x69 + x55); - { uint64_t x71 = (x44 + (x54 << 0x4)); - { uint64_t x72 = (x71 + (x54 << 0x1)); - { uint64_t x73 = (x72 + x54); - { uint64_t x74 = (x43 + (x53 << 0x4)); - { uint64_t x75 = (x74 + (x53 << 0x1)); - { uint64_t x76 = (x75 + x53); - { uint64_t x77 = (x42 + (x52 << 0x4)); - { uint64_t x78 = (x77 + (x52 << 0x1)); - { uint64_t x79 = (x78 + x52); - { uint64_t x80 = (x41 + (x51 << 0x4)); - { uint64_t x81 = (x80 + (x51 << 0x1)); - { uint64_t x82 = (x81 + x51); - { uint64_t x83 = (x40 + (x50 << 0x4)); - { uint64_t x84 = (x83 + (x50 << 0x1)); - { uint64_t x85 = (x84 + x50); - { uint64_t x86 = (x85 >> 0x1a); - { uint32_t x87 = ((uint32_t)x85 & 0x3ffffff); - { uint64_t x88 = (x86 + x82); - { uint64_t x89 = (x88 >> 0x19); - { uint32_t x90 = ((uint32_t)x88 & 0x1ffffff); - { uint64_t x91 = (x89 + x79); - { uint64_t x92 = (x91 >> 0x1a); - { uint32_t x93 = ((uint32_t)x91 & 0x3ffffff); - { uint64_t x94 = (x92 + x76); - { uint64_t x95 = (x94 >> 0x19); - { uint32_t x96 = ((uint32_t)x94 & 0x1ffffff); - { uint64_t x97 = (x95 + x73); - { uint64_t x98 = (x97 >> 0x1a); - { uint32_t x99 = ((uint32_t)x97 & 0x3ffffff); - { uint64_t x100 = (x98 + x70); - { uint64_t x101 = (x100 >> 0x19); - { uint32_t x102 = ((uint32_t)x100 & 0x1ffffff); - { uint64_t x103 = (x101 + x67); - { uint64_t x104 = (x103 >> 0x1a); - { uint32_t x105 = ((uint32_t)x103 & 0x3ffffff); - { uint64_t x106 = (x104 + x64); - { uint64_t x107 = (x106 >> 0x19); - { uint32_t x108 = ((uint32_t)x106 & 0x1ffffff); - { uint64_t x109 = (x107 + x61); - { uint64_t x110 = (x109 >> 0x1a); - { uint32_t x111 = ((uint32_t)x109 & 0x3ffffff); - { uint64_t x112 = (x110 + x49); - { uint64_t x113 = (x112 >> 0x19); - { uint32_t x114 = ((uint32_t)x112 & 0x1ffffff); - { uint64_t x115 = (x87 + (0x13 * x113)); - { uint32_t x116 = (uint32_t) (x115 >> 0x1a); - { uint32_t x117 = ((uint32_t)x115 & 0x3ffffff); - { uint32_t x118 = (x116 + x90); - { uint32_t x119 = (x118 >> 0x19); - { uint32_t x120 = (x118 & 0x1ffffff); - out[0] = x117; - out[1] = x120; - out[2] = (x119 + x93); - out[3] = x96; - out[4] = x99; - out[5] = x102; - out[6] = x105; - out[7] = x108; - out[8] = x111; - out[9] = x114; - }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} -} - static void fe_mul121666(fe *h, const fe_loose *f) { assert_fe_loose(f->v); - fe_mul_121666_impl(h->v, f->v); + fiat_25519_carry_scmul_121666(h->v, f->v); assert_fe(h->v); } -// Adapted from Fiat-synthesized |fe_sub_impl| with |out| = 0. -static void fe_neg_impl(uint32_t out[10], const uint32_t in2[10]) { - { const uint32_t x20 = 0; - { const uint32_t x21 = 0; - { const uint32_t x19 = 0; - { const uint32_t x17 = 0; - { const uint32_t x15 = 0; - { const uint32_t x13 = 0; - { const uint32_t x11 = 0; - { const uint32_t x9 = 0; - { const uint32_t x7 = 0; - { const uint32_t x5 = 0; - { const uint32_t x38 = in2[9]; - { const uint32_t x39 = in2[8]; - { const uint32_t x37 = in2[7]; - { const uint32_t x35 = in2[6]; - { const uint32_t x33 = in2[5]; - { const uint32_t x31 = in2[4]; - { const uint32_t x29 = in2[3]; - { const uint32_t x27 = in2[2]; - { const uint32_t x25 = in2[1]; - { const uint32_t x23 = in2[0]; - out[0] = ((0x7ffffda + x5) - x23); - out[1] = ((0x3fffffe + x7) - x25); - out[2] = ((0x7fffffe + x9) - x27); - out[3] = ((0x3fffffe + x11) - x29); - out[4] = ((0x7fffffe + x13) - x31); - out[5] = ((0x3fffffe + x15) - x33); - out[6] = ((0x7fffffe + x17) - x35); - out[7] = ((0x3fffffe + x19) - x37); - out[8] = ((0x7fffffe + x21) - x39); - out[9] = ((0x3fffffe + x20) - x38); - }}}}}}}}}}}}}}}}}}}} -} - // h = -f static void fe_neg(fe_loose *h, const fe *f) { assert_fe(f->v); - fe_neg_impl(h->v, f->v); + fiat_25519_opp(h->v, f->v); assert_fe_loose(h->v); } @@ -1378,18 +298,22 @@ static void fe_neg(fe_loose *h, const fe *f) { // replace (f,g) with (f,g) if b == 0. // // Preconditions: b in {0,1}. -static void fe_cmov(fe_loose *f, const fe_loose *g, unsigned b) { +static void fe_cmov(fe_loose *f, const fe_loose *g, fe_limb_t b) { + // Silence an unused function warning. |fiat_25519_selectznz| isn't quite the + // calling convention the rest of this code wants, so implement it by hand. + // + // TODO(davidben): Switch to fiat's calling convention, or ask fiat to emit a + // different one. + (void)fiat_25519_selectznz; + b = 0-b; - unsigned i; - for (i = 0; i < 10; i++) { - uint32_t x = f->v[i] ^ g->v[i]; + for (unsigned i = 0; i < FE_NUM_LIMBS; i++) { + fe_limb_t x = f->v[i] ^ g->v[i]; x &= b; f->v[i] ^= x; } } -#endif // BORINGSSL_CURVE25519_64BIT - // h = f static void fe_copy(fe *h, const fe *f) { OPENSSL_memmove(h, f, sizeof(fe)); @@ -1584,7 +508,7 @@ static void ge_p3_tobytes(uint8_t s[32], const ge_p3 *h) { s[31] ^= fe_isnegative(&x) << 7; } -int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) { +int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]) { fe u; fe_loose v; fe v3; @@ -1813,10 +737,12 @@ void x25519_ge_scalarmult_small_precomp( unsigned i; for (i = 0; i < 15; i++) { + // The precomputed table is assumed to already clear the top bit, so + // |fe_frombytes_strict| may be used directly. const uint8_t *bytes = &precomp_table[i*(2 * 32)]; fe x, y; - fe_frombytes(&x, bytes); - fe_frombytes(&y, bytes + 32); + fe_frombytes_strict(&x, bytes); + fe_frombytes_strict(&y, bytes + 32); ge_precomp *out = &multiples[i]; fe_add(&out->yplusx, &y, &x); @@ -2120,6 +1046,12 @@ static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a, } } +// int64_lshift21 returns |a << 21| but is defined when shifting bits into the +// sign bit. This works around a language flaw in C. +static inline int64_t int64_lshift21(int64_t a) { + return (int64_t)((uint64_t)a << 21); +} + // The set of scalars is \Z/l // where l = 2^252 + 27742317777372353535851937790883648493. @@ -2223,38 +1155,38 @@ void x25519_sc_reduce(uint8_t s[64]) { carry6 = (s6 + (1 << 20)) >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= int64_lshift21(carry6); carry8 = (s8 + (1 << 20)) >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= int64_lshift21(carry8); carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= int64_lshift21(carry10); carry12 = (s12 + (1 << 20)) >> 21; s13 += carry12; - s12 -= carry12 << 21; + s12 -= int64_lshift21(carry12); carry14 = (s14 + (1 << 20)) >> 21; s15 += carry14; - s14 -= carry14 << 21; + s14 -= int64_lshift21(carry14); carry16 = (s16 + (1 << 20)) >> 21; s17 += carry16; - s16 -= carry16 << 21; + s16 -= int64_lshift21(carry16); carry7 = (s7 + (1 << 20)) >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= int64_lshift21(carry7); carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= int64_lshift21(carry9); carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; - s11 -= carry11 << 21; + s11 -= int64_lshift21(carry11); carry13 = (s13 + (1 << 20)) >> 21; s14 += carry13; - s13 -= carry13 << 21; + s13 -= int64_lshift21(carry13); carry15 = (s15 + (1 << 20)) >> 21; s16 += carry15; - s15 -= carry15 << 21; + s15 -= int64_lshift21(carry15); s5 += s17 * 666643; s6 += s17 * 470296; @@ -2306,41 +1238,41 @@ void x25519_sc_reduce(uint8_t s[64]) { carry0 = (s0 + (1 << 20)) >> 21; s1 += carry0; - s0 -= carry0 << 21; + s0 -= int64_lshift21(carry0); carry2 = (s2 + (1 << 20)) >> 21; s3 += carry2; - s2 -= carry2 << 21; + s2 -= int64_lshift21(carry2); carry4 = (s4 + (1 << 20)) >> 21; s5 += carry4; - s4 -= carry4 << 21; + s4 -= int64_lshift21(carry4); carry6 = (s6 + (1 << 20)) >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= int64_lshift21(carry6); carry8 = (s8 + (1 << 20)) >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= int64_lshift21(carry8); carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= int64_lshift21(carry10); carry1 = (s1 + (1 << 20)) >> 21; s2 += carry1; - s1 -= carry1 << 21; + s1 -= int64_lshift21(carry1); carry3 = (s3 + (1 << 20)) >> 21; s4 += carry3; - s3 -= carry3 << 21; + s3 -= int64_lshift21(carry3); carry5 = (s5 + (1 << 20)) >> 21; s6 += carry5; - s5 -= carry5 << 21; + s5 -= int64_lshift21(carry5); carry7 = (s7 + (1 << 20)) >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= int64_lshift21(carry7); carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= int64_lshift21(carry9); carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; - s11 -= carry11 << 21; + s11 -= int64_lshift21(carry11); s0 += s12 * 666643; s1 += s12 * 470296; @@ -2352,40 +1284,40 @@ void x25519_sc_reduce(uint8_t s[64]) { carry0 = s0 >> 21; s1 += carry0; - s0 -= carry0 << 21; + s0 -= int64_lshift21(carry0); carry1 = s1 >> 21; s2 += carry1; - s1 -= carry1 << 21; + s1 -= int64_lshift21(carry1); carry2 = s2 >> 21; s3 += carry2; - s2 -= carry2 << 21; + s2 -= int64_lshift21(carry2); carry3 = s3 >> 21; s4 += carry3; - s3 -= carry3 << 21; + s3 -= int64_lshift21(carry3); carry4 = s4 >> 21; s5 += carry4; - s4 -= carry4 << 21; + s4 -= int64_lshift21(carry4); carry5 = s5 >> 21; s6 += carry5; - s5 -= carry5 << 21; + s5 -= int64_lshift21(carry5); carry6 = s6 >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= int64_lshift21(carry6); carry7 = s7 >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= int64_lshift21(carry7); carry8 = s8 >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= int64_lshift21(carry8); carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= int64_lshift21(carry9); carry10 = s10 >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= int64_lshift21(carry10); carry11 = s11 >> 21; s12 += carry11; - s11 -= carry11 << 21; + s11 -= int64_lshift21(carry11); s0 += s12 * 666643; s1 += s12 * 470296; @@ -2397,37 +1329,37 @@ void x25519_sc_reduce(uint8_t s[64]) { carry0 = s0 >> 21; s1 += carry0; - s0 -= carry0 << 21; + s0 -= int64_lshift21(carry0); carry1 = s1 >> 21; s2 += carry1; - s1 -= carry1 << 21; + s1 -= int64_lshift21(carry1); carry2 = s2 >> 21; s3 += carry2; - s2 -= carry2 << 21; + s2 -= int64_lshift21(carry2); carry3 = s3 >> 21; s4 += carry3; - s3 -= carry3 << 21; + s3 -= int64_lshift21(carry3); carry4 = s4 >> 21; s5 += carry4; - s4 -= carry4 << 21; + s4 -= int64_lshift21(carry4); carry5 = s5 >> 21; s6 += carry5; - s5 -= carry5 << 21; + s5 -= int64_lshift21(carry5); carry6 = s6 >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= int64_lshift21(carry6); carry7 = s7 >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= int64_lshift21(carry7); carry8 = s8 >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= int64_lshift21(carry8); carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= int64_lshift21(carry9); carry10 = s10 >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= int64_lshift21(carry10); s[0] = s0 >> 0; s[1] = s0 >> 8; @@ -2593,74 +1525,74 @@ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, carry0 = (s0 + (1 << 20)) >> 21; s1 += carry0; - s0 -= carry0 << 21; + s0 -= int64_lshift21(carry0); carry2 = (s2 + (1 << 20)) >> 21; s3 += carry2; - s2 -= carry2 << 21; + s2 -= int64_lshift21(carry2); carry4 = (s4 + (1 << 20)) >> 21; s5 += carry4; - s4 -= carry4 << 21; + s4 -= int64_lshift21(carry4); carry6 = (s6 + (1 << 20)) >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= int64_lshift21(carry6); carry8 = (s8 + (1 << 20)) >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= int64_lshift21(carry8); carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= int64_lshift21(carry10); carry12 = (s12 + (1 << 20)) >> 21; s13 += carry12; - s12 -= carry12 << 21; + s12 -= int64_lshift21(carry12); carry14 = (s14 + (1 << 20)) >> 21; s15 += carry14; - s14 -= carry14 << 21; + s14 -= int64_lshift21(carry14); carry16 = (s16 + (1 << 20)) >> 21; s17 += carry16; - s16 -= carry16 << 21; + s16 -= int64_lshift21(carry16); carry18 = (s18 + (1 << 20)) >> 21; s19 += carry18; - s18 -= carry18 << 21; + s18 -= int64_lshift21(carry18); carry20 = (s20 + (1 << 20)) >> 21; s21 += carry20; - s20 -= carry20 << 21; + s20 -= int64_lshift21(carry20); carry22 = (s22 + (1 << 20)) >> 21; s23 += carry22; - s22 -= carry22 << 21; + s22 -= int64_lshift21(carry22); carry1 = (s1 + (1 << 20)) >> 21; s2 += carry1; - s1 -= carry1 << 21; + s1 -= int64_lshift21(carry1); carry3 = (s3 + (1 << 20)) >> 21; s4 += carry3; - s3 -= carry3 << 21; + s3 -= int64_lshift21(carry3); carry5 = (s5 + (1 << 20)) >> 21; s6 += carry5; - s5 -= carry5 << 21; + s5 -= int64_lshift21(carry5); carry7 = (s7 + (1 << 20)) >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= int64_lshift21(carry7); carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= int64_lshift21(carry9); carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; - s11 -= carry11 << 21; + s11 -= int64_lshift21(carry11); carry13 = (s13 + (1 << 20)) >> 21; s14 += carry13; - s13 -= carry13 << 21; + s13 -= int64_lshift21(carry13); carry15 = (s15 + (1 << 20)) >> 21; s16 += carry15; - s15 -= carry15 << 21; + s15 -= int64_lshift21(carry15); carry17 = (s17 + (1 << 20)) >> 21; s18 += carry17; - s17 -= carry17 << 21; + s17 -= int64_lshift21(carry17); carry19 = (s19 + (1 << 20)) >> 21; s20 += carry19; - s19 -= carry19 << 21; + s19 -= int64_lshift21(carry19); carry21 = (s21 + (1 << 20)) >> 21; s22 += carry21; - s21 -= carry21 << 21; + s21 -= int64_lshift21(carry21); s11 += s23 * 666643; s12 += s23 * 470296; @@ -2712,38 +1644,38 @@ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, carry6 = (s6 + (1 << 20)) >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= int64_lshift21(carry6); carry8 = (s8 + (1 << 20)) >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= int64_lshift21(carry8); carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= int64_lshift21(carry10); carry12 = (s12 + (1 << 20)) >> 21; s13 += carry12; - s12 -= carry12 << 21; + s12 -= int64_lshift21(carry12); carry14 = (s14 + (1 << 20)) >> 21; s15 += carry14; - s14 -= carry14 << 21; + s14 -= int64_lshift21(carry14); carry16 = (s16 + (1 << 20)) >> 21; s17 += carry16; - s16 -= carry16 << 21; + s16 -= int64_lshift21(carry16); carry7 = (s7 + (1 << 20)) >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= int64_lshift21(carry7); carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= int64_lshift21(carry9); carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; - s11 -= carry11 << 21; + s11 -= int64_lshift21(carry11); carry13 = (s13 + (1 << 20)) >> 21; s14 += carry13; - s13 -= carry13 << 21; + s13 -= int64_lshift21(carry13); carry15 = (s15 + (1 << 20)) >> 21; s16 += carry15; - s15 -= carry15 << 21; + s15 -= int64_lshift21(carry15); s5 += s17 * 666643; s6 += s17 * 470296; @@ -2795,41 +1727,41 @@ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, carry0 = (s0 + (1 << 20)) >> 21; s1 += carry0; - s0 -= carry0 << 21; + s0 -= int64_lshift21(carry0); carry2 = (s2 + (1 << 20)) >> 21; s3 += carry2; - s2 -= carry2 << 21; + s2 -= int64_lshift21(carry2); carry4 = (s4 + (1 << 20)) >> 21; s5 += carry4; - s4 -= carry4 << 21; + s4 -= int64_lshift21(carry4); carry6 = (s6 + (1 << 20)) >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= int64_lshift21(carry6); carry8 = (s8 + (1 << 20)) >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= int64_lshift21(carry8); carry10 = (s10 + (1 << 20)) >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= int64_lshift21(carry10); carry1 = (s1 + (1 << 20)) >> 21; s2 += carry1; - s1 -= carry1 << 21; + s1 -= int64_lshift21(carry1); carry3 = (s3 + (1 << 20)) >> 21; s4 += carry3; - s3 -= carry3 << 21; + s3 -= int64_lshift21(carry3); carry5 = (s5 + (1 << 20)) >> 21; s6 += carry5; - s5 -= carry5 << 21; + s5 -= int64_lshift21(carry5); carry7 = (s7 + (1 << 20)) >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= int64_lshift21(carry7); carry9 = (s9 + (1 << 20)) >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= int64_lshift21(carry9); carry11 = (s11 + (1 << 20)) >> 21; s12 += carry11; - s11 -= carry11 << 21; + s11 -= int64_lshift21(carry11); s0 += s12 * 666643; s1 += s12 * 470296; @@ -2841,40 +1773,40 @@ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, carry0 = s0 >> 21; s1 += carry0; - s0 -= carry0 << 21; + s0 -= int64_lshift21(carry0); carry1 = s1 >> 21; s2 += carry1; - s1 -= carry1 << 21; + s1 -= int64_lshift21(carry1); carry2 = s2 >> 21; s3 += carry2; - s2 -= carry2 << 21; + s2 -= int64_lshift21(carry2); carry3 = s3 >> 21; s4 += carry3; - s3 -= carry3 << 21; + s3 -= int64_lshift21(carry3); carry4 = s4 >> 21; s5 += carry4; - s4 -= carry4 << 21; + s4 -= int64_lshift21(carry4); carry5 = s5 >> 21; s6 += carry5; - s5 -= carry5 << 21; + s5 -= int64_lshift21(carry5); carry6 = s6 >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= int64_lshift21(carry6); carry7 = s7 >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= int64_lshift21(carry7); carry8 = s8 >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= int64_lshift21(carry8); carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= int64_lshift21(carry9); carry10 = s10 >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= int64_lshift21(carry10); carry11 = s11 >> 21; s12 += carry11; - s11 -= carry11 << 21; + s11 -= int64_lshift21(carry11); s0 += s12 * 666643; s1 += s12 * 470296; @@ -2886,37 +1818,37 @@ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, carry0 = s0 >> 21; s1 += carry0; - s0 -= carry0 << 21; + s0 -= int64_lshift21(carry0); carry1 = s1 >> 21; s2 += carry1; - s1 -= carry1 << 21; + s1 -= int64_lshift21(carry1); carry2 = s2 >> 21; s3 += carry2; - s2 -= carry2 << 21; + s2 -= int64_lshift21(carry2); carry3 = s3 >> 21; s4 += carry3; - s3 -= carry3 << 21; + s3 -= int64_lshift21(carry3); carry4 = s4 >> 21; s5 += carry4; - s4 -= carry4 << 21; + s4 -= int64_lshift21(carry4); carry5 = s5 >> 21; s6 += carry5; - s5 -= carry5 << 21; + s5 -= int64_lshift21(carry5); carry6 = s6 >> 21; s7 += carry6; - s6 -= carry6 << 21; + s6 -= int64_lshift21(carry6); carry7 = s7 >> 21; s8 += carry7; - s7 -= carry7 << 21; + s7 -= int64_lshift21(carry7); carry8 = s8 >> 21; s9 += carry8; - s8 -= carry8 << 21; + s8 -= int64_lshift21(carry8); carry9 = s9 >> 21; s10 += carry9; - s9 -= carry9 << 21; + s9 -= int64_lshift21(carry9); carry10 = s10 >> 21; s11 += carry10; - s10 -= carry10 << 21; + s10 -= int64_lshift21(carry10); s[0] = s0 >> 0; s[1] = s0 >> 8; diff --git a/src/third_party/fiat/curve25519_32.h b/src/third_party/fiat/curve25519_32.h new file mode 100644 index 0000000..820a5c9 --- /dev/null +++ b/src/third_party/fiat/curve25519_32.h @@ -0,0 +1,905 @@ +/* Autogenerated */ +/* curve description: 25519 */ +/* requested operations: carry_mul, carry_square, carry_scmul121666, carry, add, sub, opp, selectznz, to_bytes, from_bytes */ +/* n = 10 (from "10") */ +/* s = 0x8000000000000000000000000000000000000000000000000000000000000000 (from "2^255") */ +/* c = [(1, 19)] (from "1,19") */ +/* machine_wordsize = 32 (from "32") */ + +#include +typedef unsigned char fiat_25519_uint1; +typedef signed char fiat_25519_int1; + + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0x3ffffff] + * arg3: [0x0 ~> 0x3ffffff] + * Output Bounds: + * out1: [0x0 ~> 0x3ffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_25519_addcarryx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) { + uint32_t x1 = ((arg1 + arg2) + arg3); + uint32_t x2 = (x1 & UINT32_C(0x3ffffff)); + fiat_25519_uint1 x3 = (fiat_25519_uint1)(x1 >> 26); + *out1 = x2; + *out2 = x3; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0x3ffffff] + * arg3: [0x0 ~> 0x3ffffff] + * Output Bounds: + * out1: [0x0 ~> 0x3ffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_25519_subborrowx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) { + int32_t x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); + fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 26); + uint32_t x3 = (x1 & UINT32_C(0x3ffffff)); + *out1 = x3; + *out2 = (fiat_25519_uint1)(0x0 - x2); +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0x1ffffff] + * arg3: [0x0 ~> 0x1ffffff] + * Output Bounds: + * out1: [0x0 ~> 0x1ffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_25519_addcarryx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) { + uint32_t x1 = ((arg1 + arg2) + arg3); + uint32_t x2 = (x1 & UINT32_C(0x1ffffff)); + fiat_25519_uint1 x3 = (fiat_25519_uint1)(x1 >> 25); + *out1 = x2; + *out2 = x3; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0x1ffffff] + * arg3: [0x0 ~> 0x1ffffff] + * Output Bounds: + * out1: [0x0 ~> 0x1ffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_25519_subborrowx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) { + int32_t x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); + fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 25); + uint32_t x3 = (x1 & UINT32_C(0x1ffffff)); + *out1 = x3; + *out2 = (fiat_25519_uint1)(0x0 - x2); +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + */ +static void fiat_25519_cmovznz_u32(uint32_t* out1, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) { + fiat_25519_uint1 x1 = (!(!arg1)); + uint32_t x2 = ((fiat_25519_int1)(0x0 - x1) & UINT32_C(0xffffffff)); + uint32_t x3 = ((x2 & arg3) | ((~x2) & arg2)); + *out1 = x3; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]] + * arg2: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]] + * Output Bounds: + * out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] + */ +static void fiat_25519_carry_mul(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) { + uint64_t x1 = ((uint64_t)(arg1[9]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x2 = ((uint64_t)(arg1[9]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13))); + uint64_t x3 = ((uint64_t)(arg1[9]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x4 = ((uint64_t)(arg1[9]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13))); + uint64_t x5 = ((uint64_t)(arg1[9]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x6 = ((uint64_t)(arg1[9]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13))); + uint64_t x7 = ((uint64_t)(arg1[9]) * ((arg2[3]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x8 = ((uint64_t)(arg1[9]) * ((arg2[2]) * (uint32_t)UINT8_C(0x13))); + uint64_t x9 = ((uint64_t)(arg1[9]) * ((arg2[1]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x10 = ((uint64_t)(arg1[8]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13))); + uint64_t x11 = ((uint64_t)(arg1[8]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13))); + uint64_t x12 = ((uint64_t)(arg1[8]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13))); + uint64_t x13 = ((uint64_t)(arg1[8]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13))); + uint64_t x14 = ((uint64_t)(arg1[8]) * ((arg2[5]) * (uint32_t)UINT8_C(0x13))); + uint64_t x15 = ((uint64_t)(arg1[8]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13))); + uint64_t x16 = ((uint64_t)(arg1[8]) * ((arg2[3]) * (uint32_t)UINT8_C(0x13))); + uint64_t x17 = ((uint64_t)(arg1[8]) * ((arg2[2]) * (uint32_t)UINT8_C(0x13))); + uint64_t x18 = ((uint64_t)(arg1[7]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x19 = ((uint64_t)(arg1[7]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13))); + uint64_t x20 = ((uint64_t)(arg1[7]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x21 = ((uint64_t)(arg1[7]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13))); + uint64_t x22 = ((uint64_t)(arg1[7]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x23 = ((uint64_t)(arg1[7]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13))); + uint64_t x24 = ((uint64_t)(arg1[7]) * ((arg2[3]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x25 = ((uint64_t)(arg1[6]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13))); + uint64_t x26 = ((uint64_t)(arg1[6]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13))); + uint64_t x27 = ((uint64_t)(arg1[6]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13))); + uint64_t x28 = ((uint64_t)(arg1[6]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13))); + uint64_t x29 = ((uint64_t)(arg1[6]) * ((arg2[5]) * (uint32_t)UINT8_C(0x13))); + uint64_t x30 = ((uint64_t)(arg1[6]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13))); + uint64_t x31 = ((uint64_t)(arg1[5]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x32 = ((uint64_t)(arg1[5]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13))); + uint64_t x33 = ((uint64_t)(arg1[5]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x34 = ((uint64_t)(arg1[5]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13))); + uint64_t x35 = ((uint64_t)(arg1[5]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x36 = ((uint64_t)(arg1[4]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13))); + uint64_t x37 = ((uint64_t)(arg1[4]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13))); + uint64_t x38 = ((uint64_t)(arg1[4]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13))); + uint64_t x39 = ((uint64_t)(arg1[4]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13))); + uint64_t x40 = ((uint64_t)(arg1[3]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x41 = ((uint64_t)(arg1[3]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13))); + uint64_t x42 = ((uint64_t)(arg1[3]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x43 = ((uint64_t)(arg1[2]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13))); + uint64_t x44 = ((uint64_t)(arg1[2]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13))); + uint64_t x45 = ((uint64_t)(arg1[1]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13)))); + uint64_t x46 = ((uint64_t)(arg1[9]) * (arg2[0])); + uint64_t x47 = ((uint64_t)(arg1[8]) * (arg2[1])); + uint64_t x48 = ((uint64_t)(arg1[8]) * (arg2[0])); + uint64_t x49 = ((uint64_t)(arg1[7]) * (arg2[2])); + uint64_t x50 = ((uint64_t)(arg1[7]) * ((arg2[1]) * (uint32_t)0x2)); + uint64_t x51 = ((uint64_t)(arg1[7]) * (arg2[0])); + uint64_t x52 = ((uint64_t)(arg1[6]) * (arg2[3])); + uint64_t x53 = ((uint64_t)(arg1[6]) * (arg2[2])); + uint64_t x54 = ((uint64_t)(arg1[6]) * (arg2[1])); + uint64_t x55 = ((uint64_t)(arg1[6]) * (arg2[0])); + uint64_t x56 = ((uint64_t)(arg1[5]) * (arg2[4])); + uint64_t x57 = ((uint64_t)(arg1[5]) * ((arg2[3]) * (uint32_t)0x2)); + uint64_t x58 = ((uint64_t)(arg1[5]) * (arg2[2])); + uint64_t x59 = ((uint64_t)(arg1[5]) * ((arg2[1]) * (uint32_t)0x2)); + uint64_t x60 = ((uint64_t)(arg1[5]) * (arg2[0])); + uint64_t x61 = ((uint64_t)(arg1[4]) * (arg2[5])); + uint64_t x62 = ((uint64_t)(arg1[4]) * (arg2[4])); + uint64_t x63 = ((uint64_t)(arg1[4]) * (arg2[3])); + uint64_t x64 = ((uint64_t)(arg1[4]) * (arg2[2])); + uint64_t x65 = ((uint64_t)(arg1[4]) * (arg2[1])); + uint64_t x66 = ((uint64_t)(arg1[4]) * (arg2[0])); + uint64_t x67 = ((uint64_t)(arg1[3]) * (arg2[6])); + uint64_t x68 = ((uint64_t)(arg1[3]) * ((arg2[5]) * (uint32_t)0x2)); + uint64_t x69 = ((uint64_t)(arg1[3]) * (arg2[4])); + uint64_t x70 = ((uint64_t)(arg1[3]) * ((arg2[3]) * (uint32_t)0x2)); + uint64_t x71 = ((uint64_t)(arg1[3]) * (arg2[2])); + uint64_t x72 = ((uint64_t)(arg1[3]) * ((arg2[1]) * (uint32_t)0x2)); + uint64_t x73 = ((uint64_t)(arg1[3]) * (arg2[0])); + uint64_t x74 = ((uint64_t)(arg1[2]) * (arg2[7])); + uint64_t x75 = ((uint64_t)(arg1[2]) * (arg2[6])); + uint64_t x76 = ((uint64_t)(arg1[2]) * (arg2[5])); + uint64_t x77 = ((uint64_t)(arg1[2]) * (arg2[4])); + uint64_t x78 = ((uint64_t)(arg1[2]) * (arg2[3])); + uint64_t x79 = ((uint64_t)(arg1[2]) * (arg2[2])); + uint64_t x80 = ((uint64_t)(arg1[2]) * (arg2[1])); + uint64_t x81 = ((uint64_t)(arg1[2]) * (arg2[0])); + uint64_t x82 = ((uint64_t)(arg1[1]) * (arg2[8])); + uint64_t x83 = ((uint64_t)(arg1[1]) * ((arg2[7]) * (uint32_t)0x2)); + uint64_t x84 = ((uint64_t)(arg1[1]) * (arg2[6])); + uint64_t x85 = ((uint64_t)(arg1[1]) * ((arg2[5]) * (uint32_t)0x2)); + uint64_t x86 = ((uint64_t)(arg1[1]) * (arg2[4])); + uint64_t x87 = ((uint64_t)(arg1[1]) * ((arg2[3]) * (uint32_t)0x2)); + uint64_t x88 = ((uint64_t)(arg1[1]) * (arg2[2])); + uint64_t x89 = ((uint64_t)(arg1[1]) * ((arg2[1]) * (uint32_t)0x2)); + uint64_t x90 = ((uint64_t)(arg1[1]) * (arg2[0])); + uint64_t x91 = ((uint64_t)(arg1[0]) * (arg2[9])); + uint64_t x92 = ((uint64_t)(arg1[0]) * (arg2[8])); + uint64_t x93 = ((uint64_t)(arg1[0]) * (arg2[7])); + uint64_t x94 = ((uint64_t)(arg1[0]) * (arg2[6])); + uint64_t x95 = ((uint64_t)(arg1[0]) * (arg2[5])); + uint64_t x96 = ((uint64_t)(arg1[0]) * (arg2[4])); + uint64_t x97 = ((uint64_t)(arg1[0]) * (arg2[3])); + uint64_t x98 = ((uint64_t)(arg1[0]) * (arg2[2])); + uint64_t x99 = ((uint64_t)(arg1[0]) * (arg2[1])); + uint64_t x100 = ((uint64_t)(arg1[0]) * (arg2[0])); + uint64_t x101 = (x100 + (x45 + (x44 + (x42 + (x39 + (x35 + (x30 + (x24 + (x17 + x9))))))))); + uint64_t x102 = (x101 >> 26); + uint32_t x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff)); + uint64_t x104 = (x91 + (x82 + (x74 + (x67 + (x61 + (x56 + (x52 + (x49 + (x47 + x46))))))))); + uint64_t x105 = (x92 + (x83 + (x75 + (x68 + (x62 + (x57 + (x53 + (x50 + (x48 + x1))))))))); + uint64_t x106 = (x93 + (x84 + (x76 + (x69 + (x63 + (x58 + (x54 + (x51 + (x10 + x2))))))))); + uint64_t x107 = (x94 + (x85 + (x77 + (x70 + (x64 + (x59 + (x55 + (x18 + (x11 + x3))))))))); + uint64_t x108 = (x95 + (x86 + (x78 + (x71 + (x65 + (x60 + (x25 + (x19 + (x12 + x4))))))))); + uint64_t x109 = (x96 + (x87 + (x79 + (x72 + (x66 + (x31 + (x26 + (x20 + (x13 + x5))))))))); + uint64_t x110 = (x97 + (x88 + (x80 + (x73 + (x36 + (x32 + (x27 + (x21 + (x14 + x6))))))))); + uint64_t x111 = (x98 + (x89 + (x81 + (x40 + (x37 + (x33 + (x28 + (x22 + (x15 + x7))))))))); + uint64_t x112 = (x99 + (x90 + (x43 + (x41 + (x38 + (x34 + (x29 + (x23 + (x16 + x8))))))))); + uint64_t x113 = (x102 + x112); + uint64_t x114 = (x113 >> 25); + uint32_t x115 = (uint32_t)(x113 & UINT32_C(0x1ffffff)); + uint64_t x116 = (x114 + x111); + uint64_t x117 = (x116 >> 26); + uint32_t x118 = (uint32_t)(x116 & UINT32_C(0x3ffffff)); + uint64_t x119 = (x117 + x110); + uint64_t x120 = (x119 >> 25); + uint32_t x121 = (uint32_t)(x119 & UINT32_C(0x1ffffff)); + uint64_t x122 = (x120 + x109); + uint64_t x123 = (x122 >> 26); + uint32_t x124 = (uint32_t)(x122 & UINT32_C(0x3ffffff)); + uint64_t x125 = (x123 + x108); + uint64_t x126 = (x125 >> 25); + uint32_t x127 = (uint32_t)(x125 & UINT32_C(0x1ffffff)); + uint64_t x128 = (x126 + x107); + uint64_t x129 = (x128 >> 26); + uint32_t x130 = (uint32_t)(x128 & UINT32_C(0x3ffffff)); + uint64_t x131 = (x129 + x106); + uint64_t x132 = (x131 >> 25); + uint32_t x133 = (uint32_t)(x131 & UINT32_C(0x1ffffff)); + uint64_t x134 = (x132 + x105); + uint64_t x135 = (x134 >> 26); + uint32_t x136 = (uint32_t)(x134 & UINT32_C(0x3ffffff)); + uint64_t x137 = (x135 + x104); + uint64_t x138 = (x137 >> 25); + uint32_t x139 = (uint32_t)(x137 & UINT32_C(0x1ffffff)); + uint64_t x140 = (x138 * (uint64_t)UINT8_C(0x13)); + uint64_t x141 = (x103 + x140); + uint32_t x142 = (uint32_t)(x141 >> 26); + uint32_t x143 = (uint32_t)(x141 & UINT32_C(0x3ffffff)); + uint32_t x144 = (x142 + x115); + uint32_t x145 = (x144 >> 25); + uint32_t x146 = (x144 & UINT32_C(0x1ffffff)); + uint32_t x147 = (x145 + x118); + out1[0] = x143; + out1[1] = x146; + out1[2] = x147; + out1[3] = x121; + out1[4] = x124; + out1[5] = x127; + out1[6] = x130; + out1[7] = x133; + out1[8] = x136; + out1[9] = x139; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]] + * Output Bounds: + * out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] + */ +static void fiat_25519_carry_square(uint32_t out1[10], const uint32_t arg1[10]) { + uint32_t x1 = ((arg1[9]) * (uint32_t)UINT8_C(0x13)); + uint32_t x2 = (x1 * (uint32_t)0x2); + uint32_t x3 = ((arg1[9]) * (uint32_t)0x2); + uint32_t x4 = ((arg1[8]) * (uint32_t)UINT8_C(0x13)); + uint64_t x5 = (x4 * (uint64_t)0x2); + uint32_t x6 = ((arg1[8]) * (uint32_t)0x2); + uint32_t x7 = ((arg1[7]) * (uint32_t)UINT8_C(0x13)); + uint32_t x8 = (x7 * (uint32_t)0x2); + uint32_t x9 = ((arg1[7]) * (uint32_t)0x2); + uint32_t x10 = ((arg1[6]) * (uint32_t)UINT8_C(0x13)); + uint64_t x11 = (x10 * (uint64_t)0x2); + uint32_t x12 = ((arg1[6]) * (uint32_t)0x2); + uint32_t x13 = ((arg1[5]) * (uint32_t)UINT8_C(0x13)); + uint32_t x14 = ((arg1[5]) * (uint32_t)0x2); + uint32_t x15 = ((arg1[4]) * (uint32_t)0x2); + uint32_t x16 = ((arg1[3]) * (uint32_t)0x2); + uint32_t x17 = ((arg1[2]) * (uint32_t)0x2); + uint32_t x18 = ((arg1[1]) * (uint32_t)0x2); + uint64_t x19 = ((uint64_t)(arg1[9]) * (x1 * (uint32_t)0x2)); + uint64_t x20 = ((uint64_t)(arg1[8]) * x2); + uint64_t x21 = ((uint64_t)(arg1[8]) * x4); + uint64_t x22 = ((arg1[7]) * (x2 * (uint64_t)0x2)); + uint64_t x23 = ((arg1[7]) * x5); + uint64_t x24 = ((uint64_t)(arg1[7]) * (x7 * (uint32_t)0x2)); + uint64_t x25 = ((uint64_t)(arg1[6]) * x2); + uint64_t x26 = ((arg1[6]) * x5); + uint64_t x27 = ((uint64_t)(arg1[6]) * x8); + uint64_t x28 = ((uint64_t)(arg1[6]) * x10); + uint64_t x29 = ((arg1[5]) * (x2 * (uint64_t)0x2)); + uint64_t x30 = ((arg1[5]) * x5); + uint64_t x31 = ((arg1[5]) * (x8 * (uint64_t)0x2)); + uint64_t x32 = ((arg1[5]) * x11); + uint64_t x33 = ((uint64_t)(arg1[5]) * (x13 * (uint32_t)0x2)); + uint64_t x34 = ((uint64_t)(arg1[4]) * x2); + uint64_t x35 = ((arg1[4]) * x5); + uint64_t x36 = ((uint64_t)(arg1[4]) * x8); + uint64_t x37 = ((arg1[4]) * x11); + uint64_t x38 = ((uint64_t)(arg1[4]) * x14); + uint64_t x39 = ((uint64_t)(arg1[4]) * (arg1[4])); + uint64_t x40 = ((arg1[3]) * (x2 * (uint64_t)0x2)); + uint64_t x41 = ((arg1[3]) * x5); + uint64_t x42 = ((arg1[3]) * (x8 * (uint64_t)0x2)); + uint64_t x43 = ((uint64_t)(arg1[3]) * x12); + uint64_t x44 = ((uint64_t)(arg1[3]) * (x14 * (uint32_t)0x2)); + uint64_t x45 = ((uint64_t)(arg1[3]) * x15); + uint64_t x46 = ((uint64_t)(arg1[3]) * ((arg1[3]) * (uint32_t)0x2)); + uint64_t x47 = ((uint64_t)(arg1[2]) * x2); + uint64_t x48 = ((arg1[2]) * x5); + uint64_t x49 = ((uint64_t)(arg1[2]) * x9); + uint64_t x50 = ((uint64_t)(arg1[2]) * x12); + uint64_t x51 = ((uint64_t)(arg1[2]) * x14); + uint64_t x52 = ((uint64_t)(arg1[2]) * x15); + uint64_t x53 = ((uint64_t)(arg1[2]) * x16); + uint64_t x54 = ((uint64_t)(arg1[2]) * (arg1[2])); + uint64_t x55 = ((arg1[1]) * (x2 * (uint64_t)0x2)); + uint64_t x56 = ((uint64_t)(arg1[1]) * x6); + uint64_t x57 = ((uint64_t)(arg1[1]) * (x9 * (uint32_t)0x2)); + uint64_t x58 = ((uint64_t)(arg1[1]) * x12); + uint64_t x59 = ((uint64_t)(arg1[1]) * (x14 * (uint32_t)0x2)); + uint64_t x60 = ((uint64_t)(arg1[1]) * x15); + uint64_t x61 = ((uint64_t)(arg1[1]) * (x16 * (uint32_t)0x2)); + uint64_t x62 = ((uint64_t)(arg1[1]) * x17); + uint64_t x63 = ((uint64_t)(arg1[1]) * ((arg1[1]) * (uint32_t)0x2)); + uint64_t x64 = ((uint64_t)(arg1[0]) * x3); + uint64_t x65 = ((uint64_t)(arg1[0]) * x6); + uint64_t x66 = ((uint64_t)(arg1[0]) * x9); + uint64_t x67 = ((uint64_t)(arg1[0]) * x12); + uint64_t x68 = ((uint64_t)(arg1[0]) * x14); + uint64_t x69 = ((uint64_t)(arg1[0]) * x15); + uint64_t x70 = ((uint64_t)(arg1[0]) * x16); + uint64_t x71 = ((uint64_t)(arg1[0]) * x17); + uint64_t x72 = ((uint64_t)(arg1[0]) * x18); + uint64_t x73 = ((uint64_t)(arg1[0]) * (arg1[0])); + uint64_t x74 = (x73 + (x55 + (x48 + (x42 + (x37 + x33))))); + uint64_t x75 = (x74 >> 26); + uint32_t x76 = (uint32_t)(x74 & UINT32_C(0x3ffffff)); + uint64_t x77 = (x64 + (x56 + (x49 + (x43 + x38)))); + uint64_t x78 = (x65 + (x57 + (x50 + (x44 + (x39 + x19))))); + uint64_t x79 = (x66 + (x58 + (x51 + (x45 + x20)))); + uint64_t x80 = (x67 + (x59 + (x52 + (x46 + (x22 + x21))))); + uint64_t x81 = (x68 + (x60 + (x53 + (x25 + x23)))); + uint64_t x82 = (x69 + (x61 + (x54 + (x29 + (x26 + x24))))); + uint64_t x83 = (x70 + (x62 + (x34 + (x30 + x27)))); + uint64_t x84 = (x71 + (x63 + (x40 + (x35 + (x31 + x28))))); + uint64_t x85 = (x72 + (x47 + (x41 + (x36 + x32)))); + uint64_t x86 = (x75 + x85); + uint64_t x87 = (x86 >> 25); + uint32_t x88 = (uint32_t)(x86 & UINT32_C(0x1ffffff)); + uint64_t x89 = (x87 + x84); + uint64_t x90 = (x89 >> 26); + uint32_t x91 = (uint32_t)(x89 & UINT32_C(0x3ffffff)); + uint64_t x92 = (x90 + x83); + uint64_t x93 = (x92 >> 25); + uint32_t x94 = (uint32_t)(x92 & UINT32_C(0x1ffffff)); + uint64_t x95 = (x93 + x82); + uint64_t x96 = (x95 >> 26); + uint32_t x97 = (uint32_t)(x95 & UINT32_C(0x3ffffff)); + uint64_t x98 = (x96 + x81); + uint64_t x99 = (x98 >> 25); + uint32_t x100 = (uint32_t)(x98 & UINT32_C(0x1ffffff)); + uint64_t x101 = (x99 + x80); + uint64_t x102 = (x101 >> 26); + uint32_t x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff)); + uint64_t x104 = (x102 + x79); + uint64_t x105 = (x104 >> 25); + uint32_t x106 = (uint32_t)(x104 & UINT32_C(0x1ffffff)); + uint64_t x107 = (x105 + x78); + uint64_t x108 = (x107 >> 26); + uint32_t x109 = (uint32_t)(x107 & UINT32_C(0x3ffffff)); + uint64_t x110 = (x108 + x77); + uint64_t x111 = (x110 >> 25); + uint32_t x112 = (uint32_t)(x110 & UINT32_C(0x1ffffff)); + uint64_t x113 = (x111 * (uint64_t)UINT8_C(0x13)); + uint64_t x114 = (x76 + x113); + uint32_t x115 = (uint32_t)(x114 >> 26); + uint32_t x116 = (uint32_t)(x114 & UINT32_C(0x3ffffff)); + uint32_t x117 = (x115 + x88); + uint32_t x118 = (x117 >> 25); + uint32_t x119 = (x117 & UINT32_C(0x1ffffff)); + uint32_t x120 = (x118 + x91); + out1[0] = x116; + out1[1] = x119; + out1[2] = x120; + out1[3] = x94; + out1[4] = x97; + out1[5] = x100; + out1[6] = x103; + out1[7] = x106; + out1[8] = x109; + out1[9] = x112; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]] + * Output Bounds: + * out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] + */ +static void fiat_25519_carry_scmul_121666(uint32_t out1[10], const uint32_t arg1[10]) { + uint64_t x1 = ((uint64_t)UINT32_C(0x1db42) * (arg1[9])); + uint64_t x2 = ((uint64_t)UINT32_C(0x1db42) * (arg1[8])); + uint64_t x3 = ((uint64_t)UINT32_C(0x1db42) * (arg1[7])); + uint64_t x4 = ((uint64_t)UINT32_C(0x1db42) * (arg1[6])); + uint64_t x5 = ((uint64_t)UINT32_C(0x1db42) * (arg1[5])); + uint64_t x6 = ((uint64_t)UINT32_C(0x1db42) * (arg1[4])); + uint64_t x7 = ((uint64_t)UINT32_C(0x1db42) * (arg1[3])); + uint64_t x8 = ((uint64_t)UINT32_C(0x1db42) * (arg1[2])); + uint64_t x9 = ((uint64_t)UINT32_C(0x1db42) * (arg1[1])); + uint64_t x10 = ((uint64_t)UINT32_C(0x1db42) * (arg1[0])); + uint32_t x11 = (uint32_t)(x10 >> 26); + uint32_t x12 = (uint32_t)(x10 & UINT32_C(0x3ffffff)); + uint64_t x13 = (x11 + x9); + uint32_t x14 = (uint32_t)(x13 >> 25); + uint32_t x15 = (uint32_t)(x13 & UINT32_C(0x1ffffff)); + uint64_t x16 = (x14 + x8); + uint32_t x17 = (uint32_t)(x16 >> 26); + uint32_t x18 = (uint32_t)(x16 & UINT32_C(0x3ffffff)); + uint64_t x19 = (x17 + x7); + uint32_t x20 = (uint32_t)(x19 >> 25); + uint32_t x21 = (uint32_t)(x19 & UINT32_C(0x1ffffff)); + uint64_t x22 = (x20 + x6); + uint32_t x23 = (uint32_t)(x22 >> 26); + uint32_t x24 = (uint32_t)(x22 & UINT32_C(0x3ffffff)); + uint64_t x25 = (x23 + x5); + uint32_t x26 = (uint32_t)(x25 >> 25); + uint32_t x27 = (uint32_t)(x25 & UINT32_C(0x1ffffff)); + uint64_t x28 = (x26 + x4); + uint32_t x29 = (uint32_t)(x28 >> 26); + uint32_t x30 = (uint32_t)(x28 & UINT32_C(0x3ffffff)); + uint64_t x31 = (x29 + x3); + uint32_t x32 = (uint32_t)(x31 >> 25); + uint32_t x33 = (uint32_t)(x31 & UINT32_C(0x1ffffff)); + uint64_t x34 = (x32 + x2); + uint32_t x35 = (uint32_t)(x34 >> 26); + uint32_t x36 = (uint32_t)(x34 & UINT32_C(0x3ffffff)); + uint64_t x37 = (x35 + x1); + uint32_t x38 = (uint32_t)(x37 >> 25); + uint32_t x39 = (uint32_t)(x37 & UINT32_C(0x1ffffff)); + uint32_t x40 = (x38 * (uint32_t)UINT8_C(0x13)); + uint32_t x41 = (x12 + x40); + uint32_t x42 = (x41 >> 26); + uint32_t x43 = (x41 & UINT32_C(0x3ffffff)); + uint32_t x44 = (x42 + x15); + uint32_t x45 = (x44 >> 25); + uint32_t x46 = (x44 & UINT32_C(0x1ffffff)); + uint32_t x47 = (x45 + x18); + out1[0] = x43; + out1[1] = x46; + out1[2] = x47; + out1[3] = x21; + out1[4] = x24; + out1[5] = x27; + out1[6] = x30; + out1[7] = x33; + out1[8] = x36; + out1[9] = x39; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]] + * Output Bounds: + * out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] + */ +static void fiat_25519_carry(uint32_t out1[10], const uint32_t arg1[10]) { + uint32_t x1 = (arg1[0]); + uint32_t x2 = ((x1 >> 26) + (arg1[1])); + uint32_t x3 = ((x2 >> 25) + (arg1[2])); + uint32_t x4 = ((x3 >> 26) + (arg1[3])); + uint32_t x5 = ((x4 >> 25) + (arg1[4])); + uint32_t x6 = ((x5 >> 26) + (arg1[5])); + uint32_t x7 = ((x6 >> 25) + (arg1[6])); + uint32_t x8 = ((x7 >> 26) + (arg1[7])); + uint32_t x9 = ((x8 >> 25) + (arg1[8])); + uint32_t x10 = ((x9 >> 26) + (arg1[9])); + uint32_t x11 = ((x1 & UINT32_C(0x3ffffff)) + ((x10 >> 25) * (uint32_t)UINT8_C(0x13))); + uint32_t x12 = ((x11 >> 26) + (x2 & UINT32_C(0x1ffffff))); + uint32_t x13 = (x11 & UINT32_C(0x3ffffff)); + uint32_t x14 = (x12 & UINT32_C(0x1ffffff)); + uint32_t x15 = ((x12 >> 25) + (x3 & UINT32_C(0x3ffffff))); + uint32_t x16 = (x4 & UINT32_C(0x1ffffff)); + uint32_t x17 = (x5 & UINT32_C(0x3ffffff)); + uint32_t x18 = (x6 & UINT32_C(0x1ffffff)); + uint32_t x19 = (x7 & UINT32_C(0x3ffffff)); + uint32_t x20 = (x8 & UINT32_C(0x1ffffff)); + uint32_t x21 = (x9 & UINT32_C(0x3ffffff)); + uint32_t x22 = (x10 & UINT32_C(0x1ffffff)); + out1[0] = x13; + out1[1] = x14; + out1[2] = x15; + out1[3] = x16; + out1[4] = x17; + out1[5] = x18; + out1[6] = x19; + out1[7] = x20; + out1[8] = x21; + out1[9] = x22; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] + * arg2: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] + * Output Bounds: + * out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]] + */ +static void fiat_25519_add(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) { + uint32_t x1 = ((arg1[0]) + (arg2[0])); + uint32_t x2 = ((arg1[1]) + (arg2[1])); + uint32_t x3 = ((arg1[2]) + (arg2[2])); + uint32_t x4 = ((arg1[3]) + (arg2[3])); + uint32_t x5 = ((arg1[4]) + (arg2[4])); + uint32_t x6 = ((arg1[5]) + (arg2[5])); + uint32_t x7 = ((arg1[6]) + (arg2[6])); + uint32_t x8 = ((arg1[7]) + (arg2[7])); + uint32_t x9 = ((arg1[8]) + (arg2[8])); + uint32_t x10 = ((arg1[9]) + (arg2[9])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] + * arg2: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] + * Output Bounds: + * out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]] + */ +static void fiat_25519_sub(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) { + uint32_t x1 = ((UINT32_C(0x7ffffda) + (arg1[0])) - (arg2[0])); + uint32_t x2 = ((UINT32_C(0x3fffffe) + (arg1[1])) - (arg2[1])); + uint32_t x3 = ((UINT32_C(0x7fffffe) + (arg1[2])) - (arg2[2])); + uint32_t x4 = ((UINT32_C(0x3fffffe) + (arg1[3])) - (arg2[3])); + uint32_t x5 = ((UINT32_C(0x7fffffe) + (arg1[4])) - (arg2[4])); + uint32_t x6 = ((UINT32_C(0x3fffffe) + (arg1[5])) - (arg2[5])); + uint32_t x7 = ((UINT32_C(0x7fffffe) + (arg1[6])) - (arg2[6])); + uint32_t x8 = ((UINT32_C(0x3fffffe) + (arg1[7])) - (arg2[7])); + uint32_t x9 = ((UINT32_C(0x7fffffe) + (arg1[8])) - (arg2[8])); + uint32_t x10 = ((UINT32_C(0x3fffffe) + (arg1[9])) - (arg2[9])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] + * Output Bounds: + * out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]] + */ +static void fiat_25519_opp(uint32_t out1[10], const uint32_t arg1[10]) { + uint32_t x1 = (UINT32_C(0x7ffffda) - (arg1[0])); + uint32_t x2 = (UINT32_C(0x3fffffe) - (arg1[1])); + uint32_t x3 = (UINT32_C(0x7fffffe) - (arg1[2])); + uint32_t x4 = (UINT32_C(0x3fffffe) - (arg1[3])); + uint32_t x5 = (UINT32_C(0x7fffffe) - (arg1[4])); + uint32_t x6 = (UINT32_C(0x3fffffe) - (arg1[5])); + uint32_t x7 = (UINT32_C(0x7fffffe) - (arg1[6])); + uint32_t x8 = (UINT32_C(0x3fffffe) - (arg1[7])); + uint32_t x9 = (UINT32_C(0x7fffffe) - (arg1[8])); + uint32_t x10 = (UINT32_C(0x3fffffe) - (arg1[9])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_25519_selectznz(uint32_t out1[10], fiat_25519_uint1 arg1, const uint32_t arg2[10], const uint32_t arg3[10]) { + uint32_t x1; + fiat_25519_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); + uint32_t x2; + fiat_25519_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); + uint32_t x3; + fiat_25519_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); + uint32_t x4; + fiat_25519_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); + uint32_t x5; + fiat_25519_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); + uint32_t x6; + fiat_25519_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); + uint32_t x7; + fiat_25519_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); + uint32_t x8; + fiat_25519_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); + uint32_t x9; + fiat_25519_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8])); + uint32_t x10; + fiat_25519_cmovznz_u32(&x10, arg1, (arg2[9]), (arg3[9])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] + * Output Bounds: + * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] + */ +static void fiat_25519_to_bytes(uint8_t out1[32], const uint32_t arg1[10]) { + uint32_t x1; + fiat_25519_uint1 x2; + fiat_25519_subborrowx_u26(&x1, &x2, 0x0, (arg1[0]), UINT32_C(0x3ffffed)); + uint32_t x3; + fiat_25519_uint1 x4; + fiat_25519_subborrowx_u25(&x3, &x4, x2, (arg1[1]), UINT32_C(0x1ffffff)); + uint32_t x5; + fiat_25519_uint1 x6; + fiat_25519_subborrowx_u26(&x5, &x6, x4, (arg1[2]), UINT32_C(0x3ffffff)); + uint32_t x7; + fiat_25519_uint1 x8; + fiat_25519_subborrowx_u25(&x7, &x8, x6, (arg1[3]), UINT32_C(0x1ffffff)); + uint32_t x9; + fiat_25519_uint1 x10; + fiat_25519_subborrowx_u26(&x9, &x10, x8, (arg1[4]), UINT32_C(0x3ffffff)); + uint32_t x11; + fiat_25519_uint1 x12; + fiat_25519_subborrowx_u25(&x11, &x12, x10, (arg1[5]), UINT32_C(0x1ffffff)); + uint32_t x13; + fiat_25519_uint1 x14; + fiat_25519_subborrowx_u26(&x13, &x14, x12, (arg1[6]), UINT32_C(0x3ffffff)); + uint32_t x15; + fiat_25519_uint1 x16; + fiat_25519_subborrowx_u25(&x15, &x16, x14, (arg1[7]), UINT32_C(0x1ffffff)); + uint32_t x17; + fiat_25519_uint1 x18; + fiat_25519_subborrowx_u26(&x17, &x18, x16, (arg1[8]), UINT32_C(0x3ffffff)); + uint32_t x19; + fiat_25519_uint1 x20; + fiat_25519_subborrowx_u25(&x19, &x20, x18, (arg1[9]), UINT32_C(0x1ffffff)); + uint32_t x21; + fiat_25519_cmovznz_u32(&x21, x20, 0x0, UINT32_C(0xffffffff)); + uint32_t x22; + fiat_25519_uint1 x23; + fiat_25519_addcarryx_u26(&x22, &x23, 0x0, (x21 & UINT32_C(0x3ffffed)), x1); + uint32_t x24; + fiat_25519_uint1 x25; + fiat_25519_addcarryx_u25(&x24, &x25, x23, (x21 & UINT32_C(0x1ffffff)), x3); + uint32_t x26; + fiat_25519_uint1 x27; + fiat_25519_addcarryx_u26(&x26, &x27, x25, (x21 & UINT32_C(0x3ffffff)), x5); + uint32_t x28; + fiat_25519_uint1 x29; + fiat_25519_addcarryx_u25(&x28, &x29, x27, (x21 & UINT32_C(0x1ffffff)), x7); + uint32_t x30; + fiat_25519_uint1 x31; + fiat_25519_addcarryx_u26(&x30, &x31, x29, (x21 & UINT32_C(0x3ffffff)), x9); + uint32_t x32; + fiat_25519_uint1 x33; + fiat_25519_addcarryx_u25(&x32, &x33, x31, (x21 & UINT32_C(0x1ffffff)), x11); + uint32_t x34; + fiat_25519_uint1 x35; + fiat_25519_addcarryx_u26(&x34, &x35, x33, (x21 & UINT32_C(0x3ffffff)), x13); + uint32_t x36; + fiat_25519_uint1 x37; + fiat_25519_addcarryx_u25(&x36, &x37, x35, (x21 & UINT32_C(0x1ffffff)), x15); + uint32_t x38; + fiat_25519_uint1 x39; + fiat_25519_addcarryx_u26(&x38, &x39, x37, (x21 & UINT32_C(0x3ffffff)), x17); + uint32_t x40; + fiat_25519_uint1 x41; + fiat_25519_addcarryx_u25(&x40, &x41, x39, (x21 & UINT32_C(0x1ffffff)), x19); + uint32_t x42 = (x40 << 6); + uint32_t x43 = (x38 << 4); + uint32_t x44 = (x36 << 3); + uint32_t x45 = (x34 * (uint32_t)0x2); + uint32_t x46 = (x30 << 6); + uint32_t x47 = (x28 << 5); + uint32_t x48 = (x26 << 3); + uint32_t x49 = (x24 << 2); + uint32_t x50 = (x22 >> 8); + uint8_t x51 = (uint8_t)(x22 & UINT8_C(0xff)); + uint32_t x52 = (x50 >> 8); + uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff)); + uint8_t x54 = (uint8_t)(x52 >> 8); + uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff)); + uint32_t x56 = (x54 + x49); + uint32_t x57 = (x56 >> 8); + uint8_t x58 = (uint8_t)(x56 & UINT8_C(0xff)); + uint32_t x59 = (x57 >> 8); + uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); + uint8_t x61 = (uint8_t)(x59 >> 8); + uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); + uint32_t x63 = (x61 + x48); + uint32_t x64 = (x63 >> 8); + uint8_t x65 = (uint8_t)(x63 & UINT8_C(0xff)); + uint32_t x66 = (x64 >> 8); + uint8_t x67 = (uint8_t)(x64 & UINT8_C(0xff)); + uint8_t x68 = (uint8_t)(x66 >> 8); + uint8_t x69 = (uint8_t)(x66 & UINT8_C(0xff)); + uint32_t x70 = (x68 + x47); + uint32_t x71 = (x70 >> 8); + uint8_t x72 = (uint8_t)(x70 & UINT8_C(0xff)); + uint32_t x73 = (x71 >> 8); + uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff)); + uint8_t x75 = (uint8_t)(x73 >> 8); + uint8_t x76 = (uint8_t)(x73 & UINT8_C(0xff)); + uint32_t x77 = (x75 + x46); + uint32_t x78 = (x77 >> 8); + uint8_t x79 = (uint8_t)(x77 & UINT8_C(0xff)); + uint32_t x80 = (x78 >> 8); + uint8_t x81 = (uint8_t)(x78 & UINT8_C(0xff)); + uint8_t x82 = (uint8_t)(x80 >> 8); + uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff)); + uint8_t x84 = (uint8_t)(x82 & UINT8_C(0xff)); + uint32_t x85 = (x32 >> 8); + uint8_t x86 = (uint8_t)(x32 & UINT8_C(0xff)); + uint32_t x87 = (x85 >> 8); + uint8_t x88 = (uint8_t)(x85 & UINT8_C(0xff)); + fiat_25519_uint1 x89 = (fiat_25519_uint1)(x87 >> 8); + uint8_t x90 = (uint8_t)(x87 & UINT8_C(0xff)); + uint32_t x91 = (x89 + x45); + uint32_t x92 = (x91 >> 8); + uint8_t x93 = (uint8_t)(x91 & UINT8_C(0xff)); + uint32_t x94 = (x92 >> 8); + uint8_t x95 = (uint8_t)(x92 & UINT8_C(0xff)); + uint8_t x96 = (uint8_t)(x94 >> 8); + uint8_t x97 = (uint8_t)(x94 & UINT8_C(0xff)); + uint32_t x98 = (x96 + x44); + uint32_t x99 = (x98 >> 8); + uint8_t x100 = (uint8_t)(x98 & UINT8_C(0xff)); + uint32_t x101 = (x99 >> 8); + uint8_t x102 = (uint8_t)(x99 & UINT8_C(0xff)); + uint8_t x103 = (uint8_t)(x101 >> 8); + uint8_t x104 = (uint8_t)(x101 & UINT8_C(0xff)); + uint32_t x105 = (x103 + x43); + uint32_t x106 = (x105 >> 8); + uint8_t x107 = (uint8_t)(x105 & UINT8_C(0xff)); + uint32_t x108 = (x106 >> 8); + uint8_t x109 = (uint8_t)(x106 & UINT8_C(0xff)); + uint8_t x110 = (uint8_t)(x108 >> 8); + uint8_t x111 = (uint8_t)(x108 & UINT8_C(0xff)); + uint32_t x112 = (x110 + x42); + uint32_t x113 = (x112 >> 8); + uint8_t x114 = (uint8_t)(x112 & UINT8_C(0xff)); + uint32_t x115 = (x113 >> 8); + uint8_t x116 = (uint8_t)(x113 & UINT8_C(0xff)); + uint8_t x117 = (uint8_t)(x115 >> 8); + uint8_t x118 = (uint8_t)(x115 & UINT8_C(0xff)); + out1[0] = x51; + out1[1] = x53; + out1[2] = x55; + out1[3] = x58; + out1[4] = x60; + out1[5] = x62; + out1[6] = x65; + out1[7] = x67; + out1[8] = x69; + out1[9] = x72; + out1[10] = x74; + out1[11] = x76; + out1[12] = x79; + out1[13] = x81; + out1[14] = x83; + out1[15] = x84; + out1[16] = x86; + out1[17] = x88; + out1[18] = x90; + out1[19] = x93; + out1[20] = x95; + out1[21] = x97; + out1[22] = x100; + out1[23] = x102; + out1[24] = x104; + out1[25] = x107; + out1[26] = x109; + out1[27] = x111; + out1[28] = x114; + out1[29] = x116; + out1[30] = x118; + out1[31] = x117; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] + * Output Bounds: + * out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] + */ +static void fiat_25519_from_bytes(uint32_t out1[10], const uint8_t arg1[32]) { + uint32_t x1 = ((uint32_t)(arg1[31]) << 18); + uint32_t x2 = ((uint32_t)(arg1[30]) << 10); + uint32_t x3 = ((uint32_t)(arg1[29]) << 2); + uint32_t x4 = ((uint32_t)(arg1[28]) << 20); + uint32_t x5 = ((uint32_t)(arg1[27]) << 12); + uint32_t x6 = ((uint32_t)(arg1[26]) << 4); + uint32_t x7 = ((uint32_t)(arg1[25]) << 21); + uint32_t x8 = ((uint32_t)(arg1[24]) << 13); + uint32_t x9 = ((uint32_t)(arg1[23]) << 5); + uint32_t x10 = ((uint32_t)(arg1[22]) << 23); + uint32_t x11 = ((uint32_t)(arg1[21]) << 15); + uint32_t x12 = ((uint32_t)(arg1[20]) << 7); + uint32_t x13 = ((uint32_t)(arg1[19]) << 24); + uint32_t x14 = ((uint32_t)(arg1[18]) << 16); + uint32_t x15 = ((uint32_t)(arg1[17]) << 8); + uint8_t x16 = (arg1[16]); + uint32_t x17 = ((uint32_t)(arg1[15]) << 18); + uint32_t x18 = ((uint32_t)(arg1[14]) << 10); + uint32_t x19 = ((uint32_t)(arg1[13]) << 2); + uint32_t x20 = ((uint32_t)(arg1[12]) << 19); + uint32_t x21 = ((uint32_t)(arg1[11]) << 11); + uint32_t x22 = ((uint32_t)(arg1[10]) << 3); + uint32_t x23 = ((uint32_t)(arg1[9]) << 21); + uint32_t x24 = ((uint32_t)(arg1[8]) << 13); + uint32_t x25 = ((uint32_t)(arg1[7]) << 5); + uint32_t x26 = ((uint32_t)(arg1[6]) << 22); + uint32_t x27 = ((uint32_t)(arg1[5]) << 14); + uint32_t x28 = ((uint32_t)(arg1[4]) << 6); + uint32_t x29 = ((uint32_t)(arg1[3]) << 24); + uint32_t x30 = ((uint32_t)(arg1[2]) << 16); + uint32_t x31 = ((uint32_t)(arg1[1]) << 8); + uint8_t x32 = (arg1[0]); + uint32_t x33 = (x32 + (x31 + (x30 + x29))); + uint8_t x34 = (uint8_t)(x33 >> 26); + uint32_t x35 = (x33 & UINT32_C(0x3ffffff)); + uint32_t x36 = (x3 + (x2 + x1)); + uint32_t x37 = (x6 + (x5 + x4)); + uint32_t x38 = (x9 + (x8 + x7)); + uint32_t x39 = (x12 + (x11 + x10)); + uint32_t x40 = (x16 + (x15 + (x14 + x13))); + uint32_t x41 = (x19 + (x18 + x17)); + uint32_t x42 = (x22 + (x21 + x20)); + uint32_t x43 = (x25 + (x24 + x23)); + uint32_t x44 = (x28 + (x27 + x26)); + uint32_t x45 = (x34 + x44); + uint8_t x46 = (uint8_t)(x45 >> 25); + uint32_t x47 = (x45 & UINT32_C(0x1ffffff)); + uint32_t x48 = (x46 + x43); + uint8_t x49 = (uint8_t)(x48 >> 26); + uint32_t x50 = (x48 & UINT32_C(0x3ffffff)); + uint32_t x51 = (x49 + x42); + uint8_t x52 = (uint8_t)(x51 >> 25); + uint32_t x53 = (x51 & UINT32_C(0x1ffffff)); + uint32_t x54 = (x52 + x41); + uint32_t x55 = (x54 & UINT32_C(0x3ffffff)); + uint8_t x56 = (uint8_t)(x40 >> 25); + uint32_t x57 = (x40 & UINT32_C(0x1ffffff)); + uint32_t x58 = (x56 + x39); + uint8_t x59 = (uint8_t)(x58 >> 26); + uint32_t x60 = (x58 & UINT32_C(0x3ffffff)); + uint32_t x61 = (x59 + x38); + uint8_t x62 = (uint8_t)(x61 >> 25); + uint32_t x63 = (x61 & UINT32_C(0x1ffffff)); + uint32_t x64 = (x62 + x37); + uint8_t x65 = (uint8_t)(x64 >> 26); + uint32_t x66 = (x64 & UINT32_C(0x3ffffff)); + uint32_t x67 = (x65 + x36); + out1[0] = x35; + out1[1] = x47; + out1[2] = x50; + out1[3] = x53; + out1[4] = x55; + out1[5] = x57; + out1[6] = x60; + out1[7] = x63; + out1[8] = x66; + out1[9] = x67; +} + diff --git a/src/third_party/fiat/curve25519_64.h b/src/third_party/fiat/curve25519_64.h new file mode 100644 index 0000000..23bf361 --- /dev/null +++ b/src/third_party/fiat/curve25519_64.h @@ -0,0 +1,553 @@ +/* Autogenerated */ +/* curve description: 25519 */ +/* requested operations: carry_mul, carry_square, carry_scmul121666, carry, add, sub, opp, selectznz, to_bytes, from_bytes */ +/* n = 5 (from "5") */ +/* s = 0x8000000000000000000000000000000000000000000000000000000000000000 (from "2^255") */ +/* c = [(1, 19)] (from "1,19") */ +/* machine_wordsize = 64 (from "64") */ + +#include +typedef unsigned char fiat_25519_uint1; +typedef signed char fiat_25519_int1; +typedef signed __int128 fiat_25519_int128; +typedef unsigned __int128 fiat_25519_uint128; + + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0x7ffffffffffff] + * arg3: [0x0 ~> 0x7ffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0x7ffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_25519_addcarryx_u51(uint64_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) { + uint64_t x1 = ((arg1 + arg2) + arg3); + uint64_t x2 = (x1 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint1 x3 = (fiat_25519_uint1)(x1 >> 51); + *out1 = x2; + *out2 = x3; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0x7ffffffffffff] + * arg3: [0x0 ~> 0x7ffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0x7ffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_25519_subborrowx_u51(uint64_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) { + int64_t x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3); + fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 51); + uint64_t x3 = (x1 & UINT64_C(0x7ffffffffffff)); + *out1 = x3; + *out2 = (fiat_25519_uint1)(0x0 - x2); +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + */ +static void fiat_25519_cmovznz_u64(uint64_t* out1, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_25519_uint1 x1 = (!(!arg1)); + uint64_t x2 = ((fiat_25519_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); + uint64_t x3 = ((x2 & arg3) | ((~x2) & arg2)); + *out1 = x3; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]] + * arg2: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]] + * Output Bounds: + * out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]] + */ +static void fiat_25519_carry_mul(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) { + fiat_25519_uint128 x1 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13))); + fiat_25519_uint128 x2 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[3]) * (uint64_t)UINT8_C(0x13))); + fiat_25519_uint128 x3 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[2]) * (uint64_t)UINT8_C(0x13))); + fiat_25519_uint128 x4 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[1]) * (uint64_t)UINT8_C(0x13))); + fiat_25519_uint128 x5 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13))); + fiat_25519_uint128 x6 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[3]) * (uint64_t)UINT8_C(0x13))); + fiat_25519_uint128 x7 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[2]) * (uint64_t)UINT8_C(0x13))); + fiat_25519_uint128 x8 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13))); + fiat_25519_uint128 x9 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[3]) * (uint64_t)UINT8_C(0x13))); + fiat_25519_uint128 x10 = ((fiat_25519_uint128)(arg1[1]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13))); + fiat_25519_uint128 x11 = ((fiat_25519_uint128)(arg1[4]) * (arg2[0])); + fiat_25519_uint128 x12 = ((fiat_25519_uint128)(arg1[3]) * (arg2[1])); + fiat_25519_uint128 x13 = ((fiat_25519_uint128)(arg1[3]) * (arg2[0])); + fiat_25519_uint128 x14 = ((fiat_25519_uint128)(arg1[2]) * (arg2[2])); + fiat_25519_uint128 x15 = ((fiat_25519_uint128)(arg1[2]) * (arg2[1])); + fiat_25519_uint128 x16 = ((fiat_25519_uint128)(arg1[2]) * (arg2[0])); + fiat_25519_uint128 x17 = ((fiat_25519_uint128)(arg1[1]) * (arg2[3])); + fiat_25519_uint128 x18 = ((fiat_25519_uint128)(arg1[1]) * (arg2[2])); + fiat_25519_uint128 x19 = ((fiat_25519_uint128)(arg1[1]) * (arg2[1])); + fiat_25519_uint128 x20 = ((fiat_25519_uint128)(arg1[1]) * (arg2[0])); + fiat_25519_uint128 x21 = ((fiat_25519_uint128)(arg1[0]) * (arg2[4])); + fiat_25519_uint128 x22 = ((fiat_25519_uint128)(arg1[0]) * (arg2[3])); + fiat_25519_uint128 x23 = ((fiat_25519_uint128)(arg1[0]) * (arg2[2])); + fiat_25519_uint128 x24 = ((fiat_25519_uint128)(arg1[0]) * (arg2[1])); + fiat_25519_uint128 x25 = ((fiat_25519_uint128)(arg1[0]) * (arg2[0])); + fiat_25519_uint128 x26 = (x25 + (x10 + (x9 + (x7 + x4)))); + uint64_t x27 = (uint64_t)(x26 >> 51); + uint64_t x28 = (uint64_t)(x26 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x29 = (x21 + (x17 + (x14 + (x12 + x11)))); + fiat_25519_uint128 x30 = (x22 + (x18 + (x15 + (x13 + x1)))); + fiat_25519_uint128 x31 = (x23 + (x19 + (x16 + (x5 + x2)))); + fiat_25519_uint128 x32 = (x24 + (x20 + (x8 + (x6 + x3)))); + fiat_25519_uint128 x33 = (x27 + x32); + uint64_t x34 = (uint64_t)(x33 >> 51); + uint64_t x35 = (uint64_t)(x33 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x36 = (x34 + x31); + uint64_t x37 = (uint64_t)(x36 >> 51); + uint64_t x38 = (uint64_t)(x36 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x39 = (x37 + x30); + uint64_t x40 = (uint64_t)(x39 >> 51); + uint64_t x41 = (uint64_t)(x39 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x42 = (x40 + x29); + uint64_t x43 = (uint64_t)(x42 >> 51); + uint64_t x44 = (uint64_t)(x42 & UINT64_C(0x7ffffffffffff)); + uint64_t x45 = (x43 * (uint64_t)UINT8_C(0x13)); + uint64_t x46 = (x28 + x45); + uint64_t x47 = (x46 >> 51); + uint64_t x48 = (x46 & UINT64_C(0x7ffffffffffff)); + uint64_t x49 = (x47 + x35); + uint64_t x50 = (x49 >> 51); + uint64_t x51 = (x49 & UINT64_C(0x7ffffffffffff)); + uint64_t x52 = (x50 + x38); + out1[0] = x48; + out1[1] = x51; + out1[2] = x52; + out1[3] = x41; + out1[4] = x44; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]] + * Output Bounds: + * out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]] + */ +static void fiat_25519_carry_square(uint64_t out1[5], const uint64_t arg1[5]) { + uint64_t x1 = ((arg1[4]) * (uint64_t)UINT8_C(0x13)); + uint64_t x2 = (x1 * (uint64_t)0x2); + uint64_t x3 = ((arg1[4]) * (uint64_t)0x2); + uint64_t x4 = ((arg1[3]) * (uint64_t)UINT8_C(0x13)); + uint64_t x5 = (x4 * (uint64_t)0x2); + uint64_t x6 = ((arg1[3]) * (uint64_t)0x2); + uint64_t x7 = ((arg1[2]) * (uint64_t)0x2); + uint64_t x8 = ((arg1[1]) * (uint64_t)0x2); + fiat_25519_uint128 x9 = ((fiat_25519_uint128)(arg1[4]) * x1); + fiat_25519_uint128 x10 = ((fiat_25519_uint128)(arg1[3]) * x2); + fiat_25519_uint128 x11 = ((fiat_25519_uint128)(arg1[3]) * x4); + fiat_25519_uint128 x12 = ((fiat_25519_uint128)(arg1[2]) * x2); + fiat_25519_uint128 x13 = ((fiat_25519_uint128)(arg1[2]) * x5); + fiat_25519_uint128 x14 = ((fiat_25519_uint128)(arg1[2]) * (arg1[2])); + fiat_25519_uint128 x15 = ((fiat_25519_uint128)(arg1[1]) * x2); + fiat_25519_uint128 x16 = ((fiat_25519_uint128)(arg1[1]) * x6); + fiat_25519_uint128 x17 = ((fiat_25519_uint128)(arg1[1]) * x7); + fiat_25519_uint128 x18 = ((fiat_25519_uint128)(arg1[1]) * (arg1[1])); + fiat_25519_uint128 x19 = ((fiat_25519_uint128)(arg1[0]) * x3); + fiat_25519_uint128 x20 = ((fiat_25519_uint128)(arg1[0]) * x6); + fiat_25519_uint128 x21 = ((fiat_25519_uint128)(arg1[0]) * x7); + fiat_25519_uint128 x22 = ((fiat_25519_uint128)(arg1[0]) * x8); + fiat_25519_uint128 x23 = ((fiat_25519_uint128)(arg1[0]) * (arg1[0])); + fiat_25519_uint128 x24 = (x23 + (x15 + x13)); + uint64_t x25 = (uint64_t)(x24 >> 51); + uint64_t x26 = (uint64_t)(x24 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x27 = (x19 + (x16 + x14)); + fiat_25519_uint128 x28 = (x20 + (x17 + x9)); + fiat_25519_uint128 x29 = (x21 + (x18 + x10)); + fiat_25519_uint128 x30 = (x22 + (x12 + x11)); + fiat_25519_uint128 x31 = (x25 + x30); + uint64_t x32 = (uint64_t)(x31 >> 51); + uint64_t x33 = (uint64_t)(x31 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x34 = (x32 + x29); + uint64_t x35 = (uint64_t)(x34 >> 51); + uint64_t x36 = (uint64_t)(x34 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x37 = (x35 + x28); + uint64_t x38 = (uint64_t)(x37 >> 51); + uint64_t x39 = (uint64_t)(x37 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x40 = (x38 + x27); + uint64_t x41 = (uint64_t)(x40 >> 51); + uint64_t x42 = (uint64_t)(x40 & UINT64_C(0x7ffffffffffff)); + uint64_t x43 = (x41 * (uint64_t)UINT8_C(0x13)); + uint64_t x44 = (x26 + x43); + uint64_t x45 = (x44 >> 51); + uint64_t x46 = (x44 & UINT64_C(0x7ffffffffffff)); + uint64_t x47 = (x45 + x33); + uint64_t x48 = (x47 >> 51); + uint64_t x49 = (x47 & UINT64_C(0x7ffffffffffff)); + uint64_t x50 = (x48 + x36); + out1[0] = x46; + out1[1] = x49; + out1[2] = x50; + out1[3] = x39; + out1[4] = x42; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]] + * Output Bounds: + * out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]] + */ +static void fiat_25519_carry_scmul_121666(uint64_t out1[5], const uint64_t arg1[5]) { + fiat_25519_uint128 x1 = (UINT32_C(0x1db42) * (fiat_25519_uint128)(arg1[4])); + fiat_25519_uint128 x2 = (UINT32_C(0x1db42) * (fiat_25519_uint128)(arg1[3])); + fiat_25519_uint128 x3 = (UINT32_C(0x1db42) * (fiat_25519_uint128)(arg1[2])); + fiat_25519_uint128 x4 = (UINT32_C(0x1db42) * (fiat_25519_uint128)(arg1[1])); + fiat_25519_uint128 x5 = (UINT32_C(0x1db42) * (fiat_25519_uint128)(arg1[0])); + uint64_t x6 = (uint64_t)(x5 >> 51); + uint64_t x7 = (uint64_t)(x5 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x8 = (x6 + x4); + uint64_t x9 = (uint64_t)(x8 >> 51); + uint64_t x10 = (uint64_t)(x8 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x11 = (x9 + x3); + uint64_t x12 = (uint64_t)(x11 >> 51); + uint64_t x13 = (uint64_t)(x11 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x14 = (x12 + x2); + uint64_t x15 = (uint64_t)(x14 >> 51); + uint64_t x16 = (uint64_t)(x14 & UINT64_C(0x7ffffffffffff)); + fiat_25519_uint128 x17 = (x15 + x1); + uint64_t x18 = (uint64_t)(x17 >> 51); + uint64_t x19 = (uint64_t)(x17 & UINT64_C(0x7ffffffffffff)); + uint64_t x20 = (x18 * (uint64_t)UINT8_C(0x13)); + uint64_t x21 = (x7 + x20); + uint64_t x22 = (x21 >> 51); + uint64_t x23 = (x21 & UINT64_C(0x7ffffffffffff)); + uint64_t x24 = (x22 + x10); + uint64_t x25 = (x24 >> 51); + uint64_t x26 = (x24 & UINT64_C(0x7ffffffffffff)); + uint64_t x27 = (x25 + x13); + out1[0] = x23; + out1[1] = x26; + out1[2] = x27; + out1[3] = x16; + out1[4] = x19; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]] + * Output Bounds: + * out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]] + */ +static void fiat_25519_carry(uint64_t out1[5], const uint64_t arg1[5]) { + uint64_t x1 = (arg1[0]); + uint64_t x2 = ((x1 >> 51) + (arg1[1])); + uint64_t x3 = ((x2 >> 51) + (arg1[2])); + uint64_t x4 = ((x3 >> 51) + (arg1[3])); + uint64_t x5 = ((x4 >> 51) + (arg1[4])); + uint64_t x6 = ((x1 & UINT64_C(0x7ffffffffffff)) + ((x5 >> 51) * (uint64_t)UINT8_C(0x13))); + uint64_t x7 = ((x6 >> 51) + (x2 & UINT64_C(0x7ffffffffffff))); + uint64_t x8 = (x6 & UINT64_C(0x7ffffffffffff)); + uint64_t x9 = (x7 & UINT64_C(0x7ffffffffffff)); + uint64_t x10 = ((x7 >> 51) + (x3 & UINT64_C(0x7ffffffffffff))); + uint64_t x11 = (x4 & UINT64_C(0x7ffffffffffff)); + uint64_t x12 = (x5 & UINT64_C(0x7ffffffffffff)); + out1[0] = x8; + out1[1] = x9; + out1[2] = x10; + out1[3] = x11; + out1[4] = x12; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]] + * arg2: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]] + * Output Bounds: + * out1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]] + */ +static void fiat_25519_add(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) { + uint64_t x1 = ((arg1[0]) + (arg2[0])); + uint64_t x2 = ((arg1[1]) + (arg2[1])); + uint64_t x3 = ((arg1[2]) + (arg2[2])); + uint64_t x4 = ((arg1[3]) + (arg2[3])); + uint64_t x5 = ((arg1[4]) + (arg2[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]] + * arg2: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]] + * Output Bounds: + * out1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]] + */ +static void fiat_25519_sub(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) { + uint64_t x1 = ((UINT64_C(0xfffffffffffda) + (arg1[0])) - (arg2[0])); + uint64_t x2 = ((UINT64_C(0xffffffffffffe) + (arg1[1])) - (arg2[1])); + uint64_t x3 = ((UINT64_C(0xffffffffffffe) + (arg1[2])) - (arg2[2])); + uint64_t x4 = ((UINT64_C(0xffffffffffffe) + (arg1[3])) - (arg2[3])); + uint64_t x5 = ((UINT64_C(0xffffffffffffe) + (arg1[4])) - (arg2[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]] + * Output Bounds: + * out1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]] + */ +static void fiat_25519_opp(uint64_t out1[5], const uint64_t arg1[5]) { + uint64_t x1 = (UINT64_C(0xfffffffffffda) - (arg1[0])); + uint64_t x2 = (UINT64_C(0xffffffffffffe) - (arg1[1])); + uint64_t x3 = (UINT64_C(0xffffffffffffe) - (arg1[2])); + uint64_t x4 = (UINT64_C(0xffffffffffffe) - (arg1[3])); + uint64_t x5 = (UINT64_C(0xffffffffffffe) - (arg1[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_25519_selectznz(uint64_t out1[5], fiat_25519_uint1 arg1, const uint64_t arg2[5], const uint64_t arg3[5]) { + uint64_t x1; + fiat_25519_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); + uint64_t x2; + fiat_25519_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); + uint64_t x3; + fiat_25519_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); + uint64_t x4; + fiat_25519_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); + uint64_t x5; + fiat_25519_cmovznz_u64(&x5, arg1, (arg2[4]), (arg3[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]] + * Output Bounds: + * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] + */ +static void fiat_25519_to_bytes(uint8_t out1[32], const uint64_t arg1[5]) { + uint64_t x1; + fiat_25519_uint1 x2; + fiat_25519_subborrowx_u51(&x1, &x2, 0x0, (arg1[0]), UINT64_C(0x7ffffffffffed)); + uint64_t x3; + fiat_25519_uint1 x4; + fiat_25519_subborrowx_u51(&x3, &x4, x2, (arg1[1]), UINT64_C(0x7ffffffffffff)); + uint64_t x5; + fiat_25519_uint1 x6; + fiat_25519_subborrowx_u51(&x5, &x6, x4, (arg1[2]), UINT64_C(0x7ffffffffffff)); + uint64_t x7; + fiat_25519_uint1 x8; + fiat_25519_subborrowx_u51(&x7, &x8, x6, (arg1[3]), UINT64_C(0x7ffffffffffff)); + uint64_t x9; + fiat_25519_uint1 x10; + fiat_25519_subborrowx_u51(&x9, &x10, x8, (arg1[4]), UINT64_C(0x7ffffffffffff)); + uint64_t x11; + fiat_25519_cmovznz_u64(&x11, x10, 0x0, UINT64_C(0xffffffffffffffff)); + uint64_t x12; + fiat_25519_uint1 x13; + fiat_25519_addcarryx_u51(&x12, &x13, 0x0, (x11 & UINT64_C(0x7ffffffffffed)), x1); + uint64_t x14; + fiat_25519_uint1 x15; + fiat_25519_addcarryx_u51(&x14, &x15, x13, (x11 & UINT64_C(0x7ffffffffffff)), x3); + uint64_t x16; + fiat_25519_uint1 x17; + fiat_25519_addcarryx_u51(&x16, &x17, x15, (x11 & UINT64_C(0x7ffffffffffff)), x5); + uint64_t x18; + fiat_25519_uint1 x19; + fiat_25519_addcarryx_u51(&x18, &x19, x17, (x11 & UINT64_C(0x7ffffffffffff)), x7); + uint64_t x20; + fiat_25519_uint1 x21; + fiat_25519_addcarryx_u51(&x20, &x21, x19, (x11 & UINT64_C(0x7ffffffffffff)), x9); + uint64_t x22 = (x20 << 4); + uint64_t x23 = (x18 * (uint64_t)0x2); + uint64_t x24 = (x16 << 6); + uint64_t x25 = (x14 << 3); + uint64_t x26 = (x12 >> 8); + uint8_t x27 = (uint8_t)(x12 & UINT8_C(0xff)); + uint64_t x28 = (x26 >> 8); + uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); + uint64_t x30 = (x28 >> 8); + uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); + uint64_t x32 = (x30 >> 8); + uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); + uint64_t x34 = (x32 >> 8); + uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); + uint8_t x36 = (uint8_t)(x34 >> 8); + uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff)); + uint64_t x38 = (x36 + x25); + uint64_t x39 = (x38 >> 8); + uint8_t x40 = (uint8_t)(x38 & UINT8_C(0xff)); + uint64_t x41 = (x39 >> 8); + uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); + uint64_t x43 = (x41 >> 8); + uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff)); + uint64_t x45 = (x43 >> 8); + uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); + uint64_t x47 = (x45 >> 8); + uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); + uint8_t x49 = (uint8_t)(x47 >> 8); + uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); + uint64_t x51 = (x49 + x24); + uint64_t x52 = (x51 >> 8); + uint8_t x53 = (uint8_t)(x51 & UINT8_C(0xff)); + uint64_t x54 = (x52 >> 8); + uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff)); + uint64_t x56 = (x54 >> 8); + uint8_t x57 = (uint8_t)(x54 & UINT8_C(0xff)); + uint64_t x58 = (x56 >> 8); + uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); + uint64_t x60 = (x58 >> 8); + uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); + uint64_t x62 = (x60 >> 8); + uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); + fiat_25519_uint1 x64 = (fiat_25519_uint1)(x62 >> 8); + uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff)); + uint64_t x66 = (x64 + x23); + uint64_t x67 = (x66 >> 8); + uint8_t x68 = (uint8_t)(x66 & UINT8_C(0xff)); + uint64_t x69 = (x67 >> 8); + uint8_t x70 = (uint8_t)(x67 & UINT8_C(0xff)); + uint64_t x71 = (x69 >> 8); + uint8_t x72 = (uint8_t)(x69 & UINT8_C(0xff)); + uint64_t x73 = (x71 >> 8); + uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff)); + uint64_t x75 = (x73 >> 8); + uint8_t x76 = (uint8_t)(x73 & UINT8_C(0xff)); + uint8_t x77 = (uint8_t)(x75 >> 8); + uint8_t x78 = (uint8_t)(x75 & UINT8_C(0xff)); + uint64_t x79 = (x77 + x22); + uint64_t x80 = (x79 >> 8); + uint8_t x81 = (uint8_t)(x79 & UINT8_C(0xff)); + uint64_t x82 = (x80 >> 8); + uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff)); + uint64_t x84 = (x82 >> 8); + uint8_t x85 = (uint8_t)(x82 & UINT8_C(0xff)); + uint64_t x86 = (x84 >> 8); + uint8_t x87 = (uint8_t)(x84 & UINT8_C(0xff)); + uint64_t x88 = (x86 >> 8); + uint8_t x89 = (uint8_t)(x86 & UINT8_C(0xff)); + uint8_t x90 = (uint8_t)(x88 >> 8); + uint8_t x91 = (uint8_t)(x88 & UINT8_C(0xff)); + out1[0] = x27; + out1[1] = x29; + out1[2] = x31; + out1[3] = x33; + out1[4] = x35; + out1[5] = x37; + out1[6] = x40; + out1[7] = x42; + out1[8] = x44; + out1[9] = x46; + out1[10] = x48; + out1[11] = x50; + out1[12] = x53; + out1[13] = x55; + out1[14] = x57; + out1[15] = x59; + out1[16] = x61; + out1[17] = x63; + out1[18] = x65; + out1[19] = x68; + out1[20] = x70; + out1[21] = x72; + out1[22] = x74; + out1[23] = x76; + out1[24] = x78; + out1[25] = x81; + out1[26] = x83; + out1[27] = x85; + out1[28] = x87; + out1[29] = x89; + out1[30] = x91; + out1[31] = x90; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] + * Output Bounds: + * out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]] + */ +static void fiat_25519_from_bytes(uint64_t out1[5], const uint8_t arg1[32]) { + uint64_t x1 = ((uint64_t)(arg1[31]) << 44); + uint64_t x2 = ((uint64_t)(arg1[30]) << 36); + uint64_t x3 = ((uint64_t)(arg1[29]) << 28); + uint64_t x4 = ((uint64_t)(arg1[28]) << 20); + uint64_t x5 = ((uint64_t)(arg1[27]) << 12); + uint64_t x6 = ((uint64_t)(arg1[26]) << 4); + uint64_t x7 = ((uint64_t)(arg1[25]) << 47); + uint64_t x8 = ((uint64_t)(arg1[24]) << 39); + uint64_t x9 = ((uint64_t)(arg1[23]) << 31); + uint64_t x10 = ((uint64_t)(arg1[22]) << 23); + uint64_t x11 = ((uint64_t)(arg1[21]) << 15); + uint64_t x12 = ((uint64_t)(arg1[20]) << 7); + uint64_t x13 = ((uint64_t)(arg1[19]) << 50); + uint64_t x14 = ((uint64_t)(arg1[18]) << 42); + uint64_t x15 = ((uint64_t)(arg1[17]) << 34); + uint64_t x16 = ((uint64_t)(arg1[16]) << 26); + uint64_t x17 = ((uint64_t)(arg1[15]) << 18); + uint64_t x18 = ((uint64_t)(arg1[14]) << 10); + uint64_t x19 = ((uint64_t)(arg1[13]) << 2); + uint64_t x20 = ((uint64_t)(arg1[12]) << 45); + uint64_t x21 = ((uint64_t)(arg1[11]) << 37); + uint64_t x22 = ((uint64_t)(arg1[10]) << 29); + uint64_t x23 = ((uint64_t)(arg1[9]) << 21); + uint64_t x24 = ((uint64_t)(arg1[8]) << 13); + uint64_t x25 = ((uint64_t)(arg1[7]) << 5); + uint64_t x26 = ((uint64_t)(arg1[6]) << 48); + uint64_t x27 = ((uint64_t)(arg1[5]) << 40); + uint64_t x28 = ((uint64_t)(arg1[4]) << 32); + uint64_t x29 = ((uint64_t)(arg1[3]) << 24); + uint64_t x30 = ((uint64_t)(arg1[2]) << 16); + uint64_t x31 = ((uint64_t)(arg1[1]) << 8); + uint8_t x32 = (arg1[0]); + uint64_t x33 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + x26)))))); + uint8_t x34 = (uint8_t)(x33 >> 51); + uint64_t x35 = (x33 & UINT64_C(0x7ffffffffffff)); + uint64_t x36 = (x6 + (x5 + (x4 + (x3 + (x2 + x1))))); + uint64_t x37 = (x12 + (x11 + (x10 + (x9 + (x8 + x7))))); + uint64_t x38 = (x19 + (x18 + (x17 + (x16 + (x15 + (x14 + x13)))))); + uint64_t x39 = (x25 + (x24 + (x23 + (x22 + (x21 + x20))))); + uint64_t x40 = (x34 + x39); + uint8_t x41 = (uint8_t)(x40 >> 51); + uint64_t x42 = (x40 & UINT64_C(0x7ffffffffffff)); + uint64_t x43 = (x41 + x38); + uint8_t x44 = (uint8_t)(x43 >> 51); + uint64_t x45 = (x43 & UINT64_C(0x7ffffffffffff)); + uint64_t x46 = (x44 + x37); + uint8_t x47 = (uint8_t)(x46 >> 51); + uint64_t x48 = (x46 & UINT64_C(0x7ffffffffffff)); + uint64_t x49 = (x47 + x36); + out1[0] = x35; + out1[1] = x42; + out1[2] = x45; + out1[3] = x48; + out1[4] = x49; +} + diff --git a/src/third_party/fiat/p256.c b/src/third_party/fiat/p256.c index 414b7e0..ebc5de6 100644 --- a/src/third_party/fiat/p256.c +++ b/src/third_party/fiat/p256.c @@ -46,791 +46,11 @@ // MSVC does not implement uint128_t, and crashes with intrinsics #if defined(BORINGSSL_HAS_UINT128) #define BORINGSSL_NISTP256_64BIT 1 -#endif - -// "intrinsics" - -#if defined(BORINGSSL_NISTP256_64BIT) - -static uint64_t mulx_u64(uint64_t a, uint64_t b, uint64_t *high) { - uint128_t x = (uint128_t)a * b; - *high = (uint64_t) (x >> 64); - return (uint64_t) x; -} - -static uint64_t addcarryx_u64(uint8_t c, uint64_t a, uint64_t b, uint64_t *low) { - uint128_t x = (uint128_t)a + b + c; - *low = (uint64_t) x; - return (uint64_t) (x>>64); -} - -static uint64_t subborrow_u64(uint8_t c, uint64_t a, uint64_t b, uint64_t *low) { - uint128_t t = ((uint128_t) b + c); - uint128_t x = a-t; - *low = (uint64_t) x; - return (uint8_t) (x>>127); -} - -static uint64_t cmovznz_u64(uint64_t t, uint64_t z, uint64_t nz) { - t = -!!t; // all set if nonzero, 0 if 0 - return (t&nz) | ((~t)&z); -} - +#include "p256_64.h" #else - -static uint32_t mulx_u32(uint32_t a, uint32_t b, uint32_t *high) { - uint64_t x = (uint64_t)a * b; - *high = (uint32_t) (x >> 32); - return (uint32_t) x; -} - -static uint32_t addcarryx_u32(uint8_t c, uint32_t a, uint32_t b, uint32_t *low) { - uint64_t x = (uint64_t)a + b + c; - *low = (uint32_t) x; - return (uint32_t) (x>>32); -} - -static uint32_t subborrow_u32(uint8_t c, uint32_t a, uint32_t b, uint32_t *low) { - uint64_t t = ((uint64_t) b + c); - uint64_t x = a-t; - *low = (uint32_t) x; - return (uint8_t) (x>>63); -} - -static uint32_t cmovznz_u32(uint32_t t, uint32_t z, uint32_t nz) { - t = -!!t; // all set if nonzero, 0 if 0 - return (t&nz) | ((~t)&z); -} - +#include "p256_32.h" #endif -// fiat-crypto generated code - -#if defined(BORINGSSL_NISTP256_64BIT) - -static void fe_add(uint64_t out[4], const uint64_t in1[4], const uint64_t in2[4]) { - { const uint64_t x8 = in1[3]; - { const uint64_t x9 = in1[2]; - { const uint64_t x7 = in1[1]; - { const uint64_t x5 = in1[0]; - { const uint64_t x14 = in2[3]; - { const uint64_t x15 = in2[2]; - { const uint64_t x13 = in2[1]; - { const uint64_t x11 = in2[0]; - { uint64_t x17; uint8_t x18 = addcarryx_u64(0x0, x5, x11, &x17); - { uint64_t x20; uint8_t x21 = addcarryx_u64(x18, x7, x13, &x20); - { uint64_t x23; uint8_t x24 = addcarryx_u64(x21, x9, x15, &x23); - { uint64_t x26; uint8_t x27 = addcarryx_u64(x24, x8, x14, &x26); - { uint64_t x29; uint8_t x30 = subborrow_u64(0x0, x17, 0xffffffffffffffffL, &x29); - { uint64_t x32; uint8_t x33 = subborrow_u64(x30, x20, 0xffffffff, &x32); - { uint64_t x35; uint8_t x36 = subborrow_u64(x33, x23, 0x0, &x35); - { uint64_t x38; uint8_t x39 = subborrow_u64(x36, x26, 0xffffffff00000001L, &x38); - { uint64_t _1; uint8_t x42 = subborrow_u64(x39, x27, 0x0, &_1); - { uint64_t x43 = cmovznz_u64(x42, x38, x26); - { uint64_t x44 = cmovznz_u64(x42, x35, x23); - { uint64_t x45 = cmovznz_u64(x42, x32, x20); - { uint64_t x46 = cmovznz_u64(x42, x29, x17); - out[0] = x46; - out[1] = x45; - out[2] = x44; - out[3] = x43; - }}}}}}}}}}}}}}}}}}}}} -} - -// fe_op sets out = -in -static void fe_opp(uint64_t out[4], const uint64_t in1[4]) { - const uint64_t x5 = in1[3]; - const uint64_t x6 = in1[2]; - const uint64_t x4 = in1[1]; - const uint64_t x2 = in1[0]; - uint64_t x8; uint8_t x9 = subborrow_u64(0x0, 0x0, x2, &x8); - uint64_t x11; uint8_t x12 = subborrow_u64(x9, 0x0, x4, &x11); - uint64_t x14; uint8_t x15 = subborrow_u64(x12, 0x0, x6, &x14); - uint64_t x17; uint8_t x18 = subborrow_u64(x15, 0x0, x5, &x17); - uint64_t x19 = (uint64_t)cmovznz_u64(x18, 0x0, 0xffffffffffffffffL); - uint64_t x20 = (x19 & 0xffffffffffffffffL); - uint64_t x22; uint8_t x23 = addcarryx_u64(0x0, x8, x20, &x22); - uint64_t x24 = (x19 & 0xffffffff); - uint64_t x26; uint8_t x27 = addcarryx_u64(x23, x11, x24, &x26); - uint64_t x29; uint8_t x30 = addcarryx_u64(x27, x14, 0x0, &x29); - uint64_t x31 = (x19 & 0xffffffff00000001L); - uint64_t x33; addcarryx_u64(x30, x17, x31, &x33); - out[0] = x22; - out[1] = x26; - out[2] = x29; - out[3] = x33; -} - -static void fe_mul(uint64_t out[4], const uint64_t in1[4], const uint64_t in2[4]) { - const uint64_t x8 = in1[3]; - const uint64_t x9 = in1[2]; - const uint64_t x7 = in1[1]; - const uint64_t x5 = in1[0]; - const uint64_t x14 = in2[3]; - const uint64_t x15 = in2[2]; - const uint64_t x13 = in2[1]; - const uint64_t x11 = in2[0]; - uint64_t x18; uint64_t x17 = mulx_u64(x5, x11, &x18); - uint64_t x21; uint64_t x20 = mulx_u64(x5, x13, &x21); - uint64_t x24; uint64_t x23 = mulx_u64(x5, x15, &x24); - uint64_t x27; uint64_t x26 = mulx_u64(x5, x14, &x27); - uint64_t x29; uint8_t x30 = addcarryx_u64(0x0, x18, x20, &x29); - uint64_t x32; uint8_t x33 = addcarryx_u64(x30, x21, x23, &x32); - uint64_t x35; uint8_t x36 = addcarryx_u64(x33, x24, x26, &x35); - uint64_t x38; addcarryx_u64(0x0, x36, x27, &x38); - uint64_t x42; uint64_t x41 = mulx_u64(x17, 0xffffffffffffffffL, &x42); - uint64_t x45; uint64_t x44 = mulx_u64(x17, 0xffffffff, &x45); - uint64_t x48; uint64_t x47 = mulx_u64(x17, 0xffffffff00000001L, &x48); - uint64_t x50; uint8_t x51 = addcarryx_u64(0x0, x42, x44, &x50); - uint64_t x53; uint8_t x54 = addcarryx_u64(x51, x45, 0x0, &x53); - uint64_t x56; uint8_t x57 = addcarryx_u64(x54, 0x0, x47, &x56); - uint64_t x59; addcarryx_u64(0x0, x57, x48, &x59); - uint64_t _2; uint8_t x63 = addcarryx_u64(0x0, x17, x41, &_2); - uint64_t x65; uint8_t x66 = addcarryx_u64(x63, x29, x50, &x65); - uint64_t x68; uint8_t x69 = addcarryx_u64(x66, x32, x53, &x68); - uint64_t x71; uint8_t x72 = addcarryx_u64(x69, x35, x56, &x71); - uint64_t x74; uint8_t x75 = addcarryx_u64(x72, x38, x59, &x74); - uint64_t x78; uint64_t x77 = mulx_u64(x7, x11, &x78); - uint64_t x81; uint64_t x80 = mulx_u64(x7, x13, &x81); - uint64_t x84; uint64_t x83 = mulx_u64(x7, x15, &x84); - uint64_t x87; uint64_t x86 = mulx_u64(x7, x14, &x87); - uint64_t x89; uint8_t x90 = addcarryx_u64(0x0, x78, x80, &x89); - uint64_t x92; uint8_t x93 = addcarryx_u64(x90, x81, x83, &x92); - uint64_t x95; uint8_t x96 = addcarryx_u64(x93, x84, x86, &x95); - uint64_t x98; addcarryx_u64(0x0, x96, x87, &x98); - uint64_t x101; uint8_t x102 = addcarryx_u64(0x0, x65, x77, &x101); - uint64_t x104; uint8_t x105 = addcarryx_u64(x102, x68, x89, &x104); - uint64_t x107; uint8_t x108 = addcarryx_u64(x105, x71, x92, &x107); - uint64_t x110; uint8_t x111 = addcarryx_u64(x108, x74, x95, &x110); - uint64_t x113; uint8_t x114 = addcarryx_u64(x111, x75, x98, &x113); - uint64_t x117; uint64_t x116 = mulx_u64(x101, 0xffffffffffffffffL, &x117); - uint64_t x120; uint64_t x119 = mulx_u64(x101, 0xffffffff, &x120); - uint64_t x123; uint64_t x122 = mulx_u64(x101, 0xffffffff00000001L, &x123); - uint64_t x125; uint8_t x126 = addcarryx_u64(0x0, x117, x119, &x125); - uint64_t x128; uint8_t x129 = addcarryx_u64(x126, x120, 0x0, &x128); - uint64_t x131; uint8_t x132 = addcarryx_u64(x129, 0x0, x122, &x131); - uint64_t x134; addcarryx_u64(0x0, x132, x123, &x134); - uint64_t _3; uint8_t x138 = addcarryx_u64(0x0, x101, x116, &_3); - uint64_t x140; uint8_t x141 = addcarryx_u64(x138, x104, x125, &x140); - uint64_t x143; uint8_t x144 = addcarryx_u64(x141, x107, x128, &x143); - uint64_t x146; uint8_t x147 = addcarryx_u64(x144, x110, x131, &x146); - uint64_t x149; uint8_t x150 = addcarryx_u64(x147, x113, x134, &x149); - uint8_t x151 = (x150 + x114); - uint64_t x154; uint64_t x153 = mulx_u64(x9, x11, &x154); - uint64_t x157; uint64_t x156 = mulx_u64(x9, x13, &x157); - uint64_t x160; uint64_t x159 = mulx_u64(x9, x15, &x160); - uint64_t x163; uint64_t x162 = mulx_u64(x9, x14, &x163); - uint64_t x165; uint8_t x166 = addcarryx_u64(0x0, x154, x156, &x165); - uint64_t x168; uint8_t x169 = addcarryx_u64(x166, x157, x159, &x168); - uint64_t x171; uint8_t x172 = addcarryx_u64(x169, x160, x162, &x171); - uint64_t x174; addcarryx_u64(0x0, x172, x163, &x174); - uint64_t x177; uint8_t x178 = addcarryx_u64(0x0, x140, x153, &x177); - uint64_t x180; uint8_t x181 = addcarryx_u64(x178, x143, x165, &x180); - uint64_t x183; uint8_t x184 = addcarryx_u64(x181, x146, x168, &x183); - uint64_t x186; uint8_t x187 = addcarryx_u64(x184, x149, x171, &x186); - uint64_t x189; uint8_t x190 = addcarryx_u64(x187, x151, x174, &x189); - uint64_t x193; uint64_t x192 = mulx_u64(x177, 0xffffffffffffffffL, &x193); - uint64_t x196; uint64_t x195 = mulx_u64(x177, 0xffffffff, &x196); - uint64_t x199; uint64_t x198 = mulx_u64(x177, 0xffffffff00000001L, &x199); - uint64_t x201; uint8_t x202 = addcarryx_u64(0x0, x193, x195, &x201); - uint64_t x204; uint8_t x205 = addcarryx_u64(x202, x196, 0x0, &x204); - uint64_t x207; uint8_t x208 = addcarryx_u64(x205, 0x0, x198, &x207); - uint64_t x210; addcarryx_u64(0x0, x208, x199, &x210); - uint64_t _4; uint8_t x214 = addcarryx_u64(0x0, x177, x192, &_4); - uint64_t x216; uint8_t x217 = addcarryx_u64(x214, x180, x201, &x216); - uint64_t x219; uint8_t x220 = addcarryx_u64(x217, x183, x204, &x219); - uint64_t x222; uint8_t x223 = addcarryx_u64(x220, x186, x207, &x222); - uint64_t x225; uint8_t x226 = addcarryx_u64(x223, x189, x210, &x225); - uint8_t x227 = (x226 + x190); - uint64_t x230; uint64_t x229 = mulx_u64(x8, x11, &x230); - uint64_t x233; uint64_t x232 = mulx_u64(x8, x13, &x233); - uint64_t x236; uint64_t x235 = mulx_u64(x8, x15, &x236); - uint64_t x239; uint64_t x238 = mulx_u64(x8, x14, &x239); - uint64_t x241; uint8_t x242 = addcarryx_u64(0x0, x230, x232, &x241); - uint64_t x244; uint8_t x245 = addcarryx_u64(x242, x233, x235, &x244); - uint64_t x247; uint8_t x248 = addcarryx_u64(x245, x236, x238, &x247); - uint64_t x250; addcarryx_u64(0x0, x248, x239, &x250); - uint64_t x253; uint8_t x254 = addcarryx_u64(0x0, x216, x229, &x253); - uint64_t x256; uint8_t x257 = addcarryx_u64(x254, x219, x241, &x256); - uint64_t x259; uint8_t x260 = addcarryx_u64(x257, x222, x244, &x259); - uint64_t x262; uint8_t x263 = addcarryx_u64(x260, x225, x247, &x262); - uint64_t x265; uint8_t x266 = addcarryx_u64(x263, x227, x250, &x265); - uint64_t x269; uint64_t x268 = mulx_u64(x253, 0xffffffffffffffffL, &x269); - uint64_t x272; uint64_t x271 = mulx_u64(x253, 0xffffffff, &x272); - uint64_t x275; uint64_t x274 = mulx_u64(x253, 0xffffffff00000001L, &x275); - uint64_t x277; uint8_t x278 = addcarryx_u64(0x0, x269, x271, &x277); - uint64_t x280; uint8_t x281 = addcarryx_u64(x278, x272, 0x0, &x280); - uint64_t x283; uint8_t x284 = addcarryx_u64(x281, 0x0, x274, &x283); - uint64_t x286; addcarryx_u64(0x0, x284, x275, &x286); - uint64_t _5; uint8_t x290 = addcarryx_u64(0x0, x253, x268, &_5); - uint64_t x292; uint8_t x293 = addcarryx_u64(x290, x256, x277, &x292); - uint64_t x295; uint8_t x296 = addcarryx_u64(x293, x259, x280, &x295); - uint64_t x298; uint8_t x299 = addcarryx_u64(x296, x262, x283, &x298); - uint64_t x301; uint8_t x302 = addcarryx_u64(x299, x265, x286, &x301); - uint8_t x303 = (x302 + x266); - uint64_t x305; uint8_t x306 = subborrow_u64(0x0, x292, 0xffffffffffffffffL, &x305); - uint64_t x308; uint8_t x309 = subborrow_u64(x306, x295, 0xffffffff, &x308); - uint64_t x311; uint8_t x312 = subborrow_u64(x309, x298, 0x0, &x311); - uint64_t x314; uint8_t x315 = subborrow_u64(x312, x301, 0xffffffff00000001L, &x314); - uint64_t _6; uint8_t x318 = subborrow_u64(x315, x303, 0x0, &_6); - uint64_t x319 = cmovznz_u64(x318, x314, x301); - uint64_t x320 = cmovznz_u64(x318, x311, x298); - uint64_t x321 = cmovznz_u64(x318, x308, x295); - uint64_t x322 = cmovznz_u64(x318, x305, x292); - out[0] = x322; - out[1] = x321; - out[2] = x320; - out[3] = x319; -} - -static void fe_sub(uint64_t out[4], const uint64_t in1[4], const uint64_t in2[4]) { - const uint64_t x8 = in1[3]; - const uint64_t x9 = in1[2]; - const uint64_t x7 = in1[1]; - const uint64_t x5 = in1[0]; - const uint64_t x14 = in2[3]; - const uint64_t x15 = in2[2]; - const uint64_t x13 = in2[1]; - const uint64_t x11 = in2[0]; - uint64_t x17; uint8_t x18 = subborrow_u64(0x0, x5, x11, &x17); - uint64_t x20; uint8_t x21 = subborrow_u64(x18, x7, x13, &x20); - uint64_t x23; uint8_t x24 = subborrow_u64(x21, x9, x15, &x23); - uint64_t x26; uint8_t x27 = subborrow_u64(x24, x8, x14, &x26); - uint64_t x28 = (uint64_t)cmovznz_u64(x27, 0x0, 0xffffffffffffffffL); - uint64_t x29 = (x28 & 0xffffffffffffffffL); - uint64_t x31; uint8_t x32 = addcarryx_u64(0x0, x17, x29, &x31); - uint64_t x33 = (x28 & 0xffffffff); - uint64_t x35; uint8_t x36 = addcarryx_u64(x32, x20, x33, &x35); - uint64_t x38; uint8_t x39 = addcarryx_u64(x36, x23, 0x0, &x38); - uint64_t x40 = (x28 & 0xffffffff00000001L); - uint64_t x42; addcarryx_u64(x39, x26, x40, &x42); - out[0] = x31; - out[1] = x35; - out[2] = x38; - out[3] = x42; -} - -#else // 64BIT, else 32BIT - -static void fe_add(uint32_t out[8], const uint32_t in1[8], const uint32_t in2[8]) { - const uint32_t x16 = in1[7]; - const uint32_t x17 = in1[6]; - const uint32_t x15 = in1[5]; - const uint32_t x13 = in1[4]; - const uint32_t x11 = in1[3]; - const uint32_t x9 = in1[2]; - const uint32_t x7 = in1[1]; - const uint32_t x5 = in1[0]; - const uint32_t x30 = in2[7]; - const uint32_t x31 = in2[6]; - const uint32_t x29 = in2[5]; - const uint32_t x27 = in2[4]; - const uint32_t x25 = in2[3]; - const uint32_t x23 = in2[2]; - const uint32_t x21 = in2[1]; - const uint32_t x19 = in2[0]; - uint32_t x33; uint8_t x34 = addcarryx_u32(0x0, x5, x19, &x33); - uint32_t x36; uint8_t x37 = addcarryx_u32(x34, x7, x21, &x36); - uint32_t x39; uint8_t x40 = addcarryx_u32(x37, x9, x23, &x39); - uint32_t x42; uint8_t x43 = addcarryx_u32(x40, x11, x25, &x42); - uint32_t x45; uint8_t x46 = addcarryx_u32(x43, x13, x27, &x45); - uint32_t x48; uint8_t x49 = addcarryx_u32(x46, x15, x29, &x48); - uint32_t x51; uint8_t x52 = addcarryx_u32(x49, x17, x31, &x51); - uint32_t x54; uint8_t x55 = addcarryx_u32(x52, x16, x30, &x54); - uint32_t x57; uint8_t x58 = subborrow_u32(0x0, x33, 0xffffffff, &x57); - uint32_t x60; uint8_t x61 = subborrow_u32(x58, x36, 0xffffffff, &x60); - uint32_t x63; uint8_t x64 = subborrow_u32(x61, x39, 0xffffffff, &x63); - uint32_t x66; uint8_t x67 = subborrow_u32(x64, x42, 0x0, &x66); - uint32_t x69; uint8_t x70 = subborrow_u32(x67, x45, 0x0, &x69); - uint32_t x72; uint8_t x73 = subborrow_u32(x70, x48, 0x0, &x72); - uint32_t x75; uint8_t x76 = subborrow_u32(x73, x51, 0x1, &x75); - uint32_t x78; uint8_t x79 = subborrow_u32(x76, x54, 0xffffffff, &x78); - uint32_t _; uint8_t x82 = subborrow_u32(x79, x55, 0x0, &_); - uint32_t x83 = cmovznz_u32(x82, x78, x54); - uint32_t x84 = cmovznz_u32(x82, x75, x51); - uint32_t x85 = cmovznz_u32(x82, x72, x48); - uint32_t x86 = cmovznz_u32(x82, x69, x45); - uint32_t x87 = cmovznz_u32(x82, x66, x42); - uint32_t x88 = cmovznz_u32(x82, x63, x39); - uint32_t x89 = cmovznz_u32(x82, x60, x36); - uint32_t x90 = cmovznz_u32(x82, x57, x33); - out[0] = x90; - out[1] = x89; - out[2] = x88; - out[3] = x87; - out[4] = x86; - out[5] = x85; - out[6] = x84; - out[7] = x83; -} - -static void fe_mul(uint32_t out[8], const uint32_t in1[8], const uint32_t in2[8]) { - const uint32_t x16 = in1[7]; - const uint32_t x17 = in1[6]; - const uint32_t x15 = in1[5]; - const uint32_t x13 = in1[4]; - const uint32_t x11 = in1[3]; - const uint32_t x9 = in1[2]; - const uint32_t x7 = in1[1]; - const uint32_t x5 = in1[0]; - const uint32_t x30 = in2[7]; - const uint32_t x31 = in2[6]; - const uint32_t x29 = in2[5]; - const uint32_t x27 = in2[4]; - const uint32_t x25 = in2[3]; - const uint32_t x23 = in2[2]; - const uint32_t x21 = in2[1]; - const uint32_t x19 = in2[0]; - uint32_t x34; uint32_t x33 = mulx_u32(x5, x19, &x34); - uint32_t x37; uint32_t x36 = mulx_u32(x5, x21, &x37); - uint32_t x40; uint32_t x39 = mulx_u32(x5, x23, &x40); - uint32_t x43; uint32_t x42 = mulx_u32(x5, x25, &x43); - uint32_t x46; uint32_t x45 = mulx_u32(x5, x27, &x46); - uint32_t x49; uint32_t x48 = mulx_u32(x5, x29, &x49); - uint32_t x52; uint32_t x51 = mulx_u32(x5, x31, &x52); - uint32_t x55; uint32_t x54 = mulx_u32(x5, x30, &x55); - uint32_t x57; uint8_t x58 = addcarryx_u32(0x0, x34, x36, &x57); - uint32_t x60; uint8_t x61 = addcarryx_u32(x58, x37, x39, &x60); - uint32_t x63; uint8_t x64 = addcarryx_u32(x61, x40, x42, &x63); - uint32_t x66; uint8_t x67 = addcarryx_u32(x64, x43, x45, &x66); - uint32_t x69; uint8_t x70 = addcarryx_u32(x67, x46, x48, &x69); - uint32_t x72; uint8_t x73 = addcarryx_u32(x70, x49, x51, &x72); - uint32_t x75; uint8_t x76 = addcarryx_u32(x73, x52, x54, &x75); - uint32_t x78; addcarryx_u32(0x0, x76, x55, &x78); - uint32_t x82; uint32_t x81 = mulx_u32(x33, 0xffffffff, &x82); - uint32_t x85; uint32_t x84 = mulx_u32(x33, 0xffffffff, &x85); - uint32_t x88; uint32_t x87 = mulx_u32(x33, 0xffffffff, &x88); - uint32_t x91; uint32_t x90 = mulx_u32(x33, 0xffffffff, &x91); - uint32_t x93; uint8_t x94 = addcarryx_u32(0x0, x82, x84, &x93); - uint32_t x96; uint8_t x97 = addcarryx_u32(x94, x85, x87, &x96); - uint32_t x99; uint8_t x100 = addcarryx_u32(x97, x88, 0x0, &x99); - uint8_t x101 = (0x0 + 0x0); - uint32_t _1; uint8_t x104 = addcarryx_u32(0x0, x33, x81, &_1); - uint32_t x106; uint8_t x107 = addcarryx_u32(x104, x57, x93, &x106); - uint32_t x109; uint8_t x110 = addcarryx_u32(x107, x60, x96, &x109); - uint32_t x112; uint8_t x113 = addcarryx_u32(x110, x63, x99, &x112); - uint32_t x115; uint8_t x116 = addcarryx_u32(x113, x66, x100, &x115); - uint32_t x118; uint8_t x119 = addcarryx_u32(x116, x69, x101, &x118); - uint32_t x121; uint8_t x122 = addcarryx_u32(x119, x72, x33, &x121); - uint32_t x124; uint8_t x125 = addcarryx_u32(x122, x75, x90, &x124); - uint32_t x127; uint8_t x128 = addcarryx_u32(x125, x78, x91, &x127); - uint8_t x129 = (x128 + 0x0); - uint32_t x132; uint32_t x131 = mulx_u32(x7, x19, &x132); - uint32_t x135; uint32_t x134 = mulx_u32(x7, x21, &x135); - uint32_t x138; uint32_t x137 = mulx_u32(x7, x23, &x138); - uint32_t x141; uint32_t x140 = mulx_u32(x7, x25, &x141); - uint32_t x144; uint32_t x143 = mulx_u32(x7, x27, &x144); - uint32_t x147; uint32_t x146 = mulx_u32(x7, x29, &x147); - uint32_t x150; uint32_t x149 = mulx_u32(x7, x31, &x150); - uint32_t x153; uint32_t x152 = mulx_u32(x7, x30, &x153); - uint32_t x155; uint8_t x156 = addcarryx_u32(0x0, x132, x134, &x155); - uint32_t x158; uint8_t x159 = addcarryx_u32(x156, x135, x137, &x158); - uint32_t x161; uint8_t x162 = addcarryx_u32(x159, x138, x140, &x161); - uint32_t x164; uint8_t x165 = addcarryx_u32(x162, x141, x143, &x164); - uint32_t x167; uint8_t x168 = addcarryx_u32(x165, x144, x146, &x167); - uint32_t x170; uint8_t x171 = addcarryx_u32(x168, x147, x149, &x170); - uint32_t x173; uint8_t x174 = addcarryx_u32(x171, x150, x152, &x173); - uint32_t x176; addcarryx_u32(0x0, x174, x153, &x176); - uint32_t x179; uint8_t x180 = addcarryx_u32(0x0, x106, x131, &x179); - uint32_t x182; uint8_t x183 = addcarryx_u32(x180, x109, x155, &x182); - uint32_t x185; uint8_t x186 = addcarryx_u32(x183, x112, x158, &x185); - uint32_t x188; uint8_t x189 = addcarryx_u32(x186, x115, x161, &x188); - uint32_t x191; uint8_t x192 = addcarryx_u32(x189, x118, x164, &x191); - uint32_t x194; uint8_t x195 = addcarryx_u32(x192, x121, x167, &x194); - uint32_t x197; uint8_t x198 = addcarryx_u32(x195, x124, x170, &x197); - uint32_t x200; uint8_t x201 = addcarryx_u32(x198, x127, x173, &x200); - uint32_t x203; uint8_t x204 = addcarryx_u32(x201, x129, x176, &x203); - uint32_t x207; uint32_t x206 = mulx_u32(x179, 0xffffffff, &x207); - uint32_t x210; uint32_t x209 = mulx_u32(x179, 0xffffffff, &x210); - uint32_t x213; uint32_t x212 = mulx_u32(x179, 0xffffffff, &x213); - uint32_t x216; uint32_t x215 = mulx_u32(x179, 0xffffffff, &x216); - uint32_t x218; uint8_t x219 = addcarryx_u32(0x0, x207, x209, &x218); - uint32_t x221; uint8_t x222 = addcarryx_u32(x219, x210, x212, &x221); - uint32_t x224; uint8_t x225 = addcarryx_u32(x222, x213, 0x0, &x224); - uint8_t x226 = (0x0 + 0x0); - uint32_t _2; uint8_t x229 = addcarryx_u32(0x0, x179, x206, &_2); - uint32_t x231; uint8_t x232 = addcarryx_u32(x229, x182, x218, &x231); - uint32_t x234; uint8_t x235 = addcarryx_u32(x232, x185, x221, &x234); - uint32_t x237; uint8_t x238 = addcarryx_u32(x235, x188, x224, &x237); - uint32_t x240; uint8_t x241 = addcarryx_u32(x238, x191, x225, &x240); - uint32_t x243; uint8_t x244 = addcarryx_u32(x241, x194, x226, &x243); - uint32_t x246; uint8_t x247 = addcarryx_u32(x244, x197, x179, &x246); - uint32_t x249; uint8_t x250 = addcarryx_u32(x247, x200, x215, &x249); - uint32_t x252; uint8_t x253 = addcarryx_u32(x250, x203, x216, &x252); - uint8_t x254 = (x253 + x204); - uint32_t x257; uint32_t x256 = mulx_u32(x9, x19, &x257); - uint32_t x260; uint32_t x259 = mulx_u32(x9, x21, &x260); - uint32_t x263; uint32_t x262 = mulx_u32(x9, x23, &x263); - uint32_t x266; uint32_t x265 = mulx_u32(x9, x25, &x266); - uint32_t x269; uint32_t x268 = mulx_u32(x9, x27, &x269); - uint32_t x272; uint32_t x271 = mulx_u32(x9, x29, &x272); - uint32_t x275; uint32_t x274 = mulx_u32(x9, x31, &x275); - uint32_t x278; uint32_t x277 = mulx_u32(x9, x30, &x278); - uint32_t x280; uint8_t x281 = addcarryx_u32(0x0, x257, x259, &x280); - uint32_t x283; uint8_t x284 = addcarryx_u32(x281, x260, x262, &x283); - uint32_t x286; uint8_t x287 = addcarryx_u32(x284, x263, x265, &x286); - uint32_t x289; uint8_t x290 = addcarryx_u32(x287, x266, x268, &x289); - uint32_t x292; uint8_t x293 = addcarryx_u32(x290, x269, x271, &x292); - uint32_t x295; uint8_t x296 = addcarryx_u32(x293, x272, x274, &x295); - uint32_t x298; uint8_t x299 = addcarryx_u32(x296, x275, x277, &x298); - uint32_t x301; addcarryx_u32(0x0, x299, x278, &x301); - uint32_t x304; uint8_t x305 = addcarryx_u32(0x0, x231, x256, &x304); - uint32_t x307; uint8_t x308 = addcarryx_u32(x305, x234, x280, &x307); - uint32_t x310; uint8_t x311 = addcarryx_u32(x308, x237, x283, &x310); - uint32_t x313; uint8_t x314 = addcarryx_u32(x311, x240, x286, &x313); - uint32_t x316; uint8_t x317 = addcarryx_u32(x314, x243, x289, &x316); - uint32_t x319; uint8_t x320 = addcarryx_u32(x317, x246, x292, &x319); - uint32_t x322; uint8_t x323 = addcarryx_u32(x320, x249, x295, &x322); - uint32_t x325; uint8_t x326 = addcarryx_u32(x323, x252, x298, &x325); - uint32_t x328; uint8_t x329 = addcarryx_u32(x326, x254, x301, &x328); - uint32_t x332; uint32_t x331 = mulx_u32(x304, 0xffffffff, &x332); - uint32_t x335; uint32_t x334 = mulx_u32(x304, 0xffffffff, &x335); - uint32_t x338; uint32_t x337 = mulx_u32(x304, 0xffffffff, &x338); - uint32_t x341; uint32_t x340 = mulx_u32(x304, 0xffffffff, &x341); - uint32_t x343; uint8_t x344 = addcarryx_u32(0x0, x332, x334, &x343); - uint32_t x346; uint8_t x347 = addcarryx_u32(x344, x335, x337, &x346); - uint32_t x349; uint8_t x350 = addcarryx_u32(x347, x338, 0x0, &x349); - uint8_t x351 = (0x0 + 0x0); - uint32_t _3; uint8_t x354 = addcarryx_u32(0x0, x304, x331, &_3); - uint32_t x356; uint8_t x357 = addcarryx_u32(x354, x307, x343, &x356); - uint32_t x359; uint8_t x360 = addcarryx_u32(x357, x310, x346, &x359); - uint32_t x362; uint8_t x363 = addcarryx_u32(x360, x313, x349, &x362); - uint32_t x365; uint8_t x366 = addcarryx_u32(x363, x316, x350, &x365); - uint32_t x368; uint8_t x369 = addcarryx_u32(x366, x319, x351, &x368); - uint32_t x371; uint8_t x372 = addcarryx_u32(x369, x322, x304, &x371); - uint32_t x374; uint8_t x375 = addcarryx_u32(x372, x325, x340, &x374); - uint32_t x377; uint8_t x378 = addcarryx_u32(x375, x328, x341, &x377); - uint8_t x379 = (x378 + x329); - uint32_t x382; uint32_t x381 = mulx_u32(x11, x19, &x382); - uint32_t x385; uint32_t x384 = mulx_u32(x11, x21, &x385); - uint32_t x388; uint32_t x387 = mulx_u32(x11, x23, &x388); - uint32_t x391; uint32_t x390 = mulx_u32(x11, x25, &x391); - uint32_t x394; uint32_t x393 = mulx_u32(x11, x27, &x394); - uint32_t x397; uint32_t x396 = mulx_u32(x11, x29, &x397); - uint32_t x400; uint32_t x399 = mulx_u32(x11, x31, &x400); - uint32_t x403; uint32_t x402 = mulx_u32(x11, x30, &x403); - uint32_t x405; uint8_t x406 = addcarryx_u32(0x0, x382, x384, &x405); - uint32_t x408; uint8_t x409 = addcarryx_u32(x406, x385, x387, &x408); - uint32_t x411; uint8_t x412 = addcarryx_u32(x409, x388, x390, &x411); - uint32_t x414; uint8_t x415 = addcarryx_u32(x412, x391, x393, &x414); - uint32_t x417; uint8_t x418 = addcarryx_u32(x415, x394, x396, &x417); - uint32_t x420; uint8_t x421 = addcarryx_u32(x418, x397, x399, &x420); - uint32_t x423; uint8_t x424 = addcarryx_u32(x421, x400, x402, &x423); - uint32_t x426; addcarryx_u32(0x0, x424, x403, &x426); - uint32_t x429; uint8_t x430 = addcarryx_u32(0x0, x356, x381, &x429); - uint32_t x432; uint8_t x433 = addcarryx_u32(x430, x359, x405, &x432); - uint32_t x435; uint8_t x436 = addcarryx_u32(x433, x362, x408, &x435); - uint32_t x438; uint8_t x439 = addcarryx_u32(x436, x365, x411, &x438); - uint32_t x441; uint8_t x442 = addcarryx_u32(x439, x368, x414, &x441); - uint32_t x444; uint8_t x445 = addcarryx_u32(x442, x371, x417, &x444); - uint32_t x447; uint8_t x448 = addcarryx_u32(x445, x374, x420, &x447); - uint32_t x450; uint8_t x451 = addcarryx_u32(x448, x377, x423, &x450); - uint32_t x453; uint8_t x454 = addcarryx_u32(x451, x379, x426, &x453); - uint32_t x457; uint32_t x456 = mulx_u32(x429, 0xffffffff, &x457); - uint32_t x460; uint32_t x459 = mulx_u32(x429, 0xffffffff, &x460); - uint32_t x463; uint32_t x462 = mulx_u32(x429, 0xffffffff, &x463); - uint32_t x466; uint32_t x465 = mulx_u32(x429, 0xffffffff, &x466); - uint32_t x468; uint8_t x469 = addcarryx_u32(0x0, x457, x459, &x468); - uint32_t x471; uint8_t x472 = addcarryx_u32(x469, x460, x462, &x471); - uint32_t x474; uint8_t x475 = addcarryx_u32(x472, x463, 0x0, &x474); - uint8_t x476 = (0x0 + 0x0); - uint32_t _4; uint8_t x479 = addcarryx_u32(0x0, x429, x456, &_4); - uint32_t x481; uint8_t x482 = addcarryx_u32(x479, x432, x468, &x481); - uint32_t x484; uint8_t x485 = addcarryx_u32(x482, x435, x471, &x484); - uint32_t x487; uint8_t x488 = addcarryx_u32(x485, x438, x474, &x487); - uint32_t x490; uint8_t x491 = addcarryx_u32(x488, x441, x475, &x490); - uint32_t x493; uint8_t x494 = addcarryx_u32(x491, x444, x476, &x493); - uint32_t x496; uint8_t x497 = addcarryx_u32(x494, x447, x429, &x496); - uint32_t x499; uint8_t x500 = addcarryx_u32(x497, x450, x465, &x499); - uint32_t x502; uint8_t x503 = addcarryx_u32(x500, x453, x466, &x502); - uint8_t x504 = (x503 + x454); - uint32_t x507; uint32_t x506 = mulx_u32(x13, x19, &x507); - uint32_t x510; uint32_t x509 = mulx_u32(x13, x21, &x510); - uint32_t x513; uint32_t x512 = mulx_u32(x13, x23, &x513); - uint32_t x516; uint32_t x515 = mulx_u32(x13, x25, &x516); - uint32_t x519; uint32_t x518 = mulx_u32(x13, x27, &x519); - uint32_t x522; uint32_t x521 = mulx_u32(x13, x29, &x522); - uint32_t x525; uint32_t x524 = mulx_u32(x13, x31, &x525); - uint32_t x528; uint32_t x527 = mulx_u32(x13, x30, &x528); - uint32_t x530; uint8_t x531 = addcarryx_u32(0x0, x507, x509, &x530); - uint32_t x533; uint8_t x534 = addcarryx_u32(x531, x510, x512, &x533); - uint32_t x536; uint8_t x537 = addcarryx_u32(x534, x513, x515, &x536); - uint32_t x539; uint8_t x540 = addcarryx_u32(x537, x516, x518, &x539); - uint32_t x542; uint8_t x543 = addcarryx_u32(x540, x519, x521, &x542); - uint32_t x545; uint8_t x546 = addcarryx_u32(x543, x522, x524, &x545); - uint32_t x548; uint8_t x549 = addcarryx_u32(x546, x525, x527, &x548); - uint32_t x551; addcarryx_u32(0x0, x549, x528, &x551); - uint32_t x554; uint8_t x555 = addcarryx_u32(0x0, x481, x506, &x554); - uint32_t x557; uint8_t x558 = addcarryx_u32(x555, x484, x530, &x557); - uint32_t x560; uint8_t x561 = addcarryx_u32(x558, x487, x533, &x560); - uint32_t x563; uint8_t x564 = addcarryx_u32(x561, x490, x536, &x563); - uint32_t x566; uint8_t x567 = addcarryx_u32(x564, x493, x539, &x566); - uint32_t x569; uint8_t x570 = addcarryx_u32(x567, x496, x542, &x569); - uint32_t x572; uint8_t x573 = addcarryx_u32(x570, x499, x545, &x572); - uint32_t x575; uint8_t x576 = addcarryx_u32(x573, x502, x548, &x575); - uint32_t x578; uint8_t x579 = addcarryx_u32(x576, x504, x551, &x578); - uint32_t x582; uint32_t x581 = mulx_u32(x554, 0xffffffff, &x582); - uint32_t x585; uint32_t x584 = mulx_u32(x554, 0xffffffff, &x585); - uint32_t x588; uint32_t x587 = mulx_u32(x554, 0xffffffff, &x588); - uint32_t x591; uint32_t x590 = mulx_u32(x554, 0xffffffff, &x591); - uint32_t x593; uint8_t x594 = addcarryx_u32(0x0, x582, x584, &x593); - uint32_t x596; uint8_t x597 = addcarryx_u32(x594, x585, x587, &x596); - uint32_t x599; uint8_t x600 = addcarryx_u32(x597, x588, 0x0, &x599); - uint8_t x601 = (0x0 + 0x0); - uint32_t _5; uint8_t x604 = addcarryx_u32(0x0, x554, x581, &_5); - uint32_t x606; uint8_t x607 = addcarryx_u32(x604, x557, x593, &x606); - uint32_t x609; uint8_t x610 = addcarryx_u32(x607, x560, x596, &x609); - uint32_t x612; uint8_t x613 = addcarryx_u32(x610, x563, x599, &x612); - uint32_t x615; uint8_t x616 = addcarryx_u32(x613, x566, x600, &x615); - uint32_t x618; uint8_t x619 = addcarryx_u32(x616, x569, x601, &x618); - uint32_t x621; uint8_t x622 = addcarryx_u32(x619, x572, x554, &x621); - uint32_t x624; uint8_t x625 = addcarryx_u32(x622, x575, x590, &x624); - uint32_t x627; uint8_t x628 = addcarryx_u32(x625, x578, x591, &x627); - uint8_t x629 = (x628 + x579); - uint32_t x632; uint32_t x631 = mulx_u32(x15, x19, &x632); - uint32_t x635; uint32_t x634 = mulx_u32(x15, x21, &x635); - uint32_t x638; uint32_t x637 = mulx_u32(x15, x23, &x638); - uint32_t x641; uint32_t x640 = mulx_u32(x15, x25, &x641); - uint32_t x644; uint32_t x643 = mulx_u32(x15, x27, &x644); - uint32_t x647; uint32_t x646 = mulx_u32(x15, x29, &x647); - uint32_t x650; uint32_t x649 = mulx_u32(x15, x31, &x650); - uint32_t x653; uint32_t x652 = mulx_u32(x15, x30, &x653); - uint32_t x655; uint8_t x656 = addcarryx_u32(0x0, x632, x634, &x655); - uint32_t x658; uint8_t x659 = addcarryx_u32(x656, x635, x637, &x658); - uint32_t x661; uint8_t x662 = addcarryx_u32(x659, x638, x640, &x661); - uint32_t x664; uint8_t x665 = addcarryx_u32(x662, x641, x643, &x664); - uint32_t x667; uint8_t x668 = addcarryx_u32(x665, x644, x646, &x667); - uint32_t x670; uint8_t x671 = addcarryx_u32(x668, x647, x649, &x670); - uint32_t x673; uint8_t x674 = addcarryx_u32(x671, x650, x652, &x673); - uint32_t x676; addcarryx_u32(0x0, x674, x653, &x676); - uint32_t x679; uint8_t x680 = addcarryx_u32(0x0, x606, x631, &x679); - uint32_t x682; uint8_t x683 = addcarryx_u32(x680, x609, x655, &x682); - uint32_t x685; uint8_t x686 = addcarryx_u32(x683, x612, x658, &x685); - uint32_t x688; uint8_t x689 = addcarryx_u32(x686, x615, x661, &x688); - uint32_t x691; uint8_t x692 = addcarryx_u32(x689, x618, x664, &x691); - uint32_t x694; uint8_t x695 = addcarryx_u32(x692, x621, x667, &x694); - uint32_t x697; uint8_t x698 = addcarryx_u32(x695, x624, x670, &x697); - uint32_t x700; uint8_t x701 = addcarryx_u32(x698, x627, x673, &x700); - uint32_t x703; uint8_t x704 = addcarryx_u32(x701, x629, x676, &x703); - uint32_t x707; uint32_t x706 = mulx_u32(x679, 0xffffffff, &x707); - uint32_t x710; uint32_t x709 = mulx_u32(x679, 0xffffffff, &x710); - uint32_t x713; uint32_t x712 = mulx_u32(x679, 0xffffffff, &x713); - uint32_t x716; uint32_t x715 = mulx_u32(x679, 0xffffffff, &x716); - uint32_t x718; uint8_t x719 = addcarryx_u32(0x0, x707, x709, &x718); - uint32_t x721; uint8_t x722 = addcarryx_u32(x719, x710, x712, &x721); - uint32_t x724; uint8_t x725 = addcarryx_u32(x722, x713, 0x0, &x724); - uint8_t x726 = (0x0 + 0x0); - uint32_t _6; uint8_t x729 = addcarryx_u32(0x0, x679, x706, &_6); - uint32_t x731; uint8_t x732 = addcarryx_u32(x729, x682, x718, &x731); - uint32_t x734; uint8_t x735 = addcarryx_u32(x732, x685, x721, &x734); - uint32_t x737; uint8_t x738 = addcarryx_u32(x735, x688, x724, &x737); - uint32_t x740; uint8_t x741 = addcarryx_u32(x738, x691, x725, &x740); - uint32_t x743; uint8_t x744 = addcarryx_u32(x741, x694, x726, &x743); - uint32_t x746; uint8_t x747 = addcarryx_u32(x744, x697, x679, &x746); - uint32_t x749; uint8_t x750 = addcarryx_u32(x747, x700, x715, &x749); - uint32_t x752; uint8_t x753 = addcarryx_u32(x750, x703, x716, &x752); - uint8_t x754 = (x753 + x704); - uint32_t x757; uint32_t x756 = mulx_u32(x17, x19, &x757); - uint32_t x760; uint32_t x759 = mulx_u32(x17, x21, &x760); - uint32_t x763; uint32_t x762 = mulx_u32(x17, x23, &x763); - uint32_t x766; uint32_t x765 = mulx_u32(x17, x25, &x766); - uint32_t x769; uint32_t x768 = mulx_u32(x17, x27, &x769); - uint32_t x772; uint32_t x771 = mulx_u32(x17, x29, &x772); - uint32_t x775; uint32_t x774 = mulx_u32(x17, x31, &x775); - uint32_t x778; uint32_t x777 = mulx_u32(x17, x30, &x778); - uint32_t x780; uint8_t x781 = addcarryx_u32(0x0, x757, x759, &x780); - uint32_t x783; uint8_t x784 = addcarryx_u32(x781, x760, x762, &x783); - uint32_t x786; uint8_t x787 = addcarryx_u32(x784, x763, x765, &x786); - uint32_t x789; uint8_t x790 = addcarryx_u32(x787, x766, x768, &x789); - uint32_t x792; uint8_t x793 = addcarryx_u32(x790, x769, x771, &x792); - uint32_t x795; uint8_t x796 = addcarryx_u32(x793, x772, x774, &x795); - uint32_t x798; uint8_t x799 = addcarryx_u32(x796, x775, x777, &x798); - uint32_t x801; addcarryx_u32(0x0, x799, x778, &x801); - uint32_t x804; uint8_t x805 = addcarryx_u32(0x0, x731, x756, &x804); - uint32_t x807; uint8_t x808 = addcarryx_u32(x805, x734, x780, &x807); - uint32_t x810; uint8_t x811 = addcarryx_u32(x808, x737, x783, &x810); - uint32_t x813; uint8_t x814 = addcarryx_u32(x811, x740, x786, &x813); - uint32_t x816; uint8_t x817 = addcarryx_u32(x814, x743, x789, &x816); - uint32_t x819; uint8_t x820 = addcarryx_u32(x817, x746, x792, &x819); - uint32_t x822; uint8_t x823 = addcarryx_u32(x820, x749, x795, &x822); - uint32_t x825; uint8_t x826 = addcarryx_u32(x823, x752, x798, &x825); - uint32_t x828; uint8_t x829 = addcarryx_u32(x826, x754, x801, &x828); - uint32_t x832; uint32_t x831 = mulx_u32(x804, 0xffffffff, &x832); - uint32_t x835; uint32_t x834 = mulx_u32(x804, 0xffffffff, &x835); - uint32_t x838; uint32_t x837 = mulx_u32(x804, 0xffffffff, &x838); - uint32_t x841; uint32_t x840 = mulx_u32(x804, 0xffffffff, &x841); - uint32_t x843; uint8_t x844 = addcarryx_u32(0x0, x832, x834, &x843); - uint32_t x846; uint8_t x847 = addcarryx_u32(x844, x835, x837, &x846); - uint32_t x849; uint8_t x850 = addcarryx_u32(x847, x838, 0x0, &x849); - uint8_t x851 = (0x0 + 0x0); - uint32_t _7; uint8_t x854 = addcarryx_u32(0x0, x804, x831, &_7); - uint32_t x856; uint8_t x857 = addcarryx_u32(x854, x807, x843, &x856); - uint32_t x859; uint8_t x860 = addcarryx_u32(x857, x810, x846, &x859); - uint32_t x862; uint8_t x863 = addcarryx_u32(x860, x813, x849, &x862); - uint32_t x865; uint8_t x866 = addcarryx_u32(x863, x816, x850, &x865); - uint32_t x868; uint8_t x869 = addcarryx_u32(x866, x819, x851, &x868); - uint32_t x871; uint8_t x872 = addcarryx_u32(x869, x822, x804, &x871); - uint32_t x874; uint8_t x875 = addcarryx_u32(x872, x825, x840, &x874); - uint32_t x877; uint8_t x878 = addcarryx_u32(x875, x828, x841, &x877); - uint8_t x879 = (x878 + x829); - uint32_t x882; uint32_t x881 = mulx_u32(x16, x19, &x882); - uint32_t x885; uint32_t x884 = mulx_u32(x16, x21, &x885); - uint32_t x888; uint32_t x887 = mulx_u32(x16, x23, &x888); - uint32_t x891; uint32_t x890 = mulx_u32(x16, x25, &x891); - uint32_t x894; uint32_t x893 = mulx_u32(x16, x27, &x894); - uint32_t x897; uint32_t x896 = mulx_u32(x16, x29, &x897); - uint32_t x900; uint32_t x899 = mulx_u32(x16, x31, &x900); - uint32_t x903; uint32_t x902 = mulx_u32(x16, x30, &x903); - uint32_t x905; uint8_t x906 = addcarryx_u32(0x0, x882, x884, &x905); - uint32_t x908; uint8_t x909 = addcarryx_u32(x906, x885, x887, &x908); - uint32_t x911; uint8_t x912 = addcarryx_u32(x909, x888, x890, &x911); - uint32_t x914; uint8_t x915 = addcarryx_u32(x912, x891, x893, &x914); - uint32_t x917; uint8_t x918 = addcarryx_u32(x915, x894, x896, &x917); - uint32_t x920; uint8_t x921 = addcarryx_u32(x918, x897, x899, &x920); - uint32_t x923; uint8_t x924 = addcarryx_u32(x921, x900, x902, &x923); - uint32_t x926; addcarryx_u32(0x0, x924, x903, &x926); - uint32_t x929; uint8_t x930 = addcarryx_u32(0x0, x856, x881, &x929); - uint32_t x932; uint8_t x933 = addcarryx_u32(x930, x859, x905, &x932); - uint32_t x935; uint8_t x936 = addcarryx_u32(x933, x862, x908, &x935); - uint32_t x938; uint8_t x939 = addcarryx_u32(x936, x865, x911, &x938); - uint32_t x941; uint8_t x942 = addcarryx_u32(x939, x868, x914, &x941); - uint32_t x944; uint8_t x945 = addcarryx_u32(x942, x871, x917, &x944); - uint32_t x947; uint8_t x948 = addcarryx_u32(x945, x874, x920, &x947); - uint32_t x950; uint8_t x951 = addcarryx_u32(x948, x877, x923, &x950); - uint32_t x953; uint8_t x954 = addcarryx_u32(x951, x879, x926, &x953); - uint32_t x957; uint32_t x956 = mulx_u32(x929, 0xffffffff, &x957); - uint32_t x960; uint32_t x959 = mulx_u32(x929, 0xffffffff, &x960); - uint32_t x963; uint32_t x962 = mulx_u32(x929, 0xffffffff, &x963); - uint32_t x966; uint32_t x965 = mulx_u32(x929, 0xffffffff, &x966); - uint32_t x968; uint8_t x969 = addcarryx_u32(0x0, x957, x959, &x968); - uint32_t x971; uint8_t x972 = addcarryx_u32(x969, x960, x962, &x971); - uint32_t x974; uint8_t x975 = addcarryx_u32(x972, x963, 0x0, &x974); - uint8_t x976 = (0x0 + 0x0); - uint32_t _8; uint8_t x979 = addcarryx_u32(0x0, x929, x956, &_8); - uint32_t x981; uint8_t x982 = addcarryx_u32(x979, x932, x968, &x981); - uint32_t x984; uint8_t x985 = addcarryx_u32(x982, x935, x971, &x984); - uint32_t x987; uint8_t x988 = addcarryx_u32(x985, x938, x974, &x987); - uint32_t x990; uint8_t x991 = addcarryx_u32(x988, x941, x975, &x990); - uint32_t x993; uint8_t x994 = addcarryx_u32(x991, x944, x976, &x993); - uint32_t x996; uint8_t x997 = addcarryx_u32(x994, x947, x929, &x996); - uint32_t x999; uint8_t x1000 = addcarryx_u32(x997, x950, x965, &x999); - uint32_t x1002; uint8_t x1003 = addcarryx_u32(x1000, x953, x966, &x1002); - uint8_t x1004 = (x1003 + x954); - uint32_t x1006; uint8_t x1007 = subborrow_u32(0x0, x981, 0xffffffff, &x1006); - uint32_t x1009; uint8_t x1010 = subborrow_u32(x1007, x984, 0xffffffff, &x1009); - uint32_t x1012; uint8_t x1013 = subborrow_u32(x1010, x987, 0xffffffff, &x1012); - uint32_t x1015; uint8_t x1016 = subborrow_u32(x1013, x990, 0x0, &x1015); - uint32_t x1018; uint8_t x1019 = subborrow_u32(x1016, x993, 0x0, &x1018); - uint32_t x1021; uint8_t x1022 = subborrow_u32(x1019, x996, 0x0, &x1021); - uint32_t x1024; uint8_t x1025 = subborrow_u32(x1022, x999, 0x1, &x1024); - uint32_t x1027; uint8_t x1028 = subborrow_u32(x1025, x1002, 0xffffffff, &x1027); - uint32_t _9; uint8_t x1031 = subborrow_u32(x1028, x1004, 0x0, &_9); - uint32_t x1032 = cmovznz_u32(x1031, x1027, x1002); - uint32_t x1033 = cmovznz_u32(x1031, x1024, x999); - uint32_t x1034 = cmovznz_u32(x1031, x1021, x996); - uint32_t x1035 = cmovznz_u32(x1031, x1018, x993); - uint32_t x1036 = cmovznz_u32(x1031, x1015, x990); - uint32_t x1037 = cmovznz_u32(x1031, x1012, x987); - uint32_t x1038 = cmovznz_u32(x1031, x1009, x984); - uint32_t x1039 = cmovznz_u32(x1031, x1006, x981); - out[0] = x1039; - out[1] = x1038; - out[2] = x1037; - out[3] = x1036; - out[4] = x1035; - out[5] = x1034; - out[6] = x1033; - out[7] = x1032; -} - -// NOTE: the following functions are generated from fiat-crypto, from the same -// template as their 64-bit counterparts above, but the correctness proof of -// the template was not composed with the correctness proof of the -// specialization pipeline. This is because Coq unexplainedly loops on trying -// to synthesize opp and sub using the normal pipeline. - -static void fe_sub(uint32_t out[8], const uint32_t in1[8], const uint32_t in2[8]) { - const uint32_t x14 = in1[7]; - const uint32_t x15 = in1[6]; - const uint32_t x13 = in1[5]; - const uint32_t x11 = in1[4]; - const uint32_t x9 = in1[3]; - const uint32_t x7 = in1[2]; - const uint32_t x5 = in1[1]; - const uint32_t x3 = in1[0]; - const uint32_t x28 = in2[7]; - const uint32_t x29 = in2[6]; - const uint32_t x27 = in2[5]; - const uint32_t x25 = in2[4]; - const uint32_t x23 = in2[3]; - const uint32_t x21 = in2[2]; - const uint32_t x19 = in2[1]; - const uint32_t x17 = in2[0]; - uint32_t x31; uint8_t x32 = subborrow_u32(0x0, x3, x17, &x31); - uint32_t x34; uint8_t x35 = subborrow_u32(x32, x5, x19, &x34); - uint32_t x37; uint8_t x38 = subborrow_u32(x35, x7, x21, &x37); - uint32_t x40; uint8_t x41 = subborrow_u32(x38, x9, x23, &x40); - uint32_t x43; uint8_t x44 = subborrow_u32(x41, x11, x25, &x43); - uint32_t x46; uint8_t x47 = subborrow_u32(x44, x13, x27, &x46); - uint32_t x49; uint8_t x50 = subborrow_u32(x47, x15, x29, &x49); - uint32_t x52; uint8_t x53 = subborrow_u32(x50, x14, x28, &x52); - uint32_t x54 = cmovznz_u32(x53, 0x0, 0xffffffff); - uint32_t x56; uint8_t x57 = addcarryx_u32(0x0, x31, (x54 & 0xffffffff), &x56); - uint32_t x59; uint8_t x60 = addcarryx_u32(x57, x34, (x54 & 0xffffffff), &x59); - uint32_t x62; uint8_t x63 = addcarryx_u32(x60, x37, (x54 & 0xffffffff), &x62); - uint32_t x65; uint8_t x66 = addcarryx_u32(x63, x40, 0x0, &x65); - uint32_t x68; uint8_t x69 = addcarryx_u32(x66, x43, 0x0, &x68); - uint32_t x71; uint8_t x72 = addcarryx_u32(x69, x46, 0x0, &x71); - uint32_t x74; uint8_t x75 = addcarryx_u32(x72, x49, ((uint8_t)x54 & 0x1), &x74); - uint32_t x77; addcarryx_u32(x75, x52, (x54 & 0xffffffff), &x77); - out[0] = x56; - out[1] = x59; - out[2] = x62; - out[3] = x65; - out[4] = x68; - out[5] = x71; - out[6] = x74; - out[7] = x77; -} - -// fe_op sets out = -in -static void fe_opp(uint32_t out[8], const uint32_t in1[8]) { - const uint32_t x12 = in1[7]; - const uint32_t x13 = in1[6]; - const uint32_t x11 = in1[5]; - const uint32_t x9 = in1[4]; - const uint32_t x7 = in1[3]; - const uint32_t x5 = in1[2]; - const uint32_t x3 = in1[1]; - const uint32_t x1 = in1[0]; - uint32_t x15; uint8_t x16 = subborrow_u32(0x0, 0x0, x1, &x15); - uint32_t x18; uint8_t x19 = subborrow_u32(x16, 0x0, x3, &x18); - uint32_t x21; uint8_t x22 = subborrow_u32(x19, 0x0, x5, &x21); - uint32_t x24; uint8_t x25 = subborrow_u32(x22, 0x0, x7, &x24); - uint32_t x27; uint8_t x28 = subborrow_u32(x25, 0x0, x9, &x27); - uint32_t x30; uint8_t x31 = subborrow_u32(x28, 0x0, x11, &x30); - uint32_t x33; uint8_t x34 = subborrow_u32(x31, 0x0, x13, &x33); - uint32_t x36; uint8_t x37 = subborrow_u32(x34, 0x0, x12, &x36); - uint32_t x38 = cmovznz_u32(x37, 0x0, 0xffffffff); - uint32_t x40; uint8_t x41 = addcarryx_u32(0x0, x15, (x38 & 0xffffffff), &x40); - uint32_t x43; uint8_t x44 = addcarryx_u32(x41, x18, (x38 & 0xffffffff), &x43); - uint32_t x46; uint8_t x47 = addcarryx_u32(x44, x21, (x38 & 0xffffffff), &x46); - uint32_t x49; uint8_t x50 = addcarryx_u32(x47, x24, 0x0, &x49); - uint32_t x52; uint8_t x53 = addcarryx_u32(x50, x27, 0x0, &x52); - uint32_t x55; uint8_t x56 = addcarryx_u32(x53, x30, 0x0, &x55); - uint32_t x58; uint8_t x59 = addcarryx_u32(x56, x33, ((uint8_t)x38 & 0x1), &x58); - uint32_t x61; addcarryx_u32(x59, x36, (x38 & 0xffffffff), &x61); - out[0] = x40; - out[1] = x43; - out[2] = x46; - out[3] = x49; - out[4] = x52; - out[5] = x55; - out[6] = x58; - out[7] = x61; -} - -#endif // utility functions, handwritten @@ -840,22 +60,28 @@ static void fe_opp(uint32_t out[8], const uint32_t in1[8]) { #define NLIMBS 4 typedef uint64_t limb_t; -#define cmovznz_limb cmovznz_u64 typedef uint64_t fe[NLIMBS]; #else // 64BIT; else 32BIT #define NLIMBS 8 typedef uint32_t limb_t; -#define cmovznz_limb cmovznz_u32 typedef uint32_t fe[NLIMBS]; #endif // 64BIT +#define fe_add fiat_p256_add +#define fe_sub fiat_p256_sub +#define fe_opp fiat_p256_opp + +#define fe_mul fiat_p256_mul +#define fe_sqr fiat_p256_square + +#define fe_tobytes fiat_p256_to_bytes +#define fe_frombytes fiat_p256_from_bytes + static limb_t fe_nz(const limb_t in1[NLIMBS]) { - limb_t ret = 0; - for (int i = 0; i < NLIMBS; i++) { - ret |= in1[i]; - } + limb_t ret; + fiat_p256_nonzero(&ret, in1); return ret; } @@ -867,33 +93,11 @@ static void fe_copy(limb_t out[NLIMBS], const limb_t in1[NLIMBS]) { static void fe_cmovznz(limb_t out[NLIMBS], limb_t t, const limb_t z[NLIMBS], const limb_t nz[NLIMBS]) { - for (int i = 0; i < NLIMBS; i++) { - out[i] = cmovznz_limb(t, z[i], nz[i]); - } -} - -static void fe_sqr(fe out, const fe in) { - fe_mul(out, in, in); -} - -static void fe_tobytes(uint8_t out[NBYTES], const fe in) { - for (int i = 0; i> (8*(i%sizeof(in[0])))); - } -} - -static void fe_frombytes(fe out, const uint8_t in[NBYTES]) { - for (int i = 0; iscalar_inv_montgomery = ec_simple_scalar_inv_montgomery; out->scalar_inv_montgomery_vartime = ec_GFp_simple_mont_inv_mod_ord_vartime; out->cmp_x_coordinate = ec_GFp_nistp256_cmp_x_coordinate; -}; +} #undef BORINGSSL_NISTP256_64BIT diff --git a/src/third_party/fiat/p256_32.h b/src/third_party/fiat/p256_32.h new file mode 100644 index 0000000..faaa0b0 --- /dev/null +++ b/src/third_party/fiat/p256_32.h @@ -0,0 +1,3220 @@ +/* Autogenerated */ +/* curve description: p256 */ +/* requested operations: (all) */ +/* m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") */ +/* machine_wordsize = 32 (from "32") */ +/* */ +/* NOTE: In addition to the bounds specified above each function, all */ +/* functions synthesized for this Montgomery arithmetic require the */ +/* input to be strictly less than the prime modulus (m), and also */ +/* require the input to be in the unique saturated representation. */ +/* All functions also ensure that these two properties are true of */ +/* return values. */ + +#include +typedef unsigned char fiat_p256_uint1; +typedef signed char fiat_p256_int1; + + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_p256_addcarryx_u32(uint32_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint32_t arg2, uint32_t arg3) { + uint64_t x1 = ((arg1 + (uint64_t)arg2) + arg3); + uint32_t x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + fiat_p256_uint1 x3 = (fiat_p256_uint1)(x1 >> 32); + *out1 = x2; + *out2 = x3; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_p256_subborrowx_u32(uint32_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint32_t arg2, uint32_t arg3) { + int64_t x1 = ((arg2 - (int64_t)arg1) - arg3); + fiat_p256_int1 x2 = (fiat_p256_int1)(x1 >> 32); + uint32_t x3 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + *out1 = x3; + *out2 = (fiat_p256_uint1)(0x0 - x2); +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0xffffffff] + * arg2: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0xffffffff] + */ +static void fiat_p256_mulx_u32(uint32_t* out1, uint32_t* out2, uint32_t arg1, uint32_t arg2) { + uint64_t x1 = ((uint64_t)arg1 * arg2); + uint32_t x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + uint32_t x3 = (uint32_t)(x1 >> 32); + *out1 = x2; + *out2 = x3; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + */ +static void fiat_p256_cmovznz_u32(uint32_t* out1, fiat_p256_uint1 arg1, uint32_t arg2, uint32_t arg3) { + fiat_p256_uint1 x1 = (!(!arg1)); + uint32_t x2 = ((fiat_p256_int1)(0x0 - x1) & UINT32_C(0xffffffff)); + uint32_t x3 = ((x2 & arg3) | ((~x2) & arg2)); + *out1 = x3; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32_t arg2[8]) { + uint32_t x1 = (arg1[1]); + uint32_t x2 = (arg1[2]); + uint32_t x3 = (arg1[3]); + uint32_t x4 = (arg1[4]); + uint32_t x5 = (arg1[5]); + uint32_t x6 = (arg1[6]); + uint32_t x7 = (arg1[7]); + uint32_t x8 = (arg1[0]); + uint32_t x9; + uint32_t x10; + fiat_p256_mulx_u32(&x9, &x10, x8, (arg2[7])); + uint32_t x11; + uint32_t x12; + fiat_p256_mulx_u32(&x11, &x12, x8, (arg2[6])); + uint32_t x13; + uint32_t x14; + fiat_p256_mulx_u32(&x13, &x14, x8, (arg2[5])); + uint32_t x15; + uint32_t x16; + fiat_p256_mulx_u32(&x15, &x16, x8, (arg2[4])); + uint32_t x17; + uint32_t x18; + fiat_p256_mulx_u32(&x17, &x18, x8, (arg2[3])); + uint32_t x19; + uint32_t x20; + fiat_p256_mulx_u32(&x19, &x20, x8, (arg2[2])); + uint32_t x21; + uint32_t x22; + fiat_p256_mulx_u32(&x21, &x22, x8, (arg2[1])); + uint32_t x23; + uint32_t x24; + fiat_p256_mulx_u32(&x23, &x24, x8, (arg2[0])); + uint32_t x25; + fiat_p256_uint1 x26; + fiat_p256_addcarryx_u32(&x25, &x26, 0x0, x21, x24); + uint32_t x27; + fiat_p256_uint1 x28; + fiat_p256_addcarryx_u32(&x27, &x28, x26, x19, x22); + uint32_t x29; + fiat_p256_uint1 x30; + fiat_p256_addcarryx_u32(&x29, &x30, x28, x17, x20); + uint32_t x31; + fiat_p256_uint1 x32; + fiat_p256_addcarryx_u32(&x31, &x32, x30, x15, x18); + uint32_t x33; + fiat_p256_uint1 x34; + fiat_p256_addcarryx_u32(&x33, &x34, x32, x13, x16); + uint32_t x35; + fiat_p256_uint1 x36; + fiat_p256_addcarryx_u32(&x35, &x36, x34, x11, x14); + uint32_t x37; + fiat_p256_uint1 x38; + fiat_p256_addcarryx_u32(&x37, &x38, x36, x9, x12); + uint32_t x39; + fiat_p256_uint1 x40; + fiat_p256_addcarryx_u32(&x39, &x40, x38, 0x0, x10); + uint32_t x41; + uint32_t x42; + fiat_p256_mulx_u32(&x41, &x42, x23, UINT32_C(0xffffffff)); + uint32_t x43; + uint32_t x44; + fiat_p256_mulx_u32(&x43, &x44, x23, UINT32_C(0xffffffff)); + uint32_t x45; + uint32_t x46; + fiat_p256_mulx_u32(&x45, &x46, x23, UINT32_C(0xffffffff)); + uint32_t x47; + uint32_t x48; + fiat_p256_mulx_u32(&x47, &x48, x23, UINT32_C(0xffffffff)); + uint32_t x49; + fiat_p256_uint1 x50; + fiat_p256_addcarryx_u32(&x49, &x50, 0x0, x45, x48); + uint32_t x51; + fiat_p256_uint1 x52; + fiat_p256_addcarryx_u32(&x51, &x52, x50, x43, x46); + uint32_t x53; + fiat_p256_uint1 x54; + fiat_p256_addcarryx_u32(&x53, &x54, x52, 0x0, x44); + uint32_t x55; + fiat_p256_uint1 x56; + fiat_p256_addcarryx_u32(&x55, &x56, 0x0, x47, x23); + uint32_t x57; + fiat_p256_uint1 x58; + fiat_p256_addcarryx_u32(&x57, &x58, x56, x49, x25); + uint32_t x59; + fiat_p256_uint1 x60; + fiat_p256_addcarryx_u32(&x59, &x60, x58, x51, x27); + uint32_t x61; + fiat_p256_uint1 x62; + fiat_p256_addcarryx_u32(&x61, &x62, x60, x53, x29); + uint32_t x63; + fiat_p256_uint1 x64; + fiat_p256_addcarryx_u32(&x63, &x64, x62, 0x0, x31); + uint32_t x65; + fiat_p256_uint1 x66; + fiat_p256_addcarryx_u32(&x65, &x66, x64, 0x0, x33); + uint32_t x67; + fiat_p256_uint1 x68; + fiat_p256_addcarryx_u32(&x67, &x68, x66, x23, x35); + uint32_t x69; + fiat_p256_uint1 x70; + fiat_p256_addcarryx_u32(&x69, &x70, x68, x41, x37); + uint32_t x71; + fiat_p256_uint1 x72; + fiat_p256_addcarryx_u32(&x71, &x72, x70, x42, x39); + uint32_t x73; + fiat_p256_uint1 x74; + fiat_p256_addcarryx_u32(&x73, &x74, x72, 0x0, 0x0); + uint32_t x75; + uint32_t x76; + fiat_p256_mulx_u32(&x75, &x76, x1, (arg2[7])); + uint32_t x77; + uint32_t x78; + fiat_p256_mulx_u32(&x77, &x78, x1, (arg2[6])); + uint32_t x79; + uint32_t x80; + fiat_p256_mulx_u32(&x79, &x80, x1, (arg2[5])); + uint32_t x81; + uint32_t x82; + fiat_p256_mulx_u32(&x81, &x82, x1, (arg2[4])); + uint32_t x83; + uint32_t x84; + fiat_p256_mulx_u32(&x83, &x84, x1, (arg2[3])); + uint32_t x85; + uint32_t x86; + fiat_p256_mulx_u32(&x85, &x86, x1, (arg2[2])); + uint32_t x87; + uint32_t x88; + fiat_p256_mulx_u32(&x87, &x88, x1, (arg2[1])); + uint32_t x89; + uint32_t x90; + fiat_p256_mulx_u32(&x89, &x90, x1, (arg2[0])); + uint32_t x91; + fiat_p256_uint1 x92; + fiat_p256_addcarryx_u32(&x91, &x92, 0x0, x87, x90); + uint32_t x93; + fiat_p256_uint1 x94; + fiat_p256_addcarryx_u32(&x93, &x94, x92, x85, x88); + uint32_t x95; + fiat_p256_uint1 x96; + fiat_p256_addcarryx_u32(&x95, &x96, x94, x83, x86); + uint32_t x97; + fiat_p256_uint1 x98; + fiat_p256_addcarryx_u32(&x97, &x98, x96, x81, x84); + uint32_t x99; + fiat_p256_uint1 x100; + fiat_p256_addcarryx_u32(&x99, &x100, x98, x79, x82); + uint32_t x101; + fiat_p256_uint1 x102; + fiat_p256_addcarryx_u32(&x101, &x102, x100, x77, x80); + uint32_t x103; + fiat_p256_uint1 x104; + fiat_p256_addcarryx_u32(&x103, &x104, x102, x75, x78); + uint32_t x105; + fiat_p256_uint1 x106; + fiat_p256_addcarryx_u32(&x105, &x106, x104, 0x0, x76); + uint32_t x107; + fiat_p256_uint1 x108; + fiat_p256_addcarryx_u32(&x107, &x108, 0x0, x89, x57); + uint32_t x109; + fiat_p256_uint1 x110; + fiat_p256_addcarryx_u32(&x109, &x110, x108, x91, x59); + uint32_t x111; + fiat_p256_uint1 x112; + fiat_p256_addcarryx_u32(&x111, &x112, x110, x93, x61); + uint32_t x113; + fiat_p256_uint1 x114; + fiat_p256_addcarryx_u32(&x113, &x114, x112, x95, x63); + uint32_t x115; + fiat_p256_uint1 x116; + fiat_p256_addcarryx_u32(&x115, &x116, x114, x97, x65); + uint32_t x117; + fiat_p256_uint1 x118; + fiat_p256_addcarryx_u32(&x117, &x118, x116, x99, x67); + uint32_t x119; + fiat_p256_uint1 x120; + fiat_p256_addcarryx_u32(&x119, &x120, x118, x101, x69); + uint32_t x121; + fiat_p256_uint1 x122; + fiat_p256_addcarryx_u32(&x121, &x122, x120, x103, x71); + uint32_t x123; + fiat_p256_uint1 x124; + fiat_p256_addcarryx_u32(&x123, &x124, x122, x105, (fiat_p256_uint1)x73); + uint32_t x125; + uint32_t x126; + fiat_p256_mulx_u32(&x125, &x126, x107, UINT32_C(0xffffffff)); + uint32_t x127; + uint32_t x128; + fiat_p256_mulx_u32(&x127, &x128, x107, UINT32_C(0xffffffff)); + uint32_t x129; + uint32_t x130; + fiat_p256_mulx_u32(&x129, &x130, x107, UINT32_C(0xffffffff)); + uint32_t x131; + uint32_t x132; + fiat_p256_mulx_u32(&x131, &x132, x107, UINT32_C(0xffffffff)); + uint32_t x133; + fiat_p256_uint1 x134; + fiat_p256_addcarryx_u32(&x133, &x134, 0x0, x129, x132); + uint32_t x135; + fiat_p256_uint1 x136; + fiat_p256_addcarryx_u32(&x135, &x136, x134, x127, x130); + uint32_t x137; + fiat_p256_uint1 x138; + fiat_p256_addcarryx_u32(&x137, &x138, x136, 0x0, x128); + uint32_t x139; + fiat_p256_uint1 x140; + fiat_p256_addcarryx_u32(&x139, &x140, 0x0, x131, x107); + uint32_t x141; + fiat_p256_uint1 x142; + fiat_p256_addcarryx_u32(&x141, &x142, x140, x133, x109); + uint32_t x143; + fiat_p256_uint1 x144; + fiat_p256_addcarryx_u32(&x143, &x144, x142, x135, x111); + uint32_t x145; + fiat_p256_uint1 x146; + fiat_p256_addcarryx_u32(&x145, &x146, x144, x137, x113); + uint32_t x147; + fiat_p256_uint1 x148; + fiat_p256_addcarryx_u32(&x147, &x148, x146, 0x0, x115); + uint32_t x149; + fiat_p256_uint1 x150; + fiat_p256_addcarryx_u32(&x149, &x150, x148, 0x0, x117); + uint32_t x151; + fiat_p256_uint1 x152; + fiat_p256_addcarryx_u32(&x151, &x152, x150, x107, x119); + uint32_t x153; + fiat_p256_uint1 x154; + fiat_p256_addcarryx_u32(&x153, &x154, x152, x125, x121); + uint32_t x155; + fiat_p256_uint1 x156; + fiat_p256_addcarryx_u32(&x155, &x156, x154, x126, x123); + uint32_t x157; + fiat_p256_uint1 x158; + fiat_p256_addcarryx_u32(&x157, &x158, x156, 0x0, x124); + uint32_t x159; + uint32_t x160; + fiat_p256_mulx_u32(&x159, &x160, x2, (arg2[7])); + uint32_t x161; + uint32_t x162; + fiat_p256_mulx_u32(&x161, &x162, x2, (arg2[6])); + uint32_t x163; + uint32_t x164; + fiat_p256_mulx_u32(&x163, &x164, x2, (arg2[5])); + uint32_t x165; + uint32_t x166; + fiat_p256_mulx_u32(&x165, &x166, x2, (arg2[4])); + uint32_t x167; + uint32_t x168; + fiat_p256_mulx_u32(&x167, &x168, x2, (arg2[3])); + uint32_t x169; + uint32_t x170; + fiat_p256_mulx_u32(&x169, &x170, x2, (arg2[2])); + uint32_t x171; + uint32_t x172; + fiat_p256_mulx_u32(&x171, &x172, x2, (arg2[1])); + uint32_t x173; + uint32_t x174; + fiat_p256_mulx_u32(&x173, &x174, x2, (arg2[0])); + uint32_t x175; + fiat_p256_uint1 x176; + fiat_p256_addcarryx_u32(&x175, &x176, 0x0, x171, x174); + uint32_t x177; + fiat_p256_uint1 x178; + fiat_p256_addcarryx_u32(&x177, &x178, x176, x169, x172); + uint32_t x179; + fiat_p256_uint1 x180; + fiat_p256_addcarryx_u32(&x179, &x180, x178, x167, x170); + uint32_t x181; + fiat_p256_uint1 x182; + fiat_p256_addcarryx_u32(&x181, &x182, x180, x165, x168); + uint32_t x183; + fiat_p256_uint1 x184; + fiat_p256_addcarryx_u32(&x183, &x184, x182, x163, x166); + uint32_t x185; + fiat_p256_uint1 x186; + fiat_p256_addcarryx_u32(&x185, &x186, x184, x161, x164); + uint32_t x187; + fiat_p256_uint1 x188; + fiat_p256_addcarryx_u32(&x187, &x188, x186, x159, x162); + uint32_t x189; + fiat_p256_uint1 x190; + fiat_p256_addcarryx_u32(&x189, &x190, x188, 0x0, x160); + uint32_t x191; + fiat_p256_uint1 x192; + fiat_p256_addcarryx_u32(&x191, &x192, 0x0, x173, x141); + uint32_t x193; + fiat_p256_uint1 x194; + fiat_p256_addcarryx_u32(&x193, &x194, x192, x175, x143); + uint32_t x195; + fiat_p256_uint1 x196; + fiat_p256_addcarryx_u32(&x195, &x196, x194, x177, x145); + uint32_t x197; + fiat_p256_uint1 x198; + fiat_p256_addcarryx_u32(&x197, &x198, x196, x179, x147); + uint32_t x199; + fiat_p256_uint1 x200; + fiat_p256_addcarryx_u32(&x199, &x200, x198, x181, x149); + uint32_t x201; + fiat_p256_uint1 x202; + fiat_p256_addcarryx_u32(&x201, &x202, x200, x183, x151); + uint32_t x203; + fiat_p256_uint1 x204; + fiat_p256_addcarryx_u32(&x203, &x204, x202, x185, x153); + uint32_t x205; + fiat_p256_uint1 x206; + fiat_p256_addcarryx_u32(&x205, &x206, x204, x187, x155); + uint32_t x207; + fiat_p256_uint1 x208; + fiat_p256_addcarryx_u32(&x207, &x208, x206, x189, x157); + uint32_t x209; + uint32_t x210; + fiat_p256_mulx_u32(&x209, &x210, x191, UINT32_C(0xffffffff)); + uint32_t x211; + uint32_t x212; + fiat_p256_mulx_u32(&x211, &x212, x191, UINT32_C(0xffffffff)); + uint32_t x213; + uint32_t x214; + fiat_p256_mulx_u32(&x213, &x214, x191, UINT32_C(0xffffffff)); + uint32_t x215; + uint32_t x216; + fiat_p256_mulx_u32(&x215, &x216, x191, UINT32_C(0xffffffff)); + uint32_t x217; + fiat_p256_uint1 x218; + fiat_p256_addcarryx_u32(&x217, &x218, 0x0, x213, x216); + uint32_t x219; + fiat_p256_uint1 x220; + fiat_p256_addcarryx_u32(&x219, &x220, x218, x211, x214); + uint32_t x221; + fiat_p256_uint1 x222; + fiat_p256_addcarryx_u32(&x221, &x222, x220, 0x0, x212); + uint32_t x223; + fiat_p256_uint1 x224; + fiat_p256_addcarryx_u32(&x223, &x224, 0x0, x215, x191); + uint32_t x225; + fiat_p256_uint1 x226; + fiat_p256_addcarryx_u32(&x225, &x226, x224, x217, x193); + uint32_t x227; + fiat_p256_uint1 x228; + fiat_p256_addcarryx_u32(&x227, &x228, x226, x219, x195); + uint32_t x229; + fiat_p256_uint1 x230; + fiat_p256_addcarryx_u32(&x229, &x230, x228, x221, x197); + uint32_t x231; + fiat_p256_uint1 x232; + fiat_p256_addcarryx_u32(&x231, &x232, x230, 0x0, x199); + uint32_t x233; + fiat_p256_uint1 x234; + fiat_p256_addcarryx_u32(&x233, &x234, x232, 0x0, x201); + uint32_t x235; + fiat_p256_uint1 x236; + fiat_p256_addcarryx_u32(&x235, &x236, x234, x191, x203); + uint32_t x237; + fiat_p256_uint1 x238; + fiat_p256_addcarryx_u32(&x237, &x238, x236, x209, x205); + uint32_t x239; + fiat_p256_uint1 x240; + fiat_p256_addcarryx_u32(&x239, &x240, x238, x210, x207); + uint32_t x241; + fiat_p256_uint1 x242; + fiat_p256_addcarryx_u32(&x241, &x242, x240, 0x0, x208); + uint32_t x243; + uint32_t x244; + fiat_p256_mulx_u32(&x243, &x244, x3, (arg2[7])); + uint32_t x245; + uint32_t x246; + fiat_p256_mulx_u32(&x245, &x246, x3, (arg2[6])); + uint32_t x247; + uint32_t x248; + fiat_p256_mulx_u32(&x247, &x248, x3, (arg2[5])); + uint32_t x249; + uint32_t x250; + fiat_p256_mulx_u32(&x249, &x250, x3, (arg2[4])); + uint32_t x251; + uint32_t x252; + fiat_p256_mulx_u32(&x251, &x252, x3, (arg2[3])); + uint32_t x253; + uint32_t x254; + fiat_p256_mulx_u32(&x253, &x254, x3, (arg2[2])); + uint32_t x255; + uint32_t x256; + fiat_p256_mulx_u32(&x255, &x256, x3, (arg2[1])); + uint32_t x257; + uint32_t x258; + fiat_p256_mulx_u32(&x257, &x258, x3, (arg2[0])); + uint32_t x259; + fiat_p256_uint1 x260; + fiat_p256_addcarryx_u32(&x259, &x260, 0x0, x255, x258); + uint32_t x261; + fiat_p256_uint1 x262; + fiat_p256_addcarryx_u32(&x261, &x262, x260, x253, x256); + uint32_t x263; + fiat_p256_uint1 x264; + fiat_p256_addcarryx_u32(&x263, &x264, x262, x251, x254); + uint32_t x265; + fiat_p256_uint1 x266; + fiat_p256_addcarryx_u32(&x265, &x266, x264, x249, x252); + uint32_t x267; + fiat_p256_uint1 x268; + fiat_p256_addcarryx_u32(&x267, &x268, x266, x247, x250); + uint32_t x269; + fiat_p256_uint1 x270; + fiat_p256_addcarryx_u32(&x269, &x270, x268, x245, x248); + uint32_t x271; + fiat_p256_uint1 x272; + fiat_p256_addcarryx_u32(&x271, &x272, x270, x243, x246); + uint32_t x273; + fiat_p256_uint1 x274; + fiat_p256_addcarryx_u32(&x273, &x274, x272, 0x0, x244); + uint32_t x275; + fiat_p256_uint1 x276; + fiat_p256_addcarryx_u32(&x275, &x276, 0x0, x257, x225); + uint32_t x277; + fiat_p256_uint1 x278; + fiat_p256_addcarryx_u32(&x277, &x278, x276, x259, x227); + uint32_t x279; + fiat_p256_uint1 x280; + fiat_p256_addcarryx_u32(&x279, &x280, x278, x261, x229); + uint32_t x281; + fiat_p256_uint1 x282; + fiat_p256_addcarryx_u32(&x281, &x282, x280, x263, x231); + uint32_t x283; + fiat_p256_uint1 x284; + fiat_p256_addcarryx_u32(&x283, &x284, x282, x265, x233); + uint32_t x285; + fiat_p256_uint1 x286; + fiat_p256_addcarryx_u32(&x285, &x286, x284, x267, x235); + uint32_t x287; + fiat_p256_uint1 x288; + fiat_p256_addcarryx_u32(&x287, &x288, x286, x269, x237); + uint32_t x289; + fiat_p256_uint1 x290; + fiat_p256_addcarryx_u32(&x289, &x290, x288, x271, x239); + uint32_t x291; + fiat_p256_uint1 x292; + fiat_p256_addcarryx_u32(&x291, &x292, x290, x273, x241); + uint32_t x293; + uint32_t x294; + fiat_p256_mulx_u32(&x293, &x294, x275, UINT32_C(0xffffffff)); + uint32_t x295; + uint32_t x296; + fiat_p256_mulx_u32(&x295, &x296, x275, UINT32_C(0xffffffff)); + uint32_t x297; + uint32_t x298; + fiat_p256_mulx_u32(&x297, &x298, x275, UINT32_C(0xffffffff)); + uint32_t x299; + uint32_t x300; + fiat_p256_mulx_u32(&x299, &x300, x275, UINT32_C(0xffffffff)); + uint32_t x301; + fiat_p256_uint1 x302; + fiat_p256_addcarryx_u32(&x301, &x302, 0x0, x297, x300); + uint32_t x303; + fiat_p256_uint1 x304; + fiat_p256_addcarryx_u32(&x303, &x304, x302, x295, x298); + uint32_t x305; + fiat_p256_uint1 x306; + fiat_p256_addcarryx_u32(&x305, &x306, x304, 0x0, x296); + uint32_t x307; + fiat_p256_uint1 x308; + fiat_p256_addcarryx_u32(&x307, &x308, 0x0, x299, x275); + uint32_t x309; + fiat_p256_uint1 x310; + fiat_p256_addcarryx_u32(&x309, &x310, x308, x301, x277); + uint32_t x311; + fiat_p256_uint1 x312; + fiat_p256_addcarryx_u32(&x311, &x312, x310, x303, x279); + uint32_t x313; + fiat_p256_uint1 x314; + fiat_p256_addcarryx_u32(&x313, &x314, x312, x305, x281); + uint32_t x315; + fiat_p256_uint1 x316; + fiat_p256_addcarryx_u32(&x315, &x316, x314, 0x0, x283); + uint32_t x317; + fiat_p256_uint1 x318; + fiat_p256_addcarryx_u32(&x317, &x318, x316, 0x0, x285); + uint32_t x319; + fiat_p256_uint1 x320; + fiat_p256_addcarryx_u32(&x319, &x320, x318, x275, x287); + uint32_t x321; + fiat_p256_uint1 x322; + fiat_p256_addcarryx_u32(&x321, &x322, x320, x293, x289); + uint32_t x323; + fiat_p256_uint1 x324; + fiat_p256_addcarryx_u32(&x323, &x324, x322, x294, x291); + uint32_t x325; + fiat_p256_uint1 x326; + fiat_p256_addcarryx_u32(&x325, &x326, x324, 0x0, x292); + uint32_t x327; + uint32_t x328; + fiat_p256_mulx_u32(&x327, &x328, x4, (arg2[7])); + uint32_t x329; + uint32_t x330; + fiat_p256_mulx_u32(&x329, &x330, x4, (arg2[6])); + uint32_t x331; + uint32_t x332; + fiat_p256_mulx_u32(&x331, &x332, x4, (arg2[5])); + uint32_t x333; + uint32_t x334; + fiat_p256_mulx_u32(&x333, &x334, x4, (arg2[4])); + uint32_t x335; + uint32_t x336; + fiat_p256_mulx_u32(&x335, &x336, x4, (arg2[3])); + uint32_t x337; + uint32_t x338; + fiat_p256_mulx_u32(&x337, &x338, x4, (arg2[2])); + uint32_t x339; + uint32_t x340; + fiat_p256_mulx_u32(&x339, &x340, x4, (arg2[1])); + uint32_t x341; + uint32_t x342; + fiat_p256_mulx_u32(&x341, &x342, x4, (arg2[0])); + uint32_t x343; + fiat_p256_uint1 x344; + fiat_p256_addcarryx_u32(&x343, &x344, 0x0, x339, x342); + uint32_t x345; + fiat_p256_uint1 x346; + fiat_p256_addcarryx_u32(&x345, &x346, x344, x337, x340); + uint32_t x347; + fiat_p256_uint1 x348; + fiat_p256_addcarryx_u32(&x347, &x348, x346, x335, x338); + uint32_t x349; + fiat_p256_uint1 x350; + fiat_p256_addcarryx_u32(&x349, &x350, x348, x333, x336); + uint32_t x351; + fiat_p256_uint1 x352; + fiat_p256_addcarryx_u32(&x351, &x352, x350, x331, x334); + uint32_t x353; + fiat_p256_uint1 x354; + fiat_p256_addcarryx_u32(&x353, &x354, x352, x329, x332); + uint32_t x355; + fiat_p256_uint1 x356; + fiat_p256_addcarryx_u32(&x355, &x356, x354, x327, x330); + uint32_t x357; + fiat_p256_uint1 x358; + fiat_p256_addcarryx_u32(&x357, &x358, x356, 0x0, x328); + uint32_t x359; + fiat_p256_uint1 x360; + fiat_p256_addcarryx_u32(&x359, &x360, 0x0, x341, x309); + uint32_t x361; + fiat_p256_uint1 x362; + fiat_p256_addcarryx_u32(&x361, &x362, x360, x343, x311); + uint32_t x363; + fiat_p256_uint1 x364; + fiat_p256_addcarryx_u32(&x363, &x364, x362, x345, x313); + uint32_t x365; + fiat_p256_uint1 x366; + fiat_p256_addcarryx_u32(&x365, &x366, x364, x347, x315); + uint32_t x367; + fiat_p256_uint1 x368; + fiat_p256_addcarryx_u32(&x367, &x368, x366, x349, x317); + uint32_t x369; + fiat_p256_uint1 x370; + fiat_p256_addcarryx_u32(&x369, &x370, x368, x351, x319); + uint32_t x371; + fiat_p256_uint1 x372; + fiat_p256_addcarryx_u32(&x371, &x372, x370, x353, x321); + uint32_t x373; + fiat_p256_uint1 x374; + fiat_p256_addcarryx_u32(&x373, &x374, x372, x355, x323); + uint32_t x375; + fiat_p256_uint1 x376; + fiat_p256_addcarryx_u32(&x375, &x376, x374, x357, x325); + uint32_t x377; + uint32_t x378; + fiat_p256_mulx_u32(&x377, &x378, x359, UINT32_C(0xffffffff)); + uint32_t x379; + uint32_t x380; + fiat_p256_mulx_u32(&x379, &x380, x359, UINT32_C(0xffffffff)); + uint32_t x381; + uint32_t x382; + fiat_p256_mulx_u32(&x381, &x382, x359, UINT32_C(0xffffffff)); + uint32_t x383; + uint32_t x384; + fiat_p256_mulx_u32(&x383, &x384, x359, UINT32_C(0xffffffff)); + uint32_t x385; + fiat_p256_uint1 x386; + fiat_p256_addcarryx_u32(&x385, &x386, 0x0, x381, x384); + uint32_t x387; + fiat_p256_uint1 x388; + fiat_p256_addcarryx_u32(&x387, &x388, x386, x379, x382); + uint32_t x389; + fiat_p256_uint1 x390; + fiat_p256_addcarryx_u32(&x389, &x390, x388, 0x0, x380); + uint32_t x391; + fiat_p256_uint1 x392; + fiat_p256_addcarryx_u32(&x391, &x392, 0x0, x383, x359); + uint32_t x393; + fiat_p256_uint1 x394; + fiat_p256_addcarryx_u32(&x393, &x394, x392, x385, x361); + uint32_t x395; + fiat_p256_uint1 x396; + fiat_p256_addcarryx_u32(&x395, &x396, x394, x387, x363); + uint32_t x397; + fiat_p256_uint1 x398; + fiat_p256_addcarryx_u32(&x397, &x398, x396, x389, x365); + uint32_t x399; + fiat_p256_uint1 x400; + fiat_p256_addcarryx_u32(&x399, &x400, x398, 0x0, x367); + uint32_t x401; + fiat_p256_uint1 x402; + fiat_p256_addcarryx_u32(&x401, &x402, x400, 0x0, x369); + uint32_t x403; + fiat_p256_uint1 x404; + fiat_p256_addcarryx_u32(&x403, &x404, x402, x359, x371); + uint32_t x405; + fiat_p256_uint1 x406; + fiat_p256_addcarryx_u32(&x405, &x406, x404, x377, x373); + uint32_t x407; + fiat_p256_uint1 x408; + fiat_p256_addcarryx_u32(&x407, &x408, x406, x378, x375); + uint32_t x409; + fiat_p256_uint1 x410; + fiat_p256_addcarryx_u32(&x409, &x410, x408, 0x0, x376); + uint32_t x411; + uint32_t x412; + fiat_p256_mulx_u32(&x411, &x412, x5, (arg2[7])); + uint32_t x413; + uint32_t x414; + fiat_p256_mulx_u32(&x413, &x414, x5, (arg2[6])); + uint32_t x415; + uint32_t x416; + fiat_p256_mulx_u32(&x415, &x416, x5, (arg2[5])); + uint32_t x417; + uint32_t x418; + fiat_p256_mulx_u32(&x417, &x418, x5, (arg2[4])); + uint32_t x419; + uint32_t x420; + fiat_p256_mulx_u32(&x419, &x420, x5, (arg2[3])); + uint32_t x421; + uint32_t x422; + fiat_p256_mulx_u32(&x421, &x422, x5, (arg2[2])); + uint32_t x423; + uint32_t x424; + fiat_p256_mulx_u32(&x423, &x424, x5, (arg2[1])); + uint32_t x425; + uint32_t x426; + fiat_p256_mulx_u32(&x425, &x426, x5, (arg2[0])); + uint32_t x427; + fiat_p256_uint1 x428; + fiat_p256_addcarryx_u32(&x427, &x428, 0x0, x423, x426); + uint32_t x429; + fiat_p256_uint1 x430; + fiat_p256_addcarryx_u32(&x429, &x430, x428, x421, x424); + uint32_t x431; + fiat_p256_uint1 x432; + fiat_p256_addcarryx_u32(&x431, &x432, x430, x419, x422); + uint32_t x433; + fiat_p256_uint1 x434; + fiat_p256_addcarryx_u32(&x433, &x434, x432, x417, x420); + uint32_t x435; + fiat_p256_uint1 x436; + fiat_p256_addcarryx_u32(&x435, &x436, x434, x415, x418); + uint32_t x437; + fiat_p256_uint1 x438; + fiat_p256_addcarryx_u32(&x437, &x438, x436, x413, x416); + uint32_t x439; + fiat_p256_uint1 x440; + fiat_p256_addcarryx_u32(&x439, &x440, x438, x411, x414); + uint32_t x441; + fiat_p256_uint1 x442; + fiat_p256_addcarryx_u32(&x441, &x442, x440, 0x0, x412); + uint32_t x443; + fiat_p256_uint1 x444; + fiat_p256_addcarryx_u32(&x443, &x444, 0x0, x425, x393); + uint32_t x445; + fiat_p256_uint1 x446; + fiat_p256_addcarryx_u32(&x445, &x446, x444, x427, x395); + uint32_t x447; + fiat_p256_uint1 x448; + fiat_p256_addcarryx_u32(&x447, &x448, x446, x429, x397); + uint32_t x449; + fiat_p256_uint1 x450; + fiat_p256_addcarryx_u32(&x449, &x450, x448, x431, x399); + uint32_t x451; + fiat_p256_uint1 x452; + fiat_p256_addcarryx_u32(&x451, &x452, x450, x433, x401); + uint32_t x453; + fiat_p256_uint1 x454; + fiat_p256_addcarryx_u32(&x453, &x454, x452, x435, x403); + uint32_t x455; + fiat_p256_uint1 x456; + fiat_p256_addcarryx_u32(&x455, &x456, x454, x437, x405); + uint32_t x457; + fiat_p256_uint1 x458; + fiat_p256_addcarryx_u32(&x457, &x458, x456, x439, x407); + uint32_t x459; + fiat_p256_uint1 x460; + fiat_p256_addcarryx_u32(&x459, &x460, x458, x441, x409); + uint32_t x461; + uint32_t x462; + fiat_p256_mulx_u32(&x461, &x462, x443, UINT32_C(0xffffffff)); + uint32_t x463; + uint32_t x464; + fiat_p256_mulx_u32(&x463, &x464, x443, UINT32_C(0xffffffff)); + uint32_t x465; + uint32_t x466; + fiat_p256_mulx_u32(&x465, &x466, x443, UINT32_C(0xffffffff)); + uint32_t x467; + uint32_t x468; + fiat_p256_mulx_u32(&x467, &x468, x443, UINT32_C(0xffffffff)); + uint32_t x469; + fiat_p256_uint1 x470; + fiat_p256_addcarryx_u32(&x469, &x470, 0x0, x465, x468); + uint32_t x471; + fiat_p256_uint1 x472; + fiat_p256_addcarryx_u32(&x471, &x472, x470, x463, x466); + uint32_t x473; + fiat_p256_uint1 x474; + fiat_p256_addcarryx_u32(&x473, &x474, x472, 0x0, x464); + uint32_t x475; + fiat_p256_uint1 x476; + fiat_p256_addcarryx_u32(&x475, &x476, 0x0, x467, x443); + uint32_t x477; + fiat_p256_uint1 x478; + fiat_p256_addcarryx_u32(&x477, &x478, x476, x469, x445); + uint32_t x479; + fiat_p256_uint1 x480; + fiat_p256_addcarryx_u32(&x479, &x480, x478, x471, x447); + uint32_t x481; + fiat_p256_uint1 x482; + fiat_p256_addcarryx_u32(&x481, &x482, x480, x473, x449); + uint32_t x483; + fiat_p256_uint1 x484; + fiat_p256_addcarryx_u32(&x483, &x484, x482, 0x0, x451); + uint32_t x485; + fiat_p256_uint1 x486; + fiat_p256_addcarryx_u32(&x485, &x486, x484, 0x0, x453); + uint32_t x487; + fiat_p256_uint1 x488; + fiat_p256_addcarryx_u32(&x487, &x488, x486, x443, x455); + uint32_t x489; + fiat_p256_uint1 x490; + fiat_p256_addcarryx_u32(&x489, &x490, x488, x461, x457); + uint32_t x491; + fiat_p256_uint1 x492; + fiat_p256_addcarryx_u32(&x491, &x492, x490, x462, x459); + uint32_t x493; + fiat_p256_uint1 x494; + fiat_p256_addcarryx_u32(&x493, &x494, x492, 0x0, x460); + uint32_t x495; + uint32_t x496; + fiat_p256_mulx_u32(&x495, &x496, x6, (arg2[7])); + uint32_t x497; + uint32_t x498; + fiat_p256_mulx_u32(&x497, &x498, x6, (arg2[6])); + uint32_t x499; + uint32_t x500; + fiat_p256_mulx_u32(&x499, &x500, x6, (arg2[5])); + uint32_t x501; + uint32_t x502; + fiat_p256_mulx_u32(&x501, &x502, x6, (arg2[4])); + uint32_t x503; + uint32_t x504; + fiat_p256_mulx_u32(&x503, &x504, x6, (arg2[3])); + uint32_t x505; + uint32_t x506; + fiat_p256_mulx_u32(&x505, &x506, x6, (arg2[2])); + uint32_t x507; + uint32_t x508; + fiat_p256_mulx_u32(&x507, &x508, x6, (arg2[1])); + uint32_t x509; + uint32_t x510; + fiat_p256_mulx_u32(&x509, &x510, x6, (arg2[0])); + uint32_t x511; + fiat_p256_uint1 x512; + fiat_p256_addcarryx_u32(&x511, &x512, 0x0, x507, x510); + uint32_t x513; + fiat_p256_uint1 x514; + fiat_p256_addcarryx_u32(&x513, &x514, x512, x505, x508); + uint32_t x515; + fiat_p256_uint1 x516; + fiat_p256_addcarryx_u32(&x515, &x516, x514, x503, x506); + uint32_t x517; + fiat_p256_uint1 x518; + fiat_p256_addcarryx_u32(&x517, &x518, x516, x501, x504); + uint32_t x519; + fiat_p256_uint1 x520; + fiat_p256_addcarryx_u32(&x519, &x520, x518, x499, x502); + uint32_t x521; + fiat_p256_uint1 x522; + fiat_p256_addcarryx_u32(&x521, &x522, x520, x497, x500); + uint32_t x523; + fiat_p256_uint1 x524; + fiat_p256_addcarryx_u32(&x523, &x524, x522, x495, x498); + uint32_t x525; + fiat_p256_uint1 x526; + fiat_p256_addcarryx_u32(&x525, &x526, x524, 0x0, x496); + uint32_t x527; + fiat_p256_uint1 x528; + fiat_p256_addcarryx_u32(&x527, &x528, 0x0, x509, x477); + uint32_t x529; + fiat_p256_uint1 x530; + fiat_p256_addcarryx_u32(&x529, &x530, x528, x511, x479); + uint32_t x531; + fiat_p256_uint1 x532; + fiat_p256_addcarryx_u32(&x531, &x532, x530, x513, x481); + uint32_t x533; + fiat_p256_uint1 x534; + fiat_p256_addcarryx_u32(&x533, &x534, x532, x515, x483); + uint32_t x535; + fiat_p256_uint1 x536; + fiat_p256_addcarryx_u32(&x535, &x536, x534, x517, x485); + uint32_t x537; + fiat_p256_uint1 x538; + fiat_p256_addcarryx_u32(&x537, &x538, x536, x519, x487); + uint32_t x539; + fiat_p256_uint1 x540; + fiat_p256_addcarryx_u32(&x539, &x540, x538, x521, x489); + uint32_t x541; + fiat_p256_uint1 x542; + fiat_p256_addcarryx_u32(&x541, &x542, x540, x523, x491); + uint32_t x543; + fiat_p256_uint1 x544; + fiat_p256_addcarryx_u32(&x543, &x544, x542, x525, x493); + uint32_t x545; + uint32_t x546; + fiat_p256_mulx_u32(&x545, &x546, x527, UINT32_C(0xffffffff)); + uint32_t x547; + uint32_t x548; + fiat_p256_mulx_u32(&x547, &x548, x527, UINT32_C(0xffffffff)); + uint32_t x549; + uint32_t x550; + fiat_p256_mulx_u32(&x549, &x550, x527, UINT32_C(0xffffffff)); + uint32_t x551; + uint32_t x552; + fiat_p256_mulx_u32(&x551, &x552, x527, UINT32_C(0xffffffff)); + uint32_t x553; + fiat_p256_uint1 x554; + fiat_p256_addcarryx_u32(&x553, &x554, 0x0, x549, x552); + uint32_t x555; + fiat_p256_uint1 x556; + fiat_p256_addcarryx_u32(&x555, &x556, x554, x547, x550); + uint32_t x557; + fiat_p256_uint1 x558; + fiat_p256_addcarryx_u32(&x557, &x558, x556, 0x0, x548); + uint32_t x559; + fiat_p256_uint1 x560; + fiat_p256_addcarryx_u32(&x559, &x560, 0x0, x551, x527); + uint32_t x561; + fiat_p256_uint1 x562; + fiat_p256_addcarryx_u32(&x561, &x562, x560, x553, x529); + uint32_t x563; + fiat_p256_uint1 x564; + fiat_p256_addcarryx_u32(&x563, &x564, x562, x555, x531); + uint32_t x565; + fiat_p256_uint1 x566; + fiat_p256_addcarryx_u32(&x565, &x566, x564, x557, x533); + uint32_t x567; + fiat_p256_uint1 x568; + fiat_p256_addcarryx_u32(&x567, &x568, x566, 0x0, x535); + uint32_t x569; + fiat_p256_uint1 x570; + fiat_p256_addcarryx_u32(&x569, &x570, x568, 0x0, x537); + uint32_t x571; + fiat_p256_uint1 x572; + fiat_p256_addcarryx_u32(&x571, &x572, x570, x527, x539); + uint32_t x573; + fiat_p256_uint1 x574; + fiat_p256_addcarryx_u32(&x573, &x574, x572, x545, x541); + uint32_t x575; + fiat_p256_uint1 x576; + fiat_p256_addcarryx_u32(&x575, &x576, x574, x546, x543); + uint32_t x577; + fiat_p256_uint1 x578; + fiat_p256_addcarryx_u32(&x577, &x578, x576, 0x0, x544); + uint32_t x579; + uint32_t x580; + fiat_p256_mulx_u32(&x579, &x580, x7, (arg2[7])); + uint32_t x581; + uint32_t x582; + fiat_p256_mulx_u32(&x581, &x582, x7, (arg2[6])); + uint32_t x583; + uint32_t x584; + fiat_p256_mulx_u32(&x583, &x584, x7, (arg2[5])); + uint32_t x585; + uint32_t x586; + fiat_p256_mulx_u32(&x585, &x586, x7, (arg2[4])); + uint32_t x587; + uint32_t x588; + fiat_p256_mulx_u32(&x587, &x588, x7, (arg2[3])); + uint32_t x589; + uint32_t x590; + fiat_p256_mulx_u32(&x589, &x590, x7, (arg2[2])); + uint32_t x591; + uint32_t x592; + fiat_p256_mulx_u32(&x591, &x592, x7, (arg2[1])); + uint32_t x593; + uint32_t x594; + fiat_p256_mulx_u32(&x593, &x594, x7, (arg2[0])); + uint32_t x595; + fiat_p256_uint1 x596; + fiat_p256_addcarryx_u32(&x595, &x596, 0x0, x591, x594); + uint32_t x597; + fiat_p256_uint1 x598; + fiat_p256_addcarryx_u32(&x597, &x598, x596, x589, x592); + uint32_t x599; + fiat_p256_uint1 x600; + fiat_p256_addcarryx_u32(&x599, &x600, x598, x587, x590); + uint32_t x601; + fiat_p256_uint1 x602; + fiat_p256_addcarryx_u32(&x601, &x602, x600, x585, x588); + uint32_t x603; + fiat_p256_uint1 x604; + fiat_p256_addcarryx_u32(&x603, &x604, x602, x583, x586); + uint32_t x605; + fiat_p256_uint1 x606; + fiat_p256_addcarryx_u32(&x605, &x606, x604, x581, x584); + uint32_t x607; + fiat_p256_uint1 x608; + fiat_p256_addcarryx_u32(&x607, &x608, x606, x579, x582); + uint32_t x609; + fiat_p256_uint1 x610; + fiat_p256_addcarryx_u32(&x609, &x610, x608, 0x0, x580); + uint32_t x611; + fiat_p256_uint1 x612; + fiat_p256_addcarryx_u32(&x611, &x612, 0x0, x593, x561); + uint32_t x613; + fiat_p256_uint1 x614; + fiat_p256_addcarryx_u32(&x613, &x614, x612, x595, x563); + uint32_t x615; + fiat_p256_uint1 x616; + fiat_p256_addcarryx_u32(&x615, &x616, x614, x597, x565); + uint32_t x617; + fiat_p256_uint1 x618; + fiat_p256_addcarryx_u32(&x617, &x618, x616, x599, x567); + uint32_t x619; + fiat_p256_uint1 x620; + fiat_p256_addcarryx_u32(&x619, &x620, x618, x601, x569); + uint32_t x621; + fiat_p256_uint1 x622; + fiat_p256_addcarryx_u32(&x621, &x622, x620, x603, x571); + uint32_t x623; + fiat_p256_uint1 x624; + fiat_p256_addcarryx_u32(&x623, &x624, x622, x605, x573); + uint32_t x625; + fiat_p256_uint1 x626; + fiat_p256_addcarryx_u32(&x625, &x626, x624, x607, x575); + uint32_t x627; + fiat_p256_uint1 x628; + fiat_p256_addcarryx_u32(&x627, &x628, x626, x609, x577); + uint32_t x629; + uint32_t x630; + fiat_p256_mulx_u32(&x629, &x630, x611, UINT32_C(0xffffffff)); + uint32_t x631; + uint32_t x632; + fiat_p256_mulx_u32(&x631, &x632, x611, UINT32_C(0xffffffff)); + uint32_t x633; + uint32_t x634; + fiat_p256_mulx_u32(&x633, &x634, x611, UINT32_C(0xffffffff)); + uint32_t x635; + uint32_t x636; + fiat_p256_mulx_u32(&x635, &x636, x611, UINT32_C(0xffffffff)); + uint32_t x637; + fiat_p256_uint1 x638; + fiat_p256_addcarryx_u32(&x637, &x638, 0x0, x633, x636); + uint32_t x639; + fiat_p256_uint1 x640; + fiat_p256_addcarryx_u32(&x639, &x640, x638, x631, x634); + uint32_t x641; + fiat_p256_uint1 x642; + fiat_p256_addcarryx_u32(&x641, &x642, x640, 0x0, x632); + uint32_t x643; + fiat_p256_uint1 x644; + fiat_p256_addcarryx_u32(&x643, &x644, 0x0, x635, x611); + uint32_t x645; + fiat_p256_uint1 x646; + fiat_p256_addcarryx_u32(&x645, &x646, x644, x637, x613); + uint32_t x647; + fiat_p256_uint1 x648; + fiat_p256_addcarryx_u32(&x647, &x648, x646, x639, x615); + uint32_t x649; + fiat_p256_uint1 x650; + fiat_p256_addcarryx_u32(&x649, &x650, x648, x641, x617); + uint32_t x651; + fiat_p256_uint1 x652; + fiat_p256_addcarryx_u32(&x651, &x652, x650, 0x0, x619); + uint32_t x653; + fiat_p256_uint1 x654; + fiat_p256_addcarryx_u32(&x653, &x654, x652, 0x0, x621); + uint32_t x655; + fiat_p256_uint1 x656; + fiat_p256_addcarryx_u32(&x655, &x656, x654, x611, x623); + uint32_t x657; + fiat_p256_uint1 x658; + fiat_p256_addcarryx_u32(&x657, &x658, x656, x629, x625); + uint32_t x659; + fiat_p256_uint1 x660; + fiat_p256_addcarryx_u32(&x659, &x660, x658, x630, x627); + uint32_t x661; + fiat_p256_uint1 x662; + fiat_p256_addcarryx_u32(&x661, &x662, x660, 0x0, x628); + uint32_t x663; + fiat_p256_uint1 x664; + fiat_p256_subborrowx_u32(&x663, &x664, 0x0, x645, UINT32_C(0xffffffff)); + uint32_t x665; + fiat_p256_uint1 x666; + fiat_p256_subborrowx_u32(&x665, &x666, x664, x647, UINT32_C(0xffffffff)); + uint32_t x667; + fiat_p256_uint1 x668; + fiat_p256_subborrowx_u32(&x667, &x668, x666, x649, UINT32_C(0xffffffff)); + uint32_t x669; + fiat_p256_uint1 x670; + fiat_p256_subborrowx_u32(&x669, &x670, x668, x651, 0x0); + uint32_t x671; + fiat_p256_uint1 x672; + fiat_p256_subborrowx_u32(&x671, &x672, x670, x653, 0x0); + uint32_t x673; + fiat_p256_uint1 x674; + fiat_p256_subborrowx_u32(&x673, &x674, x672, x655, 0x0); + uint32_t x675; + fiat_p256_uint1 x676; + fiat_p256_subborrowx_u32(&x675, &x676, x674, x657, 0x1); + uint32_t x677; + fiat_p256_uint1 x678; + fiat_p256_subborrowx_u32(&x677, &x678, x676, x659, UINT32_C(0xffffffff)); + uint32_t x679; + fiat_p256_uint1 x680; + fiat_p256_subborrowx_u32(&x679, &x680, x678, x661, 0x0); + uint32_t x681; + fiat_p256_cmovznz_u32(&x681, x680, x663, x645); + uint32_t x682; + fiat_p256_cmovznz_u32(&x682, x680, x665, x647); + uint32_t x683; + fiat_p256_cmovznz_u32(&x683, x680, x667, x649); + uint32_t x684; + fiat_p256_cmovznz_u32(&x684, x680, x669, x651); + uint32_t x685; + fiat_p256_cmovznz_u32(&x685, x680, x671, x653); + uint32_t x686; + fiat_p256_cmovznz_u32(&x686, x680, x673, x655); + uint32_t x687; + fiat_p256_cmovznz_u32(&x687, x680, x675, x657); + uint32_t x688; + fiat_p256_cmovznz_u32(&x688, x680, x677, x659); + out1[0] = x681; + out1[1] = x682; + out1[2] = x683; + out1[3] = x684; + out1[4] = x685; + out1[5] = x686; + out1[6] = x687; + out1[7] = x688; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { + uint32_t x1 = (arg1[1]); + uint32_t x2 = (arg1[2]); + uint32_t x3 = (arg1[3]); + uint32_t x4 = (arg1[4]); + uint32_t x5 = (arg1[5]); + uint32_t x6 = (arg1[6]); + uint32_t x7 = (arg1[7]); + uint32_t x8 = (arg1[0]); + uint32_t x9; + uint32_t x10; + fiat_p256_mulx_u32(&x9, &x10, x8, (arg1[7])); + uint32_t x11; + uint32_t x12; + fiat_p256_mulx_u32(&x11, &x12, x8, (arg1[6])); + uint32_t x13; + uint32_t x14; + fiat_p256_mulx_u32(&x13, &x14, x8, (arg1[5])); + uint32_t x15; + uint32_t x16; + fiat_p256_mulx_u32(&x15, &x16, x8, (arg1[4])); + uint32_t x17; + uint32_t x18; + fiat_p256_mulx_u32(&x17, &x18, x8, (arg1[3])); + uint32_t x19; + uint32_t x20; + fiat_p256_mulx_u32(&x19, &x20, x8, (arg1[2])); + uint32_t x21; + uint32_t x22; + fiat_p256_mulx_u32(&x21, &x22, x8, (arg1[1])); + uint32_t x23; + uint32_t x24; + fiat_p256_mulx_u32(&x23, &x24, x8, (arg1[0])); + uint32_t x25; + fiat_p256_uint1 x26; + fiat_p256_addcarryx_u32(&x25, &x26, 0x0, x21, x24); + uint32_t x27; + fiat_p256_uint1 x28; + fiat_p256_addcarryx_u32(&x27, &x28, x26, x19, x22); + uint32_t x29; + fiat_p256_uint1 x30; + fiat_p256_addcarryx_u32(&x29, &x30, x28, x17, x20); + uint32_t x31; + fiat_p256_uint1 x32; + fiat_p256_addcarryx_u32(&x31, &x32, x30, x15, x18); + uint32_t x33; + fiat_p256_uint1 x34; + fiat_p256_addcarryx_u32(&x33, &x34, x32, x13, x16); + uint32_t x35; + fiat_p256_uint1 x36; + fiat_p256_addcarryx_u32(&x35, &x36, x34, x11, x14); + uint32_t x37; + fiat_p256_uint1 x38; + fiat_p256_addcarryx_u32(&x37, &x38, x36, x9, x12); + uint32_t x39; + fiat_p256_uint1 x40; + fiat_p256_addcarryx_u32(&x39, &x40, x38, 0x0, x10); + uint32_t x41; + uint32_t x42; + fiat_p256_mulx_u32(&x41, &x42, x23, UINT32_C(0xffffffff)); + uint32_t x43; + uint32_t x44; + fiat_p256_mulx_u32(&x43, &x44, x23, UINT32_C(0xffffffff)); + uint32_t x45; + uint32_t x46; + fiat_p256_mulx_u32(&x45, &x46, x23, UINT32_C(0xffffffff)); + uint32_t x47; + uint32_t x48; + fiat_p256_mulx_u32(&x47, &x48, x23, UINT32_C(0xffffffff)); + uint32_t x49; + fiat_p256_uint1 x50; + fiat_p256_addcarryx_u32(&x49, &x50, 0x0, x45, x48); + uint32_t x51; + fiat_p256_uint1 x52; + fiat_p256_addcarryx_u32(&x51, &x52, x50, x43, x46); + uint32_t x53; + fiat_p256_uint1 x54; + fiat_p256_addcarryx_u32(&x53, &x54, x52, 0x0, x44); + uint32_t x55; + fiat_p256_uint1 x56; + fiat_p256_addcarryx_u32(&x55, &x56, 0x0, x47, x23); + uint32_t x57; + fiat_p256_uint1 x58; + fiat_p256_addcarryx_u32(&x57, &x58, x56, x49, x25); + uint32_t x59; + fiat_p256_uint1 x60; + fiat_p256_addcarryx_u32(&x59, &x60, x58, x51, x27); + uint32_t x61; + fiat_p256_uint1 x62; + fiat_p256_addcarryx_u32(&x61, &x62, x60, x53, x29); + uint32_t x63; + fiat_p256_uint1 x64; + fiat_p256_addcarryx_u32(&x63, &x64, x62, 0x0, x31); + uint32_t x65; + fiat_p256_uint1 x66; + fiat_p256_addcarryx_u32(&x65, &x66, x64, 0x0, x33); + uint32_t x67; + fiat_p256_uint1 x68; + fiat_p256_addcarryx_u32(&x67, &x68, x66, x23, x35); + uint32_t x69; + fiat_p256_uint1 x70; + fiat_p256_addcarryx_u32(&x69, &x70, x68, x41, x37); + uint32_t x71; + fiat_p256_uint1 x72; + fiat_p256_addcarryx_u32(&x71, &x72, x70, x42, x39); + uint32_t x73; + fiat_p256_uint1 x74; + fiat_p256_addcarryx_u32(&x73, &x74, x72, 0x0, 0x0); + uint32_t x75; + uint32_t x76; + fiat_p256_mulx_u32(&x75, &x76, x1, (arg1[7])); + uint32_t x77; + uint32_t x78; + fiat_p256_mulx_u32(&x77, &x78, x1, (arg1[6])); + uint32_t x79; + uint32_t x80; + fiat_p256_mulx_u32(&x79, &x80, x1, (arg1[5])); + uint32_t x81; + uint32_t x82; + fiat_p256_mulx_u32(&x81, &x82, x1, (arg1[4])); + uint32_t x83; + uint32_t x84; + fiat_p256_mulx_u32(&x83, &x84, x1, (arg1[3])); + uint32_t x85; + uint32_t x86; + fiat_p256_mulx_u32(&x85, &x86, x1, (arg1[2])); + uint32_t x87; + uint32_t x88; + fiat_p256_mulx_u32(&x87, &x88, x1, (arg1[1])); + uint32_t x89; + uint32_t x90; + fiat_p256_mulx_u32(&x89, &x90, x1, (arg1[0])); + uint32_t x91; + fiat_p256_uint1 x92; + fiat_p256_addcarryx_u32(&x91, &x92, 0x0, x87, x90); + uint32_t x93; + fiat_p256_uint1 x94; + fiat_p256_addcarryx_u32(&x93, &x94, x92, x85, x88); + uint32_t x95; + fiat_p256_uint1 x96; + fiat_p256_addcarryx_u32(&x95, &x96, x94, x83, x86); + uint32_t x97; + fiat_p256_uint1 x98; + fiat_p256_addcarryx_u32(&x97, &x98, x96, x81, x84); + uint32_t x99; + fiat_p256_uint1 x100; + fiat_p256_addcarryx_u32(&x99, &x100, x98, x79, x82); + uint32_t x101; + fiat_p256_uint1 x102; + fiat_p256_addcarryx_u32(&x101, &x102, x100, x77, x80); + uint32_t x103; + fiat_p256_uint1 x104; + fiat_p256_addcarryx_u32(&x103, &x104, x102, x75, x78); + uint32_t x105; + fiat_p256_uint1 x106; + fiat_p256_addcarryx_u32(&x105, &x106, x104, 0x0, x76); + uint32_t x107; + fiat_p256_uint1 x108; + fiat_p256_addcarryx_u32(&x107, &x108, 0x0, x89, x57); + uint32_t x109; + fiat_p256_uint1 x110; + fiat_p256_addcarryx_u32(&x109, &x110, x108, x91, x59); + uint32_t x111; + fiat_p256_uint1 x112; + fiat_p256_addcarryx_u32(&x111, &x112, x110, x93, x61); + uint32_t x113; + fiat_p256_uint1 x114; + fiat_p256_addcarryx_u32(&x113, &x114, x112, x95, x63); + uint32_t x115; + fiat_p256_uint1 x116; + fiat_p256_addcarryx_u32(&x115, &x116, x114, x97, x65); + uint32_t x117; + fiat_p256_uint1 x118; + fiat_p256_addcarryx_u32(&x117, &x118, x116, x99, x67); + uint32_t x119; + fiat_p256_uint1 x120; + fiat_p256_addcarryx_u32(&x119, &x120, x118, x101, x69); + uint32_t x121; + fiat_p256_uint1 x122; + fiat_p256_addcarryx_u32(&x121, &x122, x120, x103, x71); + uint32_t x123; + fiat_p256_uint1 x124; + fiat_p256_addcarryx_u32(&x123, &x124, x122, x105, (fiat_p256_uint1)x73); + uint32_t x125; + uint32_t x126; + fiat_p256_mulx_u32(&x125, &x126, x107, UINT32_C(0xffffffff)); + uint32_t x127; + uint32_t x128; + fiat_p256_mulx_u32(&x127, &x128, x107, UINT32_C(0xffffffff)); + uint32_t x129; + uint32_t x130; + fiat_p256_mulx_u32(&x129, &x130, x107, UINT32_C(0xffffffff)); + uint32_t x131; + uint32_t x132; + fiat_p256_mulx_u32(&x131, &x132, x107, UINT32_C(0xffffffff)); + uint32_t x133; + fiat_p256_uint1 x134; + fiat_p256_addcarryx_u32(&x133, &x134, 0x0, x129, x132); + uint32_t x135; + fiat_p256_uint1 x136; + fiat_p256_addcarryx_u32(&x135, &x136, x134, x127, x130); + uint32_t x137; + fiat_p256_uint1 x138; + fiat_p256_addcarryx_u32(&x137, &x138, x136, 0x0, x128); + uint32_t x139; + fiat_p256_uint1 x140; + fiat_p256_addcarryx_u32(&x139, &x140, 0x0, x131, x107); + uint32_t x141; + fiat_p256_uint1 x142; + fiat_p256_addcarryx_u32(&x141, &x142, x140, x133, x109); + uint32_t x143; + fiat_p256_uint1 x144; + fiat_p256_addcarryx_u32(&x143, &x144, x142, x135, x111); + uint32_t x145; + fiat_p256_uint1 x146; + fiat_p256_addcarryx_u32(&x145, &x146, x144, x137, x113); + uint32_t x147; + fiat_p256_uint1 x148; + fiat_p256_addcarryx_u32(&x147, &x148, x146, 0x0, x115); + uint32_t x149; + fiat_p256_uint1 x150; + fiat_p256_addcarryx_u32(&x149, &x150, x148, 0x0, x117); + uint32_t x151; + fiat_p256_uint1 x152; + fiat_p256_addcarryx_u32(&x151, &x152, x150, x107, x119); + uint32_t x153; + fiat_p256_uint1 x154; + fiat_p256_addcarryx_u32(&x153, &x154, x152, x125, x121); + uint32_t x155; + fiat_p256_uint1 x156; + fiat_p256_addcarryx_u32(&x155, &x156, x154, x126, x123); + uint32_t x157; + fiat_p256_uint1 x158; + fiat_p256_addcarryx_u32(&x157, &x158, x156, 0x0, x124); + uint32_t x159; + uint32_t x160; + fiat_p256_mulx_u32(&x159, &x160, x2, (arg1[7])); + uint32_t x161; + uint32_t x162; + fiat_p256_mulx_u32(&x161, &x162, x2, (arg1[6])); + uint32_t x163; + uint32_t x164; + fiat_p256_mulx_u32(&x163, &x164, x2, (arg1[5])); + uint32_t x165; + uint32_t x166; + fiat_p256_mulx_u32(&x165, &x166, x2, (arg1[4])); + uint32_t x167; + uint32_t x168; + fiat_p256_mulx_u32(&x167, &x168, x2, (arg1[3])); + uint32_t x169; + uint32_t x170; + fiat_p256_mulx_u32(&x169, &x170, x2, (arg1[2])); + uint32_t x171; + uint32_t x172; + fiat_p256_mulx_u32(&x171, &x172, x2, (arg1[1])); + uint32_t x173; + uint32_t x174; + fiat_p256_mulx_u32(&x173, &x174, x2, (arg1[0])); + uint32_t x175; + fiat_p256_uint1 x176; + fiat_p256_addcarryx_u32(&x175, &x176, 0x0, x171, x174); + uint32_t x177; + fiat_p256_uint1 x178; + fiat_p256_addcarryx_u32(&x177, &x178, x176, x169, x172); + uint32_t x179; + fiat_p256_uint1 x180; + fiat_p256_addcarryx_u32(&x179, &x180, x178, x167, x170); + uint32_t x181; + fiat_p256_uint1 x182; + fiat_p256_addcarryx_u32(&x181, &x182, x180, x165, x168); + uint32_t x183; + fiat_p256_uint1 x184; + fiat_p256_addcarryx_u32(&x183, &x184, x182, x163, x166); + uint32_t x185; + fiat_p256_uint1 x186; + fiat_p256_addcarryx_u32(&x185, &x186, x184, x161, x164); + uint32_t x187; + fiat_p256_uint1 x188; + fiat_p256_addcarryx_u32(&x187, &x188, x186, x159, x162); + uint32_t x189; + fiat_p256_uint1 x190; + fiat_p256_addcarryx_u32(&x189, &x190, x188, 0x0, x160); + uint32_t x191; + fiat_p256_uint1 x192; + fiat_p256_addcarryx_u32(&x191, &x192, 0x0, x173, x141); + uint32_t x193; + fiat_p256_uint1 x194; + fiat_p256_addcarryx_u32(&x193, &x194, x192, x175, x143); + uint32_t x195; + fiat_p256_uint1 x196; + fiat_p256_addcarryx_u32(&x195, &x196, x194, x177, x145); + uint32_t x197; + fiat_p256_uint1 x198; + fiat_p256_addcarryx_u32(&x197, &x198, x196, x179, x147); + uint32_t x199; + fiat_p256_uint1 x200; + fiat_p256_addcarryx_u32(&x199, &x200, x198, x181, x149); + uint32_t x201; + fiat_p256_uint1 x202; + fiat_p256_addcarryx_u32(&x201, &x202, x200, x183, x151); + uint32_t x203; + fiat_p256_uint1 x204; + fiat_p256_addcarryx_u32(&x203, &x204, x202, x185, x153); + uint32_t x205; + fiat_p256_uint1 x206; + fiat_p256_addcarryx_u32(&x205, &x206, x204, x187, x155); + uint32_t x207; + fiat_p256_uint1 x208; + fiat_p256_addcarryx_u32(&x207, &x208, x206, x189, x157); + uint32_t x209; + uint32_t x210; + fiat_p256_mulx_u32(&x209, &x210, x191, UINT32_C(0xffffffff)); + uint32_t x211; + uint32_t x212; + fiat_p256_mulx_u32(&x211, &x212, x191, UINT32_C(0xffffffff)); + uint32_t x213; + uint32_t x214; + fiat_p256_mulx_u32(&x213, &x214, x191, UINT32_C(0xffffffff)); + uint32_t x215; + uint32_t x216; + fiat_p256_mulx_u32(&x215, &x216, x191, UINT32_C(0xffffffff)); + uint32_t x217; + fiat_p256_uint1 x218; + fiat_p256_addcarryx_u32(&x217, &x218, 0x0, x213, x216); + uint32_t x219; + fiat_p256_uint1 x220; + fiat_p256_addcarryx_u32(&x219, &x220, x218, x211, x214); + uint32_t x221; + fiat_p256_uint1 x222; + fiat_p256_addcarryx_u32(&x221, &x222, x220, 0x0, x212); + uint32_t x223; + fiat_p256_uint1 x224; + fiat_p256_addcarryx_u32(&x223, &x224, 0x0, x215, x191); + uint32_t x225; + fiat_p256_uint1 x226; + fiat_p256_addcarryx_u32(&x225, &x226, x224, x217, x193); + uint32_t x227; + fiat_p256_uint1 x228; + fiat_p256_addcarryx_u32(&x227, &x228, x226, x219, x195); + uint32_t x229; + fiat_p256_uint1 x230; + fiat_p256_addcarryx_u32(&x229, &x230, x228, x221, x197); + uint32_t x231; + fiat_p256_uint1 x232; + fiat_p256_addcarryx_u32(&x231, &x232, x230, 0x0, x199); + uint32_t x233; + fiat_p256_uint1 x234; + fiat_p256_addcarryx_u32(&x233, &x234, x232, 0x0, x201); + uint32_t x235; + fiat_p256_uint1 x236; + fiat_p256_addcarryx_u32(&x235, &x236, x234, x191, x203); + uint32_t x237; + fiat_p256_uint1 x238; + fiat_p256_addcarryx_u32(&x237, &x238, x236, x209, x205); + uint32_t x239; + fiat_p256_uint1 x240; + fiat_p256_addcarryx_u32(&x239, &x240, x238, x210, x207); + uint32_t x241; + fiat_p256_uint1 x242; + fiat_p256_addcarryx_u32(&x241, &x242, x240, 0x0, x208); + uint32_t x243; + uint32_t x244; + fiat_p256_mulx_u32(&x243, &x244, x3, (arg1[7])); + uint32_t x245; + uint32_t x246; + fiat_p256_mulx_u32(&x245, &x246, x3, (arg1[6])); + uint32_t x247; + uint32_t x248; + fiat_p256_mulx_u32(&x247, &x248, x3, (arg1[5])); + uint32_t x249; + uint32_t x250; + fiat_p256_mulx_u32(&x249, &x250, x3, (arg1[4])); + uint32_t x251; + uint32_t x252; + fiat_p256_mulx_u32(&x251, &x252, x3, (arg1[3])); + uint32_t x253; + uint32_t x254; + fiat_p256_mulx_u32(&x253, &x254, x3, (arg1[2])); + uint32_t x255; + uint32_t x256; + fiat_p256_mulx_u32(&x255, &x256, x3, (arg1[1])); + uint32_t x257; + uint32_t x258; + fiat_p256_mulx_u32(&x257, &x258, x3, (arg1[0])); + uint32_t x259; + fiat_p256_uint1 x260; + fiat_p256_addcarryx_u32(&x259, &x260, 0x0, x255, x258); + uint32_t x261; + fiat_p256_uint1 x262; + fiat_p256_addcarryx_u32(&x261, &x262, x260, x253, x256); + uint32_t x263; + fiat_p256_uint1 x264; + fiat_p256_addcarryx_u32(&x263, &x264, x262, x251, x254); + uint32_t x265; + fiat_p256_uint1 x266; + fiat_p256_addcarryx_u32(&x265, &x266, x264, x249, x252); + uint32_t x267; + fiat_p256_uint1 x268; + fiat_p256_addcarryx_u32(&x267, &x268, x266, x247, x250); + uint32_t x269; + fiat_p256_uint1 x270; + fiat_p256_addcarryx_u32(&x269, &x270, x268, x245, x248); + uint32_t x271; + fiat_p256_uint1 x272; + fiat_p256_addcarryx_u32(&x271, &x272, x270, x243, x246); + uint32_t x273; + fiat_p256_uint1 x274; + fiat_p256_addcarryx_u32(&x273, &x274, x272, 0x0, x244); + uint32_t x275; + fiat_p256_uint1 x276; + fiat_p256_addcarryx_u32(&x275, &x276, 0x0, x257, x225); + uint32_t x277; + fiat_p256_uint1 x278; + fiat_p256_addcarryx_u32(&x277, &x278, x276, x259, x227); + uint32_t x279; + fiat_p256_uint1 x280; + fiat_p256_addcarryx_u32(&x279, &x280, x278, x261, x229); + uint32_t x281; + fiat_p256_uint1 x282; + fiat_p256_addcarryx_u32(&x281, &x282, x280, x263, x231); + uint32_t x283; + fiat_p256_uint1 x284; + fiat_p256_addcarryx_u32(&x283, &x284, x282, x265, x233); + uint32_t x285; + fiat_p256_uint1 x286; + fiat_p256_addcarryx_u32(&x285, &x286, x284, x267, x235); + uint32_t x287; + fiat_p256_uint1 x288; + fiat_p256_addcarryx_u32(&x287, &x288, x286, x269, x237); + uint32_t x289; + fiat_p256_uint1 x290; + fiat_p256_addcarryx_u32(&x289, &x290, x288, x271, x239); + uint32_t x291; + fiat_p256_uint1 x292; + fiat_p256_addcarryx_u32(&x291, &x292, x290, x273, x241); + uint32_t x293; + uint32_t x294; + fiat_p256_mulx_u32(&x293, &x294, x275, UINT32_C(0xffffffff)); + uint32_t x295; + uint32_t x296; + fiat_p256_mulx_u32(&x295, &x296, x275, UINT32_C(0xffffffff)); + uint32_t x297; + uint32_t x298; + fiat_p256_mulx_u32(&x297, &x298, x275, UINT32_C(0xffffffff)); + uint32_t x299; + uint32_t x300; + fiat_p256_mulx_u32(&x299, &x300, x275, UINT32_C(0xffffffff)); + uint32_t x301; + fiat_p256_uint1 x302; + fiat_p256_addcarryx_u32(&x301, &x302, 0x0, x297, x300); + uint32_t x303; + fiat_p256_uint1 x304; + fiat_p256_addcarryx_u32(&x303, &x304, x302, x295, x298); + uint32_t x305; + fiat_p256_uint1 x306; + fiat_p256_addcarryx_u32(&x305, &x306, x304, 0x0, x296); + uint32_t x307; + fiat_p256_uint1 x308; + fiat_p256_addcarryx_u32(&x307, &x308, 0x0, x299, x275); + uint32_t x309; + fiat_p256_uint1 x310; + fiat_p256_addcarryx_u32(&x309, &x310, x308, x301, x277); + uint32_t x311; + fiat_p256_uint1 x312; + fiat_p256_addcarryx_u32(&x311, &x312, x310, x303, x279); + uint32_t x313; + fiat_p256_uint1 x314; + fiat_p256_addcarryx_u32(&x313, &x314, x312, x305, x281); + uint32_t x315; + fiat_p256_uint1 x316; + fiat_p256_addcarryx_u32(&x315, &x316, x314, 0x0, x283); + uint32_t x317; + fiat_p256_uint1 x318; + fiat_p256_addcarryx_u32(&x317, &x318, x316, 0x0, x285); + uint32_t x319; + fiat_p256_uint1 x320; + fiat_p256_addcarryx_u32(&x319, &x320, x318, x275, x287); + uint32_t x321; + fiat_p256_uint1 x322; + fiat_p256_addcarryx_u32(&x321, &x322, x320, x293, x289); + uint32_t x323; + fiat_p256_uint1 x324; + fiat_p256_addcarryx_u32(&x323, &x324, x322, x294, x291); + uint32_t x325; + fiat_p256_uint1 x326; + fiat_p256_addcarryx_u32(&x325, &x326, x324, 0x0, x292); + uint32_t x327; + uint32_t x328; + fiat_p256_mulx_u32(&x327, &x328, x4, (arg1[7])); + uint32_t x329; + uint32_t x330; + fiat_p256_mulx_u32(&x329, &x330, x4, (arg1[6])); + uint32_t x331; + uint32_t x332; + fiat_p256_mulx_u32(&x331, &x332, x4, (arg1[5])); + uint32_t x333; + uint32_t x334; + fiat_p256_mulx_u32(&x333, &x334, x4, (arg1[4])); + uint32_t x335; + uint32_t x336; + fiat_p256_mulx_u32(&x335, &x336, x4, (arg1[3])); + uint32_t x337; + uint32_t x338; + fiat_p256_mulx_u32(&x337, &x338, x4, (arg1[2])); + uint32_t x339; + uint32_t x340; + fiat_p256_mulx_u32(&x339, &x340, x4, (arg1[1])); + uint32_t x341; + uint32_t x342; + fiat_p256_mulx_u32(&x341, &x342, x4, (arg1[0])); + uint32_t x343; + fiat_p256_uint1 x344; + fiat_p256_addcarryx_u32(&x343, &x344, 0x0, x339, x342); + uint32_t x345; + fiat_p256_uint1 x346; + fiat_p256_addcarryx_u32(&x345, &x346, x344, x337, x340); + uint32_t x347; + fiat_p256_uint1 x348; + fiat_p256_addcarryx_u32(&x347, &x348, x346, x335, x338); + uint32_t x349; + fiat_p256_uint1 x350; + fiat_p256_addcarryx_u32(&x349, &x350, x348, x333, x336); + uint32_t x351; + fiat_p256_uint1 x352; + fiat_p256_addcarryx_u32(&x351, &x352, x350, x331, x334); + uint32_t x353; + fiat_p256_uint1 x354; + fiat_p256_addcarryx_u32(&x353, &x354, x352, x329, x332); + uint32_t x355; + fiat_p256_uint1 x356; + fiat_p256_addcarryx_u32(&x355, &x356, x354, x327, x330); + uint32_t x357; + fiat_p256_uint1 x358; + fiat_p256_addcarryx_u32(&x357, &x358, x356, 0x0, x328); + uint32_t x359; + fiat_p256_uint1 x360; + fiat_p256_addcarryx_u32(&x359, &x360, 0x0, x341, x309); + uint32_t x361; + fiat_p256_uint1 x362; + fiat_p256_addcarryx_u32(&x361, &x362, x360, x343, x311); + uint32_t x363; + fiat_p256_uint1 x364; + fiat_p256_addcarryx_u32(&x363, &x364, x362, x345, x313); + uint32_t x365; + fiat_p256_uint1 x366; + fiat_p256_addcarryx_u32(&x365, &x366, x364, x347, x315); + uint32_t x367; + fiat_p256_uint1 x368; + fiat_p256_addcarryx_u32(&x367, &x368, x366, x349, x317); + uint32_t x369; + fiat_p256_uint1 x370; + fiat_p256_addcarryx_u32(&x369, &x370, x368, x351, x319); + uint32_t x371; + fiat_p256_uint1 x372; + fiat_p256_addcarryx_u32(&x371, &x372, x370, x353, x321); + uint32_t x373; + fiat_p256_uint1 x374; + fiat_p256_addcarryx_u32(&x373, &x374, x372, x355, x323); + uint32_t x375; + fiat_p256_uint1 x376; + fiat_p256_addcarryx_u32(&x375, &x376, x374, x357, x325); + uint32_t x377; + uint32_t x378; + fiat_p256_mulx_u32(&x377, &x378, x359, UINT32_C(0xffffffff)); + uint32_t x379; + uint32_t x380; + fiat_p256_mulx_u32(&x379, &x380, x359, UINT32_C(0xffffffff)); + uint32_t x381; + uint32_t x382; + fiat_p256_mulx_u32(&x381, &x382, x359, UINT32_C(0xffffffff)); + uint32_t x383; + uint32_t x384; + fiat_p256_mulx_u32(&x383, &x384, x359, UINT32_C(0xffffffff)); + uint32_t x385; + fiat_p256_uint1 x386; + fiat_p256_addcarryx_u32(&x385, &x386, 0x0, x381, x384); + uint32_t x387; + fiat_p256_uint1 x388; + fiat_p256_addcarryx_u32(&x387, &x388, x386, x379, x382); + uint32_t x389; + fiat_p256_uint1 x390; + fiat_p256_addcarryx_u32(&x389, &x390, x388, 0x0, x380); + uint32_t x391; + fiat_p256_uint1 x392; + fiat_p256_addcarryx_u32(&x391, &x392, 0x0, x383, x359); + uint32_t x393; + fiat_p256_uint1 x394; + fiat_p256_addcarryx_u32(&x393, &x394, x392, x385, x361); + uint32_t x395; + fiat_p256_uint1 x396; + fiat_p256_addcarryx_u32(&x395, &x396, x394, x387, x363); + uint32_t x397; + fiat_p256_uint1 x398; + fiat_p256_addcarryx_u32(&x397, &x398, x396, x389, x365); + uint32_t x399; + fiat_p256_uint1 x400; + fiat_p256_addcarryx_u32(&x399, &x400, x398, 0x0, x367); + uint32_t x401; + fiat_p256_uint1 x402; + fiat_p256_addcarryx_u32(&x401, &x402, x400, 0x0, x369); + uint32_t x403; + fiat_p256_uint1 x404; + fiat_p256_addcarryx_u32(&x403, &x404, x402, x359, x371); + uint32_t x405; + fiat_p256_uint1 x406; + fiat_p256_addcarryx_u32(&x405, &x406, x404, x377, x373); + uint32_t x407; + fiat_p256_uint1 x408; + fiat_p256_addcarryx_u32(&x407, &x408, x406, x378, x375); + uint32_t x409; + fiat_p256_uint1 x410; + fiat_p256_addcarryx_u32(&x409, &x410, x408, 0x0, x376); + uint32_t x411; + uint32_t x412; + fiat_p256_mulx_u32(&x411, &x412, x5, (arg1[7])); + uint32_t x413; + uint32_t x414; + fiat_p256_mulx_u32(&x413, &x414, x5, (arg1[6])); + uint32_t x415; + uint32_t x416; + fiat_p256_mulx_u32(&x415, &x416, x5, (arg1[5])); + uint32_t x417; + uint32_t x418; + fiat_p256_mulx_u32(&x417, &x418, x5, (arg1[4])); + uint32_t x419; + uint32_t x420; + fiat_p256_mulx_u32(&x419, &x420, x5, (arg1[3])); + uint32_t x421; + uint32_t x422; + fiat_p256_mulx_u32(&x421, &x422, x5, (arg1[2])); + uint32_t x423; + uint32_t x424; + fiat_p256_mulx_u32(&x423, &x424, x5, (arg1[1])); + uint32_t x425; + uint32_t x426; + fiat_p256_mulx_u32(&x425, &x426, x5, (arg1[0])); + uint32_t x427; + fiat_p256_uint1 x428; + fiat_p256_addcarryx_u32(&x427, &x428, 0x0, x423, x426); + uint32_t x429; + fiat_p256_uint1 x430; + fiat_p256_addcarryx_u32(&x429, &x430, x428, x421, x424); + uint32_t x431; + fiat_p256_uint1 x432; + fiat_p256_addcarryx_u32(&x431, &x432, x430, x419, x422); + uint32_t x433; + fiat_p256_uint1 x434; + fiat_p256_addcarryx_u32(&x433, &x434, x432, x417, x420); + uint32_t x435; + fiat_p256_uint1 x436; + fiat_p256_addcarryx_u32(&x435, &x436, x434, x415, x418); + uint32_t x437; + fiat_p256_uint1 x438; + fiat_p256_addcarryx_u32(&x437, &x438, x436, x413, x416); + uint32_t x439; + fiat_p256_uint1 x440; + fiat_p256_addcarryx_u32(&x439, &x440, x438, x411, x414); + uint32_t x441; + fiat_p256_uint1 x442; + fiat_p256_addcarryx_u32(&x441, &x442, x440, 0x0, x412); + uint32_t x443; + fiat_p256_uint1 x444; + fiat_p256_addcarryx_u32(&x443, &x444, 0x0, x425, x393); + uint32_t x445; + fiat_p256_uint1 x446; + fiat_p256_addcarryx_u32(&x445, &x446, x444, x427, x395); + uint32_t x447; + fiat_p256_uint1 x448; + fiat_p256_addcarryx_u32(&x447, &x448, x446, x429, x397); + uint32_t x449; + fiat_p256_uint1 x450; + fiat_p256_addcarryx_u32(&x449, &x450, x448, x431, x399); + uint32_t x451; + fiat_p256_uint1 x452; + fiat_p256_addcarryx_u32(&x451, &x452, x450, x433, x401); + uint32_t x453; + fiat_p256_uint1 x454; + fiat_p256_addcarryx_u32(&x453, &x454, x452, x435, x403); + uint32_t x455; + fiat_p256_uint1 x456; + fiat_p256_addcarryx_u32(&x455, &x456, x454, x437, x405); + uint32_t x457; + fiat_p256_uint1 x458; + fiat_p256_addcarryx_u32(&x457, &x458, x456, x439, x407); + uint32_t x459; + fiat_p256_uint1 x460; + fiat_p256_addcarryx_u32(&x459, &x460, x458, x441, x409); + uint32_t x461; + uint32_t x462; + fiat_p256_mulx_u32(&x461, &x462, x443, UINT32_C(0xffffffff)); + uint32_t x463; + uint32_t x464; + fiat_p256_mulx_u32(&x463, &x464, x443, UINT32_C(0xffffffff)); + uint32_t x465; + uint32_t x466; + fiat_p256_mulx_u32(&x465, &x466, x443, UINT32_C(0xffffffff)); + uint32_t x467; + uint32_t x468; + fiat_p256_mulx_u32(&x467, &x468, x443, UINT32_C(0xffffffff)); + uint32_t x469; + fiat_p256_uint1 x470; + fiat_p256_addcarryx_u32(&x469, &x470, 0x0, x465, x468); + uint32_t x471; + fiat_p256_uint1 x472; + fiat_p256_addcarryx_u32(&x471, &x472, x470, x463, x466); + uint32_t x473; + fiat_p256_uint1 x474; + fiat_p256_addcarryx_u32(&x473, &x474, x472, 0x0, x464); + uint32_t x475; + fiat_p256_uint1 x476; + fiat_p256_addcarryx_u32(&x475, &x476, 0x0, x467, x443); + uint32_t x477; + fiat_p256_uint1 x478; + fiat_p256_addcarryx_u32(&x477, &x478, x476, x469, x445); + uint32_t x479; + fiat_p256_uint1 x480; + fiat_p256_addcarryx_u32(&x479, &x480, x478, x471, x447); + uint32_t x481; + fiat_p256_uint1 x482; + fiat_p256_addcarryx_u32(&x481, &x482, x480, x473, x449); + uint32_t x483; + fiat_p256_uint1 x484; + fiat_p256_addcarryx_u32(&x483, &x484, x482, 0x0, x451); + uint32_t x485; + fiat_p256_uint1 x486; + fiat_p256_addcarryx_u32(&x485, &x486, x484, 0x0, x453); + uint32_t x487; + fiat_p256_uint1 x488; + fiat_p256_addcarryx_u32(&x487, &x488, x486, x443, x455); + uint32_t x489; + fiat_p256_uint1 x490; + fiat_p256_addcarryx_u32(&x489, &x490, x488, x461, x457); + uint32_t x491; + fiat_p256_uint1 x492; + fiat_p256_addcarryx_u32(&x491, &x492, x490, x462, x459); + uint32_t x493; + fiat_p256_uint1 x494; + fiat_p256_addcarryx_u32(&x493, &x494, x492, 0x0, x460); + uint32_t x495; + uint32_t x496; + fiat_p256_mulx_u32(&x495, &x496, x6, (arg1[7])); + uint32_t x497; + uint32_t x498; + fiat_p256_mulx_u32(&x497, &x498, x6, (arg1[6])); + uint32_t x499; + uint32_t x500; + fiat_p256_mulx_u32(&x499, &x500, x6, (arg1[5])); + uint32_t x501; + uint32_t x502; + fiat_p256_mulx_u32(&x501, &x502, x6, (arg1[4])); + uint32_t x503; + uint32_t x504; + fiat_p256_mulx_u32(&x503, &x504, x6, (arg1[3])); + uint32_t x505; + uint32_t x506; + fiat_p256_mulx_u32(&x505, &x506, x6, (arg1[2])); + uint32_t x507; + uint32_t x508; + fiat_p256_mulx_u32(&x507, &x508, x6, (arg1[1])); + uint32_t x509; + uint32_t x510; + fiat_p256_mulx_u32(&x509, &x510, x6, (arg1[0])); + uint32_t x511; + fiat_p256_uint1 x512; + fiat_p256_addcarryx_u32(&x511, &x512, 0x0, x507, x510); + uint32_t x513; + fiat_p256_uint1 x514; + fiat_p256_addcarryx_u32(&x513, &x514, x512, x505, x508); + uint32_t x515; + fiat_p256_uint1 x516; + fiat_p256_addcarryx_u32(&x515, &x516, x514, x503, x506); + uint32_t x517; + fiat_p256_uint1 x518; + fiat_p256_addcarryx_u32(&x517, &x518, x516, x501, x504); + uint32_t x519; + fiat_p256_uint1 x520; + fiat_p256_addcarryx_u32(&x519, &x520, x518, x499, x502); + uint32_t x521; + fiat_p256_uint1 x522; + fiat_p256_addcarryx_u32(&x521, &x522, x520, x497, x500); + uint32_t x523; + fiat_p256_uint1 x524; + fiat_p256_addcarryx_u32(&x523, &x524, x522, x495, x498); + uint32_t x525; + fiat_p256_uint1 x526; + fiat_p256_addcarryx_u32(&x525, &x526, x524, 0x0, x496); + uint32_t x527; + fiat_p256_uint1 x528; + fiat_p256_addcarryx_u32(&x527, &x528, 0x0, x509, x477); + uint32_t x529; + fiat_p256_uint1 x530; + fiat_p256_addcarryx_u32(&x529, &x530, x528, x511, x479); + uint32_t x531; + fiat_p256_uint1 x532; + fiat_p256_addcarryx_u32(&x531, &x532, x530, x513, x481); + uint32_t x533; + fiat_p256_uint1 x534; + fiat_p256_addcarryx_u32(&x533, &x534, x532, x515, x483); + uint32_t x535; + fiat_p256_uint1 x536; + fiat_p256_addcarryx_u32(&x535, &x536, x534, x517, x485); + uint32_t x537; + fiat_p256_uint1 x538; + fiat_p256_addcarryx_u32(&x537, &x538, x536, x519, x487); + uint32_t x539; + fiat_p256_uint1 x540; + fiat_p256_addcarryx_u32(&x539, &x540, x538, x521, x489); + uint32_t x541; + fiat_p256_uint1 x542; + fiat_p256_addcarryx_u32(&x541, &x542, x540, x523, x491); + uint32_t x543; + fiat_p256_uint1 x544; + fiat_p256_addcarryx_u32(&x543, &x544, x542, x525, x493); + uint32_t x545; + uint32_t x546; + fiat_p256_mulx_u32(&x545, &x546, x527, UINT32_C(0xffffffff)); + uint32_t x547; + uint32_t x548; + fiat_p256_mulx_u32(&x547, &x548, x527, UINT32_C(0xffffffff)); + uint32_t x549; + uint32_t x550; + fiat_p256_mulx_u32(&x549, &x550, x527, UINT32_C(0xffffffff)); + uint32_t x551; + uint32_t x552; + fiat_p256_mulx_u32(&x551, &x552, x527, UINT32_C(0xffffffff)); + uint32_t x553; + fiat_p256_uint1 x554; + fiat_p256_addcarryx_u32(&x553, &x554, 0x0, x549, x552); + uint32_t x555; + fiat_p256_uint1 x556; + fiat_p256_addcarryx_u32(&x555, &x556, x554, x547, x550); + uint32_t x557; + fiat_p256_uint1 x558; + fiat_p256_addcarryx_u32(&x557, &x558, x556, 0x0, x548); + uint32_t x559; + fiat_p256_uint1 x560; + fiat_p256_addcarryx_u32(&x559, &x560, 0x0, x551, x527); + uint32_t x561; + fiat_p256_uint1 x562; + fiat_p256_addcarryx_u32(&x561, &x562, x560, x553, x529); + uint32_t x563; + fiat_p256_uint1 x564; + fiat_p256_addcarryx_u32(&x563, &x564, x562, x555, x531); + uint32_t x565; + fiat_p256_uint1 x566; + fiat_p256_addcarryx_u32(&x565, &x566, x564, x557, x533); + uint32_t x567; + fiat_p256_uint1 x568; + fiat_p256_addcarryx_u32(&x567, &x568, x566, 0x0, x535); + uint32_t x569; + fiat_p256_uint1 x570; + fiat_p256_addcarryx_u32(&x569, &x570, x568, 0x0, x537); + uint32_t x571; + fiat_p256_uint1 x572; + fiat_p256_addcarryx_u32(&x571, &x572, x570, x527, x539); + uint32_t x573; + fiat_p256_uint1 x574; + fiat_p256_addcarryx_u32(&x573, &x574, x572, x545, x541); + uint32_t x575; + fiat_p256_uint1 x576; + fiat_p256_addcarryx_u32(&x575, &x576, x574, x546, x543); + uint32_t x577; + fiat_p256_uint1 x578; + fiat_p256_addcarryx_u32(&x577, &x578, x576, 0x0, x544); + uint32_t x579; + uint32_t x580; + fiat_p256_mulx_u32(&x579, &x580, x7, (arg1[7])); + uint32_t x581; + uint32_t x582; + fiat_p256_mulx_u32(&x581, &x582, x7, (arg1[6])); + uint32_t x583; + uint32_t x584; + fiat_p256_mulx_u32(&x583, &x584, x7, (arg1[5])); + uint32_t x585; + uint32_t x586; + fiat_p256_mulx_u32(&x585, &x586, x7, (arg1[4])); + uint32_t x587; + uint32_t x588; + fiat_p256_mulx_u32(&x587, &x588, x7, (arg1[3])); + uint32_t x589; + uint32_t x590; + fiat_p256_mulx_u32(&x589, &x590, x7, (arg1[2])); + uint32_t x591; + uint32_t x592; + fiat_p256_mulx_u32(&x591, &x592, x7, (arg1[1])); + uint32_t x593; + uint32_t x594; + fiat_p256_mulx_u32(&x593, &x594, x7, (arg1[0])); + uint32_t x595; + fiat_p256_uint1 x596; + fiat_p256_addcarryx_u32(&x595, &x596, 0x0, x591, x594); + uint32_t x597; + fiat_p256_uint1 x598; + fiat_p256_addcarryx_u32(&x597, &x598, x596, x589, x592); + uint32_t x599; + fiat_p256_uint1 x600; + fiat_p256_addcarryx_u32(&x599, &x600, x598, x587, x590); + uint32_t x601; + fiat_p256_uint1 x602; + fiat_p256_addcarryx_u32(&x601, &x602, x600, x585, x588); + uint32_t x603; + fiat_p256_uint1 x604; + fiat_p256_addcarryx_u32(&x603, &x604, x602, x583, x586); + uint32_t x605; + fiat_p256_uint1 x606; + fiat_p256_addcarryx_u32(&x605, &x606, x604, x581, x584); + uint32_t x607; + fiat_p256_uint1 x608; + fiat_p256_addcarryx_u32(&x607, &x608, x606, x579, x582); + uint32_t x609; + fiat_p256_uint1 x610; + fiat_p256_addcarryx_u32(&x609, &x610, x608, 0x0, x580); + uint32_t x611; + fiat_p256_uint1 x612; + fiat_p256_addcarryx_u32(&x611, &x612, 0x0, x593, x561); + uint32_t x613; + fiat_p256_uint1 x614; + fiat_p256_addcarryx_u32(&x613, &x614, x612, x595, x563); + uint32_t x615; + fiat_p256_uint1 x616; + fiat_p256_addcarryx_u32(&x615, &x616, x614, x597, x565); + uint32_t x617; + fiat_p256_uint1 x618; + fiat_p256_addcarryx_u32(&x617, &x618, x616, x599, x567); + uint32_t x619; + fiat_p256_uint1 x620; + fiat_p256_addcarryx_u32(&x619, &x620, x618, x601, x569); + uint32_t x621; + fiat_p256_uint1 x622; + fiat_p256_addcarryx_u32(&x621, &x622, x620, x603, x571); + uint32_t x623; + fiat_p256_uint1 x624; + fiat_p256_addcarryx_u32(&x623, &x624, x622, x605, x573); + uint32_t x625; + fiat_p256_uint1 x626; + fiat_p256_addcarryx_u32(&x625, &x626, x624, x607, x575); + uint32_t x627; + fiat_p256_uint1 x628; + fiat_p256_addcarryx_u32(&x627, &x628, x626, x609, x577); + uint32_t x629; + uint32_t x630; + fiat_p256_mulx_u32(&x629, &x630, x611, UINT32_C(0xffffffff)); + uint32_t x631; + uint32_t x632; + fiat_p256_mulx_u32(&x631, &x632, x611, UINT32_C(0xffffffff)); + uint32_t x633; + uint32_t x634; + fiat_p256_mulx_u32(&x633, &x634, x611, UINT32_C(0xffffffff)); + uint32_t x635; + uint32_t x636; + fiat_p256_mulx_u32(&x635, &x636, x611, UINT32_C(0xffffffff)); + uint32_t x637; + fiat_p256_uint1 x638; + fiat_p256_addcarryx_u32(&x637, &x638, 0x0, x633, x636); + uint32_t x639; + fiat_p256_uint1 x640; + fiat_p256_addcarryx_u32(&x639, &x640, x638, x631, x634); + uint32_t x641; + fiat_p256_uint1 x642; + fiat_p256_addcarryx_u32(&x641, &x642, x640, 0x0, x632); + uint32_t x643; + fiat_p256_uint1 x644; + fiat_p256_addcarryx_u32(&x643, &x644, 0x0, x635, x611); + uint32_t x645; + fiat_p256_uint1 x646; + fiat_p256_addcarryx_u32(&x645, &x646, x644, x637, x613); + uint32_t x647; + fiat_p256_uint1 x648; + fiat_p256_addcarryx_u32(&x647, &x648, x646, x639, x615); + uint32_t x649; + fiat_p256_uint1 x650; + fiat_p256_addcarryx_u32(&x649, &x650, x648, x641, x617); + uint32_t x651; + fiat_p256_uint1 x652; + fiat_p256_addcarryx_u32(&x651, &x652, x650, 0x0, x619); + uint32_t x653; + fiat_p256_uint1 x654; + fiat_p256_addcarryx_u32(&x653, &x654, x652, 0x0, x621); + uint32_t x655; + fiat_p256_uint1 x656; + fiat_p256_addcarryx_u32(&x655, &x656, x654, x611, x623); + uint32_t x657; + fiat_p256_uint1 x658; + fiat_p256_addcarryx_u32(&x657, &x658, x656, x629, x625); + uint32_t x659; + fiat_p256_uint1 x660; + fiat_p256_addcarryx_u32(&x659, &x660, x658, x630, x627); + uint32_t x661; + fiat_p256_uint1 x662; + fiat_p256_addcarryx_u32(&x661, &x662, x660, 0x0, x628); + uint32_t x663; + fiat_p256_uint1 x664; + fiat_p256_subborrowx_u32(&x663, &x664, 0x0, x645, UINT32_C(0xffffffff)); + uint32_t x665; + fiat_p256_uint1 x666; + fiat_p256_subborrowx_u32(&x665, &x666, x664, x647, UINT32_C(0xffffffff)); + uint32_t x667; + fiat_p256_uint1 x668; + fiat_p256_subborrowx_u32(&x667, &x668, x666, x649, UINT32_C(0xffffffff)); + uint32_t x669; + fiat_p256_uint1 x670; + fiat_p256_subborrowx_u32(&x669, &x670, x668, x651, 0x0); + uint32_t x671; + fiat_p256_uint1 x672; + fiat_p256_subborrowx_u32(&x671, &x672, x670, x653, 0x0); + uint32_t x673; + fiat_p256_uint1 x674; + fiat_p256_subborrowx_u32(&x673, &x674, x672, x655, 0x0); + uint32_t x675; + fiat_p256_uint1 x676; + fiat_p256_subborrowx_u32(&x675, &x676, x674, x657, 0x1); + uint32_t x677; + fiat_p256_uint1 x678; + fiat_p256_subborrowx_u32(&x677, &x678, x676, x659, UINT32_C(0xffffffff)); + uint32_t x679; + fiat_p256_uint1 x680; + fiat_p256_subborrowx_u32(&x679, &x680, x678, x661, 0x0); + uint32_t x681; + fiat_p256_cmovznz_u32(&x681, x680, x663, x645); + uint32_t x682; + fiat_p256_cmovznz_u32(&x682, x680, x665, x647); + uint32_t x683; + fiat_p256_cmovznz_u32(&x683, x680, x667, x649); + uint32_t x684; + fiat_p256_cmovznz_u32(&x684, x680, x669, x651); + uint32_t x685; + fiat_p256_cmovznz_u32(&x685, x680, x671, x653); + uint32_t x686; + fiat_p256_cmovznz_u32(&x686, x680, x673, x655); + uint32_t x687; + fiat_p256_cmovznz_u32(&x687, x680, x675, x657); + uint32_t x688; + fiat_p256_cmovznz_u32(&x688, x680, x677, x659); + out1[0] = x681; + out1[1] = x682; + out1[2] = x683; + out1[3] = x684; + out1[4] = x685; + out1[5] = x686; + out1[6] = x687; + out1[7] = x688; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_add(uint32_t out1[8], const uint32_t arg1[8], const uint32_t arg2[8]) { + uint32_t x1; + fiat_p256_uint1 x2; + fiat_p256_addcarryx_u32(&x1, &x2, 0x0, (arg2[0]), (arg1[0])); + uint32_t x3; + fiat_p256_uint1 x4; + fiat_p256_addcarryx_u32(&x3, &x4, x2, (arg2[1]), (arg1[1])); + uint32_t x5; + fiat_p256_uint1 x6; + fiat_p256_addcarryx_u32(&x5, &x6, x4, (arg2[2]), (arg1[2])); + uint32_t x7; + fiat_p256_uint1 x8; + fiat_p256_addcarryx_u32(&x7, &x8, x6, (arg2[3]), (arg1[3])); + uint32_t x9; + fiat_p256_uint1 x10; + fiat_p256_addcarryx_u32(&x9, &x10, x8, (arg2[4]), (arg1[4])); + uint32_t x11; + fiat_p256_uint1 x12; + fiat_p256_addcarryx_u32(&x11, &x12, x10, (arg2[5]), (arg1[5])); + uint32_t x13; + fiat_p256_uint1 x14; + fiat_p256_addcarryx_u32(&x13, &x14, x12, (arg2[6]), (arg1[6])); + uint32_t x15; + fiat_p256_uint1 x16; + fiat_p256_addcarryx_u32(&x15, &x16, x14, (arg2[7]), (arg1[7])); + uint32_t x17; + fiat_p256_uint1 x18; + fiat_p256_subborrowx_u32(&x17, &x18, 0x0, x1, UINT32_C(0xffffffff)); + uint32_t x19; + fiat_p256_uint1 x20; + fiat_p256_subborrowx_u32(&x19, &x20, x18, x3, UINT32_C(0xffffffff)); + uint32_t x21; + fiat_p256_uint1 x22; + fiat_p256_subborrowx_u32(&x21, &x22, x20, x5, UINT32_C(0xffffffff)); + uint32_t x23; + fiat_p256_uint1 x24; + fiat_p256_subborrowx_u32(&x23, &x24, x22, x7, 0x0); + uint32_t x25; + fiat_p256_uint1 x26; + fiat_p256_subborrowx_u32(&x25, &x26, x24, x9, 0x0); + uint32_t x27; + fiat_p256_uint1 x28; + fiat_p256_subborrowx_u32(&x27, &x28, x26, x11, 0x0); + uint32_t x29; + fiat_p256_uint1 x30; + fiat_p256_subborrowx_u32(&x29, &x30, x28, x13, 0x1); + uint32_t x31; + fiat_p256_uint1 x32; + fiat_p256_subborrowx_u32(&x31, &x32, x30, x15, UINT32_C(0xffffffff)); + uint32_t x33; + fiat_p256_uint1 x34; + fiat_p256_subborrowx_u32(&x33, &x34, x32, x16, 0x0); + uint32_t x35; + fiat_p256_cmovznz_u32(&x35, x34, x17, x1); + uint32_t x36; + fiat_p256_cmovznz_u32(&x36, x34, x19, x3); + uint32_t x37; + fiat_p256_cmovznz_u32(&x37, x34, x21, x5); + uint32_t x38; + fiat_p256_cmovznz_u32(&x38, x34, x23, x7); + uint32_t x39; + fiat_p256_cmovznz_u32(&x39, x34, x25, x9); + uint32_t x40; + fiat_p256_cmovznz_u32(&x40, x34, x27, x11); + uint32_t x41; + fiat_p256_cmovznz_u32(&x41, x34, x29, x13); + uint32_t x42; + fiat_p256_cmovznz_u32(&x42, x34, x31, x15); + out1[0] = x35; + out1[1] = x36; + out1[2] = x37; + out1[3] = x38; + out1[4] = x39; + out1[5] = x40; + out1[6] = x41; + out1[7] = x42; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_sub(uint32_t out1[8], const uint32_t arg1[8], const uint32_t arg2[8]) { + uint32_t x1; + fiat_p256_uint1 x2; + fiat_p256_subborrowx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + uint32_t x3; + fiat_p256_uint1 x4; + fiat_p256_subborrowx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + uint32_t x5; + fiat_p256_uint1 x6; + fiat_p256_subborrowx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + uint32_t x7; + fiat_p256_uint1 x8; + fiat_p256_subborrowx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + uint32_t x9; + fiat_p256_uint1 x10; + fiat_p256_subborrowx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + uint32_t x11; + fiat_p256_uint1 x12; + fiat_p256_subborrowx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + uint32_t x13; + fiat_p256_uint1 x14; + fiat_p256_subborrowx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + uint32_t x15; + fiat_p256_uint1 x16; + fiat_p256_subborrowx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + uint32_t x17; + fiat_p256_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); + uint32_t x18; + fiat_p256_uint1 x19; + fiat_p256_addcarryx_u32(&x18, &x19, 0x0, (x17 & UINT32_C(0xffffffff)), x1); + uint32_t x20; + fiat_p256_uint1 x21; + fiat_p256_addcarryx_u32(&x20, &x21, x19, (x17 & UINT32_C(0xffffffff)), x3); + uint32_t x22; + fiat_p256_uint1 x23; + fiat_p256_addcarryx_u32(&x22, &x23, x21, (x17 & UINT32_C(0xffffffff)), x5); + uint32_t x24; + fiat_p256_uint1 x25; + fiat_p256_addcarryx_u32(&x24, &x25, x23, 0x0, x7); + uint32_t x26; + fiat_p256_uint1 x27; + fiat_p256_addcarryx_u32(&x26, &x27, x25, 0x0, x9); + uint32_t x28; + fiat_p256_uint1 x29; + fiat_p256_addcarryx_u32(&x28, &x29, x27, 0x0, x11); + uint32_t x30; + fiat_p256_uint1 x31; + fiat_p256_addcarryx_u32(&x30, &x31, x29, (fiat_p256_uint1)(x17 & 0x1), x13); + uint32_t x32; + fiat_p256_uint1 x33; + fiat_p256_addcarryx_u32(&x32, &x33, x31, (x17 & UINT32_C(0xffffffff)), x15); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_opp(uint32_t out1[8], const uint32_t arg1[8]) { + uint32_t x1; + fiat_p256_uint1 x2; + fiat_p256_subborrowx_u32(&x1, &x2, 0x0, 0x0, (arg1[0])); + uint32_t x3; + fiat_p256_uint1 x4; + fiat_p256_subborrowx_u32(&x3, &x4, x2, 0x0, (arg1[1])); + uint32_t x5; + fiat_p256_uint1 x6; + fiat_p256_subborrowx_u32(&x5, &x6, x4, 0x0, (arg1[2])); + uint32_t x7; + fiat_p256_uint1 x8; + fiat_p256_subborrowx_u32(&x7, &x8, x6, 0x0, (arg1[3])); + uint32_t x9; + fiat_p256_uint1 x10; + fiat_p256_subborrowx_u32(&x9, &x10, x8, 0x0, (arg1[4])); + uint32_t x11; + fiat_p256_uint1 x12; + fiat_p256_subborrowx_u32(&x11, &x12, x10, 0x0, (arg1[5])); + uint32_t x13; + fiat_p256_uint1 x14; + fiat_p256_subborrowx_u32(&x13, &x14, x12, 0x0, (arg1[6])); + uint32_t x15; + fiat_p256_uint1 x16; + fiat_p256_subborrowx_u32(&x15, &x16, x14, 0x0, (arg1[7])); + uint32_t x17; + fiat_p256_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); + uint32_t x18; + fiat_p256_uint1 x19; + fiat_p256_addcarryx_u32(&x18, &x19, 0x0, (x17 & UINT32_C(0xffffffff)), x1); + uint32_t x20; + fiat_p256_uint1 x21; + fiat_p256_addcarryx_u32(&x20, &x21, x19, (x17 & UINT32_C(0xffffffff)), x3); + uint32_t x22; + fiat_p256_uint1 x23; + fiat_p256_addcarryx_u32(&x22, &x23, x21, (x17 & UINT32_C(0xffffffff)), x5); + uint32_t x24; + fiat_p256_uint1 x25; + fiat_p256_addcarryx_u32(&x24, &x25, x23, 0x0, x7); + uint32_t x26; + fiat_p256_uint1 x27; + fiat_p256_addcarryx_u32(&x26, &x27, x25, 0x0, x9); + uint32_t x28; + fiat_p256_uint1 x29; + fiat_p256_addcarryx_u32(&x28, &x29, x27, 0x0, x11); + uint32_t x30; + fiat_p256_uint1 x31; + fiat_p256_addcarryx_u32(&x30, &x31, x29, (fiat_p256_uint1)(x17 & 0x1), x13); + uint32_t x32; + fiat_p256_uint1 x33; + fiat_p256_addcarryx_u32(&x32, &x33, x31, (x17 & UINT32_C(0xffffffff)), x15); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8]) { + uint32_t x1 = (arg1[0]); + uint32_t x2; + uint32_t x3; + fiat_p256_mulx_u32(&x2, &x3, x1, UINT32_C(0xffffffff)); + uint32_t x4; + uint32_t x5; + fiat_p256_mulx_u32(&x4, &x5, x1, UINT32_C(0xffffffff)); + uint32_t x6; + uint32_t x7; + fiat_p256_mulx_u32(&x6, &x7, x1, UINT32_C(0xffffffff)); + uint32_t x8; + uint32_t x9; + fiat_p256_mulx_u32(&x8, &x9, x1, UINT32_C(0xffffffff)); + uint32_t x10; + fiat_p256_uint1 x11; + fiat_p256_addcarryx_u32(&x10, &x11, 0x0, x6, x9); + uint32_t x12; + fiat_p256_uint1 x13; + fiat_p256_addcarryx_u32(&x12, &x13, x11, x4, x7); + uint32_t x14; + fiat_p256_uint1 x15; + fiat_p256_addcarryx_u32(&x14, &x15, 0x0, x8, x1); + uint32_t x16; + fiat_p256_uint1 x17; + fiat_p256_addcarryx_u32(&x16, &x17, x15, x10, 0x0); + uint32_t x18; + fiat_p256_uint1 x19; + fiat_p256_addcarryx_u32(&x18, &x19, x17, x12, 0x0); + uint32_t x20; + fiat_p256_uint1 x21; + fiat_p256_addcarryx_u32(&x20, &x21, x13, 0x0, x5); + uint32_t x22; + fiat_p256_uint1 x23; + fiat_p256_addcarryx_u32(&x22, &x23, x19, x20, 0x0); + uint32_t x24; + fiat_p256_uint1 x25; + fiat_p256_addcarryx_u32(&x24, &x25, 0x0, (arg1[1]), x16); + uint32_t x26; + fiat_p256_uint1 x27; + fiat_p256_addcarryx_u32(&x26, &x27, x25, 0x0, x18); + uint32_t x28; + fiat_p256_uint1 x29; + fiat_p256_addcarryx_u32(&x28, &x29, x27, 0x0, x22); + uint32_t x30; + uint32_t x31; + fiat_p256_mulx_u32(&x30, &x31, x24, UINT32_C(0xffffffff)); + uint32_t x32; + uint32_t x33; + fiat_p256_mulx_u32(&x32, &x33, x24, UINT32_C(0xffffffff)); + uint32_t x34; + uint32_t x35; + fiat_p256_mulx_u32(&x34, &x35, x24, UINT32_C(0xffffffff)); + uint32_t x36; + uint32_t x37; + fiat_p256_mulx_u32(&x36, &x37, x24, UINT32_C(0xffffffff)); + uint32_t x38; + fiat_p256_uint1 x39; + fiat_p256_addcarryx_u32(&x38, &x39, 0x0, x34, x37); + uint32_t x40; + fiat_p256_uint1 x41; + fiat_p256_addcarryx_u32(&x40, &x41, x39, x32, x35); + uint32_t x42; + fiat_p256_uint1 x43; + fiat_p256_addcarryx_u32(&x42, &x43, 0x0, x36, x24); + uint32_t x44; + fiat_p256_uint1 x45; + fiat_p256_addcarryx_u32(&x44, &x45, x43, x38, x26); + uint32_t x46; + fiat_p256_uint1 x47; + fiat_p256_addcarryx_u32(&x46, &x47, x45, x40, x28); + uint32_t x48; + fiat_p256_uint1 x49; + fiat_p256_addcarryx_u32(&x48, &x49, x23, 0x0, 0x0); + uint32_t x50; + fiat_p256_uint1 x51; + fiat_p256_addcarryx_u32(&x50, &x51, x29, 0x0, (fiat_p256_uint1)x48); + uint32_t x52; + fiat_p256_uint1 x53; + fiat_p256_addcarryx_u32(&x52, &x53, x41, 0x0, x33); + uint32_t x54; + fiat_p256_uint1 x55; + fiat_p256_addcarryx_u32(&x54, &x55, x47, x52, x50); + uint32_t x56; + fiat_p256_uint1 x57; + fiat_p256_addcarryx_u32(&x56, &x57, 0x0, x24, x2); + uint32_t x58; + fiat_p256_uint1 x59; + fiat_p256_addcarryx_u32(&x58, &x59, x57, x30, x3); + uint32_t x60; + fiat_p256_uint1 x61; + fiat_p256_addcarryx_u32(&x60, &x61, 0x0, (arg1[2]), x44); + uint32_t x62; + fiat_p256_uint1 x63; + fiat_p256_addcarryx_u32(&x62, &x63, x61, 0x0, x46); + uint32_t x64; + fiat_p256_uint1 x65; + fiat_p256_addcarryx_u32(&x64, &x65, x63, 0x0, x54); + uint32_t x66; + uint32_t x67; + fiat_p256_mulx_u32(&x66, &x67, x60, UINT32_C(0xffffffff)); + uint32_t x68; + uint32_t x69; + fiat_p256_mulx_u32(&x68, &x69, x60, UINT32_C(0xffffffff)); + uint32_t x70; + uint32_t x71; + fiat_p256_mulx_u32(&x70, &x71, x60, UINT32_C(0xffffffff)); + uint32_t x72; + uint32_t x73; + fiat_p256_mulx_u32(&x72, &x73, x60, UINT32_C(0xffffffff)); + uint32_t x74; + fiat_p256_uint1 x75; + fiat_p256_addcarryx_u32(&x74, &x75, 0x0, x70, x73); + uint32_t x76; + fiat_p256_uint1 x77; + fiat_p256_addcarryx_u32(&x76, &x77, x75, x68, x71); + uint32_t x78; + fiat_p256_uint1 x79; + fiat_p256_addcarryx_u32(&x78, &x79, 0x0, x72, x60); + uint32_t x80; + fiat_p256_uint1 x81; + fiat_p256_addcarryx_u32(&x80, &x81, x79, x74, x62); + uint32_t x82; + fiat_p256_uint1 x83; + fiat_p256_addcarryx_u32(&x82, &x83, x81, x76, x64); + uint32_t x84; + fiat_p256_uint1 x85; + fiat_p256_addcarryx_u32(&x84, &x85, x55, 0x0, 0x0); + uint32_t x86; + fiat_p256_uint1 x87; + fiat_p256_addcarryx_u32(&x86, &x87, x65, 0x0, (fiat_p256_uint1)x84); + uint32_t x88; + fiat_p256_uint1 x89; + fiat_p256_addcarryx_u32(&x88, &x89, x77, 0x0, x69); + uint32_t x90; + fiat_p256_uint1 x91; + fiat_p256_addcarryx_u32(&x90, &x91, x83, x88, x86); + uint32_t x92; + fiat_p256_uint1 x93; + fiat_p256_addcarryx_u32(&x92, &x93, x91, 0x0, x1); + uint32_t x94; + fiat_p256_uint1 x95; + fiat_p256_addcarryx_u32(&x94, &x95, x93, 0x0, x56); + uint32_t x96; + fiat_p256_uint1 x97; + fiat_p256_addcarryx_u32(&x96, &x97, x95, x60, x58); + uint32_t x98; + fiat_p256_uint1 x99; + fiat_p256_addcarryx_u32(&x98, &x99, x59, x31, 0x0); + uint32_t x100; + fiat_p256_uint1 x101; + fiat_p256_addcarryx_u32(&x100, &x101, x97, x66, x98); + uint32_t x102; + fiat_p256_uint1 x103; + fiat_p256_addcarryx_u32(&x102, &x103, 0x0, (arg1[3]), x80); + uint32_t x104; + fiat_p256_uint1 x105; + fiat_p256_addcarryx_u32(&x104, &x105, x103, 0x0, x82); + uint32_t x106; + fiat_p256_uint1 x107; + fiat_p256_addcarryx_u32(&x106, &x107, x105, 0x0, x90); + uint32_t x108; + fiat_p256_uint1 x109; + fiat_p256_addcarryx_u32(&x108, &x109, x107, 0x0, x92); + uint32_t x110; + fiat_p256_uint1 x111; + fiat_p256_addcarryx_u32(&x110, &x111, x109, 0x0, x94); + uint32_t x112; + fiat_p256_uint1 x113; + fiat_p256_addcarryx_u32(&x112, &x113, x111, 0x0, x96); + uint32_t x114; + fiat_p256_uint1 x115; + fiat_p256_addcarryx_u32(&x114, &x115, x113, 0x0, x100); + uint32_t x116; + fiat_p256_uint1 x117; + fiat_p256_addcarryx_u32(&x116, &x117, x101, x67, 0x0); + uint32_t x118; + fiat_p256_uint1 x119; + fiat_p256_addcarryx_u32(&x118, &x119, x115, 0x0, x116); + uint32_t x120; + uint32_t x121; + fiat_p256_mulx_u32(&x120, &x121, x102, UINT32_C(0xffffffff)); + uint32_t x122; + uint32_t x123; + fiat_p256_mulx_u32(&x122, &x123, x102, UINT32_C(0xffffffff)); + uint32_t x124; + uint32_t x125; + fiat_p256_mulx_u32(&x124, &x125, x102, UINT32_C(0xffffffff)); + uint32_t x126; + uint32_t x127; + fiat_p256_mulx_u32(&x126, &x127, x102, UINT32_C(0xffffffff)); + uint32_t x128; + fiat_p256_uint1 x129; + fiat_p256_addcarryx_u32(&x128, &x129, 0x0, x124, x127); + uint32_t x130; + fiat_p256_uint1 x131; + fiat_p256_addcarryx_u32(&x130, &x131, x129, x122, x125); + uint32_t x132; + fiat_p256_uint1 x133; + fiat_p256_addcarryx_u32(&x132, &x133, 0x0, x126, x102); + uint32_t x134; + fiat_p256_uint1 x135; + fiat_p256_addcarryx_u32(&x134, &x135, x133, x128, x104); + uint32_t x136; + fiat_p256_uint1 x137; + fiat_p256_addcarryx_u32(&x136, &x137, x135, x130, x106); + uint32_t x138; + fiat_p256_uint1 x139; + fiat_p256_addcarryx_u32(&x138, &x139, x131, 0x0, x123); + uint32_t x140; + fiat_p256_uint1 x141; + fiat_p256_addcarryx_u32(&x140, &x141, x137, x138, x108); + uint32_t x142; + fiat_p256_uint1 x143; + fiat_p256_addcarryx_u32(&x142, &x143, x141, 0x0, x110); + uint32_t x144; + fiat_p256_uint1 x145; + fiat_p256_addcarryx_u32(&x144, &x145, x143, 0x0, x112); + uint32_t x146; + fiat_p256_uint1 x147; + fiat_p256_addcarryx_u32(&x146, &x147, x145, x102, x114); + uint32_t x148; + fiat_p256_uint1 x149; + fiat_p256_addcarryx_u32(&x148, &x149, x147, x120, x118); + uint32_t x150; + fiat_p256_uint1 x151; + fiat_p256_addcarryx_u32(&x150, &x151, x119, 0x0, 0x0); + uint32_t x152; + fiat_p256_uint1 x153; + fiat_p256_addcarryx_u32(&x152, &x153, x149, x121, (fiat_p256_uint1)x150); + uint32_t x154; + fiat_p256_uint1 x155; + fiat_p256_addcarryx_u32(&x154, &x155, 0x0, (arg1[4]), x134); + uint32_t x156; + fiat_p256_uint1 x157; + fiat_p256_addcarryx_u32(&x156, &x157, x155, 0x0, x136); + uint32_t x158; + fiat_p256_uint1 x159; + fiat_p256_addcarryx_u32(&x158, &x159, x157, 0x0, x140); + uint32_t x160; + fiat_p256_uint1 x161; + fiat_p256_addcarryx_u32(&x160, &x161, x159, 0x0, x142); + uint32_t x162; + fiat_p256_uint1 x163; + fiat_p256_addcarryx_u32(&x162, &x163, x161, 0x0, x144); + uint32_t x164; + fiat_p256_uint1 x165; + fiat_p256_addcarryx_u32(&x164, &x165, x163, 0x0, x146); + uint32_t x166; + fiat_p256_uint1 x167; + fiat_p256_addcarryx_u32(&x166, &x167, x165, 0x0, x148); + uint32_t x168; + fiat_p256_uint1 x169; + fiat_p256_addcarryx_u32(&x168, &x169, x167, 0x0, x152); + uint32_t x170; + uint32_t x171; + fiat_p256_mulx_u32(&x170, &x171, x154, UINT32_C(0xffffffff)); + uint32_t x172; + uint32_t x173; + fiat_p256_mulx_u32(&x172, &x173, x154, UINT32_C(0xffffffff)); + uint32_t x174; + uint32_t x175; + fiat_p256_mulx_u32(&x174, &x175, x154, UINT32_C(0xffffffff)); + uint32_t x176; + uint32_t x177; + fiat_p256_mulx_u32(&x176, &x177, x154, UINT32_C(0xffffffff)); + uint32_t x178; + fiat_p256_uint1 x179; + fiat_p256_addcarryx_u32(&x178, &x179, 0x0, x174, x177); + uint32_t x180; + fiat_p256_uint1 x181; + fiat_p256_addcarryx_u32(&x180, &x181, x179, x172, x175); + uint32_t x182; + fiat_p256_uint1 x183; + fiat_p256_addcarryx_u32(&x182, &x183, 0x0, x176, x154); + uint32_t x184; + fiat_p256_uint1 x185; + fiat_p256_addcarryx_u32(&x184, &x185, x183, x178, x156); + uint32_t x186; + fiat_p256_uint1 x187; + fiat_p256_addcarryx_u32(&x186, &x187, x185, x180, x158); + uint32_t x188; + fiat_p256_uint1 x189; + fiat_p256_addcarryx_u32(&x188, &x189, x181, 0x0, x173); + uint32_t x190; + fiat_p256_uint1 x191; + fiat_p256_addcarryx_u32(&x190, &x191, x187, x188, x160); + uint32_t x192; + fiat_p256_uint1 x193; + fiat_p256_addcarryx_u32(&x192, &x193, x191, 0x0, x162); + uint32_t x194; + fiat_p256_uint1 x195; + fiat_p256_addcarryx_u32(&x194, &x195, x193, 0x0, x164); + uint32_t x196; + fiat_p256_uint1 x197; + fiat_p256_addcarryx_u32(&x196, &x197, x195, x154, x166); + uint32_t x198; + fiat_p256_uint1 x199; + fiat_p256_addcarryx_u32(&x198, &x199, x197, x170, x168); + uint32_t x200; + fiat_p256_uint1 x201; + fiat_p256_addcarryx_u32(&x200, &x201, x153, 0x0, 0x0); + uint32_t x202; + fiat_p256_uint1 x203; + fiat_p256_addcarryx_u32(&x202, &x203, x169, 0x0, (fiat_p256_uint1)x200); + uint32_t x204; + fiat_p256_uint1 x205; + fiat_p256_addcarryx_u32(&x204, &x205, x199, x171, x202); + uint32_t x206; + fiat_p256_uint1 x207; + fiat_p256_addcarryx_u32(&x206, &x207, 0x0, (arg1[5]), x184); + uint32_t x208; + fiat_p256_uint1 x209; + fiat_p256_addcarryx_u32(&x208, &x209, x207, 0x0, x186); + uint32_t x210; + fiat_p256_uint1 x211; + fiat_p256_addcarryx_u32(&x210, &x211, x209, 0x0, x190); + uint32_t x212; + fiat_p256_uint1 x213; + fiat_p256_addcarryx_u32(&x212, &x213, x211, 0x0, x192); + uint32_t x214; + fiat_p256_uint1 x215; + fiat_p256_addcarryx_u32(&x214, &x215, x213, 0x0, x194); + uint32_t x216; + fiat_p256_uint1 x217; + fiat_p256_addcarryx_u32(&x216, &x217, x215, 0x0, x196); + uint32_t x218; + fiat_p256_uint1 x219; + fiat_p256_addcarryx_u32(&x218, &x219, x217, 0x0, x198); + uint32_t x220; + fiat_p256_uint1 x221; + fiat_p256_addcarryx_u32(&x220, &x221, x219, 0x0, x204); + uint32_t x222; + uint32_t x223; + fiat_p256_mulx_u32(&x222, &x223, x206, UINT32_C(0xffffffff)); + uint32_t x224; + uint32_t x225; + fiat_p256_mulx_u32(&x224, &x225, x206, UINT32_C(0xffffffff)); + uint32_t x226; + uint32_t x227; + fiat_p256_mulx_u32(&x226, &x227, x206, UINT32_C(0xffffffff)); + uint32_t x228; + uint32_t x229; + fiat_p256_mulx_u32(&x228, &x229, x206, UINT32_C(0xffffffff)); + uint32_t x230; + fiat_p256_uint1 x231; + fiat_p256_addcarryx_u32(&x230, &x231, 0x0, x226, x229); + uint32_t x232; + fiat_p256_uint1 x233; + fiat_p256_addcarryx_u32(&x232, &x233, x231, x224, x227); + uint32_t x234; + fiat_p256_uint1 x235; + fiat_p256_addcarryx_u32(&x234, &x235, 0x0, x228, x206); + uint32_t x236; + fiat_p256_uint1 x237; + fiat_p256_addcarryx_u32(&x236, &x237, x235, x230, x208); + uint32_t x238; + fiat_p256_uint1 x239; + fiat_p256_addcarryx_u32(&x238, &x239, x237, x232, x210); + uint32_t x240; + fiat_p256_uint1 x241; + fiat_p256_addcarryx_u32(&x240, &x241, x233, 0x0, x225); + uint32_t x242; + fiat_p256_uint1 x243; + fiat_p256_addcarryx_u32(&x242, &x243, x239, x240, x212); + uint32_t x244; + fiat_p256_uint1 x245; + fiat_p256_addcarryx_u32(&x244, &x245, x243, 0x0, x214); + uint32_t x246; + fiat_p256_uint1 x247; + fiat_p256_addcarryx_u32(&x246, &x247, x245, 0x0, x216); + uint32_t x248; + fiat_p256_uint1 x249; + fiat_p256_addcarryx_u32(&x248, &x249, x247, x206, x218); + uint32_t x250; + fiat_p256_uint1 x251; + fiat_p256_addcarryx_u32(&x250, &x251, x249, x222, x220); + uint32_t x252; + fiat_p256_uint1 x253; + fiat_p256_addcarryx_u32(&x252, &x253, x205, 0x0, 0x0); + uint32_t x254; + fiat_p256_uint1 x255; + fiat_p256_addcarryx_u32(&x254, &x255, x221, 0x0, (fiat_p256_uint1)x252); + uint32_t x256; + fiat_p256_uint1 x257; + fiat_p256_addcarryx_u32(&x256, &x257, x251, x223, x254); + uint32_t x258; + fiat_p256_uint1 x259; + fiat_p256_addcarryx_u32(&x258, &x259, 0x0, (arg1[6]), x236); + uint32_t x260; + fiat_p256_uint1 x261; + fiat_p256_addcarryx_u32(&x260, &x261, x259, 0x0, x238); + uint32_t x262; + fiat_p256_uint1 x263; + fiat_p256_addcarryx_u32(&x262, &x263, x261, 0x0, x242); + uint32_t x264; + fiat_p256_uint1 x265; + fiat_p256_addcarryx_u32(&x264, &x265, x263, 0x0, x244); + uint32_t x266; + fiat_p256_uint1 x267; + fiat_p256_addcarryx_u32(&x266, &x267, x265, 0x0, x246); + uint32_t x268; + fiat_p256_uint1 x269; + fiat_p256_addcarryx_u32(&x268, &x269, x267, 0x0, x248); + uint32_t x270; + fiat_p256_uint1 x271; + fiat_p256_addcarryx_u32(&x270, &x271, x269, 0x0, x250); + uint32_t x272; + fiat_p256_uint1 x273; + fiat_p256_addcarryx_u32(&x272, &x273, x271, 0x0, x256); + uint32_t x274; + uint32_t x275; + fiat_p256_mulx_u32(&x274, &x275, x258, UINT32_C(0xffffffff)); + uint32_t x276; + uint32_t x277; + fiat_p256_mulx_u32(&x276, &x277, x258, UINT32_C(0xffffffff)); + uint32_t x278; + uint32_t x279; + fiat_p256_mulx_u32(&x278, &x279, x258, UINT32_C(0xffffffff)); + uint32_t x280; + uint32_t x281; + fiat_p256_mulx_u32(&x280, &x281, x258, UINT32_C(0xffffffff)); + uint32_t x282; + fiat_p256_uint1 x283; + fiat_p256_addcarryx_u32(&x282, &x283, 0x0, x278, x281); + uint32_t x284; + fiat_p256_uint1 x285; + fiat_p256_addcarryx_u32(&x284, &x285, x283, x276, x279); + uint32_t x286; + fiat_p256_uint1 x287; + fiat_p256_addcarryx_u32(&x286, &x287, 0x0, x280, x258); + uint32_t x288; + fiat_p256_uint1 x289; + fiat_p256_addcarryx_u32(&x288, &x289, x287, x282, x260); + uint32_t x290; + fiat_p256_uint1 x291; + fiat_p256_addcarryx_u32(&x290, &x291, x289, x284, x262); + uint32_t x292; + fiat_p256_uint1 x293; + fiat_p256_addcarryx_u32(&x292, &x293, x285, 0x0, x277); + uint32_t x294; + fiat_p256_uint1 x295; + fiat_p256_addcarryx_u32(&x294, &x295, x291, x292, x264); + uint32_t x296; + fiat_p256_uint1 x297; + fiat_p256_addcarryx_u32(&x296, &x297, x295, 0x0, x266); + uint32_t x298; + fiat_p256_uint1 x299; + fiat_p256_addcarryx_u32(&x298, &x299, x297, 0x0, x268); + uint32_t x300; + fiat_p256_uint1 x301; + fiat_p256_addcarryx_u32(&x300, &x301, x299, x258, x270); + uint32_t x302; + fiat_p256_uint1 x303; + fiat_p256_addcarryx_u32(&x302, &x303, x301, x274, x272); + uint32_t x304; + fiat_p256_uint1 x305; + fiat_p256_addcarryx_u32(&x304, &x305, x257, 0x0, 0x0); + uint32_t x306; + fiat_p256_uint1 x307; + fiat_p256_addcarryx_u32(&x306, &x307, x273, 0x0, (fiat_p256_uint1)x304); + uint32_t x308; + fiat_p256_uint1 x309; + fiat_p256_addcarryx_u32(&x308, &x309, x303, x275, x306); + uint32_t x310; + fiat_p256_uint1 x311; + fiat_p256_addcarryx_u32(&x310, &x311, 0x0, (arg1[7]), x288); + uint32_t x312; + fiat_p256_uint1 x313; + fiat_p256_addcarryx_u32(&x312, &x313, x311, 0x0, x290); + uint32_t x314; + fiat_p256_uint1 x315; + fiat_p256_addcarryx_u32(&x314, &x315, x313, 0x0, x294); + uint32_t x316; + fiat_p256_uint1 x317; + fiat_p256_addcarryx_u32(&x316, &x317, x315, 0x0, x296); + uint32_t x318; + fiat_p256_uint1 x319; + fiat_p256_addcarryx_u32(&x318, &x319, x317, 0x0, x298); + uint32_t x320; + fiat_p256_uint1 x321; + fiat_p256_addcarryx_u32(&x320, &x321, x319, 0x0, x300); + uint32_t x322; + fiat_p256_uint1 x323; + fiat_p256_addcarryx_u32(&x322, &x323, x321, 0x0, x302); + uint32_t x324; + fiat_p256_uint1 x325; + fiat_p256_addcarryx_u32(&x324, &x325, x323, 0x0, x308); + uint32_t x326; + uint32_t x327; + fiat_p256_mulx_u32(&x326, &x327, x310, UINT32_C(0xffffffff)); + uint32_t x328; + uint32_t x329; + fiat_p256_mulx_u32(&x328, &x329, x310, UINT32_C(0xffffffff)); + uint32_t x330; + uint32_t x331; + fiat_p256_mulx_u32(&x330, &x331, x310, UINT32_C(0xffffffff)); + uint32_t x332; + uint32_t x333; + fiat_p256_mulx_u32(&x332, &x333, x310, UINT32_C(0xffffffff)); + uint32_t x334; + fiat_p256_uint1 x335; + fiat_p256_addcarryx_u32(&x334, &x335, 0x0, x330, x333); + uint32_t x336; + fiat_p256_uint1 x337; + fiat_p256_addcarryx_u32(&x336, &x337, x335, x328, x331); + uint32_t x338; + fiat_p256_uint1 x339; + fiat_p256_addcarryx_u32(&x338, &x339, 0x0, x332, x310); + uint32_t x340; + fiat_p256_uint1 x341; + fiat_p256_addcarryx_u32(&x340, &x341, x339, x334, x312); + uint32_t x342; + fiat_p256_uint1 x343; + fiat_p256_addcarryx_u32(&x342, &x343, x341, x336, x314); + uint32_t x344; + fiat_p256_uint1 x345; + fiat_p256_addcarryx_u32(&x344, &x345, x337, 0x0, x329); + uint32_t x346; + fiat_p256_uint1 x347; + fiat_p256_addcarryx_u32(&x346, &x347, x343, x344, x316); + uint32_t x348; + fiat_p256_uint1 x349; + fiat_p256_addcarryx_u32(&x348, &x349, x347, 0x0, x318); + uint32_t x350; + fiat_p256_uint1 x351; + fiat_p256_addcarryx_u32(&x350, &x351, x349, 0x0, x320); + uint32_t x352; + fiat_p256_uint1 x353; + fiat_p256_addcarryx_u32(&x352, &x353, x351, x310, x322); + uint32_t x354; + fiat_p256_uint1 x355; + fiat_p256_addcarryx_u32(&x354, &x355, x353, x326, x324); + uint32_t x356; + fiat_p256_uint1 x357; + fiat_p256_addcarryx_u32(&x356, &x357, x309, 0x0, 0x0); + uint32_t x358; + fiat_p256_uint1 x359; + fiat_p256_addcarryx_u32(&x358, &x359, x325, 0x0, (fiat_p256_uint1)x356); + uint32_t x360; + fiat_p256_uint1 x361; + fiat_p256_addcarryx_u32(&x360, &x361, x355, x327, x358); + uint32_t x362; + fiat_p256_uint1 x363; + fiat_p256_subborrowx_u32(&x362, &x363, 0x0, x340, UINT32_C(0xffffffff)); + uint32_t x364; + fiat_p256_uint1 x365; + fiat_p256_subborrowx_u32(&x364, &x365, x363, x342, UINT32_C(0xffffffff)); + uint32_t x366; + fiat_p256_uint1 x367; + fiat_p256_subborrowx_u32(&x366, &x367, x365, x346, UINT32_C(0xffffffff)); + uint32_t x368; + fiat_p256_uint1 x369; + fiat_p256_subborrowx_u32(&x368, &x369, x367, x348, 0x0); + uint32_t x370; + fiat_p256_uint1 x371; + fiat_p256_subborrowx_u32(&x370, &x371, x369, x350, 0x0); + uint32_t x372; + fiat_p256_uint1 x373; + fiat_p256_subborrowx_u32(&x372, &x373, x371, x352, 0x0); + uint32_t x374; + fiat_p256_uint1 x375; + fiat_p256_subborrowx_u32(&x374, &x375, x373, x354, 0x1); + uint32_t x376; + fiat_p256_uint1 x377; + fiat_p256_subborrowx_u32(&x376, &x377, x375, x360, UINT32_C(0xffffffff)); + uint32_t x378; + fiat_p256_uint1 x379; + fiat_p256_addcarryx_u32(&x378, &x379, x361, 0x0, 0x0); + uint32_t x380; + fiat_p256_uint1 x381; + fiat_p256_subborrowx_u32(&x380, &x381, x377, (fiat_p256_uint1)x378, 0x0); + uint32_t x382; + fiat_p256_cmovznz_u32(&x382, x381, x362, x340); + uint32_t x383; + fiat_p256_cmovznz_u32(&x383, x381, x364, x342); + uint32_t x384; + fiat_p256_cmovznz_u32(&x384, x381, x366, x346); + uint32_t x385; + fiat_p256_cmovznz_u32(&x385, x381, x368, x348); + uint32_t x386; + fiat_p256_cmovznz_u32(&x386, x381, x370, x350); + uint32_t x387; + fiat_p256_cmovznz_u32(&x387, x381, x372, x352); + uint32_t x388; + fiat_p256_cmovznz_u32(&x388, x381, x374, x354); + uint32_t x389; + fiat_p256_cmovznz_u32(&x389, x381, x376, x360); + out1[0] = x382; + out1[1] = x383; + out1[2] = x384; + out1[3] = x385; + out1[4] = x386; + out1[5] = x387; + out1[6] = x388; + out1[7] = x389; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + */ +static void fiat_p256_nonzero(uint32_t* out1, const uint32_t arg1[8]) { + uint32_t x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | ((arg1[7]) | (uint32_t)0x0)))))))); + *out1 = x1; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_selectznz(uint32_t out1[8], fiat_p256_uint1 arg1, const uint32_t arg2[8], const uint32_t arg3[8]) { + uint32_t x1; + fiat_p256_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); + uint32_t x2; + fiat_p256_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); + uint32_t x3; + fiat_p256_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); + uint32_t x4; + fiat_p256_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); + uint32_t x5; + fiat_p256_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); + uint32_t x6; + fiat_p256_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); + uint32_t x7; + fiat_p256_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); + uint32_t x8; + fiat_p256_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + */ +static void fiat_p256_to_bytes(uint8_t out1[32], const uint32_t arg1[8]) { + uint32_t x1 = (arg1[7]); + uint32_t x2 = (arg1[6]); + uint32_t x3 = (arg1[5]); + uint32_t x4 = (arg1[4]); + uint32_t x5 = (arg1[3]); + uint32_t x6 = (arg1[2]); + uint32_t x7 = (arg1[1]); + uint32_t x8 = (arg1[0]); + uint32_t x9 = (x8 >> 8); + uint8_t x10 = (uint8_t)(x8 & UINT8_C(0xff)); + uint32_t x11 = (x9 >> 8); + uint8_t x12 = (uint8_t)(x9 & UINT8_C(0xff)); + uint8_t x13 = (uint8_t)(x11 >> 8); + uint8_t x14 = (uint8_t)(x11 & UINT8_C(0xff)); + uint8_t x15 = (uint8_t)(x13 & UINT8_C(0xff)); + uint32_t x16 = (x7 >> 8); + uint8_t x17 = (uint8_t)(x7 & UINT8_C(0xff)); + uint32_t x18 = (x16 >> 8); + uint8_t x19 = (uint8_t)(x16 & UINT8_C(0xff)); + uint8_t x20 = (uint8_t)(x18 >> 8); + uint8_t x21 = (uint8_t)(x18 & UINT8_C(0xff)); + uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); + uint32_t x23 = (x6 >> 8); + uint8_t x24 = (uint8_t)(x6 & UINT8_C(0xff)); + uint32_t x25 = (x23 >> 8); + uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); + uint8_t x27 = (uint8_t)(x25 >> 8); + uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); + uint8_t x29 = (uint8_t)(x27 & UINT8_C(0xff)); + uint32_t x30 = (x5 >> 8); + uint8_t x31 = (uint8_t)(x5 & UINT8_C(0xff)); + uint32_t x32 = (x30 >> 8); + uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); + uint8_t x34 = (uint8_t)(x32 >> 8); + uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); + uint8_t x36 = (uint8_t)(x34 & UINT8_C(0xff)); + uint32_t x37 = (x4 >> 8); + uint8_t x38 = (uint8_t)(x4 & UINT8_C(0xff)); + uint32_t x39 = (x37 >> 8); + uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); + uint8_t x41 = (uint8_t)(x39 >> 8); + uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); + uint8_t x43 = (uint8_t)(x41 & UINT8_C(0xff)); + uint32_t x44 = (x3 >> 8); + uint8_t x45 = (uint8_t)(x3 & UINT8_C(0xff)); + uint32_t x46 = (x44 >> 8); + uint8_t x47 = (uint8_t)(x44 & UINT8_C(0xff)); + uint8_t x48 = (uint8_t)(x46 >> 8); + uint8_t x49 = (uint8_t)(x46 & UINT8_C(0xff)); + uint8_t x50 = (uint8_t)(x48 & UINT8_C(0xff)); + uint32_t x51 = (x2 >> 8); + uint8_t x52 = (uint8_t)(x2 & UINT8_C(0xff)); + uint32_t x53 = (x51 >> 8); + uint8_t x54 = (uint8_t)(x51 & UINT8_C(0xff)); + uint8_t x55 = (uint8_t)(x53 >> 8); + uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); + uint8_t x57 = (uint8_t)(x55 & UINT8_C(0xff)); + uint32_t x58 = (x1 >> 8); + uint8_t x59 = (uint8_t)(x1 & UINT8_C(0xff)); + uint32_t x60 = (x58 >> 8); + uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); + uint8_t x62 = (uint8_t)(x60 >> 8); + uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x15; + out1[4] = x17; + out1[5] = x19; + out1[6] = x21; + out1[7] = x22; + out1[8] = x24; + out1[9] = x26; + out1[10] = x28; + out1[11] = x29; + out1[12] = x31; + out1[13] = x33; + out1[14] = x35; + out1[15] = x36; + out1[16] = x38; + out1[17] = x40; + out1[18] = x42; + out1[19] = x43; + out1[20] = x45; + out1[21] = x47; + out1[22] = x49; + out1[23] = x50; + out1[24] = x52; + out1[25] = x54; + out1[26] = x56; + out1[27] = x57; + out1[28] = x59; + out1[29] = x61; + out1[30] = x63; + out1[31] = x62; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_from_bytes(uint32_t out1[8], const uint8_t arg1[32]) { + uint32_t x1 = ((uint32_t)(arg1[31]) << 24); + uint32_t x2 = ((uint32_t)(arg1[30]) << 16); + uint32_t x3 = ((uint32_t)(arg1[29]) << 8); + uint8_t x4 = (arg1[28]); + uint32_t x5 = ((uint32_t)(arg1[27]) << 24); + uint32_t x6 = ((uint32_t)(arg1[26]) << 16); + uint32_t x7 = ((uint32_t)(arg1[25]) << 8); + uint8_t x8 = (arg1[24]); + uint32_t x9 = ((uint32_t)(arg1[23]) << 24); + uint32_t x10 = ((uint32_t)(arg1[22]) << 16); + uint32_t x11 = ((uint32_t)(arg1[21]) << 8); + uint8_t x12 = (arg1[20]); + uint32_t x13 = ((uint32_t)(arg1[19]) << 24); + uint32_t x14 = ((uint32_t)(arg1[18]) << 16); + uint32_t x15 = ((uint32_t)(arg1[17]) << 8); + uint8_t x16 = (arg1[16]); + uint32_t x17 = ((uint32_t)(arg1[15]) << 24); + uint32_t x18 = ((uint32_t)(arg1[14]) << 16); + uint32_t x19 = ((uint32_t)(arg1[13]) << 8); + uint8_t x20 = (arg1[12]); + uint32_t x21 = ((uint32_t)(arg1[11]) << 24); + uint32_t x22 = ((uint32_t)(arg1[10]) << 16); + uint32_t x23 = ((uint32_t)(arg1[9]) << 8); + uint8_t x24 = (arg1[8]); + uint32_t x25 = ((uint32_t)(arg1[7]) << 24); + uint32_t x26 = ((uint32_t)(arg1[6]) << 16); + uint32_t x27 = ((uint32_t)(arg1[5]) << 8); + uint8_t x28 = (arg1[4]); + uint32_t x29 = ((uint32_t)(arg1[3]) << 24); + uint32_t x30 = ((uint32_t)(arg1[2]) << 16); + uint32_t x31 = ((uint32_t)(arg1[1]) << 8); + uint8_t x32 = (arg1[0]); + uint32_t x33 = (x32 + (x31 + (x30 + x29))); + uint32_t x34 = (x33 & UINT32_C(0xffffffff)); + uint32_t x35 = (x4 + (x3 + (x2 + x1))); + uint32_t x36 = (x8 + (x7 + (x6 + x5))); + uint32_t x37 = (x12 + (x11 + (x10 + x9))); + uint32_t x38 = (x16 + (x15 + (x14 + x13))); + uint32_t x39 = (x20 + (x19 + (x18 + x17))); + uint32_t x40 = (x24 + (x23 + (x22 + x21))); + uint32_t x41 = (x28 + (x27 + (x26 + x25))); + uint32_t x42 = (x41 & UINT32_C(0xffffffff)); + uint32_t x43 = (x40 & UINT32_C(0xffffffff)); + uint32_t x44 = (x39 & UINT32_C(0xffffffff)); + uint32_t x45 = (x38 & UINT32_C(0xffffffff)); + uint32_t x46 = (x37 & UINT32_C(0xffffffff)); + uint32_t x47 = (x36 & UINT32_C(0xffffffff)); + out1[0] = x34; + out1[1] = x42; + out1[2] = x43; + out1[3] = x44; + out1[4] = x45; + out1[5] = x46; + out1[6] = x47; + out1[7] = x35; +} + diff --git a/src/third_party/fiat/p256_64.h b/src/third_party/fiat/p256_64.h new file mode 100644 index 0000000..8e449c6 --- /dev/null +++ b/src/third_party/fiat/p256_64.h @@ -0,0 +1,1211 @@ +/* Autogenerated */ +/* curve description: p256 */ +/* requested operations: (all) */ +/* m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") */ +/* machine_wordsize = 64 (from "64") */ +/* */ +/* NOTE: In addition to the bounds specified above each function, all */ +/* functions synthesized for this Montgomery arithmetic require the */ +/* input to be strictly less than the prime modulus (m), and also */ +/* require the input to be in the unique saturated representation. */ +/* All functions also ensure that these two properties are true of */ +/* return values. */ + +#include +typedef unsigned char fiat_p256_uint1; +typedef signed char fiat_p256_int1; +typedef signed __int128 fiat_p256_int128; +typedef unsigned __int128 fiat_p256_uint128; + + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_p256_addcarryx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_p256_uint128 x1 = ((arg1 + (fiat_p256_uint128)arg2) + arg3); + uint64_t x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + fiat_p256_uint1 x3 = (fiat_p256_uint1)(x1 >> 64); + *out1 = x2; + *out2 = x3; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_p256_subborrowx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_p256_int128 x1 = ((arg2 - (fiat_p256_int128)arg1) - arg3); + fiat_p256_int1 x2 = (fiat_p256_int1)(x1 >> 64); + uint64_t x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + *out1 = x3; + *out2 = (fiat_p256_uint1)(0x0 - x2); +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0xffffffffffffffff] + * arg2: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0xffffffffffffffff] + */ +static void fiat_p256_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, uint64_t arg2) { + fiat_p256_uint128 x1 = ((fiat_p256_uint128)arg1 * arg2); + uint64_t x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + uint64_t x3 = (uint64_t)(x1 >> 64); + *out1 = x2; + *out2 = x3; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + */ +static void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_p256_uint1 x1 = (!(!arg1)); + uint64_t x2 = ((fiat_p256_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); + uint64_t x3 = ((x2 & arg3) | ((~x2) & arg2)); + *out1 = x3; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) { + uint64_t x1 = (arg1[1]); + uint64_t x2 = (arg1[2]); + uint64_t x3 = (arg1[3]); + uint64_t x4 = (arg1[0]); + uint64_t x5; + uint64_t x6; + fiat_p256_mulx_u64(&x5, &x6, x4, (arg2[3])); + uint64_t x7; + uint64_t x8; + fiat_p256_mulx_u64(&x7, &x8, x4, (arg2[2])); + uint64_t x9; + uint64_t x10; + fiat_p256_mulx_u64(&x9, &x10, x4, (arg2[1])); + uint64_t x11; + uint64_t x12; + fiat_p256_mulx_u64(&x11, &x12, x4, (arg2[0])); + uint64_t x13; + fiat_p256_uint1 x14; + fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x9, x12); + uint64_t x15; + fiat_p256_uint1 x16; + fiat_p256_addcarryx_u64(&x15, &x16, x14, x7, x10); + uint64_t x17; + fiat_p256_uint1 x18; + fiat_p256_addcarryx_u64(&x17, &x18, x16, x5, x8); + uint64_t x19; + fiat_p256_uint1 x20; + fiat_p256_addcarryx_u64(&x19, &x20, x18, 0x0, x6); + uint64_t x21; + uint64_t x22; + fiat_p256_mulx_u64(&x21, &x22, x11, UINT64_C(0xffffffff00000001)); + uint64_t x23; + uint64_t x24; + fiat_p256_mulx_u64(&x23, &x24, x11, UINT32_C(0xffffffff)); + uint64_t x25; + uint64_t x26; + fiat_p256_mulx_u64(&x25, &x26, x11, UINT64_C(0xffffffffffffffff)); + uint64_t x27; + fiat_p256_uint1 x28; + fiat_p256_addcarryx_u64(&x27, &x28, 0x0, x23, x26); + uint64_t x29; + fiat_p256_uint1 x30; + fiat_p256_addcarryx_u64(&x29, &x30, x28, 0x0, x24); + uint64_t x31; + fiat_p256_uint1 x32; + fiat_p256_addcarryx_u64(&x31, &x32, 0x0, x25, x11); + uint64_t x33; + fiat_p256_uint1 x34; + fiat_p256_addcarryx_u64(&x33, &x34, x32, x27, x13); + uint64_t x35; + fiat_p256_uint1 x36; + fiat_p256_addcarryx_u64(&x35, &x36, x34, x29, x15); + uint64_t x37; + fiat_p256_uint1 x38; + fiat_p256_addcarryx_u64(&x37, &x38, x36, x21, x17); + uint64_t x39; + fiat_p256_uint1 x40; + fiat_p256_addcarryx_u64(&x39, &x40, x38, x22, x19); + uint64_t x41; + fiat_p256_uint1 x42; + fiat_p256_addcarryx_u64(&x41, &x42, x40, 0x0, 0x0); + uint64_t x43; + uint64_t x44; + fiat_p256_mulx_u64(&x43, &x44, x1, (arg2[3])); + uint64_t x45; + uint64_t x46; + fiat_p256_mulx_u64(&x45, &x46, x1, (arg2[2])); + uint64_t x47; + uint64_t x48; + fiat_p256_mulx_u64(&x47, &x48, x1, (arg2[1])); + uint64_t x49; + uint64_t x50; + fiat_p256_mulx_u64(&x49, &x50, x1, (arg2[0])); + uint64_t x51; + fiat_p256_uint1 x52; + fiat_p256_addcarryx_u64(&x51, &x52, 0x0, x47, x50); + uint64_t x53; + fiat_p256_uint1 x54; + fiat_p256_addcarryx_u64(&x53, &x54, x52, x45, x48); + uint64_t x55; + fiat_p256_uint1 x56; + fiat_p256_addcarryx_u64(&x55, &x56, x54, x43, x46); + uint64_t x57; + fiat_p256_uint1 x58; + fiat_p256_addcarryx_u64(&x57, &x58, x56, 0x0, x44); + uint64_t x59; + fiat_p256_uint1 x60; + fiat_p256_addcarryx_u64(&x59, &x60, 0x0, x49, x33); + uint64_t x61; + fiat_p256_uint1 x62; + fiat_p256_addcarryx_u64(&x61, &x62, x60, x51, x35); + uint64_t x63; + fiat_p256_uint1 x64; + fiat_p256_addcarryx_u64(&x63, &x64, x62, x53, x37); + uint64_t x65; + fiat_p256_uint1 x66; + fiat_p256_addcarryx_u64(&x65, &x66, x64, x55, x39); + uint64_t x67; + fiat_p256_uint1 x68; + fiat_p256_addcarryx_u64(&x67, &x68, x66, x57, (fiat_p256_uint1)x41); + uint64_t x69; + uint64_t x70; + fiat_p256_mulx_u64(&x69, &x70, x59, UINT64_C(0xffffffff00000001)); + uint64_t x71; + uint64_t x72; + fiat_p256_mulx_u64(&x71, &x72, x59, UINT32_C(0xffffffff)); + uint64_t x73; + uint64_t x74; + fiat_p256_mulx_u64(&x73, &x74, x59, UINT64_C(0xffffffffffffffff)); + uint64_t x75; + fiat_p256_uint1 x76; + fiat_p256_addcarryx_u64(&x75, &x76, 0x0, x71, x74); + uint64_t x77; + fiat_p256_uint1 x78; + fiat_p256_addcarryx_u64(&x77, &x78, x76, 0x0, x72); + uint64_t x79; + fiat_p256_uint1 x80; + fiat_p256_addcarryx_u64(&x79, &x80, 0x0, x73, x59); + uint64_t x81; + fiat_p256_uint1 x82; + fiat_p256_addcarryx_u64(&x81, &x82, x80, x75, x61); + uint64_t x83; + fiat_p256_uint1 x84; + fiat_p256_addcarryx_u64(&x83, &x84, x82, x77, x63); + uint64_t x85; + fiat_p256_uint1 x86; + fiat_p256_addcarryx_u64(&x85, &x86, x84, x69, x65); + uint64_t x87; + fiat_p256_uint1 x88; + fiat_p256_addcarryx_u64(&x87, &x88, x86, x70, x67); + uint64_t x89; + fiat_p256_uint1 x90; + fiat_p256_addcarryx_u64(&x89, &x90, x88, 0x0, x68); + uint64_t x91; + uint64_t x92; + fiat_p256_mulx_u64(&x91, &x92, x2, (arg2[3])); + uint64_t x93; + uint64_t x94; + fiat_p256_mulx_u64(&x93, &x94, x2, (arg2[2])); + uint64_t x95; + uint64_t x96; + fiat_p256_mulx_u64(&x95, &x96, x2, (arg2[1])); + uint64_t x97; + uint64_t x98; + fiat_p256_mulx_u64(&x97, &x98, x2, (arg2[0])); + uint64_t x99; + fiat_p256_uint1 x100; + fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x95, x98); + uint64_t x101; + fiat_p256_uint1 x102; + fiat_p256_addcarryx_u64(&x101, &x102, x100, x93, x96); + uint64_t x103; + fiat_p256_uint1 x104; + fiat_p256_addcarryx_u64(&x103, &x104, x102, x91, x94); + uint64_t x105; + fiat_p256_uint1 x106; + fiat_p256_addcarryx_u64(&x105, &x106, x104, 0x0, x92); + uint64_t x107; + fiat_p256_uint1 x108; + fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x97, x81); + uint64_t x109; + fiat_p256_uint1 x110; + fiat_p256_addcarryx_u64(&x109, &x110, x108, x99, x83); + uint64_t x111; + fiat_p256_uint1 x112; + fiat_p256_addcarryx_u64(&x111, &x112, x110, x101, x85); + uint64_t x113; + fiat_p256_uint1 x114; + fiat_p256_addcarryx_u64(&x113, &x114, x112, x103, x87); + uint64_t x115; + fiat_p256_uint1 x116; + fiat_p256_addcarryx_u64(&x115, &x116, x114, x105, x89); + uint64_t x117; + uint64_t x118; + fiat_p256_mulx_u64(&x117, &x118, x107, UINT64_C(0xffffffff00000001)); + uint64_t x119; + uint64_t x120; + fiat_p256_mulx_u64(&x119, &x120, x107, UINT32_C(0xffffffff)); + uint64_t x121; + uint64_t x122; + fiat_p256_mulx_u64(&x121, &x122, x107, UINT64_C(0xffffffffffffffff)); + uint64_t x123; + fiat_p256_uint1 x124; + fiat_p256_addcarryx_u64(&x123, &x124, 0x0, x119, x122); + uint64_t x125; + fiat_p256_uint1 x126; + fiat_p256_addcarryx_u64(&x125, &x126, x124, 0x0, x120); + uint64_t x127; + fiat_p256_uint1 x128; + fiat_p256_addcarryx_u64(&x127, &x128, 0x0, x121, x107); + uint64_t x129; + fiat_p256_uint1 x130; + fiat_p256_addcarryx_u64(&x129, &x130, x128, x123, x109); + uint64_t x131; + fiat_p256_uint1 x132; + fiat_p256_addcarryx_u64(&x131, &x132, x130, x125, x111); + uint64_t x133; + fiat_p256_uint1 x134; + fiat_p256_addcarryx_u64(&x133, &x134, x132, x117, x113); + uint64_t x135; + fiat_p256_uint1 x136; + fiat_p256_addcarryx_u64(&x135, &x136, x134, x118, x115); + uint64_t x137; + fiat_p256_uint1 x138; + fiat_p256_addcarryx_u64(&x137, &x138, x136, 0x0, x116); + uint64_t x139; + uint64_t x140; + fiat_p256_mulx_u64(&x139, &x140, x3, (arg2[3])); + uint64_t x141; + uint64_t x142; + fiat_p256_mulx_u64(&x141, &x142, x3, (arg2[2])); + uint64_t x143; + uint64_t x144; + fiat_p256_mulx_u64(&x143, &x144, x3, (arg2[1])); + uint64_t x145; + uint64_t x146; + fiat_p256_mulx_u64(&x145, &x146, x3, (arg2[0])); + uint64_t x147; + fiat_p256_uint1 x148; + fiat_p256_addcarryx_u64(&x147, &x148, 0x0, x143, x146); + uint64_t x149; + fiat_p256_uint1 x150; + fiat_p256_addcarryx_u64(&x149, &x150, x148, x141, x144); + uint64_t x151; + fiat_p256_uint1 x152; + fiat_p256_addcarryx_u64(&x151, &x152, x150, x139, x142); + uint64_t x153; + fiat_p256_uint1 x154; + fiat_p256_addcarryx_u64(&x153, &x154, x152, 0x0, x140); + uint64_t x155; + fiat_p256_uint1 x156; + fiat_p256_addcarryx_u64(&x155, &x156, 0x0, x145, x129); + uint64_t x157; + fiat_p256_uint1 x158; + fiat_p256_addcarryx_u64(&x157, &x158, x156, x147, x131); + uint64_t x159; + fiat_p256_uint1 x160; + fiat_p256_addcarryx_u64(&x159, &x160, x158, x149, x133); + uint64_t x161; + fiat_p256_uint1 x162; + fiat_p256_addcarryx_u64(&x161, &x162, x160, x151, x135); + uint64_t x163; + fiat_p256_uint1 x164; + fiat_p256_addcarryx_u64(&x163, &x164, x162, x153, x137); + uint64_t x165; + uint64_t x166; + fiat_p256_mulx_u64(&x165, &x166, x155, UINT64_C(0xffffffff00000001)); + uint64_t x167; + uint64_t x168; + fiat_p256_mulx_u64(&x167, &x168, x155, UINT32_C(0xffffffff)); + uint64_t x169; + uint64_t x170; + fiat_p256_mulx_u64(&x169, &x170, x155, UINT64_C(0xffffffffffffffff)); + uint64_t x171; + fiat_p256_uint1 x172; + fiat_p256_addcarryx_u64(&x171, &x172, 0x0, x167, x170); + uint64_t x173; + fiat_p256_uint1 x174; + fiat_p256_addcarryx_u64(&x173, &x174, x172, 0x0, x168); + uint64_t x175; + fiat_p256_uint1 x176; + fiat_p256_addcarryx_u64(&x175, &x176, 0x0, x169, x155); + uint64_t x177; + fiat_p256_uint1 x178; + fiat_p256_addcarryx_u64(&x177, &x178, x176, x171, x157); + uint64_t x179; + fiat_p256_uint1 x180; + fiat_p256_addcarryx_u64(&x179, &x180, x178, x173, x159); + uint64_t x181; + fiat_p256_uint1 x182; + fiat_p256_addcarryx_u64(&x181, &x182, x180, x165, x161); + uint64_t x183; + fiat_p256_uint1 x184; + fiat_p256_addcarryx_u64(&x183, &x184, x182, x166, x163); + uint64_t x185; + fiat_p256_uint1 x186; + fiat_p256_addcarryx_u64(&x185, &x186, x184, 0x0, x164); + uint64_t x187; + fiat_p256_uint1 x188; + fiat_p256_subborrowx_u64(&x187, &x188, 0x0, x177, UINT64_C(0xffffffffffffffff)); + uint64_t x189; + fiat_p256_uint1 x190; + fiat_p256_subborrowx_u64(&x189, &x190, x188, x179, UINT32_C(0xffffffff)); + uint64_t x191; + fiat_p256_uint1 x192; + fiat_p256_subborrowx_u64(&x191, &x192, x190, x181, 0x0); + uint64_t x193; + fiat_p256_uint1 x194; + fiat_p256_subborrowx_u64(&x193, &x194, x192, x183, UINT64_C(0xffffffff00000001)); + uint64_t x195; + fiat_p256_uint1 x196; + fiat_p256_subborrowx_u64(&x195, &x196, x194, x185, 0x0); + uint64_t x197; + fiat_p256_cmovznz_u64(&x197, x196, x187, x177); + uint64_t x198; + fiat_p256_cmovznz_u64(&x198, x196, x189, x179); + uint64_t x199; + fiat_p256_cmovznz_u64(&x199, x196, x191, x181); + uint64_t x200; + fiat_p256_cmovznz_u64(&x200, x196, x193, x183); + out1[0] = x197; + out1[1] = x198; + out1[2] = x199; + out1[3] = x200; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) { + uint64_t x1 = (arg1[1]); + uint64_t x2 = (arg1[2]); + uint64_t x3 = (arg1[3]); + uint64_t x4 = (arg1[0]); + uint64_t x5; + uint64_t x6; + fiat_p256_mulx_u64(&x5, &x6, x4, (arg1[3])); + uint64_t x7; + uint64_t x8; + fiat_p256_mulx_u64(&x7, &x8, x4, (arg1[2])); + uint64_t x9; + uint64_t x10; + fiat_p256_mulx_u64(&x9, &x10, x4, (arg1[1])); + uint64_t x11; + uint64_t x12; + fiat_p256_mulx_u64(&x11, &x12, x4, (arg1[0])); + uint64_t x13; + fiat_p256_uint1 x14; + fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x9, x12); + uint64_t x15; + fiat_p256_uint1 x16; + fiat_p256_addcarryx_u64(&x15, &x16, x14, x7, x10); + uint64_t x17; + fiat_p256_uint1 x18; + fiat_p256_addcarryx_u64(&x17, &x18, x16, x5, x8); + uint64_t x19; + fiat_p256_uint1 x20; + fiat_p256_addcarryx_u64(&x19, &x20, x18, 0x0, x6); + uint64_t x21; + uint64_t x22; + fiat_p256_mulx_u64(&x21, &x22, x11, UINT64_C(0xffffffff00000001)); + uint64_t x23; + uint64_t x24; + fiat_p256_mulx_u64(&x23, &x24, x11, UINT32_C(0xffffffff)); + uint64_t x25; + uint64_t x26; + fiat_p256_mulx_u64(&x25, &x26, x11, UINT64_C(0xffffffffffffffff)); + uint64_t x27; + fiat_p256_uint1 x28; + fiat_p256_addcarryx_u64(&x27, &x28, 0x0, x23, x26); + uint64_t x29; + fiat_p256_uint1 x30; + fiat_p256_addcarryx_u64(&x29, &x30, x28, 0x0, x24); + uint64_t x31; + fiat_p256_uint1 x32; + fiat_p256_addcarryx_u64(&x31, &x32, 0x0, x25, x11); + uint64_t x33; + fiat_p256_uint1 x34; + fiat_p256_addcarryx_u64(&x33, &x34, x32, x27, x13); + uint64_t x35; + fiat_p256_uint1 x36; + fiat_p256_addcarryx_u64(&x35, &x36, x34, x29, x15); + uint64_t x37; + fiat_p256_uint1 x38; + fiat_p256_addcarryx_u64(&x37, &x38, x36, x21, x17); + uint64_t x39; + fiat_p256_uint1 x40; + fiat_p256_addcarryx_u64(&x39, &x40, x38, x22, x19); + uint64_t x41; + fiat_p256_uint1 x42; + fiat_p256_addcarryx_u64(&x41, &x42, x40, 0x0, 0x0); + uint64_t x43; + uint64_t x44; + fiat_p256_mulx_u64(&x43, &x44, x1, (arg1[3])); + uint64_t x45; + uint64_t x46; + fiat_p256_mulx_u64(&x45, &x46, x1, (arg1[2])); + uint64_t x47; + uint64_t x48; + fiat_p256_mulx_u64(&x47, &x48, x1, (arg1[1])); + uint64_t x49; + uint64_t x50; + fiat_p256_mulx_u64(&x49, &x50, x1, (arg1[0])); + uint64_t x51; + fiat_p256_uint1 x52; + fiat_p256_addcarryx_u64(&x51, &x52, 0x0, x47, x50); + uint64_t x53; + fiat_p256_uint1 x54; + fiat_p256_addcarryx_u64(&x53, &x54, x52, x45, x48); + uint64_t x55; + fiat_p256_uint1 x56; + fiat_p256_addcarryx_u64(&x55, &x56, x54, x43, x46); + uint64_t x57; + fiat_p256_uint1 x58; + fiat_p256_addcarryx_u64(&x57, &x58, x56, 0x0, x44); + uint64_t x59; + fiat_p256_uint1 x60; + fiat_p256_addcarryx_u64(&x59, &x60, 0x0, x49, x33); + uint64_t x61; + fiat_p256_uint1 x62; + fiat_p256_addcarryx_u64(&x61, &x62, x60, x51, x35); + uint64_t x63; + fiat_p256_uint1 x64; + fiat_p256_addcarryx_u64(&x63, &x64, x62, x53, x37); + uint64_t x65; + fiat_p256_uint1 x66; + fiat_p256_addcarryx_u64(&x65, &x66, x64, x55, x39); + uint64_t x67; + fiat_p256_uint1 x68; + fiat_p256_addcarryx_u64(&x67, &x68, x66, x57, (fiat_p256_uint1)x41); + uint64_t x69; + uint64_t x70; + fiat_p256_mulx_u64(&x69, &x70, x59, UINT64_C(0xffffffff00000001)); + uint64_t x71; + uint64_t x72; + fiat_p256_mulx_u64(&x71, &x72, x59, UINT32_C(0xffffffff)); + uint64_t x73; + uint64_t x74; + fiat_p256_mulx_u64(&x73, &x74, x59, UINT64_C(0xffffffffffffffff)); + uint64_t x75; + fiat_p256_uint1 x76; + fiat_p256_addcarryx_u64(&x75, &x76, 0x0, x71, x74); + uint64_t x77; + fiat_p256_uint1 x78; + fiat_p256_addcarryx_u64(&x77, &x78, x76, 0x0, x72); + uint64_t x79; + fiat_p256_uint1 x80; + fiat_p256_addcarryx_u64(&x79, &x80, 0x0, x73, x59); + uint64_t x81; + fiat_p256_uint1 x82; + fiat_p256_addcarryx_u64(&x81, &x82, x80, x75, x61); + uint64_t x83; + fiat_p256_uint1 x84; + fiat_p256_addcarryx_u64(&x83, &x84, x82, x77, x63); + uint64_t x85; + fiat_p256_uint1 x86; + fiat_p256_addcarryx_u64(&x85, &x86, x84, x69, x65); + uint64_t x87; + fiat_p256_uint1 x88; + fiat_p256_addcarryx_u64(&x87, &x88, x86, x70, x67); + uint64_t x89; + fiat_p256_uint1 x90; + fiat_p256_addcarryx_u64(&x89, &x90, x88, 0x0, x68); + uint64_t x91; + uint64_t x92; + fiat_p256_mulx_u64(&x91, &x92, x2, (arg1[3])); + uint64_t x93; + uint64_t x94; + fiat_p256_mulx_u64(&x93, &x94, x2, (arg1[2])); + uint64_t x95; + uint64_t x96; + fiat_p256_mulx_u64(&x95, &x96, x2, (arg1[1])); + uint64_t x97; + uint64_t x98; + fiat_p256_mulx_u64(&x97, &x98, x2, (arg1[0])); + uint64_t x99; + fiat_p256_uint1 x100; + fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x95, x98); + uint64_t x101; + fiat_p256_uint1 x102; + fiat_p256_addcarryx_u64(&x101, &x102, x100, x93, x96); + uint64_t x103; + fiat_p256_uint1 x104; + fiat_p256_addcarryx_u64(&x103, &x104, x102, x91, x94); + uint64_t x105; + fiat_p256_uint1 x106; + fiat_p256_addcarryx_u64(&x105, &x106, x104, 0x0, x92); + uint64_t x107; + fiat_p256_uint1 x108; + fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x97, x81); + uint64_t x109; + fiat_p256_uint1 x110; + fiat_p256_addcarryx_u64(&x109, &x110, x108, x99, x83); + uint64_t x111; + fiat_p256_uint1 x112; + fiat_p256_addcarryx_u64(&x111, &x112, x110, x101, x85); + uint64_t x113; + fiat_p256_uint1 x114; + fiat_p256_addcarryx_u64(&x113, &x114, x112, x103, x87); + uint64_t x115; + fiat_p256_uint1 x116; + fiat_p256_addcarryx_u64(&x115, &x116, x114, x105, x89); + uint64_t x117; + uint64_t x118; + fiat_p256_mulx_u64(&x117, &x118, x107, UINT64_C(0xffffffff00000001)); + uint64_t x119; + uint64_t x120; + fiat_p256_mulx_u64(&x119, &x120, x107, UINT32_C(0xffffffff)); + uint64_t x121; + uint64_t x122; + fiat_p256_mulx_u64(&x121, &x122, x107, UINT64_C(0xffffffffffffffff)); + uint64_t x123; + fiat_p256_uint1 x124; + fiat_p256_addcarryx_u64(&x123, &x124, 0x0, x119, x122); + uint64_t x125; + fiat_p256_uint1 x126; + fiat_p256_addcarryx_u64(&x125, &x126, x124, 0x0, x120); + uint64_t x127; + fiat_p256_uint1 x128; + fiat_p256_addcarryx_u64(&x127, &x128, 0x0, x121, x107); + uint64_t x129; + fiat_p256_uint1 x130; + fiat_p256_addcarryx_u64(&x129, &x130, x128, x123, x109); + uint64_t x131; + fiat_p256_uint1 x132; + fiat_p256_addcarryx_u64(&x131, &x132, x130, x125, x111); + uint64_t x133; + fiat_p256_uint1 x134; + fiat_p256_addcarryx_u64(&x133, &x134, x132, x117, x113); + uint64_t x135; + fiat_p256_uint1 x136; + fiat_p256_addcarryx_u64(&x135, &x136, x134, x118, x115); + uint64_t x137; + fiat_p256_uint1 x138; + fiat_p256_addcarryx_u64(&x137, &x138, x136, 0x0, x116); + uint64_t x139; + uint64_t x140; + fiat_p256_mulx_u64(&x139, &x140, x3, (arg1[3])); + uint64_t x141; + uint64_t x142; + fiat_p256_mulx_u64(&x141, &x142, x3, (arg1[2])); + uint64_t x143; + uint64_t x144; + fiat_p256_mulx_u64(&x143, &x144, x3, (arg1[1])); + uint64_t x145; + uint64_t x146; + fiat_p256_mulx_u64(&x145, &x146, x3, (arg1[0])); + uint64_t x147; + fiat_p256_uint1 x148; + fiat_p256_addcarryx_u64(&x147, &x148, 0x0, x143, x146); + uint64_t x149; + fiat_p256_uint1 x150; + fiat_p256_addcarryx_u64(&x149, &x150, x148, x141, x144); + uint64_t x151; + fiat_p256_uint1 x152; + fiat_p256_addcarryx_u64(&x151, &x152, x150, x139, x142); + uint64_t x153; + fiat_p256_uint1 x154; + fiat_p256_addcarryx_u64(&x153, &x154, x152, 0x0, x140); + uint64_t x155; + fiat_p256_uint1 x156; + fiat_p256_addcarryx_u64(&x155, &x156, 0x0, x145, x129); + uint64_t x157; + fiat_p256_uint1 x158; + fiat_p256_addcarryx_u64(&x157, &x158, x156, x147, x131); + uint64_t x159; + fiat_p256_uint1 x160; + fiat_p256_addcarryx_u64(&x159, &x160, x158, x149, x133); + uint64_t x161; + fiat_p256_uint1 x162; + fiat_p256_addcarryx_u64(&x161, &x162, x160, x151, x135); + uint64_t x163; + fiat_p256_uint1 x164; + fiat_p256_addcarryx_u64(&x163, &x164, x162, x153, x137); + uint64_t x165; + uint64_t x166; + fiat_p256_mulx_u64(&x165, &x166, x155, UINT64_C(0xffffffff00000001)); + uint64_t x167; + uint64_t x168; + fiat_p256_mulx_u64(&x167, &x168, x155, UINT32_C(0xffffffff)); + uint64_t x169; + uint64_t x170; + fiat_p256_mulx_u64(&x169, &x170, x155, UINT64_C(0xffffffffffffffff)); + uint64_t x171; + fiat_p256_uint1 x172; + fiat_p256_addcarryx_u64(&x171, &x172, 0x0, x167, x170); + uint64_t x173; + fiat_p256_uint1 x174; + fiat_p256_addcarryx_u64(&x173, &x174, x172, 0x0, x168); + uint64_t x175; + fiat_p256_uint1 x176; + fiat_p256_addcarryx_u64(&x175, &x176, 0x0, x169, x155); + uint64_t x177; + fiat_p256_uint1 x178; + fiat_p256_addcarryx_u64(&x177, &x178, x176, x171, x157); + uint64_t x179; + fiat_p256_uint1 x180; + fiat_p256_addcarryx_u64(&x179, &x180, x178, x173, x159); + uint64_t x181; + fiat_p256_uint1 x182; + fiat_p256_addcarryx_u64(&x181, &x182, x180, x165, x161); + uint64_t x183; + fiat_p256_uint1 x184; + fiat_p256_addcarryx_u64(&x183, &x184, x182, x166, x163); + uint64_t x185; + fiat_p256_uint1 x186; + fiat_p256_addcarryx_u64(&x185, &x186, x184, 0x0, x164); + uint64_t x187; + fiat_p256_uint1 x188; + fiat_p256_subborrowx_u64(&x187, &x188, 0x0, x177, UINT64_C(0xffffffffffffffff)); + uint64_t x189; + fiat_p256_uint1 x190; + fiat_p256_subborrowx_u64(&x189, &x190, x188, x179, UINT32_C(0xffffffff)); + uint64_t x191; + fiat_p256_uint1 x192; + fiat_p256_subborrowx_u64(&x191, &x192, x190, x181, 0x0); + uint64_t x193; + fiat_p256_uint1 x194; + fiat_p256_subborrowx_u64(&x193, &x194, x192, x183, UINT64_C(0xffffffff00000001)); + uint64_t x195; + fiat_p256_uint1 x196; + fiat_p256_subborrowx_u64(&x195, &x196, x194, x185, 0x0); + uint64_t x197; + fiat_p256_cmovznz_u64(&x197, x196, x187, x177); + uint64_t x198; + fiat_p256_cmovznz_u64(&x198, x196, x189, x179); + uint64_t x199; + fiat_p256_cmovznz_u64(&x199, x196, x191, x181); + uint64_t x200; + fiat_p256_cmovznz_u64(&x200, x196, x193, x183); + out1[0] = x197; + out1[1] = x198; + out1[2] = x199; + out1[3] = x200; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_add(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) { + uint64_t x1; + fiat_p256_uint1 x2; + fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (arg2[0]), (arg1[0])); + uint64_t x3; + fiat_p256_uint1 x4; + fiat_p256_addcarryx_u64(&x3, &x4, x2, (arg2[1]), (arg1[1])); + uint64_t x5; + fiat_p256_uint1 x6; + fiat_p256_addcarryx_u64(&x5, &x6, x4, (arg2[2]), (arg1[2])); + uint64_t x7; + fiat_p256_uint1 x8; + fiat_p256_addcarryx_u64(&x7, &x8, x6, (arg2[3]), (arg1[3])); + uint64_t x9; + fiat_p256_uint1 x10; + fiat_p256_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0xffffffffffffffff)); + uint64_t x11; + fiat_p256_uint1 x12; + fiat_p256_subborrowx_u64(&x11, &x12, x10, x3, UINT32_C(0xffffffff)); + uint64_t x13; + fiat_p256_uint1 x14; + fiat_p256_subborrowx_u64(&x13, &x14, x12, x5, 0x0); + uint64_t x15; + fiat_p256_uint1 x16; + fiat_p256_subborrowx_u64(&x15, &x16, x14, x7, UINT64_C(0xffffffff00000001)); + uint64_t x17; + fiat_p256_uint1 x18; + fiat_p256_subborrowx_u64(&x17, &x18, x16, x8, 0x0); + uint64_t x19; + fiat_p256_cmovznz_u64(&x19, x18, x9, x1); + uint64_t x20; + fiat_p256_cmovznz_u64(&x20, x18, x11, x3); + uint64_t x21; + fiat_p256_cmovznz_u64(&x21, x18, x13, x5); + uint64_t x22; + fiat_p256_cmovznz_u64(&x22, x18, x15, x7); + out1[0] = x19; + out1[1] = x20; + out1[2] = x21; + out1[3] = x22; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) { + uint64_t x1; + fiat_p256_uint1 x2; + fiat_p256_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + uint64_t x3; + fiat_p256_uint1 x4; + fiat_p256_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + uint64_t x5; + fiat_p256_uint1 x6; + fiat_p256_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + uint64_t x7; + fiat_p256_uint1 x8; + fiat_p256_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + uint64_t x9; + fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); + uint64_t x10; + fiat_p256_uint1 x11; + fiat_p256_addcarryx_u64(&x10, &x11, 0x0, (x9 & UINT64_C(0xffffffffffffffff)), x1); + uint64_t x12; + fiat_p256_uint1 x13; + fiat_p256_addcarryx_u64(&x12, &x13, x11, (x9 & UINT32_C(0xffffffff)), x3); + uint64_t x14; + fiat_p256_uint1 x15; + fiat_p256_addcarryx_u64(&x14, &x15, x13, 0x0, x5); + uint64_t x16; + fiat_p256_uint1 x17; + fiat_p256_addcarryx_u64(&x16, &x17, x15, (x9 & UINT64_C(0xffffffff00000001)), x7); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_opp(uint64_t out1[4], const uint64_t arg1[4]) { + uint64_t x1; + fiat_p256_uint1 x2; + fiat_p256_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0])); + uint64_t x3; + fiat_p256_uint1 x4; + fiat_p256_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1])); + uint64_t x5; + fiat_p256_uint1 x6; + fiat_p256_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2])); + uint64_t x7; + fiat_p256_uint1 x8; + fiat_p256_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3])); + uint64_t x9; + fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); + uint64_t x10; + fiat_p256_uint1 x11; + fiat_p256_addcarryx_u64(&x10, &x11, 0x0, (x9 & UINT64_C(0xffffffffffffffff)), x1); + uint64_t x12; + fiat_p256_uint1 x13; + fiat_p256_addcarryx_u64(&x12, &x13, x11, (x9 & UINT32_C(0xffffffff)), x3); + uint64_t x14; + fiat_p256_uint1 x15; + fiat_p256_addcarryx_u64(&x14, &x15, x13, 0x0, x5); + uint64_t x16; + fiat_p256_uint1 x17; + fiat_p256_addcarryx_u64(&x16, &x17, x15, (x9 & UINT64_C(0xffffffff00000001)), x7); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) { + uint64_t x1 = (arg1[0]); + uint64_t x2; + uint64_t x3; + fiat_p256_mulx_u64(&x2, &x3, x1, UINT64_C(0xffffffff00000001)); + uint64_t x4; + uint64_t x5; + fiat_p256_mulx_u64(&x4, &x5, x1, UINT32_C(0xffffffff)); + uint64_t x6; + uint64_t x7; + fiat_p256_mulx_u64(&x6, &x7, x1, UINT64_C(0xffffffffffffffff)); + uint64_t x8; + fiat_p256_uint1 x9; + fiat_p256_addcarryx_u64(&x8, &x9, 0x0, x4, x7); + uint64_t x10; + fiat_p256_uint1 x11; + fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x6, x1); + uint64_t x12; + fiat_p256_uint1 x13; + fiat_p256_addcarryx_u64(&x12, &x13, x11, x8, 0x0); + uint64_t x14; + fiat_p256_uint1 x15; + fiat_p256_addcarryx_u64(&x14, &x15, 0x0, (arg1[1]), x12); + uint64_t x16; + uint64_t x17; + fiat_p256_mulx_u64(&x16, &x17, x14, UINT64_C(0xffffffff00000001)); + uint64_t x18; + uint64_t x19; + fiat_p256_mulx_u64(&x18, &x19, x14, UINT32_C(0xffffffff)); + uint64_t x20; + uint64_t x21; + fiat_p256_mulx_u64(&x20, &x21, x14, UINT64_C(0xffffffffffffffff)); + uint64_t x22; + fiat_p256_uint1 x23; + fiat_p256_addcarryx_u64(&x22, &x23, 0x0, x18, x21); + uint64_t x24; + fiat_p256_uint1 x25; + fiat_p256_addcarryx_u64(&x24, &x25, x9, 0x0, x5); + uint64_t x26; + fiat_p256_uint1 x27; + fiat_p256_addcarryx_u64(&x26, &x27, x13, x24, 0x0); + uint64_t x28; + fiat_p256_uint1 x29; + fiat_p256_addcarryx_u64(&x28, &x29, x15, 0x0, x26); + uint64_t x30; + fiat_p256_uint1 x31; + fiat_p256_addcarryx_u64(&x30, &x31, 0x0, x20, x14); + uint64_t x32; + fiat_p256_uint1 x33; + fiat_p256_addcarryx_u64(&x32, &x33, x31, x22, x28); + uint64_t x34; + fiat_p256_uint1 x35; + fiat_p256_addcarryx_u64(&x34, &x35, x23, 0x0, x19); + uint64_t x36; + fiat_p256_uint1 x37; + fiat_p256_addcarryx_u64(&x36, &x37, x33, x34, x2); + uint64_t x38; + fiat_p256_uint1 x39; + fiat_p256_addcarryx_u64(&x38, &x39, x37, x16, x3); + uint64_t x40; + fiat_p256_uint1 x41; + fiat_p256_addcarryx_u64(&x40, &x41, 0x0, (arg1[2]), x32); + uint64_t x42; + fiat_p256_uint1 x43; + fiat_p256_addcarryx_u64(&x42, &x43, x41, 0x0, x36); + uint64_t x44; + fiat_p256_uint1 x45; + fiat_p256_addcarryx_u64(&x44, &x45, x43, 0x0, x38); + uint64_t x46; + uint64_t x47; + fiat_p256_mulx_u64(&x46, &x47, x40, UINT64_C(0xffffffff00000001)); + uint64_t x48; + uint64_t x49; + fiat_p256_mulx_u64(&x48, &x49, x40, UINT32_C(0xffffffff)); + uint64_t x50; + uint64_t x51; + fiat_p256_mulx_u64(&x50, &x51, x40, UINT64_C(0xffffffffffffffff)); + uint64_t x52; + fiat_p256_uint1 x53; + fiat_p256_addcarryx_u64(&x52, &x53, 0x0, x48, x51); + uint64_t x54; + fiat_p256_uint1 x55; + fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x50, x40); + uint64_t x56; + fiat_p256_uint1 x57; + fiat_p256_addcarryx_u64(&x56, &x57, x55, x52, x42); + uint64_t x58; + fiat_p256_uint1 x59; + fiat_p256_addcarryx_u64(&x58, &x59, x53, 0x0, x49); + uint64_t x60; + fiat_p256_uint1 x61; + fiat_p256_addcarryx_u64(&x60, &x61, x57, x58, x44); + uint64_t x62; + fiat_p256_uint1 x63; + fiat_p256_addcarryx_u64(&x62, &x63, x39, x17, 0x0); + uint64_t x64; + fiat_p256_uint1 x65; + fiat_p256_addcarryx_u64(&x64, &x65, x45, 0x0, x62); + uint64_t x66; + fiat_p256_uint1 x67; + fiat_p256_addcarryx_u64(&x66, &x67, x61, x46, x64); + uint64_t x68; + fiat_p256_uint1 x69; + fiat_p256_addcarryx_u64(&x68, &x69, 0x0, (arg1[3]), x56); + uint64_t x70; + fiat_p256_uint1 x71; + fiat_p256_addcarryx_u64(&x70, &x71, x69, 0x0, x60); + uint64_t x72; + fiat_p256_uint1 x73; + fiat_p256_addcarryx_u64(&x72, &x73, x71, 0x0, x66); + uint64_t x74; + uint64_t x75; + fiat_p256_mulx_u64(&x74, &x75, x68, UINT64_C(0xffffffff00000001)); + uint64_t x76; + uint64_t x77; + fiat_p256_mulx_u64(&x76, &x77, x68, UINT32_C(0xffffffff)); + uint64_t x78; + uint64_t x79; + fiat_p256_mulx_u64(&x78, &x79, x68, UINT64_C(0xffffffffffffffff)); + uint64_t x80; + fiat_p256_uint1 x81; + fiat_p256_addcarryx_u64(&x80, &x81, 0x0, x76, x79); + uint64_t x82; + fiat_p256_uint1 x83; + fiat_p256_addcarryx_u64(&x82, &x83, 0x0, x78, x68); + uint64_t x84; + fiat_p256_uint1 x85; + fiat_p256_addcarryx_u64(&x84, &x85, x83, x80, x70); + uint64_t x86; + fiat_p256_uint1 x87; + fiat_p256_addcarryx_u64(&x86, &x87, x81, 0x0, x77); + uint64_t x88; + fiat_p256_uint1 x89; + fiat_p256_addcarryx_u64(&x88, &x89, x85, x86, x72); + uint64_t x90; + fiat_p256_uint1 x91; + fiat_p256_addcarryx_u64(&x90, &x91, x67, x47, 0x0); + uint64_t x92; + fiat_p256_uint1 x93; + fiat_p256_addcarryx_u64(&x92, &x93, x73, 0x0, x90); + uint64_t x94; + fiat_p256_uint1 x95; + fiat_p256_addcarryx_u64(&x94, &x95, x89, x74, x92); + uint64_t x96; + fiat_p256_uint1 x97; + fiat_p256_addcarryx_u64(&x96, &x97, x95, x75, 0x0); + uint64_t x98; + fiat_p256_uint1 x99; + fiat_p256_subborrowx_u64(&x98, &x99, 0x0, x84, UINT64_C(0xffffffffffffffff)); + uint64_t x100; + fiat_p256_uint1 x101; + fiat_p256_subborrowx_u64(&x100, &x101, x99, x88, UINT32_C(0xffffffff)); + uint64_t x102; + fiat_p256_uint1 x103; + fiat_p256_subborrowx_u64(&x102, &x103, x101, x94, 0x0); + uint64_t x104; + fiat_p256_uint1 x105; + fiat_p256_subborrowx_u64(&x104, &x105, x103, x96, UINT64_C(0xffffffff00000001)); + uint64_t x106; + fiat_p256_uint1 x107; + fiat_p256_subborrowx_u64(&x106, &x107, x105, 0x0, 0x0); + uint64_t x108; + fiat_p256_cmovznz_u64(&x108, x107, x98, x84); + uint64_t x109; + fiat_p256_cmovznz_u64(&x109, x107, x100, x88); + uint64_t x110; + fiat_p256_cmovznz_u64(&x110, x107, x102, x94); + uint64_t x111; + fiat_p256_cmovznz_u64(&x111, x107, x104, x96); + out1[0] = x108; + out1[1] = x109; + out1[2] = x110; + out1[3] = x111; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + */ +static void fiat_p256_nonzero(uint64_t* out1, const uint64_t arg1[4]) { + uint64_t x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | (uint64_t)0x0)))); + *out1 = x1; +} + +/* + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_selectznz(uint64_t out1[4], fiat_p256_uint1 arg1, const uint64_t arg2[4], const uint64_t arg3[4]) { + uint64_t x1; + fiat_p256_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); + uint64_t x2; + fiat_p256_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); + uint64_t x3; + fiat_p256_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); + uint64_t x4; + fiat_p256_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + */ +static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { + uint64_t x1 = (arg1[3]); + uint64_t x2 = (arg1[2]); + uint64_t x3 = (arg1[1]); + uint64_t x4 = (arg1[0]); + uint64_t x5 = (x4 >> 8); + uint8_t x6 = (uint8_t)(x4 & UINT8_C(0xff)); + uint64_t x7 = (x5 >> 8); + uint8_t x8 = (uint8_t)(x5 & UINT8_C(0xff)); + uint64_t x9 = (x7 >> 8); + uint8_t x10 = (uint8_t)(x7 & UINT8_C(0xff)); + uint64_t x11 = (x9 >> 8); + uint8_t x12 = (uint8_t)(x9 & UINT8_C(0xff)); + uint64_t x13 = (x11 >> 8); + uint8_t x14 = (uint8_t)(x11 & UINT8_C(0xff)); + uint64_t x15 = (x13 >> 8); + uint8_t x16 = (uint8_t)(x13 & UINT8_C(0xff)); + uint8_t x17 = (uint8_t)(x15 >> 8); + uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff)); + uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff)); + uint64_t x20 = (x3 >> 8); + uint8_t x21 = (uint8_t)(x3 & UINT8_C(0xff)); + uint64_t x22 = (x20 >> 8); + uint8_t x23 = (uint8_t)(x20 & UINT8_C(0xff)); + uint64_t x24 = (x22 >> 8); + uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); + uint64_t x26 = (x24 >> 8); + uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); + uint64_t x28 = (x26 >> 8); + uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); + uint64_t x30 = (x28 >> 8); + uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); + uint8_t x32 = (uint8_t)(x30 >> 8); + uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); + uint8_t x34 = (uint8_t)(x32 & UINT8_C(0xff)); + uint64_t x35 = (x2 >> 8); + uint8_t x36 = (uint8_t)(x2 & UINT8_C(0xff)); + uint64_t x37 = (x35 >> 8); + uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff)); + uint64_t x39 = (x37 >> 8); + uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); + uint64_t x41 = (x39 >> 8); + uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); + uint64_t x43 = (x41 >> 8); + uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff)); + uint64_t x45 = (x43 >> 8); + uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); + uint8_t x47 = (uint8_t)(x45 >> 8); + uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); + uint8_t x49 = (uint8_t)(x47 & UINT8_C(0xff)); + uint64_t x50 = (x1 >> 8); + uint8_t x51 = (uint8_t)(x1 & UINT8_C(0xff)); + uint64_t x52 = (x50 >> 8); + uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff)); + uint64_t x54 = (x52 >> 8); + uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff)); + uint64_t x56 = (x54 >> 8); + uint8_t x57 = (uint8_t)(x54 & UINT8_C(0xff)); + uint64_t x58 = (x56 >> 8); + uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); + uint64_t x60 = (x58 >> 8); + uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); + uint8_t x62 = (uint8_t)(x60 >> 8); + uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); + out1[0] = x6; + out1[1] = x8; + out1[2] = x10; + out1[3] = x12; + out1[4] = x14; + out1[5] = x16; + out1[6] = x18; + out1[7] = x19; + out1[8] = x21; + out1[9] = x23; + out1[10] = x25; + out1[11] = x27; + out1[12] = x29; + out1[13] = x31; + out1[14] = x33; + out1[15] = x34; + out1[16] = x36; + out1[17] = x38; + out1[18] = x40; + out1[19] = x42; + out1[20] = x44; + out1[21] = x46; + out1[22] = x48; + out1[23] = x49; + out1[24] = x51; + out1[25] = x53; + out1[26] = x55; + out1[27] = x57; + out1[28] = x59; + out1[29] = x61; + out1[30] = x63; + out1[31] = x62; +} + +/* + * Input Bounds: + * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) { + uint64_t x1 = ((uint64_t)(arg1[31]) << 56); + uint64_t x2 = ((uint64_t)(arg1[30]) << 48); + uint64_t x3 = ((uint64_t)(arg1[29]) << 40); + uint64_t x4 = ((uint64_t)(arg1[28]) << 32); + uint64_t x5 = ((uint64_t)(arg1[27]) << 24); + uint64_t x6 = ((uint64_t)(arg1[26]) << 16); + uint64_t x7 = ((uint64_t)(arg1[25]) << 8); + uint8_t x8 = (arg1[24]); + uint64_t x9 = ((uint64_t)(arg1[23]) << 56); + uint64_t x10 = ((uint64_t)(arg1[22]) << 48); + uint64_t x11 = ((uint64_t)(arg1[21]) << 40); + uint64_t x12 = ((uint64_t)(arg1[20]) << 32); + uint64_t x13 = ((uint64_t)(arg1[19]) << 24); + uint64_t x14 = ((uint64_t)(arg1[18]) << 16); + uint64_t x15 = ((uint64_t)(arg1[17]) << 8); + uint8_t x16 = (arg1[16]); + uint64_t x17 = ((uint64_t)(arg1[15]) << 56); + uint64_t x18 = ((uint64_t)(arg1[14]) << 48); + uint64_t x19 = ((uint64_t)(arg1[13]) << 40); + uint64_t x20 = ((uint64_t)(arg1[12]) << 32); + uint64_t x21 = ((uint64_t)(arg1[11]) << 24); + uint64_t x22 = ((uint64_t)(arg1[10]) << 16); + uint64_t x23 = ((uint64_t)(arg1[9]) << 8); + uint8_t x24 = (arg1[8]); + uint64_t x25 = ((uint64_t)(arg1[7]) << 56); + uint64_t x26 = ((uint64_t)(arg1[6]) << 48); + uint64_t x27 = ((uint64_t)(arg1[5]) << 40); + uint64_t x28 = ((uint64_t)(arg1[4]) << 32); + uint64_t x29 = ((uint64_t)(arg1[3]) << 24); + uint64_t x30 = ((uint64_t)(arg1[2]) << 16); + uint64_t x31 = ((uint64_t)(arg1[1]) << 8); + uint8_t x32 = (arg1[0]); + uint64_t x33 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + x25))))))); + uint64_t x34 = (x33 & UINT64_C(0xffffffffffffffff)); + uint64_t x35 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1))))))); + uint64_t x36 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); + uint64_t x37 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); + uint64_t x38 = (x37 & UINT64_C(0xffffffffffffffff)); + uint64_t x39 = (x36 & UINT64_C(0xffffffffffffffff)); + out1[0] = x34; + out1[1] = x38; + out1[2] = x39; + out1[3] = x35; +} + diff --git a/src/tool/client.cc b/src/tool/client.cc index 80acf34..f4d1441 100644 --- a/src/tool/client.cc +++ b/src/tool/client.cc @@ -125,10 +125,6 @@ static const struct argument kArguments[] = { "this flag is the early data to send or if it starts with '@', the " "file to read from for early data.", }, - { - "-tls13-variant", kOptionalArgument, - "Enable the specified experimental TLS 1.3 variant", - }, { "-ed25519", kBooleanArgument, "Advertise Ed25519 support", }, @@ -328,26 +324,6 @@ static bool DoConnection(SSL_CTX *ctx, return cb(ssl.get(), sock); } -static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) { - if (in == "draft23") { - *out = tls13_draft23; - return true; - } - if (in == "draft28") { - *out = tls13_draft28; - return true; - } - if (in == "rfc") { - *out = tls13_rfc; - return true; - } - if (in == "all") { - *out = tls13_all; - return true; - } - return false; -} - static void InfoCallback(const SSL *ssl, int type, int value) { switch (type) { case SSL_CB_HANDSHAKE_START: @@ -528,16 +504,6 @@ bool Client(const std::vector &args) { SSL_CTX_set_early_data_enabled(ctx.get(), 1); } - if (args_map.count("-tls13-variant") != 0) { - tls13_variant_t variant; - if (!GetTLS13Variant(&variant, args_map["-tls13-variant"])) { - fprintf(stderr, "Unknown TLS 1.3 variant: %s\n", - args_map["-tls13-variant"].c_str()); - return false; - } - SSL_CTX_set_tls13_variant(ctx.get(), variant); - } - if (args_map.count("-ed25519") != 0) { SSL_CTX_set_ed25519_enabled(ctx.get(), 1); } diff --git a/src/tool/server.cc b/src/tool/server.cc index a655db5..989d335 100644 --- a/src/tool/server.cc +++ b/src/tool/server.cc @@ -67,10 +67,6 @@ static const struct argument kArguments[] = { { "-early-data", kBooleanArgument, "Allow early data", }, - { - "-tls13-variant", kOptionalArgument, - "Enable the specified experimental TLS 1.3 variant", - }, { "-www", kBooleanArgument, "The server will print connection information in response to a " @@ -152,26 +148,6 @@ static bssl::UniquePtr MakeSelfSignedCert(EVP_PKEY *evp_pkey, return x509; } -static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) { - if (in == "draft23") { - *out = tls13_draft23; - return true; - } - if (in == "draft28") { - *out = tls13_draft28; - return true; - } - if (in == "rfc") { - *out = tls13_rfc; - return true; - } - if (in == "all") { - *out = tls13_all; - return true; - } - return false; -} - static void InfoCallback(const SSL *ssl, int type, int value) { switch (type) { case SSL_CB_HANDSHAKE_START: @@ -331,16 +307,6 @@ bool Server(const std::vector &args) { SSL_CTX_set_early_data_enabled(ctx.get(), 1); } - if (args_map.count("-tls13-variant") != 0) { - tls13_variant_t variant; - if (!GetTLS13Variant(&variant, args_map["-tls13-variant"])) { - fprintf(stderr, "Unknown TLS 1.3 variant: %s\n", - args_map["-tls13-variant"].c_str()); - return false; - } - SSL_CTX_set_tls13_variant(ctx.get(), variant); - } - if (args_map.count("-debug") != 0) { SSL_CTX_set_info_callback(ctx.get(), InfoCallback); } diff --git a/src/tool/speed.cc b/src/tool/speed.cc index 975fb53..14379cd 100644 --- a/src/tool/speed.cc +++ b/src/tool/speed.cc @@ -19,6 +19,7 @@ #include #include +#include #include #include #include @@ -98,6 +99,7 @@ static uint64_t time_now() { #endif static uint64_t g_timeout_seconds = 1; +static std::vector g_chunk_lengths = {16, 256, 1350, 8192}; static bool TimeFunction(TimeResults *results, std::function func) { // total_us is the total amount of time that we'll aim to measure a function @@ -274,10 +276,19 @@ static bool SpeedRSAKeyGen(const std::string &selected) { (static_cast(num_calls) / us) * 1000000); const size_t n = durations.size(); assert(n > 0); + + // |min| and |max| must be stored in temporary variables to avoid an MSVC + // bug on x86. There, size_t is a typedef for unsigned, but MSVC's printf + // warning tries to retain the distinction and suggest %zu for size_t + // instead of %u. It gets confused if std::vector and + // std::vector are both instantiated. Being typedefs, the two + // instantiations are identical, which somehow breaks the size_t vs unsigned + // metadata. + unsigned min = durations[0]; unsigned median = n & 1 ? durations[n / 2] : (durations[n / 2 - 1] + durations[n / 2]) / 2; - printf(" min: %uus, median: %uus, max: %uus\n", durations[0], median, - durations[n - 1]); + unsigned max = durations[n - 1]; + printf(" min: %uus, median: %uus, max: %uus\n", min, median, max); } return true; @@ -289,11 +300,19 @@ static uint8_t *align(uint8_t *in, unsigned alignment) { ~static_cast(alignment - 1)); } -static bool SpeedAEADChunk(const EVP_AEAD *aead, const std::string &name, +static std::string ChunkLenSuffix(size_t chunk_len) { + char buf[32]; + snprintf(buf, sizeof(buf), " (%zu byte%s)", chunk_len, + chunk_len != 1 ? "s" : ""); + return buf; +} + +static bool SpeedAEADChunk(const EVP_AEAD *aead, std::string name, size_t chunk_len, size_t ad_len, evp_aead_direction_t direction) { static const unsigned kAlignment = 16; + name += ChunkLenSuffix(chunk_len); bssl::ScopedEVP_AEAD_CTX ctx; const size_t key_len = EVP_AEAD_key_length(aead); const size_t nonce_len = EVP_AEAD_nonce_length(aead); @@ -390,12 +409,12 @@ static bool SpeedAEAD(const EVP_AEAD *aead, const std::string &name, return true; } - return SpeedAEADChunk(aead, name + " (16 bytes)", 16, ad_len, - evp_aead_seal) && - SpeedAEADChunk(aead, name + " (1350 bytes)", 1350, ad_len, - evp_aead_seal) && - SpeedAEADChunk(aead, name + " (8192 bytes)", 8192, ad_len, - evp_aead_seal); + for (size_t chunk_len : g_chunk_lengths) { + if (!SpeedAEADChunk(aead, name, chunk_len, ad_len, evp_aead_seal)) { + return false; + } + } + return true; } static bool SpeedAEADOpen(const EVP_AEAD *aead, const std::string &name, @@ -404,15 +423,16 @@ static bool SpeedAEADOpen(const EVP_AEAD *aead, const std::string &name, return true; } - return SpeedAEADChunk(aead, name + " (16 bytes)", 16, ad_len, - evp_aead_open) && - SpeedAEADChunk(aead, name + " (1350 bytes)", 1350, ad_len, - evp_aead_open) && - SpeedAEADChunk(aead, name + " (8192 bytes)", 8192, ad_len, - evp_aead_open); + for (size_t chunk_len : g_chunk_lengths) { + if (!SpeedAEADChunk(aead, name, chunk_len, ad_len, evp_aead_open)) { + return false; + } + } + + return true; } -static bool SpeedHashChunk(const EVP_MD *md, const std::string &name, +static bool SpeedHashChunk(const EVP_MD *md, std::string name, size_t chunk_len) { bssl::ScopedEVP_MD_CTX ctx; uint8_t scratch[8192]; @@ -421,6 +441,7 @@ static bool SpeedHashChunk(const EVP_MD *md, const std::string &name, return false; } + name += ChunkLenSuffix(chunk_len); TimeResults results; if (!TimeFunction(&results, [&ctx, md, chunk_len, &scratch]() -> bool { uint8_t digest[EVP_MAX_MD_SIZE]; @@ -438,24 +459,30 @@ static bool SpeedHashChunk(const EVP_MD *md, const std::string &name, results.PrintWithBytes(name, chunk_len); return true; } + static bool SpeedHash(const EVP_MD *md, const std::string &name, const std::string &selected) { if (!selected.empty() && name.find(selected) == std::string::npos) { return true; } - return SpeedHashChunk(md, name + " (16 bytes)", 16) && - SpeedHashChunk(md, name + " (256 bytes)", 256) && - SpeedHashChunk(md, name + " (8192 bytes)", 8192); + for (size_t chunk_len : g_chunk_lengths) { + if (!SpeedHashChunk(md, name, chunk_len)) { + return false; + } + } + + return true; } -static bool SpeedRandomChunk(const std::string &name, size_t chunk_len) { +static bool SpeedRandomChunk(std::string name, size_t chunk_len) { uint8_t scratch[8192]; if (chunk_len > sizeof(scratch)) { return false; } + name += ChunkLenSuffix(chunk_len); TimeResults results; if (!TimeFunction(&results, [chunk_len, &scratch]() -> bool { RAND_bytes(scratch, chunk_len); @@ -473,9 +500,13 @@ static bool SpeedRandom(const std::string &selected) { return true; } - return SpeedRandomChunk("RNG (16 bytes)", 16) && - SpeedRandomChunk("RNG (256 bytes)", 256) && - SpeedRandomChunk("RNG (8192 bytes)", 8192); + for (size_t chunk_len : g_chunk_lengths) { + if (!SpeedRandomChunk("RNG", chunk_len)) { + return false; + } + } + + return true; } static bool SpeedECDHCurve(const std::string &name, int nid, @@ -786,9 +817,9 @@ static bool SpeedHRSS(const std::string &selected) { results.Print("HRSS encap"); - if (!TimeFunction(&results, [&pub, &priv, &ciphertext]() -> bool { + if (!TimeFunction(&results, [&priv, &ciphertext]() -> bool { uint8_t shared_key[HRSS_KEY_BYTES]; - HRSS_decap(shared_key, &pub, &priv, ciphertext, sizeof(ciphertext)); + HRSS_decap(shared_key, &priv, ciphertext, sizeof(ciphertext)); return true; })) { fprintf(stderr, "Failed to time HRSS_encap.\n"); @@ -802,15 +833,25 @@ static bool SpeedHRSS(const std::string &selected) { static const struct argument kArguments[] = { { - "-filter", kOptionalArgument, - "A filter on the speed tests to run", + "-filter", + kOptionalArgument, + "A filter on the speed tests to run", + }, + { + "-timeout", + kOptionalArgument, + "The number of seconds to run each test for (default is 1)", }, { - "-timeout", kOptionalArgument, - "The number of seconds to run each test for (default is 1)", + "-chunks", + kOptionalArgument, + "A comma-separated list of input sizes to run tests at (default is " + "16,256,1350,8192)", }, { - "", kOptionalArgument, "", + "", + kOptionalArgument, + "", }, }; @@ -830,6 +871,32 @@ bool Speed(const std::vector &args) { g_timeout_seconds = atoi(args_map["-timeout"].c_str()); } + if (args_map.count("-chunks") != 0) { + g_chunk_lengths.clear(); + const char *start = args_map["-chunks"].data(); + const char *end = start + args_map["-chunks"].size(); + while (start != end) { + errno = 0; + char *ptr; + unsigned long long val = strtoull(start, &ptr, 10); + if (ptr == start /* no numeric characters found */ || + errno == ERANGE /* overflow */ || + static_cast(val) != val) { + fprintf(stderr, "Error parsing -chunks argument\n"); + return false; + } + g_chunk_lengths.push_back(static_cast(val)); + start = ptr; + if (start != end) { + if (*start != ',') { + fprintf(stderr, "Error parsing -chunks argument\n"); + return false; + } + start++; + } + } + } + // kTLSADLen is the number of bytes of additional data that TLS passes to // AEADs. static const size_t kTLSADLen = 13; diff --git a/src/util/all_tests.go b/src/util/all_tests.go index 55e1921..fbff48c 100644 --- a/src/util/all_tests.go +++ b/src/util/all_tests.go @@ -146,9 +146,14 @@ var ( func runTestOnce(test test, mallocNumToFail int64) (passed bool, err error) { prog := path.Join(*buildDir, test.args[0]) - args := test.args[1:] + args := append([]string{}, test.args[1:]...) if *simulateARMCPUs && test.cpu != "" { - args = append([]string{"--cpu=" + test.cpu}, args...) + args = append(args, "--cpu=" + test.cpu) + } + if *useSDE { + // SDE is neither compatible with the unwind tester nor automatically + // detected. + args = append(args, "--no_unwind_tests") } var cmd *exec.Cmd if *useValgrind { diff --git a/src/util/bot/DEPS b/src/util/bot/DEPS index 5449ab0..5d6e8cd 100644 --- a/src/util/bot/DEPS +++ b/src/util/bot/DEPS @@ -28,21 +28,26 @@ deps = { }, 'boringssl/util/bot/android_tools': { - 'url': Var('chromium_git') + '/android_tools.git' + '@' + '130499e25286f4d56acafa252fee09f3cc595c49', + 'url': Var('chromium_git') + '/android_tools.git' + '@' + 'e958d6ea74442d4e0849bb8a018d215a0e78981d', 'condition': 'checkout_android', }, 'boringssl/util/bot/gyp': Var('chromium_git') + '/external/gyp.git' + '@' + 'd61a9397e668fa9843c4aa7da9e79460fe590bfb', + 'boringssl/util/bot/libFuzzer': { + 'url': Var('chromium_git') + '/chromium/llvm-project/compiler-rt/lib/fuzzer.git' +'@' + '2a53098584c48af50aec3fb51febe5e651489774', + 'condition': 'checkout_fuzzer', + }, + # Update the following revisions from # https://chromium.googlesource.com/chromium/buildtools/+/master/DEPS 'boringssl/util/bot/libcxx': { - 'url': Var('chromium_git') + '/chromium/llvm-project/libcxx.git' + '@' + '85a7702b4cc5d69402791fe685f151cf3076be71', + 'url': Var('chromium_git') + '/chromium/llvm-project/libcxx.git' + '@' + 'e713cc0acf1ae8b82f451bf58ebef67a46ceddfb', 'condition': 'checkout_libcxx', }, 'boringssl/util/bot/libcxxabi': { - 'url': Var('chromium_git') + '/chromium/llvm-project/libcxxabi.git' + '@' + '05a73941f3fb177c4a891d4ff2a4ed5785e3b80c', + 'url': Var('chromium_git') + '/chromium/llvm-project/libcxxabi.git' + '@' + '307bb62985575b2e3216a8cfd7e122e0574f33a9', 'condition': 'checkout_libcxx', }, } @@ -203,4 +208,24 @@ hooks = [ 'boringssl/util/bot/sde-linux64/', ], }, + { + 'name': 'sde_win32', + 'pattern': '.', + 'condition': 'checkout_sde and host_os == "win"', + 'action': [ 'download_from_google_storage', + '--no_resume', + '--bucket', 'chrome-boringssl-sde', + '-s', 'boringssl/util/bot/sde-win32.tar.bz2.sha1' + ], + }, + { + 'name': 'sde_win32_extract', + 'pattern': '.', + 'condition': 'checkout_sde and host_os == "win"', + 'action': [ 'python', + 'boringssl/util/bot/extract.py', + 'boringssl/util/bot/sde-win32.tar.bz2', + 'boringssl/util/bot/sde-win32/', + ], + }, ] diff --git a/src/util/bot/UPDATING b/src/util/bot/UPDATING index 67949f0..5a46cdf 100644 --- a/src/util/bot/UPDATING +++ b/src/util/bot/UPDATING @@ -72,13 +72,13 @@ yasm-win32.exe: Update to the appropriate release of Yasm. Use the same version The current revision is yasm-1.3.0-win32.exe. -Finally, update sde-linux64.tar.bz2 by downloading the latet release from intel -at +Finally, update sde-linux64.tar.bz2 and sde-win32.tar.bz2 by downloading the +latet release from Intel at https://software.intel.com/en-us/articles/intel-software-development-emulator, but upload it with the following command. (Note the bucket is different.) - upload_to_google_storage.py -b chrome-boringssl-sde sde-linux64.tar.bz2 + upload_to_google_storage.py -b chrome-boringssl-sde sde-linux64.tar.bz2 sde-win32.tar.bz2 -The current revision is sde-external-8.9.0-2017-08-06-lin.tar.bz2. +The current revision is sde-external-8.16.0-2018-01-30-*.tar.bz2. When adding new files, remember to update .gitignore. diff --git a/src/util/bot/go/bootstrap.py b/src/util/bot/go/bootstrap.py index 9dbabe5..1a33c79 100755 --- a/src/util/bot/go/bootstrap.py +++ b/src/util/bot/go/bootstrap.py @@ -45,7 +45,7 @@ WORKSPACE = os.path.join(ROOT, 'go') EXE_SFX = '.exe' if sys.platform == 'win32' else '' # Pinned version of Go toolset to download. -TOOLSET_VERSION = 'go1.11' +TOOLSET_VERSION = 'go1.11.4' # Platform dependent portion of a download URL. See http://golang.org/dl/. TOOLSET_VARIANTS = { diff --git a/src/util/bot/sde-linux64.tar.bz2.sha1 b/src/util/bot/sde-linux64.tar.bz2.sha1 index cb35cf8..bd93323 100644 --- a/src/util/bot/sde-linux64.tar.bz2.sha1 +++ b/src/util/bot/sde-linux64.tar.bz2.sha1 @@ -1 +1 @@ -dcf00ebdef4810ffd4ce0c8636dcf99d5ad760c9 \ No newline at end of file +fe5d01f13b82469ce3854307bba9565d1a02b921 \ No newline at end of file diff --git a/src/util/bot/sde-win32.tar.bz2.sha1 b/src/util/bot/sde-win32.tar.bz2.sha1 new file mode 100644 index 0000000..d17e78d --- /dev/null +++ b/src/util/bot/sde-win32.tar.bz2.sha1 @@ -0,0 +1 @@ +0f746c4c64e07794fd597ec950a24de571376732 \ No newline at end of file diff --git a/src/util/bot/update_clang.py b/src/util/bot/update_clang.py index 0a91189..b1f7776 100644 --- a/src/util/bot/update_clang.py +++ b/src/util/bot/update_clang.py @@ -19,8 +19,8 @@ import urllib2 # CLANG_REVISION and CLANG_SUB_REVISION determine the build of clang # to use. These should be synced with tools/clang/scripts/update.py in # Chromium. -CLANG_REVISION = '337439' -CLANG_SUB_REVISION=1 +CLANG_REVISION = '349417' +CLANG_SUB_REVISION=2 PACKAGE_VERSION = "%s-%s" % (CLANG_REVISION, CLANG_SUB_REVISION) diff --git a/src/util/fipstools/delocate/delocate.go b/src/util/fipstools/delocate/delocate.go index 4734285..ce1a8b2 100644 --- a/src/util/fipstools/delocate/delocate.go +++ b/src/util/fipstools/delocate/delocate.go @@ -1216,6 +1216,9 @@ func transform(w stringWriter, inputs []inputFile) error { // .file directive. Zero is not a valid number. maxObservedFileNumber := 0 + // OPENSSL_ia32cap_get will be synthesized by this script. + symbols["OPENSSL_ia32cap_get"] = struct{}{} + for _, input := range inputs { forEachPath(input.ast.up, func(node *node32) { symbol := input.contents[node.begin:node.end] @@ -1394,6 +1397,8 @@ func transform(w stringWriter, inputs []inputFile) error { } w.WriteString(".type OPENSSL_ia32cap_get, @function\n") + w.WriteString(".globl OPENSSL_ia32cap_get\n") + w.WriteString(localTargetName("OPENSSL_ia32cap_get") + ":\n") w.WriteString("OPENSSL_ia32cap_get:\n") w.WriteString("\tleaq OPENSSL_ia32cap_P(%rip), %rax\n") w.WriteString("\tret\n") diff --git a/src/util/fipstools/delocate/testdata/x86_64-BSS/out.s b/src/util/fipstools/delocate/testdata/x86_64-BSS/out.s index 5c576d9..e8cd56e 100644 --- a/src/util/fipstools/delocate/testdata/x86_64-BSS/out.s +++ b/src/util/fipstools/delocate/testdata/x86_64-BSS/out.s @@ -66,6 +66,8 @@ z_bss_get: leaq .Lz_local_target(%rip), %rax ret .type OPENSSL_ia32cap_get, @function +.globl OPENSSL_ia32cap_get +.LOPENSSL_ia32cap_get_local_target: OPENSSL_ia32cap_get: leaq OPENSSL_ia32cap_P(%rip), %rax ret diff --git a/src/util/fipstools/delocate/testdata/x86_64-Basic/out.s b/src/util/fipstools/delocate/testdata/x86_64-Basic/out.s index b76fd3f..23e97c8 100644 --- a/src/util/fipstools/delocate/testdata/x86_64-Basic/out.s +++ b/src/util/fipstools/delocate/testdata/x86_64-Basic/out.s @@ -59,6 +59,8 @@ foo: .loc 2 2 0 BORINGSSL_bcm_text_end: .type OPENSSL_ia32cap_get, @function +.globl OPENSSL_ia32cap_get +.LOPENSSL_ia32cap_get_local_target: OPENSSL_ia32cap_get: leaq OPENSSL_ia32cap_P(%rip), %rax ret diff --git a/src/util/fipstools/delocate/testdata/x86_64-GOTRewrite/out.s b/src/util/fipstools/delocate/testdata/x86_64-GOTRewrite/out.s index 3d421e5..273cfe9 100644 --- a/src/util/fipstools/delocate/testdata/x86_64-GOTRewrite/out.s +++ b/src/util/fipstools/delocate/testdata/x86_64-GOTRewrite/out.s @@ -148,7 +148,7 @@ foo: # WAS movq foobar_bss_get@GOTPCREL(%rip), %r11 leaq foobar_bss_get(%rip), %r11 # WAS movq OPENSSL_ia32cap_get@GOTPCREL(%rip), %r11 - leaq OPENSSL_ia32cap_get(%rip), %r11 + leaq .LOPENSSL_ia32cap_get_local_target(%rip), %r11 # Transforming moves run the transform in-place after the load. # WAS vpbroadcastq stderr@GOTPCREL(%rip), %xmm0 @@ -186,6 +186,8 @@ stderr_GOTPCREL_external: .long stderr@GOTPCREL .long 0 .type OPENSSL_ia32cap_get, @function +.globl OPENSSL_ia32cap_get +.LOPENSSL_ia32cap_get_local_target: OPENSSL_ia32cap_get: leaq OPENSSL_ia32cap_P(%rip), %rax ret diff --git a/src/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s b/src/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s index 4a01853..8cc27de 100644 --- a/src/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s +++ b/src/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s @@ -39,7 +39,7 @@ bar: # Synthesized symbols are treated as local ones. # WAS call OPENSSL_ia32cap_get@PLT - call OPENSSL_ia32cap_get + call .LOPENSSL_ia32cap_get_local_target # References to local labels are left as-is in the first file. .Llocal_label: @@ -90,6 +90,8 @@ BORINGSSL_bcm_text_end: bcm_redirector_memcpy: jmp memcpy@PLT .type OPENSSL_ia32cap_get, @function +.globl OPENSSL_ia32cap_get +.LOPENSSL_ia32cap_get_local_target: OPENSSL_ia32cap_get: leaq OPENSSL_ia32cap_P(%rip), %rax ret diff --git a/src/util/fipstools/delocate/testdata/x86_64-Sections/out.s b/src/util/fipstools/delocate/testdata/x86_64-Sections/out.s index ba427ad..ab3e3d9 100644 --- a/src/util/fipstools/delocate/testdata/x86_64-Sections/out.s +++ b/src/util/fipstools/delocate/testdata/x86_64-Sections/out.s @@ -48,6 +48,8 @@ foo: .loc 1 2 0 BORINGSSL_bcm_text_end: .type OPENSSL_ia32cap_get, @function +.globl OPENSSL_ia32cap_get +.LOPENSSL_ia32cap_get_local_target: OPENSSL_ia32cap_get: leaq OPENSSL_ia32cap_P(%rip), %rax ret diff --git a/src/util/generate_build_files.py b/src/util/generate_build_files.py index 2a6fe3f..8f88e36 100644 --- a/src/util/generate_build_files.py +++ b/src/util/generate_build_files.py @@ -415,7 +415,7 @@ def NoTestRunnerFiles(path, dent, is_dir): def NotGTestSupport(path, dent, is_dir): - return 'gtest' not in dent + return 'gtest' not in dent and 'abi_test' not in dent def SSLHeaderFiles(path, dent, is_dir): @@ -627,6 +627,7 @@ def main(platforms): crypto_test_files += FindCFiles(os.path.join('src', 'crypto'), OnlyTests) crypto_test_files += [ + 'src/crypto/test/abi_test.cc', 'src/crypto/test/file_test_gtest.cc', 'src/crypto/test/gtest_main.cc', ] diff --git a/win-x86/crypto/fipsmodule/aesni-x86.asm b/win-x86/crypto/fipsmodule/aesni-x86.asm index 602d0b4..4730950 100644 --- a/win-x86/crypto/fipsmodule/aesni-x86.asm +++ b/win-x86/crypto/fipsmodule/aesni-x86.asm @@ -21,10 +21,25 @@ section .text code align=64 section .text code %endif ;extern _OPENSSL_ia32cap_P +%ifndef NDEBUG +extern _BORINGSSL_function_hit +%endif global _aes_hw_encrypt align 16 _aes_hw_encrypt: L$_aes_hw_encrypt_begin: +%ifndef NDEBUG + push ebx + push edx + call L$000pic +L$000pic: + pop ebx + lea ebx,[(_BORINGSSL_function_hit+1-L$000pic)+ebx] + mov edx,1 + mov BYTE [ebx],dl + pop edx + pop ebx +%endif mov eax,DWORD [4+esp] mov edx,DWORD [12+esp] movups xmm2,[eax] @@ -34,12 +49,12 @@ L$_aes_hw_encrypt_begin: movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$000enc1_loop_1: +L$001enc1_loop_1: db 102,15,56,220,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$000enc1_loop_1 + jnz NEAR L$001enc1_loop_1 db 102,15,56,221,209 pxor xmm0,xmm0 pxor xmm1,xmm1 @@ -59,12 +74,12 @@ L$_aes_hw_decrypt_begin: movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$001dec1_loop_2: +L$002dec1_loop_2: db 102,15,56,222,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$001dec1_loop_2 + jnz NEAR L$002dec1_loop_2 db 102,15,56,223,209 pxor xmm0,xmm0 pxor xmm1,xmm1 @@ -82,7 +97,7 @@ __aesni_encrypt2: lea edx,[32+ecx*1+edx] neg ecx add ecx,16 -L$002enc2_loop: +L$003enc2_loop: db 102,15,56,220,209 db 102,15,56,220,217 movups xmm1,[ecx*1+edx] @@ -90,7 +105,7 @@ db 102,15,56,220,217 db 102,15,56,220,208 db 102,15,56,220,216 movups xmm0,[ecx*1+edx-16] - jnz NEAR L$002enc2_loop + jnz NEAR L$003enc2_loop db 102,15,56,220,209 db 102,15,56,220,217 db 102,15,56,221,208 @@ -107,7 +122,7 @@ __aesni_decrypt2: lea edx,[32+ecx*1+edx] neg ecx add ecx,16 -L$003dec2_loop: +L$004dec2_loop: db 102,15,56,222,209 db 102,15,56,222,217 movups xmm1,[ecx*1+edx] @@ -115,7 +130,7 @@ db 102,15,56,222,217 db 102,15,56,222,208 db 102,15,56,222,216 movups xmm0,[ecx*1+edx-16] - jnz NEAR L$003dec2_loop + jnz NEAR L$004dec2_loop db 102,15,56,222,209 db 102,15,56,222,217 db 102,15,56,223,208 @@ -133,7 +148,7 @@ __aesni_encrypt3: lea edx,[32+ecx*1+edx] neg ecx add ecx,16 -L$004enc3_loop: +L$005enc3_loop: db 102,15,56,220,209 db 102,15,56,220,217 db 102,15,56,220,225 @@ -143,7 +158,7 @@ db 102,15,56,220,208 db 102,15,56,220,216 db 102,15,56,220,224 movups xmm0,[ecx*1+edx-16] - jnz NEAR L$004enc3_loop + jnz NEAR L$005enc3_loop db 102,15,56,220,209 db 102,15,56,220,217 db 102,15,56,220,225 @@ -163,7 +178,7 @@ __aesni_decrypt3: lea edx,[32+ecx*1+edx] neg ecx add ecx,16 -L$005dec3_loop: +L$006dec3_loop: db 102,15,56,222,209 db 102,15,56,222,217 db 102,15,56,222,225 @@ -173,7 +188,7 @@ db 102,15,56,222,208 db 102,15,56,222,216 db 102,15,56,222,224 movups xmm0,[ecx*1+edx-16] - jnz NEAR L$005dec3_loop + jnz NEAR L$006dec3_loop db 102,15,56,222,209 db 102,15,56,222,217 db 102,15,56,222,225 @@ -195,7 +210,7 @@ __aesni_encrypt4: neg ecx db 15,31,64,0 add ecx,16 -L$006enc4_loop: +L$007enc4_loop: db 102,15,56,220,209 db 102,15,56,220,217 db 102,15,56,220,225 @@ -207,7 +222,7 @@ db 102,15,56,220,216 db 102,15,56,220,224 db 102,15,56,220,232 movups xmm0,[ecx*1+edx-16] - jnz NEAR L$006enc4_loop + jnz NEAR L$007enc4_loop db 102,15,56,220,209 db 102,15,56,220,217 db 102,15,56,220,225 @@ -231,7 +246,7 @@ __aesni_decrypt4: neg ecx db 15,31,64,0 add ecx,16 -L$007dec4_loop: +L$008dec4_loop: db 102,15,56,222,209 db 102,15,56,222,217 db 102,15,56,222,225 @@ -243,7 +258,7 @@ db 102,15,56,222,216 db 102,15,56,222,224 db 102,15,56,222,232 movups xmm0,[ecx*1+edx-16] - jnz NEAR L$007dec4_loop + jnz NEAR L$008dec4_loop db 102,15,56,222,209 db 102,15,56,222,217 db 102,15,56,222,225 @@ -271,13 +286,13 @@ db 102,15,56,220,225 pxor xmm7,xmm0 movups xmm0,[ecx*1+edx] add ecx,16 - jmp NEAR L$008_aesni_encrypt6_inner + jmp NEAR L$009_aesni_encrypt6_inner align 16 -L$009enc6_loop: +L$010enc6_loop: db 102,15,56,220,209 db 102,15,56,220,217 db 102,15,56,220,225 -L$008_aesni_encrypt6_inner: +L$009_aesni_encrypt6_inner: db 102,15,56,220,233 db 102,15,56,220,241 db 102,15,56,220,249 @@ -291,7 +306,7 @@ db 102,15,56,220,232 db 102,15,56,220,240 db 102,15,56,220,248 movups xmm0,[ecx*1+edx-16] - jnz NEAR L$009enc6_loop + jnz NEAR L$010enc6_loop db 102,15,56,220,209 db 102,15,56,220,217 db 102,15,56,220,225 @@ -323,13 +338,13 @@ db 102,15,56,222,225 pxor xmm7,xmm0 movups xmm0,[ecx*1+edx] add ecx,16 - jmp NEAR L$010_aesni_decrypt6_inner + jmp NEAR L$011_aesni_decrypt6_inner align 16 -L$011dec6_loop: +L$012dec6_loop: db 102,15,56,222,209 db 102,15,56,222,217 db 102,15,56,222,225 -L$010_aesni_decrypt6_inner: +L$011_aesni_decrypt6_inner: db 102,15,56,222,233 db 102,15,56,222,241 db 102,15,56,222,249 @@ -343,7 +358,7 @@ db 102,15,56,222,232 db 102,15,56,222,240 db 102,15,56,222,248 movups xmm0,[ecx*1+edx-16] - jnz NEAR L$011dec6_loop + jnz NEAR L$012dec6_loop db 102,15,56,222,209 db 102,15,56,222,217 db 102,15,56,222,225 @@ -371,14 +386,14 @@ L$_aes_hw_ecb_encrypt_begin: mov edx,DWORD [32+esp] mov ebx,DWORD [36+esp] and eax,-16 - jz NEAR L$012ecb_ret + jz NEAR L$013ecb_ret mov ecx,DWORD [240+edx] test ebx,ebx - jz NEAR L$013ecb_decrypt + jz NEAR L$014ecb_decrypt mov ebp,edx mov ebx,ecx cmp eax,96 - jb NEAR L$014ecb_enc_tail + jb NEAR L$015ecb_enc_tail movdqu xmm2,[esi] movdqu xmm3,[16+esi] movdqu xmm4,[32+esi] @@ -387,9 +402,9 @@ L$_aes_hw_ecb_encrypt_begin: movdqu xmm7,[80+esi] lea esi,[96+esi] sub eax,96 - jmp NEAR L$015ecb_enc_loop6_enter + jmp NEAR L$016ecb_enc_loop6_enter align 16 -L$016ecb_enc_loop6: +L$017ecb_enc_loop6: movups [edi],xmm2 movdqu xmm2,[esi] movups [16+edi],xmm3 @@ -404,12 +419,12 @@ L$016ecb_enc_loop6: lea edi,[96+edi] movdqu xmm7,[80+esi] lea esi,[96+esi] -L$015ecb_enc_loop6_enter: +L$016ecb_enc_loop6_enter: call __aesni_encrypt6 mov edx,ebp mov ecx,ebx sub eax,96 - jnc NEAR L$016ecb_enc_loop6 + jnc NEAR L$017ecb_enc_loop6 movups [edi],xmm2 movups [16+edi],xmm3 movups [32+edi],xmm4 @@ -418,18 +433,18 @@ L$015ecb_enc_loop6_enter: movups [80+edi],xmm7 lea edi,[96+edi] add eax,96 - jz NEAR L$012ecb_ret -L$014ecb_enc_tail: + jz NEAR L$013ecb_ret +L$015ecb_enc_tail: movups xmm2,[esi] cmp eax,32 - jb NEAR L$017ecb_enc_one + jb NEAR L$018ecb_enc_one movups xmm3,[16+esi] - je NEAR L$018ecb_enc_two + je NEAR L$019ecb_enc_two movups xmm4,[32+esi] cmp eax,64 - jb NEAR L$019ecb_enc_three + jb NEAR L$020ecb_enc_three movups xmm5,[48+esi] - je NEAR L$020ecb_enc_four + je NEAR L$021ecb_enc_four movups xmm6,[64+esi] xorps xmm7,xmm7 call __aesni_encrypt6 @@ -438,49 +453,49 @@ L$014ecb_enc_tail: movups [32+edi],xmm4 movups [48+edi],xmm5 movups [64+edi],xmm6 - jmp NEAR L$012ecb_ret + jmp NEAR L$013ecb_ret align 16 -L$017ecb_enc_one: +L$018ecb_enc_one: movups xmm0,[edx] movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$021enc1_loop_3: +L$022enc1_loop_3: db 102,15,56,220,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$021enc1_loop_3 + jnz NEAR L$022enc1_loop_3 db 102,15,56,221,209 movups [edi],xmm2 - jmp NEAR L$012ecb_ret + jmp NEAR L$013ecb_ret align 16 -L$018ecb_enc_two: +L$019ecb_enc_two: call __aesni_encrypt2 movups [edi],xmm2 movups [16+edi],xmm3 - jmp NEAR L$012ecb_ret + jmp NEAR L$013ecb_ret align 16 -L$019ecb_enc_three: +L$020ecb_enc_three: call __aesni_encrypt3 movups [edi],xmm2 movups [16+edi],xmm3 movups [32+edi],xmm4 - jmp NEAR L$012ecb_ret + jmp NEAR L$013ecb_ret align 16 -L$020ecb_enc_four: +L$021ecb_enc_four: call __aesni_encrypt4 movups [edi],xmm2 movups [16+edi],xmm3 movups [32+edi],xmm4 movups [48+edi],xmm5 - jmp NEAR L$012ecb_ret + jmp NEAR L$013ecb_ret align 16 -L$013ecb_decrypt: +L$014ecb_decrypt: mov ebp,edx mov ebx,ecx cmp eax,96 - jb NEAR L$022ecb_dec_tail + jb NEAR L$023ecb_dec_tail movdqu xmm2,[esi] movdqu xmm3,[16+esi] movdqu xmm4,[32+esi] @@ -489,9 +504,9 @@ L$013ecb_decrypt: movdqu xmm7,[80+esi] lea esi,[96+esi] sub eax,96 - jmp NEAR L$023ecb_dec_loop6_enter + jmp NEAR L$024ecb_dec_loop6_enter align 16 -L$024ecb_dec_loop6: +L$025ecb_dec_loop6: movups [edi],xmm2 movdqu xmm2,[esi] movups [16+edi],xmm3 @@ -506,12 +521,12 @@ L$024ecb_dec_loop6: lea edi,[96+edi] movdqu xmm7,[80+esi] lea esi,[96+esi] -L$023ecb_dec_loop6_enter: +L$024ecb_dec_loop6_enter: call __aesni_decrypt6 mov edx,ebp mov ecx,ebx sub eax,96 - jnc NEAR L$024ecb_dec_loop6 + jnc NEAR L$025ecb_dec_loop6 movups [edi],xmm2 movups [16+edi],xmm3 movups [32+edi],xmm4 @@ -520,18 +535,18 @@ L$023ecb_dec_loop6_enter: movups [80+edi],xmm7 lea edi,[96+edi] add eax,96 - jz NEAR L$012ecb_ret -L$022ecb_dec_tail: + jz NEAR L$013ecb_ret +L$023ecb_dec_tail: movups xmm2,[esi] cmp eax,32 - jb NEAR L$025ecb_dec_one + jb NEAR L$026ecb_dec_one movups xmm3,[16+esi] - je NEAR L$026ecb_dec_two + je NEAR L$027ecb_dec_two movups xmm4,[32+esi] cmp eax,64 - jb NEAR L$027ecb_dec_three + jb NEAR L$028ecb_dec_three movups xmm5,[48+esi] - je NEAR L$028ecb_dec_four + je NEAR L$029ecb_dec_four movups xmm6,[64+esi] xorps xmm7,xmm7 call __aesni_decrypt6 @@ -540,43 +555,43 @@ L$022ecb_dec_tail: movups [32+edi],xmm4 movups [48+edi],xmm5 movups [64+edi],xmm6 - jmp NEAR L$012ecb_ret + jmp NEAR L$013ecb_ret align 16 -L$025ecb_dec_one: +L$026ecb_dec_one: movups xmm0,[edx] movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$029dec1_loop_4: +L$030dec1_loop_4: db 102,15,56,222,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$029dec1_loop_4 + jnz NEAR L$030dec1_loop_4 db 102,15,56,223,209 movups [edi],xmm2 - jmp NEAR L$012ecb_ret + jmp NEAR L$013ecb_ret align 16 -L$026ecb_dec_two: +L$027ecb_dec_two: call __aesni_decrypt2 movups [edi],xmm2 movups [16+edi],xmm3 - jmp NEAR L$012ecb_ret + jmp NEAR L$013ecb_ret align 16 -L$027ecb_dec_three: +L$028ecb_dec_three: call __aesni_decrypt3 movups [edi],xmm2 movups [16+edi],xmm3 movups [32+edi],xmm4 - jmp NEAR L$012ecb_ret + jmp NEAR L$013ecb_ret align 16 -L$028ecb_dec_four: +L$029ecb_dec_four: call __aesni_decrypt4 movups [edi],xmm2 movups [16+edi],xmm3 movups [32+edi],xmm4 movups [48+edi],xmm5 -L$012ecb_ret: +L$013ecb_ret: pxor xmm0,xmm0 pxor xmm1,xmm1 pxor xmm2,xmm2 @@ -629,7 +644,7 @@ L$_aes_hw_ccm64_encrypt_blocks_begin: lea edx,[32+ecx*1+edx] sub ebx,ecx db 102,15,56,0,253 -L$030ccm64_enc_outer: +L$031ccm64_enc_outer: movups xmm0,[ebp] mov ecx,ebx movups xmm6,[esi] @@ -638,7 +653,7 @@ L$030ccm64_enc_outer: xorps xmm0,xmm6 xorps xmm3,xmm0 movups xmm0,[32+ebp] -L$031ccm64_enc2_loop: +L$032ccm64_enc2_loop: db 102,15,56,220,209 db 102,15,56,220,217 movups xmm1,[ecx*1+edx] @@ -646,7 +661,7 @@ db 102,15,56,220,217 db 102,15,56,220,208 db 102,15,56,220,216 movups xmm0,[ecx*1+edx-16] - jnz NEAR L$031ccm64_enc2_loop + jnz NEAR L$032ccm64_enc2_loop db 102,15,56,220,209 db 102,15,56,220,217 paddq xmm7,[16+esp] @@ -659,7 +674,7 @@ db 102,15,56,221,216 movups [edi],xmm6 db 102,15,56,0,213 lea edi,[16+edi] - jnz NEAR L$030ccm64_enc_outer + jnz NEAR L$031ccm64_enc_outer mov esp,DWORD [48+esp] mov edi,DWORD [40+esp] movups [edi],xmm3 @@ -716,12 +731,12 @@ db 102,15,56,0,253 movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$032enc1_loop_5: +L$033enc1_loop_5: db 102,15,56,220,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$032enc1_loop_5 + jnz NEAR L$033enc1_loop_5 db 102,15,56,221,209 shl ebx,4 mov ecx,16 @@ -731,16 +746,16 @@ db 102,15,56,221,209 sub ecx,ebx lea edx,[32+ebx*1+ebp] mov ebx,ecx - jmp NEAR L$033ccm64_dec_outer + jmp NEAR L$034ccm64_dec_outer align 16 -L$033ccm64_dec_outer: +L$034ccm64_dec_outer: xorps xmm6,xmm2 movdqa xmm2,xmm7 movups [edi],xmm6 lea edi,[16+edi] db 102,15,56,0,213 sub eax,1 - jz NEAR L$034ccm64_dec_break + jz NEAR L$035ccm64_dec_break movups xmm0,[ebp] mov ecx,ebx movups xmm1,[16+ebp] @@ -748,7 +763,7 @@ db 102,15,56,0,213 xorps xmm2,xmm0 xorps xmm3,xmm6 movups xmm0,[32+ebp] -L$035ccm64_dec2_loop: +L$036ccm64_dec2_loop: db 102,15,56,220,209 db 102,15,56,220,217 movups xmm1,[ecx*1+edx] @@ -756,7 +771,7 @@ db 102,15,56,220,217 db 102,15,56,220,208 db 102,15,56,220,216 movups xmm0,[ecx*1+edx-16] - jnz NEAR L$035ccm64_dec2_loop + jnz NEAR L$036ccm64_dec2_loop movups xmm6,[esi] paddq xmm7,[16+esp] db 102,15,56,220,209 @@ -764,9 +779,9 @@ db 102,15,56,220,217 db 102,15,56,221,208 db 102,15,56,221,216 lea esi,[16+esi] - jmp NEAR L$033ccm64_dec_outer + jmp NEAR L$034ccm64_dec_outer align 16 -L$034ccm64_dec_break: +L$035ccm64_dec_break: mov ecx,DWORD [240+ebp] mov edx,ebp movups xmm0,[edx] @@ -774,12 +789,12 @@ L$034ccm64_dec_break: xorps xmm6,xmm0 lea edx,[32+edx] xorps xmm3,xmm6 -L$036enc1_loop_6: +L$037enc1_loop_6: db 102,15,56,220,217 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$036enc1_loop_6 + jnz NEAR L$037enc1_loop_6 db 102,15,56,221,217 mov esp,DWORD [48+esp] mov edi,DWORD [40+esp] @@ -805,6 +820,18 @@ L$_aes_hw_ctr32_encrypt_blocks_begin: push ebx push esi push edi +%ifndef NDEBUG + push ebx + push edx + call L$038pic +L$038pic: + pop ebx + lea ebx,[(_BORINGSSL_function_hit+0-L$038pic)+ebx] + mov edx,1 + mov BYTE [ebx],dl + pop edx + pop ebx +%endif mov esi,DWORD [20+esp] mov edi,DWORD [24+esp] mov eax,DWORD [28+esp] @@ -815,7 +842,7 @@ L$_aes_hw_ctr32_encrypt_blocks_begin: and esp,-16 mov DWORD [80+esp],ebp cmp eax,1 - je NEAR L$037ctr32_one_shortcut + je NEAR L$039ctr32_one_shortcut movdqu xmm7,[ebx] mov DWORD [esp],202182159 mov DWORD [4+esp],134810123 @@ -853,7 +880,7 @@ db 102,15,56,0,202 pshufd xmm2,xmm0,192 pshufd xmm3,xmm0,128 cmp eax,6 - jb NEAR L$038ctr32_tail + jb NEAR L$040ctr32_tail pxor xmm7,xmm6 shl ecx,4 mov ebx,16 @@ -862,9 +889,9 @@ db 102,15,56,0,202 sub ebx,ecx lea edx,[32+ecx*1+edx] sub eax,6 - jmp NEAR L$039ctr32_loop6 + jmp NEAR L$041ctr32_loop6 align 16 -L$039ctr32_loop6: +L$041ctr32_loop6: pshufd xmm4,xmm0,64 movdqa xmm0,[32+esp] pshufd xmm5,xmm1,192 @@ -918,27 +945,27 @@ db 102,15,56,0,202 lea edi,[96+edi] pshufd xmm3,xmm0,128 sub eax,6 - jnc NEAR L$039ctr32_loop6 + jnc NEAR L$041ctr32_loop6 add eax,6 - jz NEAR L$040ctr32_ret + jz NEAR L$042ctr32_ret movdqu xmm7,[ebp] mov edx,ebp pxor xmm7,[32+esp] mov ecx,DWORD [240+ebp] -L$038ctr32_tail: +L$040ctr32_tail: por xmm2,xmm7 cmp eax,2 - jb NEAR L$041ctr32_one + jb NEAR L$043ctr32_one pshufd xmm4,xmm0,64 por xmm3,xmm7 - je NEAR L$042ctr32_two + je NEAR L$044ctr32_two pshufd xmm5,xmm1,192 por xmm4,xmm7 cmp eax,4 - jb NEAR L$043ctr32_three + jb NEAR L$045ctr32_three pshufd xmm6,xmm1,128 por xmm5,xmm7 - je NEAR L$044ctr32_four + je NEAR L$046ctr32_four por xmm6,xmm7 call __aesni_encrypt6 movups xmm1,[esi] @@ -956,29 +983,29 @@ L$038ctr32_tail: movups [32+edi],xmm4 movups [48+edi],xmm5 movups [64+edi],xmm6 - jmp NEAR L$040ctr32_ret + jmp NEAR L$042ctr32_ret align 16 -L$037ctr32_one_shortcut: +L$039ctr32_one_shortcut: movups xmm2,[ebx] mov ecx,DWORD [240+edx] -L$041ctr32_one: +L$043ctr32_one: movups xmm0,[edx] movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$045enc1_loop_7: +L$047enc1_loop_7: db 102,15,56,220,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$045enc1_loop_7 + jnz NEAR L$047enc1_loop_7 db 102,15,56,221,209 movups xmm6,[esi] xorps xmm6,xmm2 movups [edi],xmm6 - jmp NEAR L$040ctr32_ret + jmp NEAR L$042ctr32_ret align 16 -L$042ctr32_two: +L$044ctr32_two: call __aesni_encrypt2 movups xmm5,[esi] movups xmm6,[16+esi] @@ -986,9 +1013,9 @@ L$042ctr32_two: xorps xmm3,xmm6 movups [edi],xmm2 movups [16+edi],xmm3 - jmp NEAR L$040ctr32_ret + jmp NEAR L$042ctr32_ret align 16 -L$043ctr32_three: +L$045ctr32_three: call __aesni_encrypt3 movups xmm5,[esi] movups xmm6,[16+esi] @@ -999,9 +1026,9 @@ L$043ctr32_three: xorps xmm4,xmm7 movups [16+edi],xmm3 movups [32+edi],xmm4 - jmp NEAR L$040ctr32_ret + jmp NEAR L$042ctr32_ret align 16 -L$044ctr32_four: +L$046ctr32_four: call __aesni_encrypt4 movups xmm6,[esi] movups xmm7,[16+esi] @@ -1015,7 +1042,7 @@ L$044ctr32_four: xorps xmm5,xmm0 movups [32+edi],xmm4 movups [48+edi],xmm5 -L$040ctr32_ret: +L$042ctr32_ret: pxor xmm0,xmm0 pxor xmm1,xmm1 pxor xmm2,xmm2 @@ -1049,12 +1076,12 @@ L$_aes_hw_xts_encrypt_begin: movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$046enc1_loop_8: +L$048enc1_loop_8: db 102,15,56,220,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$046enc1_loop_8 + jnz NEAR L$048enc1_loop_8 db 102,15,56,221,209 mov esi,DWORD [20+esp] mov edi,DWORD [24+esp] @@ -1078,14 +1105,14 @@ db 102,15,56,221,209 mov ebp,edx mov ebx,ecx sub eax,96 - jc NEAR L$047xts_enc_short + jc NEAR L$049xts_enc_short shl ecx,4 mov ebx,16 sub ebx,ecx lea edx,[32+ecx*1+edx] - jmp NEAR L$048xts_enc_loop6 + jmp NEAR L$050xts_enc_loop6 align 16 -L$048xts_enc_loop6: +L$050xts_enc_loop6: pshufd xmm2,xmm0,19 pxor xmm0,xmm0 movdqa [esp],xmm1 @@ -1174,23 +1201,23 @@ db 102,15,56,220,249 pcmpgtd xmm0,xmm1 pxor xmm1,xmm2 sub eax,96 - jnc NEAR L$048xts_enc_loop6 + jnc NEAR L$050xts_enc_loop6 mov ecx,DWORD [240+ebp] mov edx,ebp mov ebx,ecx -L$047xts_enc_short: +L$049xts_enc_short: add eax,96 - jz NEAR L$049xts_enc_done6x + jz NEAR L$051xts_enc_done6x movdqa xmm5,xmm1 cmp eax,32 - jb NEAR L$050xts_enc_one + jb NEAR L$052xts_enc_one pshufd xmm2,xmm0,19 pxor xmm0,xmm0 paddq xmm1,xmm1 pand xmm2,xmm3 pcmpgtd xmm0,xmm1 pxor xmm1,xmm2 - je NEAR L$051xts_enc_two + je NEAR L$053xts_enc_two pshufd xmm2,xmm0,19 pxor xmm0,xmm0 movdqa xmm6,xmm1 @@ -1199,7 +1226,7 @@ L$047xts_enc_short: pcmpgtd xmm0,xmm1 pxor xmm1,xmm2 cmp eax,64 - jb NEAR L$052xts_enc_three + jb NEAR L$054xts_enc_three pshufd xmm2,xmm0,19 pxor xmm0,xmm0 movdqa xmm7,xmm1 @@ -1209,7 +1236,7 @@ L$047xts_enc_short: pxor xmm1,xmm2 movdqa [esp],xmm5 movdqa [16+esp],xmm6 - je NEAR L$053xts_enc_four + je NEAR L$055xts_enc_four movdqa [32+esp],xmm7 pshufd xmm7,xmm0,19 movdqa [48+esp],xmm1 @@ -1241,9 +1268,9 @@ L$047xts_enc_short: movups [48+edi],xmm5 movups [64+edi],xmm6 lea edi,[80+edi] - jmp NEAR L$054xts_enc_done + jmp NEAR L$056xts_enc_done align 16 -L$050xts_enc_one: +L$052xts_enc_one: movups xmm2,[esi] lea esi,[16+esi] xorps xmm2,xmm5 @@ -1251,20 +1278,20 @@ L$050xts_enc_one: movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$055enc1_loop_9: +L$057enc1_loop_9: db 102,15,56,220,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$055enc1_loop_9 + jnz NEAR L$057enc1_loop_9 db 102,15,56,221,209 xorps xmm2,xmm5 movups [edi],xmm2 lea edi,[16+edi] movdqa xmm1,xmm5 - jmp NEAR L$054xts_enc_done + jmp NEAR L$056xts_enc_done align 16 -L$051xts_enc_two: +L$053xts_enc_two: movaps xmm6,xmm1 movups xmm2,[esi] movups xmm3,[16+esi] @@ -1278,9 +1305,9 @@ L$051xts_enc_two: movups [16+edi],xmm3 lea edi,[32+edi] movdqa xmm1,xmm6 - jmp NEAR L$054xts_enc_done + jmp NEAR L$056xts_enc_done align 16 -L$052xts_enc_three: +L$054xts_enc_three: movaps xmm7,xmm1 movups xmm2,[esi] movups xmm3,[16+esi] @@ -1298,9 +1325,9 @@ L$052xts_enc_three: movups [32+edi],xmm4 lea edi,[48+edi] movdqa xmm1,xmm7 - jmp NEAR L$054xts_enc_done + jmp NEAR L$056xts_enc_done align 16 -L$053xts_enc_four: +L$055xts_enc_four: movaps xmm6,xmm1 movups xmm2,[esi] movups xmm3,[16+esi] @@ -1322,28 +1349,28 @@ L$053xts_enc_four: movups [48+edi],xmm5 lea edi,[64+edi] movdqa xmm1,xmm6 - jmp NEAR L$054xts_enc_done + jmp NEAR L$056xts_enc_done align 16 -L$049xts_enc_done6x: +L$051xts_enc_done6x: mov eax,DWORD [112+esp] and eax,15 - jz NEAR L$056xts_enc_ret + jz NEAR L$058xts_enc_ret movdqa xmm5,xmm1 mov DWORD [112+esp],eax - jmp NEAR L$057xts_enc_steal + jmp NEAR L$059xts_enc_steal align 16 -L$054xts_enc_done: +L$056xts_enc_done: mov eax,DWORD [112+esp] pxor xmm0,xmm0 and eax,15 - jz NEAR L$056xts_enc_ret + jz NEAR L$058xts_enc_ret pcmpgtd xmm0,xmm1 mov DWORD [112+esp],eax pshufd xmm5,xmm0,19 paddq xmm1,xmm1 pand xmm5,[96+esp] pxor xmm5,xmm1 -L$057xts_enc_steal: +L$059xts_enc_steal: movzx ecx,BYTE [esi] movzx edx,BYTE [edi-16] lea esi,[1+esi] @@ -1351,7 +1378,7 @@ L$057xts_enc_steal: mov BYTE [edi],dl lea edi,[1+edi] sub eax,1 - jnz NEAR L$057xts_enc_steal + jnz NEAR L$059xts_enc_steal sub edi,DWORD [112+esp] mov edx,ebp mov ecx,ebx @@ -1361,16 +1388,16 @@ L$057xts_enc_steal: movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$058enc1_loop_10: +L$060enc1_loop_10: db 102,15,56,220,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$058enc1_loop_10 + jnz NEAR L$060enc1_loop_10 db 102,15,56,221,209 xorps xmm2,xmm5 movups [edi-16],xmm2 -L$056xts_enc_ret: +L$058xts_enc_ret: pxor xmm0,xmm0 pxor xmm1,xmm1 pxor xmm2,xmm2 @@ -1407,12 +1434,12 @@ L$_aes_hw_xts_decrypt_begin: movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$059enc1_loop_11: +L$061enc1_loop_11: db 102,15,56,220,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$059enc1_loop_11 + jnz NEAR L$061enc1_loop_11 db 102,15,56,221,209 mov esi,DWORD [20+esp] mov edi,DWORD [24+esp] @@ -1441,14 +1468,14 @@ db 102,15,56,221,209 pcmpgtd xmm0,xmm1 and eax,-16 sub eax,96 - jc NEAR L$060xts_dec_short + jc NEAR L$062xts_dec_short shl ecx,4 mov ebx,16 sub ebx,ecx lea edx,[32+ecx*1+edx] - jmp NEAR L$061xts_dec_loop6 + jmp NEAR L$063xts_dec_loop6 align 16 -L$061xts_dec_loop6: +L$063xts_dec_loop6: pshufd xmm2,xmm0,19 pxor xmm0,xmm0 movdqa [esp],xmm1 @@ -1537,23 +1564,23 @@ db 102,15,56,222,249 pcmpgtd xmm0,xmm1 pxor xmm1,xmm2 sub eax,96 - jnc NEAR L$061xts_dec_loop6 + jnc NEAR L$063xts_dec_loop6 mov ecx,DWORD [240+ebp] mov edx,ebp mov ebx,ecx -L$060xts_dec_short: +L$062xts_dec_short: add eax,96 - jz NEAR L$062xts_dec_done6x + jz NEAR L$064xts_dec_done6x movdqa xmm5,xmm1 cmp eax,32 - jb NEAR L$063xts_dec_one + jb NEAR L$065xts_dec_one pshufd xmm2,xmm0,19 pxor xmm0,xmm0 paddq xmm1,xmm1 pand xmm2,xmm3 pcmpgtd xmm0,xmm1 pxor xmm1,xmm2 - je NEAR L$064xts_dec_two + je NEAR L$066xts_dec_two pshufd xmm2,xmm0,19 pxor xmm0,xmm0 movdqa xmm6,xmm1 @@ -1562,7 +1589,7 @@ L$060xts_dec_short: pcmpgtd xmm0,xmm1 pxor xmm1,xmm2 cmp eax,64 - jb NEAR L$065xts_dec_three + jb NEAR L$067xts_dec_three pshufd xmm2,xmm0,19 pxor xmm0,xmm0 movdqa xmm7,xmm1 @@ -1572,7 +1599,7 @@ L$060xts_dec_short: pxor xmm1,xmm2 movdqa [esp],xmm5 movdqa [16+esp],xmm6 - je NEAR L$066xts_dec_four + je NEAR L$068xts_dec_four movdqa [32+esp],xmm7 pshufd xmm7,xmm0,19 movdqa [48+esp],xmm1 @@ -1604,9 +1631,9 @@ L$060xts_dec_short: movups [48+edi],xmm5 movups [64+edi],xmm6 lea edi,[80+edi] - jmp NEAR L$067xts_dec_done + jmp NEAR L$069xts_dec_done align 16 -L$063xts_dec_one: +L$065xts_dec_one: movups xmm2,[esi] lea esi,[16+esi] xorps xmm2,xmm5 @@ -1614,20 +1641,20 @@ L$063xts_dec_one: movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$068dec1_loop_12: +L$070dec1_loop_12: db 102,15,56,222,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$068dec1_loop_12 + jnz NEAR L$070dec1_loop_12 db 102,15,56,223,209 xorps xmm2,xmm5 movups [edi],xmm2 lea edi,[16+edi] movdqa xmm1,xmm5 - jmp NEAR L$067xts_dec_done + jmp NEAR L$069xts_dec_done align 16 -L$064xts_dec_two: +L$066xts_dec_two: movaps xmm6,xmm1 movups xmm2,[esi] movups xmm3,[16+esi] @@ -1641,9 +1668,9 @@ L$064xts_dec_two: movups [16+edi],xmm3 lea edi,[32+edi] movdqa xmm1,xmm6 - jmp NEAR L$067xts_dec_done + jmp NEAR L$069xts_dec_done align 16 -L$065xts_dec_three: +L$067xts_dec_three: movaps xmm7,xmm1 movups xmm2,[esi] movups xmm3,[16+esi] @@ -1661,9 +1688,9 @@ L$065xts_dec_three: movups [32+edi],xmm4 lea edi,[48+edi] movdqa xmm1,xmm7 - jmp NEAR L$067xts_dec_done + jmp NEAR L$069xts_dec_done align 16 -L$066xts_dec_four: +L$068xts_dec_four: movaps xmm6,xmm1 movups xmm2,[esi] movups xmm3,[16+esi] @@ -1685,20 +1712,20 @@ L$066xts_dec_four: movups [48+edi],xmm5 lea edi,[64+edi] movdqa xmm1,xmm6 - jmp NEAR L$067xts_dec_done + jmp NEAR L$069xts_dec_done align 16 -L$062xts_dec_done6x: +L$064xts_dec_done6x: mov eax,DWORD [112+esp] and eax,15 - jz NEAR L$069xts_dec_ret + jz NEAR L$071xts_dec_ret mov DWORD [112+esp],eax - jmp NEAR L$070xts_dec_only_one_more + jmp NEAR L$072xts_dec_only_one_more align 16 -L$067xts_dec_done: +L$069xts_dec_done: mov eax,DWORD [112+esp] pxor xmm0,xmm0 and eax,15 - jz NEAR L$069xts_dec_ret + jz NEAR L$071xts_dec_ret pcmpgtd xmm0,xmm1 mov DWORD [112+esp],eax pshufd xmm2,xmm0,19 @@ -1708,7 +1735,7 @@ L$067xts_dec_done: pand xmm2,xmm3 pcmpgtd xmm0,xmm1 pxor xmm1,xmm2 -L$070xts_dec_only_one_more: +L$072xts_dec_only_one_more: pshufd xmm5,xmm0,19 movdqa xmm6,xmm1 paddq xmm1,xmm1 @@ -1722,16 +1749,16 @@ L$070xts_dec_only_one_more: movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$071dec1_loop_13: +L$073dec1_loop_13: db 102,15,56,222,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$071dec1_loop_13 + jnz NEAR L$073dec1_loop_13 db 102,15,56,223,209 xorps xmm2,xmm5 movups [edi],xmm2 -L$072xts_dec_steal: +L$074xts_dec_steal: movzx ecx,BYTE [16+esi] movzx edx,BYTE [edi] lea esi,[1+esi] @@ -1739,7 +1766,7 @@ L$072xts_dec_steal: mov BYTE [16+edi],dl lea edi,[1+edi] sub eax,1 - jnz NEAR L$072xts_dec_steal + jnz NEAR L$074xts_dec_steal sub edi,DWORD [112+esp] mov edx,ebp mov ecx,ebx @@ -1749,16 +1776,16 @@ L$072xts_dec_steal: movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$073dec1_loop_14: +L$075dec1_loop_14: db 102,15,56,222,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$073dec1_loop_14 + jnz NEAR L$075dec1_loop_14 db 102,15,56,223,209 xorps xmm2,xmm6 movups [edi],xmm2 -L$069xts_dec_ret: +L$071xts_dec_ret: pxor xmm0,xmm0 pxor xmm1,xmm1 pxor xmm2,xmm2 @@ -1796,7 +1823,7 @@ L$_aes_hw_cbc_encrypt_begin: mov edx,DWORD [32+esp] mov ebp,DWORD [36+esp] test eax,eax - jz NEAR L$074cbc_abort + jz NEAR L$076cbc_abort cmp DWORD [40+esp],0 xchg ebx,esp movups xmm7,[ebp] @@ -1804,14 +1831,14 @@ L$_aes_hw_cbc_encrypt_begin: mov ebp,edx mov DWORD [16+esp],ebx mov ebx,ecx - je NEAR L$075cbc_decrypt + je NEAR L$077cbc_decrypt movaps xmm2,xmm7 cmp eax,16 - jb NEAR L$076cbc_enc_tail + jb NEAR L$078cbc_enc_tail sub eax,16 - jmp NEAR L$077cbc_enc_loop + jmp NEAR L$079cbc_enc_loop align 16 -L$077cbc_enc_loop: +L$079cbc_enc_loop: movups xmm7,[esi] lea esi,[16+esi] movups xmm0,[edx] @@ -1819,25 +1846,25 @@ L$077cbc_enc_loop: xorps xmm7,xmm0 lea edx,[32+edx] xorps xmm2,xmm7 -L$078enc1_loop_15: +L$080enc1_loop_15: db 102,15,56,220,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$078enc1_loop_15 + jnz NEAR L$080enc1_loop_15 db 102,15,56,221,209 mov ecx,ebx mov edx,ebp movups [edi],xmm2 lea edi,[16+edi] sub eax,16 - jnc NEAR L$077cbc_enc_loop + jnc NEAR L$079cbc_enc_loop add eax,16 - jnz NEAR L$076cbc_enc_tail + jnz NEAR L$078cbc_enc_tail movaps xmm7,xmm2 pxor xmm2,xmm2 - jmp NEAR L$079cbc_ret -L$076cbc_enc_tail: + jmp NEAR L$081cbc_ret +L$078cbc_enc_tail: mov ecx,eax dd 2767451785 mov ecx,16 @@ -1848,20 +1875,20 @@ dd 2868115081 mov ecx,ebx mov esi,edi mov edx,ebp - jmp NEAR L$077cbc_enc_loop + jmp NEAR L$079cbc_enc_loop align 16 -L$075cbc_decrypt: +L$077cbc_decrypt: cmp eax,80 - jbe NEAR L$080cbc_dec_tail + jbe NEAR L$082cbc_dec_tail movaps [esp],xmm7 sub eax,80 - jmp NEAR L$081cbc_dec_loop6_enter + jmp NEAR L$083cbc_dec_loop6_enter align 16 -L$082cbc_dec_loop6: +L$084cbc_dec_loop6: movaps [esp],xmm0 movups [edi],xmm7 lea edi,[16+edi] -L$081cbc_dec_loop6_enter: +L$083cbc_dec_loop6_enter: movdqu xmm2,[esi] movdqu xmm3,[16+esi] movdqu xmm4,[32+esi] @@ -1891,28 +1918,28 @@ L$081cbc_dec_loop6_enter: movups [64+edi],xmm6 lea edi,[80+edi] sub eax,96 - ja NEAR L$082cbc_dec_loop6 + ja NEAR L$084cbc_dec_loop6 movaps xmm2,xmm7 movaps xmm7,xmm0 add eax,80 - jle NEAR L$083cbc_dec_clear_tail_collected + jle NEAR L$085cbc_dec_clear_tail_collected movups [edi],xmm2 lea edi,[16+edi] -L$080cbc_dec_tail: +L$082cbc_dec_tail: movups xmm2,[esi] movaps xmm6,xmm2 cmp eax,16 - jbe NEAR L$084cbc_dec_one + jbe NEAR L$086cbc_dec_one movups xmm3,[16+esi] movaps xmm5,xmm3 cmp eax,32 - jbe NEAR L$085cbc_dec_two + jbe NEAR L$087cbc_dec_two movups xmm4,[32+esi] cmp eax,48 - jbe NEAR L$086cbc_dec_three + jbe NEAR L$088cbc_dec_three movups xmm5,[48+esi] cmp eax,64 - jbe NEAR L$087cbc_dec_four + jbe NEAR L$089cbc_dec_four movups xmm6,[64+esi] movaps [esp],xmm7 movups xmm2,[esi] @@ -1939,26 +1966,26 @@ L$080cbc_dec_tail: movaps xmm2,xmm6 pxor xmm6,xmm6 sub eax,80 - jmp NEAR L$088cbc_dec_tail_collected + jmp NEAR L$090cbc_dec_tail_collected align 16 -L$084cbc_dec_one: +L$086cbc_dec_one: movups xmm0,[edx] movups xmm1,[16+edx] lea edx,[32+edx] xorps xmm2,xmm0 -L$089dec1_loop_16: +L$091dec1_loop_16: db 102,15,56,222,209 dec ecx movups xmm1,[edx] lea edx,[16+edx] - jnz NEAR L$089dec1_loop_16 + jnz NEAR L$091dec1_loop_16 db 102,15,56,223,209 xorps xmm2,xmm7 movaps xmm7,xmm6 sub eax,16 - jmp NEAR L$088cbc_dec_tail_collected + jmp NEAR L$090cbc_dec_tail_collected align 16 -L$085cbc_dec_two: +L$087cbc_dec_two: call __aesni_decrypt2 xorps xmm2,xmm7 xorps xmm3,xmm6 @@ -1968,9 +1995,9 @@ L$085cbc_dec_two: lea edi,[16+edi] movaps xmm7,xmm5 sub eax,32 - jmp NEAR L$088cbc_dec_tail_collected + jmp NEAR L$090cbc_dec_tail_collected align 16 -L$086cbc_dec_three: +L$088cbc_dec_three: call __aesni_decrypt3 xorps xmm2,xmm7 xorps xmm3,xmm6 @@ -1983,9 +2010,9 @@ L$086cbc_dec_three: lea edi,[32+edi] movups xmm7,[32+esi] sub eax,48 - jmp NEAR L$088cbc_dec_tail_collected + jmp NEAR L$090cbc_dec_tail_collected align 16 -L$087cbc_dec_four: +L$089cbc_dec_four: call __aesni_decrypt4 movups xmm1,[16+esi] movups xmm0,[32+esi] @@ -2003,21 +2030,21 @@ L$087cbc_dec_four: movaps xmm2,xmm5 pxor xmm5,xmm5 sub eax,64 - jmp NEAR L$088cbc_dec_tail_collected + jmp NEAR L$090cbc_dec_tail_collected align 16 -L$083cbc_dec_clear_tail_collected: +L$085cbc_dec_clear_tail_collected: pxor xmm3,xmm3 pxor xmm4,xmm4 pxor xmm5,xmm5 pxor xmm6,xmm6 -L$088cbc_dec_tail_collected: +L$090cbc_dec_tail_collected: and eax,15 - jnz NEAR L$090cbc_dec_tail_partial + jnz NEAR L$092cbc_dec_tail_partial movups [edi],xmm2 pxor xmm0,xmm0 - jmp NEAR L$079cbc_ret + jmp NEAR L$081cbc_ret align 16 -L$090cbc_dec_tail_partial: +L$092cbc_dec_tail_partial: movaps [esp],xmm2 pxor xmm0,xmm0 mov ecx,16 @@ -2025,14 +2052,14 @@ L$090cbc_dec_tail_partial: sub ecx,eax dd 2767451785 movdqa [esp],xmm2 -L$079cbc_ret: +L$081cbc_ret: mov esp,DWORD [16+esp] mov ebp,DWORD [36+esp] pxor xmm2,xmm2 pxor xmm1,xmm1 movups [ebp],xmm7 pxor xmm7,xmm7 -L$074cbc_abort: +L$076cbc_abort: pop edi pop esi pop ebx @@ -2043,13 +2070,13 @@ __aesni_set_encrypt_key: push ebp push ebx test eax,eax - jz NEAR L$091bad_pointer + jz NEAR L$093bad_pointer test edx,edx - jz NEAR L$091bad_pointer - call L$092pic -L$092pic: + jz NEAR L$093bad_pointer + call L$094pic +L$094pic: pop ebx - lea ebx,[(L$key_const-L$092pic)+ebx] + lea ebx,[(L$key_const-L$094pic)+ebx] lea ebp,[_OPENSSL_ia32cap_P] movups xmm0,[eax] xorps xmm4,xmm4 @@ -2057,45 +2084,45 @@ L$092pic: lea edx,[16+edx] and ebp,268437504 cmp ecx,256 - je NEAR L$09314rounds + je NEAR L$09514rounds cmp ecx,192 - je NEAR L$09412rounds + je NEAR L$09612rounds cmp ecx,128 - jne NEAR L$095bad_keybits + jne NEAR L$097bad_keybits align 16 -L$09610rounds: +L$09810rounds: cmp ebp,268435456 - je NEAR L$09710rounds_alt + je NEAR L$09910rounds_alt mov ecx,9 movups [edx-16],xmm0 db 102,15,58,223,200,1 - call L$098key_128_cold + call L$100key_128_cold db 102,15,58,223,200,2 - call L$099key_128 + call L$101key_128 db 102,15,58,223,200,4 - call L$099key_128 + call L$101key_128 db 102,15,58,223,200,8 - call L$099key_128 + call L$101key_128 db 102,15,58,223,200,16 - call L$099key_128 + call L$101key_128 db 102,15,58,223,200,32 - call L$099key_128 + call L$101key_128 db 102,15,58,223,200,64 - call L$099key_128 + call L$101key_128 db 102,15,58,223,200,128 - call L$099key_128 + call L$101key_128 db 102,15,58,223,200,27 - call L$099key_128 + call L$101key_128 db 102,15,58,223,200,54 - call L$099key_128 + call L$101key_128 movups [edx],xmm0 mov DWORD [80+edx],ecx - jmp NEAR L$100good_key + jmp NEAR L$102good_key align 16 -L$099key_128: +L$101key_128: movups [edx],xmm0 lea edx,[16+edx] -L$098key_128_cold: +L$100key_128_cold: shufps xmm4,xmm0,16 xorps xmm0,xmm4 shufps xmm4,xmm0,140 @@ -2104,13 +2131,13 @@ L$098key_128_cold: xorps xmm0,xmm1 ret align 16 -L$09710rounds_alt: +L$09910rounds_alt: movdqa xmm5,[ebx] mov ecx,8 movdqa xmm4,[32+ebx] movdqa xmm2,xmm0 movdqu [edx-16],xmm0 -L$101loop_key128: +L$103loop_key128: db 102,15,56,0,197 db 102,15,56,221,196 pslld xmm4,1 @@ -2126,7 +2153,7 @@ db 102,15,56,221,196 movdqu [edx-16],xmm0 movdqa xmm2,xmm0 dec ecx - jnz NEAR L$101loop_key128 + jnz NEAR L$103loop_key128 movdqa xmm4,[48+ebx] db 102,15,56,0,197 db 102,15,56,221,196 @@ -2154,41 +2181,41 @@ db 102,15,56,221,196 movdqu [16+edx],xmm0 mov ecx,9 mov DWORD [96+edx],ecx - jmp NEAR L$100good_key + jmp NEAR L$102good_key align 16 -L$09412rounds: +L$09612rounds: movq xmm2,[16+eax] cmp ebp,268435456 - je NEAR L$10212rounds_alt + je NEAR L$10412rounds_alt mov ecx,11 movups [edx-16],xmm0 db 102,15,58,223,202,1 - call L$103key_192a_cold + call L$105key_192a_cold db 102,15,58,223,202,2 - call L$104key_192b + call L$106key_192b db 102,15,58,223,202,4 - call L$105key_192a + call L$107key_192a db 102,15,58,223,202,8 - call L$104key_192b + call L$106key_192b db 102,15,58,223,202,16 - call L$105key_192a + call L$107key_192a db 102,15,58,223,202,32 - call L$104key_192b + call L$106key_192b db 102,15,58,223,202,64 - call L$105key_192a + call L$107key_192a db 102,15,58,223,202,128 - call L$104key_192b + call L$106key_192b movups [edx],xmm0 mov DWORD [48+edx],ecx - jmp NEAR L$100good_key + jmp NEAR L$102good_key align 16 -L$105key_192a: +L$107key_192a: movups [edx],xmm0 lea edx,[16+edx] align 16 -L$103key_192a_cold: +L$105key_192a_cold: movaps xmm5,xmm2 -L$106key_192b_warm: +L$108key_192b_warm: shufps xmm4,xmm0,16 movdqa xmm3,xmm2 xorps xmm0,xmm4 @@ -2202,21 +2229,21 @@ L$106key_192b_warm: pxor xmm2,xmm3 ret align 16 -L$104key_192b: +L$106key_192b: movaps xmm3,xmm0 shufps xmm5,xmm0,68 movups [edx],xmm5 shufps xmm3,xmm2,78 movups [16+edx],xmm3 lea edx,[32+edx] - jmp NEAR L$106key_192b_warm + jmp NEAR L$108key_192b_warm align 16 -L$10212rounds_alt: +L$10412rounds_alt: movdqa xmm5,[16+ebx] movdqa xmm4,[32+ebx] mov ecx,8 movdqu [edx-16],xmm0 -L$107loop_key192: +L$109loop_key192: movq [edx],xmm2 movdqa xmm1,xmm2 db 102,15,56,0,213 @@ -2238,54 +2265,54 @@ db 102,15,56,221,212 pxor xmm2,xmm3 movdqu [edx-16],xmm0 dec ecx - jnz NEAR L$107loop_key192 + jnz NEAR L$109loop_key192 mov ecx,11 mov DWORD [32+edx],ecx - jmp NEAR L$100good_key + jmp NEAR L$102good_key align 16 -L$09314rounds: +L$09514rounds: movups xmm2,[16+eax] lea edx,[16+edx] cmp ebp,268435456 - je NEAR L$10814rounds_alt + je NEAR L$11014rounds_alt mov ecx,13 movups [edx-32],xmm0 movups [edx-16],xmm2 db 102,15,58,223,202,1 - call L$109key_256a_cold + call L$111key_256a_cold db 102,15,58,223,200,1 - call L$110key_256b + call L$112key_256b db 102,15,58,223,202,2 - call L$111key_256a + call L$113key_256a db 102,15,58,223,200,2 - call L$110key_256b + call L$112key_256b db 102,15,58,223,202,4 - call L$111key_256a + call L$113key_256a db 102,15,58,223,200,4 - call L$110key_256b + call L$112key_256b db 102,15,58,223,202,8 - call L$111key_256a + call L$113key_256a db 102,15,58,223,200,8 - call L$110key_256b + call L$112key_256b db 102,15,58,223,202,16 - call L$111key_256a + call L$113key_256a db 102,15,58,223,200,16 - call L$110key_256b + call L$112key_256b db 102,15,58,223,202,32 - call L$111key_256a + call L$113key_256a db 102,15,58,223,200,32 - call L$110key_256b + call L$112key_256b db 102,15,58,223,202,64 - call L$111key_256a + call L$113key_256a movups [edx],xmm0 mov DWORD [16+edx],ecx xor eax,eax - jmp NEAR L$100good_key + jmp NEAR L$102good_key align 16 -L$111key_256a: +L$113key_256a: movups [edx],xmm2 lea edx,[16+edx] -L$109key_256a_cold: +L$111key_256a_cold: shufps xmm4,xmm0,16 xorps xmm0,xmm4 shufps xmm4,xmm0,140 @@ -2294,7 +2321,7 @@ L$109key_256a_cold: xorps xmm0,xmm1 ret align 16 -L$110key_256b: +L$112key_256b: movups [edx],xmm0 lea edx,[16+edx] shufps xmm4,xmm2,16 @@ -2305,14 +2332,14 @@ L$110key_256b: xorps xmm2,xmm1 ret align 16 -L$10814rounds_alt: +L$11014rounds_alt: movdqa xmm5,[ebx] movdqa xmm4,[32+ebx] mov ecx,7 movdqu [edx-32],xmm0 movdqa xmm1,xmm2 movdqu [edx-16],xmm2 -L$112loop_key256: +L$114loop_key256: db 102,15,56,0,213 db 102,15,56,221,212 movdqa xmm3,xmm0 @@ -2326,7 +2353,7 @@ db 102,15,56,221,212 pxor xmm0,xmm2 movdqu [edx],xmm0 dec ecx - jz NEAR L$113done_key256 + jz NEAR L$115done_key256 pshufd xmm2,xmm0,255 pxor xmm3,xmm3 db 102,15,56,221,211 @@ -2341,11 +2368,11 @@ db 102,15,56,221,211 movdqu [16+edx],xmm2 lea edx,[32+edx] movdqa xmm1,xmm2 - jmp NEAR L$112loop_key256 -L$113done_key256: + jmp NEAR L$114loop_key256 +L$115done_key256: mov ecx,13 mov DWORD [16+edx],ecx -L$100good_key: +L$102good_key: pxor xmm0,xmm0 pxor xmm1,xmm1 pxor xmm2,xmm2 @@ -2357,13 +2384,13 @@ L$100good_key: pop ebp ret align 4 -L$091bad_pointer: +L$093bad_pointer: mov eax,-1 pop ebx pop ebp ret align 4 -L$095bad_keybits: +L$097bad_keybits: pxor xmm0,xmm0 mov eax,-2 pop ebx @@ -2373,6 +2400,18 @@ global _aes_hw_set_encrypt_key align 16 _aes_hw_set_encrypt_key: L$_aes_hw_set_encrypt_key_begin: +%ifndef NDEBUG + push ebx + push edx + call L$116pic +L$116pic: + pop ebx + lea ebx,[(_BORINGSSL_function_hit+3-L$116pic)+ebx] + mov edx,1 + mov BYTE [ebx],dl + pop edx + pop ebx +%endif mov eax,DWORD [4+esp] mov ecx,DWORD [8+esp] mov edx,DWORD [12+esp] @@ -2389,7 +2428,7 @@ L$_aes_hw_set_decrypt_key_begin: mov edx,DWORD [12+esp] shl ecx,4 test eax,eax - jnz NEAR L$114dec_key_ret + jnz NEAR L$117dec_key_ret lea eax,[16+ecx*1+edx] movups xmm0,[edx] movups xmm1,[eax] @@ -2397,7 +2436,7 @@ L$_aes_hw_set_decrypt_key_begin: movups [edx],xmm1 lea edx,[16+edx] lea eax,[eax-16] -L$115dec_key_inverse: +L$118dec_key_inverse: movups xmm0,[edx] movups xmm1,[eax] db 102,15,56,219,192 @@ -2407,14 +2446,14 @@ db 102,15,56,219,201 movups [16+eax],xmm0 movups [edx-16],xmm1 cmp eax,edx - ja NEAR L$115dec_key_inverse + ja NEAR L$118dec_key_inverse movups xmm0,[edx] db 102,15,56,219,192 movups [edx],xmm0 pxor xmm0,xmm0 pxor xmm1,xmm1 xor eax,eax -L$114dec_key_ret: +L$117dec_key_ret: ret align 64 L$key_const: diff --git a/win-x86/crypto/fipsmodule/vpaes-x86.asm b/win-x86/crypto/fipsmodule/vpaes-x86.asm index 5f1dce4..3201b8d 100644 --- a/win-x86/crypto/fipsmodule/vpaes-x86.asm +++ b/win-x86/crypto/fipsmodule/vpaes-x86.asm @@ -20,6 +20,9 @@ section .text code align=64 %else section .text code %endif +%ifndef NDEBUG +extern _BORINGSSL_function_hit +%endif align 64 L$_vpaes_consts: dd 218628480,235210255,168496130,67568393 @@ -471,6 +474,18 @@ L$_vpaes_set_encrypt_key_begin: push ebx push esi push edi +%ifndef NDEBUG + push ebx + push edx + call L$016pic +L$016pic: + pop ebx + lea ebx,[(_BORINGSSL_function_hit+5-L$016pic)+ebx] + mov edx,1 + mov BYTE [ebx],dl + pop edx + pop ebx +%endif mov esi,DWORD [20+esp] lea ebx,[esp-56] mov eax,DWORD [24+esp] @@ -484,9 +499,9 @@ L$_vpaes_set_encrypt_key_begin: mov DWORD [240+edx],ebx mov ecx,48 mov edi,0 - lea ebp,[(L$_vpaes_consts+0x30-L$016pic_point)] + lea ebp,[(L$_vpaes_consts+0x30-L$017pic_point)] call __vpaes_schedule_core -L$016pic_point: +L$017pic_point: mov esp,DWORD [48+esp] xor eax,eax pop edi @@ -520,9 +535,9 @@ L$_vpaes_set_decrypt_key_begin: shr ecx,1 and ecx,32 xor ecx,32 - lea ebp,[(L$_vpaes_consts+0x30-L$017pic_point)] + lea ebp,[(L$_vpaes_consts+0x30-L$018pic_point)] call __vpaes_schedule_core -L$017pic_point: +L$018pic_point: mov esp,DWORD [48+esp] xor eax,eax pop edi @@ -538,9 +553,21 @@ L$_vpaes_encrypt_begin: push ebx push esi push edi - lea ebp,[(L$_vpaes_consts+0x30-L$018pic_point)] +%ifndef NDEBUG + push ebx + push edx + call L$019pic +L$019pic: + pop ebx + lea ebx,[(_BORINGSSL_function_hit+4-L$019pic)+ebx] + mov edx,1 + mov BYTE [ebx],dl + pop edx + pop ebx +%endif + lea ebp,[(L$_vpaes_consts+0x30-L$020pic_point)] call __vpaes_preheat -L$018pic_point: +L$020pic_point: mov esi,DWORD [20+esp] lea ebx,[esp-56] mov edi,DWORD [24+esp] @@ -565,9 +592,9 @@ L$_vpaes_decrypt_begin: push ebx push esi push edi - lea ebp,[(L$_vpaes_consts+0x30-L$019pic_point)] + lea ebp,[(L$_vpaes_consts+0x30-L$021pic_point)] call __vpaes_preheat -L$019pic_point: +L$021pic_point: mov esi,DWORD [20+esp] lea ebx,[esp-56] mov edi,DWORD [24+esp] @@ -597,7 +624,7 @@ L$_vpaes_cbc_encrypt_begin: mov eax,DWORD [28+esp] mov edx,DWORD [32+esp] sub eax,16 - jc NEAR L$020cbc_abort + jc NEAR L$022cbc_abort lea ebx,[esp-56] mov ebp,DWORD [36+esp] and ebx,-16 @@ -610,14 +637,14 @@ L$_vpaes_cbc_encrypt_begin: mov DWORD [4+esp],edx mov DWORD [8+esp],ebp mov edi,eax - lea ebp,[(L$_vpaes_consts+0x30-L$021pic_point)] + lea ebp,[(L$_vpaes_consts+0x30-L$023pic_point)] call __vpaes_preheat -L$021pic_point: +L$023pic_point: cmp ecx,0 - je NEAR L$022cbc_dec_loop - jmp NEAR L$023cbc_enc_loop + je NEAR L$024cbc_dec_loop + jmp NEAR L$025cbc_enc_loop align 16 -L$023cbc_enc_loop: +L$025cbc_enc_loop: movdqu xmm0,[esi] pxor xmm0,xmm1 call __vpaes_encrypt_core @@ -627,10 +654,10 @@ L$023cbc_enc_loop: movdqu [esi*1+ebx],xmm0 lea esi,[16+esi] sub edi,16 - jnc NEAR L$023cbc_enc_loop - jmp NEAR L$024cbc_done + jnc NEAR L$025cbc_enc_loop + jmp NEAR L$026cbc_done align 16 -L$022cbc_dec_loop: +L$024cbc_dec_loop: movdqu xmm0,[esi] movdqa [16+esp],xmm1 movdqa [32+esp],xmm0 @@ -642,12 +669,12 @@ L$022cbc_dec_loop: movdqu [esi*1+ebx],xmm0 lea esi,[16+esi] sub edi,16 - jnc NEAR L$022cbc_dec_loop -L$024cbc_done: + jnc NEAR L$024cbc_dec_loop +L$026cbc_done: mov ebx,DWORD [8+esp] mov esp,DWORD [48+esp] movdqu [ebx],xmm1 -L$020cbc_abort: +L$022cbc_abort: pop edi pop esi pop ebx diff --git a/win-x86/crypto/test/trampoline-x86.asm b/win-x86/crypto/test/trampoline-x86.asm new file mode 100644 index 0000000..e5c7d3f --- /dev/null +++ b/win-x86/crypto/test/trampoline-x86.asm @@ -0,0 +1,164 @@ +; This file is generated from a similarly-named Perl script in the BoringSSL +; source tree. Do not edit by hand. + +%ifdef BORINGSSL_PREFIX +%include "boringssl_prefix_symbols_nasm.inc" +%endif +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +%ifdef __YASM_VERSION_ID__ +%if __YASM_VERSION_ID__ < 01010000h +%error yasm version 1.1.0 or later needed. +%endif +; Yasm automatically includes .00 and complains about redefining it. +; https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.html +%else +$@feat.00 equ 1 +%endif +section .text code align=64 +%else +section .text code +%endif +global _abi_test_trampoline +align 16 +_abi_test_trampoline: +L$_abi_test_trampoline_begin: + push ebp + push ebx + push esi + push edi + mov ecx,DWORD [24+esp] + mov esi,DWORD [ecx] + mov edi,DWORD [4+ecx] + mov ebx,DWORD [8+ecx] + mov ebp,DWORD [12+ecx] + sub esp,44 + mov eax,DWORD [72+esp] + xor ecx,ecx +L$000loop: + cmp ecx,DWORD [76+esp] + jae NEAR L$001loop_done + mov edx,DWORD [ecx*4+eax] + mov DWORD [ecx*4+esp],edx + add ecx,1 + jmp NEAR L$000loop +L$001loop_done: + call DWORD [64+esp] + add esp,44 + mov ecx,DWORD [24+esp] + mov DWORD [ecx],esi + mov DWORD [4+ecx],edi + mov DWORD [8+ecx],ebx + mov DWORD [12+ecx],ebp + pop edi + pop esi + pop ebx + pop ebp + ret +global _abi_test_get_and_clear_direction_flag +align 16 +_abi_test_get_and_clear_direction_flag: +L$_abi_test_get_and_clear_direction_flag_begin: + pushfd + pop eax + and eax,1024 + shr eax,10 + cld + ret +global _abi_test_set_direction_flag +align 16 +_abi_test_set_direction_flag: +L$_abi_test_set_direction_flag_begin: + std + ret +global _abi_test_clobber_eax +align 16 +_abi_test_clobber_eax: +L$_abi_test_clobber_eax_begin: + xor eax,eax + ret +global _abi_test_clobber_ebx +align 16 +_abi_test_clobber_ebx: +L$_abi_test_clobber_ebx_begin: + xor ebx,ebx + ret +global _abi_test_clobber_ecx +align 16 +_abi_test_clobber_ecx: +L$_abi_test_clobber_ecx_begin: + xor ecx,ecx + ret +global _abi_test_clobber_edx +align 16 +_abi_test_clobber_edx: +L$_abi_test_clobber_edx_begin: + xor edx,edx + ret +global _abi_test_clobber_edi +align 16 +_abi_test_clobber_edi: +L$_abi_test_clobber_edi_begin: + xor edi,edi + ret +global _abi_test_clobber_esi +align 16 +_abi_test_clobber_esi: +L$_abi_test_clobber_esi_begin: + xor esi,esi + ret +global _abi_test_clobber_ebp +align 16 +_abi_test_clobber_ebp: +L$_abi_test_clobber_ebp_begin: + xor ebp,ebp + ret +global _abi_test_clobber_xmm0 +align 16 +_abi_test_clobber_xmm0: +L$_abi_test_clobber_xmm0_begin: + pxor xmm0,xmm0 + ret +global _abi_test_clobber_xmm1 +align 16 +_abi_test_clobber_xmm1: +L$_abi_test_clobber_xmm1_begin: + pxor xmm1,xmm1 + ret +global _abi_test_clobber_xmm2 +align 16 +_abi_test_clobber_xmm2: +L$_abi_test_clobber_xmm2_begin: + pxor xmm2,xmm2 + ret +global _abi_test_clobber_xmm3 +align 16 +_abi_test_clobber_xmm3: +L$_abi_test_clobber_xmm3_begin: + pxor xmm3,xmm3 + ret +global _abi_test_clobber_xmm4 +align 16 +_abi_test_clobber_xmm4: +L$_abi_test_clobber_xmm4_begin: + pxor xmm4,xmm4 + ret +global _abi_test_clobber_xmm5 +align 16 +_abi_test_clobber_xmm5: +L$_abi_test_clobber_xmm5_begin: + pxor xmm5,xmm5 + ret +global _abi_test_clobber_xmm6 +align 16 +_abi_test_clobber_xmm6: +L$_abi_test_clobber_xmm6_begin: + pxor xmm6,xmm6 + ret +global _abi_test_clobber_xmm7 +align 16 +_abi_test_clobber_xmm7: +L$_abi_test_clobber_xmm7_begin: + pxor xmm7,xmm7 + ret diff --git a/win-x86_64/crypto/chacha/chacha-x86_64.asm b/win-x86_64/crypto/chacha/chacha-x86_64.asm index d79ac32..a3c2938 100644 --- a/win-x86_64/crypto/chacha/chacha-x86_64.asm +++ b/win-x86_64/crypto/chacha/chacha-x86_64.asm @@ -62,6 +62,7 @@ $L$SEH_begin_ChaCha20_ctr32: mov r8,QWORD[40+rsp] + cmp rdx,0 je NEAR $L$no_data mov r10,QWORD[((OPENSSL_ia32cap_P+4))] @@ -69,12 +70,19 @@ $L$SEH_begin_ChaCha20_ctr32: jnz NEAR $L$ChaCha20_ssse3 push rbx + push rbp + push r12 + push r13 + push r14 + push r15 + sub rsp,64+24 + $L$ctr32_body: @@ -315,16 +323,24 @@ $L$oop_tail: $L$done: lea rsi,[((64+24+48))+rsp] mov r15,QWORD[((-48))+rsi] + mov r14,QWORD[((-40))+rsi] + mov r13,QWORD[((-32))+rsi] + mov r12,QWORD[((-24))+rsi] + mov rbp,QWORD[((-16))+rsi] + mov rbx,QWORD[((-8))+rsi] + lea rsp,[rsi] + $L$no_data: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_ChaCha20_ctr32: ALIGN 32 @@ -341,7 +357,9 @@ $L$SEH_begin_ChaCha20_ssse3: $L$ChaCha20_ssse3: + mov r9,rsp + cmp rdx,128 ja NEAR $L$ChaCha20_4x @@ -472,10 +490,12 @@ $L$done_ssse3: movaps xmm6,XMMWORD[((-40))+r9] movaps xmm7,XMMWORD[((-24))+r9] lea rsp,[r9] + $L$ssse3_epilogue: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_ChaCha20_ssse3: ALIGN 32 @@ -492,7 +512,9 @@ $L$SEH_begin_ChaCha20_4x: $L$ChaCha20_4x: + mov r9,rsp + mov r11,r10 shr r10,32 test r10,32 @@ -1054,10 +1076,12 @@ $L$done4x: movaps xmm14,XMMWORD[((-40))+r9] movaps xmm15,XMMWORD[((-24))+r9] lea rsp,[r9] + $L$4x_epilogue: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_ChaCha20_4x: ALIGN 32 @@ -1074,7 +1098,9 @@ $L$SEH_begin_ChaCha20_8x: $L$ChaCha20_8x: + mov r9,rsp + sub rsp,0x280+168 and rsp,-32 movaps XMMWORD[(-168)+r9],xmm6 @@ -1690,10 +1716,12 @@ $L$done8x: movaps xmm14,XMMWORD[((-40))+r9] movaps xmm15,XMMWORD[((-24))+r9] lea rsp,[r9] + $L$8x_epilogue: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_ChaCha20_8x: EXTERN __imp_RtlVirtualUnwind diff --git a/win-x86_64/crypto/fipsmodule/aes-x86_64.asm b/win-x86_64/crypto/fipsmodule/aes-x86_64.asm index d714d5c..329185e 100644 --- a/win-x86_64/crypto/fipsmodule/aes-x86_64.asm +++ b/win-x86_64/crypto/fipsmodule/aes-x86_64.asm @@ -167,6 +167,7 @@ DB 0xf3,0xc3 ALIGN 16 _x86_64_AES_encrypt_compact: + lea r8,[128+r14] mov edi,DWORD[((0-128))+r8] mov ebp,DWORD[((32-128))+r8] @@ -337,6 +338,7 @@ $L$enc_compact_done: xor edx,DWORD[12+r15] DB 0xf3,0xc3 + ALIGN 16 global aes_nohw_encrypt @@ -589,6 +591,7 @@ DB 0xf3,0xc3 ALIGN 16 _x86_64_AES_decrypt_compact: + lea r8,[128+r14] mov edi,DWORD[((0-128))+r8] mov ebp,DWORD[((32-128))+r8] @@ -811,6 +814,7 @@ $L$dec_compact_done: xor edx,DWORD[12+r15] DB 0xf3,0xc3 + ALIGN 16 global aes_nohw_decrypt @@ -955,6 +959,7 @@ $L$SEH_end_aes_nohw_set_encrypt_key: ALIGN 16 _x86_64_AES_set_encrypt_key: + mov ecx,esi mov rsi,rdi mov rdi,rdx @@ -1191,6 +1196,7 @@ $L$badpointer: $L$exit: DB 0xf3,0xc3 + ALIGN 16 global aes_nohw_set_decrypt_key @@ -1428,6 +1434,8 @@ $L$SEH_begin_aes_nohw_cbc_encrypt: je NEAR $L$cbc_epilogue pushfq + + push rbx push rbp @@ -1450,6 +1458,7 @@ $L$cbc_prologue: cmp r9,0 cmove r14,r10 + lea r10,[OPENSSL_ia32cap_P] mov r10d,DWORD[r10] cmp rdx,512 @@ -1687,6 +1696,7 @@ $L$cbc_fast_cleanup: ALIGN 16 $L$cbc_slow_prologue: + lea rbp,[((-88))+rsp] and rbp,-64 @@ -1698,7 +1708,9 @@ $L$cbc_slow_prologue: xchg rbp,rsp + mov QWORD[16+rsp],rbp + $L$cbc_slow_body: @@ -1888,6 +1900,8 @@ $L$cbc_exit: $L$cbc_popfq: popfq + + $L$cbc_epilogue: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] diff --git a/win-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.asm b/win-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.asm index bb715a1..b512516 100644 --- a/win-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.asm +++ b/win-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.asm @@ -601,6 +601,12 @@ $L$SEH_begin_aesni_gcm_encrypt: +%ifndef NDEBUG +%ifndef BORINGSSL_FIPS +EXTERN BORINGSSL_function_hit + mov BYTE[((BORINGSSL_function_hit+2))],1 +%endif +%endif xor r10,r10 diff --git a/win-x86_64/crypto/fipsmodule/aesni-x86_64.asm b/win-x86_64/crypto/fipsmodule/aesni-x86_64.asm index 1b56679..874596d 100644 --- a/win-x86_64/crypto/fipsmodule/aesni-x86_64.asm +++ b/win-x86_64/crypto/fipsmodule/aesni-x86_64.asm @@ -16,6 +16,13 @@ global aes_hw_encrypt ALIGN 16 aes_hw_encrypt: + +%ifndef NDEBUG +%ifndef BORINGSSL_FIPS +EXTERN BORINGSSL_function_hit + mov BYTE[((BORINGSSL_function_hit+1))],1 +%endif +%endif movups xmm2,XMMWORD[rcx] mov eax,DWORD[240+r8] movups xmm0,XMMWORD[r8] @@ -36,10 +43,12 @@ DB 102,15,56,221,209 DB 0F3h,0C3h ;repret + global aes_hw_decrypt ALIGN 16 aes_hw_decrypt: + movups xmm2,XMMWORD[rcx] mov eax,DWORD[240+r8] movups xmm0,XMMWORD[r8] @@ -60,8 +69,10 @@ DB 102,15,56,223,209 DB 0F3h,0C3h ;repret + ALIGN 16 _aesni_encrypt2: + movups xmm0,XMMWORD[rcx] shl eax,4 movups xmm1,XMMWORD[16+rcx] @@ -89,8 +100,10 @@ DB 102,15,56,221,216 DB 0F3h,0C3h ;repret + ALIGN 16 _aesni_decrypt2: + movups xmm0,XMMWORD[rcx] shl eax,4 movups xmm1,XMMWORD[16+rcx] @@ -118,8 +131,10 @@ DB 102,15,56,223,216 DB 0F3h,0C3h ;repret + ALIGN 16 _aesni_encrypt3: + movups xmm0,XMMWORD[rcx] shl eax,4 movups xmm1,XMMWORD[16+rcx] @@ -152,8 +167,10 @@ DB 102,15,56,221,224 DB 0F3h,0C3h ;repret + ALIGN 16 _aesni_decrypt3: + movups xmm0,XMMWORD[rcx] shl eax,4 movups xmm1,XMMWORD[16+rcx] @@ -186,8 +203,10 @@ DB 102,15,56,223,224 DB 0F3h,0C3h ;repret + ALIGN 16 _aesni_encrypt4: + movups xmm0,XMMWORD[rcx] shl eax,4 movups xmm1,XMMWORD[16+rcx] @@ -226,8 +245,10 @@ DB 102,15,56,221,232 DB 0F3h,0C3h ;repret + ALIGN 16 _aesni_decrypt4: + movups xmm0,XMMWORD[rcx] shl eax,4 movups xmm1,XMMWORD[16+rcx] @@ -266,8 +287,10 @@ DB 102,15,56,223,232 DB 0F3h,0C3h ;repret + ALIGN 16 _aesni_encrypt6: + movups xmm0,XMMWORD[rcx] shl eax,4 movups xmm1,XMMWORD[16+rcx] @@ -320,8 +343,10 @@ DB 102,15,56,221,248 DB 0F3h,0C3h ;repret + ALIGN 16 _aesni_decrypt6: + movups xmm0,XMMWORD[rcx] shl eax,4 movups xmm1,XMMWORD[16+rcx] @@ -374,8 +399,10 @@ DB 102,15,56,223,248 DB 0F3h,0C3h ;repret + ALIGN 16 _aesni_encrypt8: + movups xmm0,XMMWORD[rcx] shl eax,4 movups xmm1,XMMWORD[16+rcx] @@ -438,8 +465,10 @@ DB 102,68,15,56,221,200 DB 0F3h,0C3h ;repret + ALIGN 16 _aesni_decrypt8: + movups xmm0,XMMWORD[rcx] shl eax,4 movups xmm1,XMMWORD[16+rcx] @@ -501,6 +530,7 @@ DB 102,68,15,56,223,192 DB 102,68,15,56,223,200 DB 0F3h,0C3h ;repret + global aes_hw_ecb_encrypt ALIGN 16 @@ -516,6 +546,7 @@ $L$SEH_begin_aes_hw_ecb_encrypt: mov r8,QWORD[40+rsp] + lea rsp,[((-88))+rsp] movaps XMMWORD[rsp],xmm6 movaps XMMWORD[16+rsp],xmm7 @@ -871,227 +902,8 @@ $L$ecb_enc_ret: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_aes_hw_ecb_encrypt: -global aes_hw_ccm64_encrypt_blocks - -ALIGN 16 -aes_hw_ccm64_encrypt_blocks: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_aes_hw_ccm64_encrypt_blocks: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - mov r8,QWORD[40+rsp] - mov r9,QWORD[48+rsp] - - - lea rsp,[((-88))+rsp] - movaps XMMWORD[rsp],xmm6 - movaps XMMWORD[16+rsp],xmm7 - movaps XMMWORD[32+rsp],xmm8 - movaps XMMWORD[48+rsp],xmm9 -$L$ccm64_enc_body: - mov eax,DWORD[240+rcx] - movdqu xmm6,XMMWORD[r8] - movdqa xmm9,XMMWORD[$L$increment64] - movdqa xmm7,XMMWORD[$L$bswap_mask] - - shl eax,4 - mov r10d,16 - lea r11,[rcx] - movdqu xmm3,XMMWORD[r9] - movdqa xmm2,xmm6 - lea rcx,[32+rax*1+rcx] -DB 102,15,56,0,247 - sub r10,rax - jmp NEAR $L$ccm64_enc_outer -ALIGN 16 -$L$ccm64_enc_outer: - movups xmm0,XMMWORD[r11] - mov rax,r10 - movups xmm8,XMMWORD[rdi] - - xorps xmm2,xmm0 - movups xmm1,XMMWORD[16+r11] - xorps xmm0,xmm8 - xorps xmm3,xmm0 - movups xmm0,XMMWORD[32+r11] - -$L$ccm64_enc2_loop: -DB 102,15,56,220,209 -DB 102,15,56,220,217 - movups xmm1,XMMWORD[rax*1+rcx] - add rax,32 -DB 102,15,56,220,208 -DB 102,15,56,220,216 - movups xmm0,XMMWORD[((-16))+rax*1+rcx] - jnz NEAR $L$ccm64_enc2_loop -DB 102,15,56,220,209 -DB 102,15,56,220,217 - paddq xmm6,xmm9 - dec rdx -DB 102,15,56,221,208 -DB 102,15,56,221,216 - - lea rdi,[16+rdi] - xorps xmm8,xmm2 - movdqa xmm2,xmm6 - movups XMMWORD[rsi],xmm8 -DB 102,15,56,0,215 - lea rsi,[16+rsi] - jnz NEAR $L$ccm64_enc_outer - - pxor xmm0,xmm0 - pxor xmm1,xmm1 - pxor xmm2,xmm2 - movups XMMWORD[r9],xmm3 - pxor xmm3,xmm3 - pxor xmm8,xmm8 - pxor xmm6,xmm6 - movaps xmm6,XMMWORD[rsp] - movaps XMMWORD[rsp],xmm0 - movaps xmm7,XMMWORD[16+rsp] - movaps XMMWORD[16+rsp],xmm0 - movaps xmm8,XMMWORD[32+rsp] - movaps XMMWORD[32+rsp],xmm0 - movaps xmm9,XMMWORD[48+rsp] - movaps XMMWORD[48+rsp],xmm0 - lea rsp,[88+rsp] -$L$ccm64_enc_ret: - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret -$L$SEH_end_aes_hw_ccm64_encrypt_blocks: -global aes_hw_ccm64_decrypt_blocks - -ALIGN 16 -aes_hw_ccm64_decrypt_blocks: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_aes_hw_ccm64_decrypt_blocks: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - mov r8,QWORD[40+rsp] - mov r9,QWORD[48+rsp] - - - lea rsp,[((-88))+rsp] - movaps XMMWORD[rsp],xmm6 - movaps XMMWORD[16+rsp],xmm7 - movaps XMMWORD[32+rsp],xmm8 - movaps XMMWORD[48+rsp],xmm9 -$L$ccm64_dec_body: - mov eax,DWORD[240+rcx] - movups xmm6,XMMWORD[r8] - movdqu xmm3,XMMWORD[r9] - movdqa xmm9,XMMWORD[$L$increment64] - movdqa xmm7,XMMWORD[$L$bswap_mask] - - movaps xmm2,xmm6 - mov r10d,eax - mov r11,rcx -DB 102,15,56,0,247 - movups xmm0,XMMWORD[rcx] - movups xmm1,XMMWORD[16+rcx] - lea rcx,[32+rcx] - xorps xmm2,xmm0 -$L$oop_enc1_5: -DB 102,15,56,220,209 - dec eax - movups xmm1,XMMWORD[rcx] - lea rcx,[16+rcx] - jnz NEAR $L$oop_enc1_5 -DB 102,15,56,221,209 - shl r10d,4 - mov eax,16 - movups xmm8,XMMWORD[rdi] - paddq xmm6,xmm9 - lea rdi,[16+rdi] - sub rax,r10 - lea rcx,[32+r10*1+r11] - mov r10,rax - jmp NEAR $L$ccm64_dec_outer -ALIGN 16 -$L$ccm64_dec_outer: - xorps xmm8,xmm2 - movdqa xmm2,xmm6 - movups XMMWORD[rsi],xmm8 - lea rsi,[16+rsi] -DB 102,15,56,0,215 - - sub rdx,1 - jz NEAR $L$ccm64_dec_break - - movups xmm0,XMMWORD[r11] - mov rax,r10 - movups xmm1,XMMWORD[16+r11] - xorps xmm8,xmm0 - xorps xmm2,xmm0 - xorps xmm3,xmm8 - movups xmm0,XMMWORD[32+r11] - jmp NEAR $L$ccm64_dec2_loop -ALIGN 16 -$L$ccm64_dec2_loop: -DB 102,15,56,220,209 -DB 102,15,56,220,217 - movups xmm1,XMMWORD[rax*1+rcx] - add rax,32 -DB 102,15,56,220,208 -DB 102,15,56,220,216 - movups xmm0,XMMWORD[((-16))+rax*1+rcx] - jnz NEAR $L$ccm64_dec2_loop - movups xmm8,XMMWORD[rdi] - paddq xmm6,xmm9 -DB 102,15,56,220,209 -DB 102,15,56,220,217 -DB 102,15,56,221,208 -DB 102,15,56,221,216 - lea rdi,[16+rdi] - jmp NEAR $L$ccm64_dec_outer -ALIGN 16 -$L$ccm64_dec_break: - - mov eax,DWORD[240+r11] - movups xmm0,XMMWORD[r11] - movups xmm1,XMMWORD[16+r11] - xorps xmm8,xmm0 - lea r11,[32+r11] - xorps xmm3,xmm8 -$L$oop_enc1_6: -DB 102,15,56,220,217 - dec eax - movups xmm1,XMMWORD[r11] - lea r11,[16+r11] - jnz NEAR $L$oop_enc1_6 -DB 102,15,56,221,217 - pxor xmm0,xmm0 - pxor xmm1,xmm1 - pxor xmm2,xmm2 - movups XMMWORD[r9],xmm3 - pxor xmm3,xmm3 - pxor xmm8,xmm8 - pxor xmm6,xmm6 - movaps xmm6,XMMWORD[rsp] - movaps XMMWORD[rsp],xmm0 - movaps xmm7,XMMWORD[16+rsp] - movaps XMMWORD[16+rsp],xmm0 - movaps xmm8,XMMWORD[32+rsp] - movaps XMMWORD[32+rsp],xmm0 - movaps xmm9,XMMWORD[48+rsp] - movaps XMMWORD[48+rsp],xmm0 - lea rsp,[88+rsp] -$L$ccm64_dec_ret: - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret -$L$SEH_end_aes_hw_ccm64_decrypt_blocks: +$L$SEH_end_aes_hw_ecb_encrypt: global aes_hw_ctr32_encrypt_blocks ALIGN 16 @@ -1108,6 +920,11 @@ $L$SEH_begin_aes_hw_ctr32_encrypt_blocks: +%ifndef NDEBUG +%ifndef BORINGSSL_FIPS + mov BYTE[BORINGSSL_function_hit],1 +%endif +%endif cmp rdx,1 jne NEAR $L$ctr32_bulk @@ -1120,12 +937,12 @@ $L$SEH_begin_aes_hw_ctr32_encrypt_blocks: movups xmm1,XMMWORD[16+rcx] lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_enc1_7: +$L$oop_enc1_5: DB 102,15,56,220,209 dec edx movups xmm1,XMMWORD[rcx] lea rcx,[16+rcx] - jnz NEAR $L$oop_enc1_7 + jnz NEAR $L$oop_enc1_5 DB 102,15,56,221,209 pxor xmm0,xmm0 pxor xmm1,xmm1 @@ -1705,14 +1522,14 @@ $L$ctr32_epilogue: DB 0F3h,0C3h ;repret $L$SEH_end_aes_hw_ctr32_encrypt_blocks: -global aes_hw_xts_encrypt +global aes_hw_cbc_encrypt ALIGN 16 -aes_hw_xts_encrypt: +aes_hw_cbc_encrypt: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_aes_hw_xts_encrypt: +$L$SEH_begin_aes_hw_cbc_encrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -1722,2012 +1539,51 @@ $L$SEH_begin_aes_hw_xts_encrypt: - lea r11,[rsp] - - push rbp + test rdx,rdx + jz NEAR $L$cbc_ret - sub rsp,272 - and rsp,-16 - movaps XMMWORD[(-168)+r11],xmm6 - movaps XMMWORD[(-152)+r11],xmm7 - movaps XMMWORD[(-136)+r11],xmm8 - movaps XMMWORD[(-120)+r11],xmm9 - movaps XMMWORD[(-104)+r11],xmm10 - movaps XMMWORD[(-88)+r11],xmm11 - movaps XMMWORD[(-72)+r11],xmm12 - movaps XMMWORD[(-56)+r11],xmm13 - movaps XMMWORD[(-40)+r11],xmm14 - movaps XMMWORD[(-24)+r11],xmm15 -$L$xts_enc_body: - movups xmm2,XMMWORD[r9] - mov eax,DWORD[240+r8] mov r10d,DWORD[240+rcx] - movups xmm0,XMMWORD[r8] - movups xmm1,XMMWORD[16+r8] - lea r8,[32+r8] - xorps xmm2,xmm0 -$L$oop_enc1_8: + mov r11,rcx + test r9d,r9d + jz NEAR $L$cbc_decrypt + + movups xmm2,XMMWORD[r8] + mov eax,r10d + cmp rdx,16 + jb NEAR $L$cbc_enc_tail + sub rdx,16 + jmp NEAR $L$cbc_enc_loop +ALIGN 16 +$L$cbc_enc_loop: + movups xmm3,XMMWORD[rdi] + lea rdi,[16+rdi] + + movups xmm0,XMMWORD[rcx] + movups xmm1,XMMWORD[16+rcx] + xorps xmm3,xmm0 + lea rcx,[32+rcx] + xorps xmm2,xmm3 +$L$oop_enc1_6: DB 102,15,56,220,209 dec eax - movups xmm1,XMMWORD[r8] - lea r8,[16+r8] - jnz NEAR $L$oop_enc1_8 + movups xmm1,XMMWORD[rcx] + lea rcx,[16+rcx] + jnz NEAR $L$oop_enc1_6 DB 102,15,56,221,209 - movups xmm0,XMMWORD[rcx] - mov rbp,rcx mov eax,r10d - shl r10d,4 - mov r9,rdx - and rdx,-16 - - movups xmm1,XMMWORD[16+r10*1+rcx] - - movdqa xmm8,XMMWORD[$L$xts_magic] - movdqa xmm15,xmm2 - pshufd xmm9,xmm2,0x5f - pxor xmm1,xmm0 - movdqa xmm14,xmm9 - paddd xmm9,xmm9 - movdqa xmm10,xmm15 - psrad xmm14,31 - paddq xmm15,xmm15 - pand xmm14,xmm8 - pxor xmm10,xmm0 - pxor xmm15,xmm14 - movdqa xmm14,xmm9 - paddd xmm9,xmm9 - movdqa xmm11,xmm15 - psrad xmm14,31 - paddq xmm15,xmm15 - pand xmm14,xmm8 - pxor xmm11,xmm0 - pxor xmm15,xmm14 - movdqa xmm14,xmm9 - paddd xmm9,xmm9 - movdqa xmm12,xmm15 - psrad xmm14,31 - paddq xmm15,xmm15 - pand xmm14,xmm8 - pxor xmm12,xmm0 - pxor xmm15,xmm14 - movdqa xmm14,xmm9 - paddd xmm9,xmm9 - movdqa xmm13,xmm15 - psrad xmm14,31 - paddq xmm15,xmm15 - pand xmm14,xmm8 - pxor xmm13,xmm0 - pxor xmm15,xmm14 - movdqa xmm14,xmm15 - psrad xmm9,31 - paddq xmm15,xmm15 - pand xmm9,xmm8 - pxor xmm14,xmm0 - pxor xmm15,xmm9 - movaps XMMWORD[96+rsp],xmm1 - - sub rdx,16*6 - jc NEAR $L$xts_enc_short - - mov eax,16+96 - lea rcx,[32+r10*1+rbp] - sub rax,r10 - movups xmm1,XMMWORD[16+rbp] - mov r10,rax - lea r8,[$L$xts_magic] - jmp NEAR $L$xts_enc_grandloop - -ALIGN 32 -$L$xts_enc_grandloop: - movdqu xmm2,XMMWORD[rdi] - movdqa xmm8,xmm0 - movdqu xmm3,XMMWORD[16+rdi] - pxor xmm2,xmm10 - movdqu xmm4,XMMWORD[32+rdi] - pxor xmm3,xmm11 -DB 102,15,56,220,209 - movdqu xmm5,XMMWORD[48+rdi] - pxor xmm4,xmm12 -DB 102,15,56,220,217 - movdqu xmm6,XMMWORD[64+rdi] - pxor xmm5,xmm13 -DB 102,15,56,220,225 - movdqu xmm7,XMMWORD[80+rdi] - pxor xmm8,xmm15 - movdqa xmm9,XMMWORD[96+rsp] - pxor xmm6,xmm14 -DB 102,15,56,220,233 - movups xmm0,XMMWORD[32+rbp] - lea rdi,[96+rdi] - pxor xmm7,xmm8 - - pxor xmm10,xmm9 -DB 102,15,56,220,241 - pxor xmm11,xmm9 - movdqa XMMWORD[rsp],xmm10 -DB 102,15,56,220,249 - movups xmm1,XMMWORD[48+rbp] - pxor xmm12,xmm9 - -DB 102,15,56,220,208 - pxor xmm13,xmm9 - movdqa XMMWORD[16+rsp],xmm11 -DB 102,15,56,220,216 - pxor xmm14,xmm9 - movdqa XMMWORD[32+rsp],xmm12 -DB 102,15,56,220,224 -DB 102,15,56,220,232 - pxor xmm8,xmm9 - movdqa XMMWORD[64+rsp],xmm14 -DB 102,15,56,220,240 -DB 102,15,56,220,248 - movups xmm0,XMMWORD[64+rbp] - movdqa XMMWORD[80+rsp],xmm8 - pshufd xmm9,xmm15,0x5f - jmp NEAR $L$xts_enc_loop6 -ALIGN 32 -$L$xts_enc_loop6: -DB 102,15,56,220,209 -DB 102,15,56,220,217 -DB 102,15,56,220,225 -DB 102,15,56,220,233 -DB 102,15,56,220,241 -DB 102,15,56,220,249 - movups xmm1,XMMWORD[((-64))+rax*1+rcx] - add rax,32 - -DB 102,15,56,220,208 -DB 102,15,56,220,216 -DB 102,15,56,220,224 -DB 102,15,56,220,232 -DB 102,15,56,220,240 -DB 102,15,56,220,248 - movups xmm0,XMMWORD[((-80))+rax*1+rcx] - jnz NEAR $L$xts_enc_loop6 - - movdqa xmm8,XMMWORD[r8] - movdqa xmm14,xmm9 - paddd xmm9,xmm9 -DB 102,15,56,220,209 - paddq xmm15,xmm15 - psrad xmm14,31 -DB 102,15,56,220,217 - pand xmm14,xmm8 - movups xmm10,XMMWORD[rbp] -DB 102,15,56,220,225 -DB 102,15,56,220,233 -DB 102,15,56,220,241 - pxor xmm15,xmm14 - movaps xmm11,xmm10 -DB 102,15,56,220,249 - movups xmm1,XMMWORD[((-64))+rcx] - - movdqa xmm14,xmm9 -DB 102,15,56,220,208 - paddd xmm9,xmm9 - pxor xmm10,xmm15 -DB 102,15,56,220,216 - psrad xmm14,31 - paddq xmm15,xmm15 -DB 102,15,56,220,224 -DB 102,15,56,220,232 - pand xmm14,xmm8 - movaps xmm12,xmm11 -DB 102,15,56,220,240 - pxor xmm15,xmm14 - movdqa xmm14,xmm9 -DB 102,15,56,220,248 - movups xmm0,XMMWORD[((-48))+rcx] - - paddd xmm9,xmm9 -DB 102,15,56,220,209 - pxor xmm11,xmm15 - psrad xmm14,31 -DB 102,15,56,220,217 - paddq xmm15,xmm15 - pand xmm14,xmm8 -DB 102,15,56,220,225 -DB 102,15,56,220,233 - movdqa XMMWORD[48+rsp],xmm13 - pxor xmm15,xmm14 -DB 102,15,56,220,241 - movaps xmm13,xmm12 - movdqa xmm14,xmm9 -DB 102,15,56,220,249 - movups xmm1,XMMWORD[((-32))+rcx] - - paddd xmm9,xmm9 -DB 102,15,56,220,208 - pxor xmm12,xmm15 - psrad xmm14,31 -DB 102,15,56,220,216 - paddq xmm15,xmm15 - pand xmm14,xmm8 -DB 102,15,56,220,224 -DB 102,15,56,220,232 -DB 102,15,56,220,240 - pxor xmm15,xmm14 - movaps xmm14,xmm13 -DB 102,15,56,220,248 - - movdqa xmm0,xmm9 - paddd xmm9,xmm9 -DB 102,15,56,220,209 - pxor xmm13,xmm15 - psrad xmm0,31 -DB 102,15,56,220,217 - paddq xmm15,xmm15 - pand xmm0,xmm8 -DB 102,15,56,220,225 -DB 102,15,56,220,233 - pxor xmm15,xmm0 - movups xmm0,XMMWORD[rbp] -DB 102,15,56,220,241 -DB 102,15,56,220,249 - movups xmm1,XMMWORD[16+rbp] - - pxor xmm14,xmm15 -DB 102,15,56,221,84,36,0 - psrad xmm9,31 - paddq xmm15,xmm15 -DB 102,15,56,221,92,36,16 -DB 102,15,56,221,100,36,32 - pand xmm9,xmm8 - mov rax,r10 -DB 102,15,56,221,108,36,48 -DB 102,15,56,221,116,36,64 -DB 102,15,56,221,124,36,80 - pxor xmm15,xmm9 - - lea rsi,[96+rsi] - movups XMMWORD[(-96)+rsi],xmm2 - movups XMMWORD[(-80)+rsi],xmm3 - movups XMMWORD[(-64)+rsi],xmm4 - movups XMMWORD[(-48)+rsi],xmm5 - movups XMMWORD[(-32)+rsi],xmm6 - movups XMMWORD[(-16)+rsi],xmm7 - sub rdx,16*6 - jnc NEAR $L$xts_enc_grandloop - - mov eax,16+96 - sub eax,r10d - mov rcx,rbp - shr eax,4 - -$L$xts_enc_short: - - mov r10d,eax - pxor xmm10,xmm0 - add rdx,16*6 - jz NEAR $L$xts_enc_done - - pxor xmm11,xmm0 - cmp rdx,0x20 - jb NEAR $L$xts_enc_one - pxor xmm12,xmm0 - je NEAR $L$xts_enc_two - - pxor xmm13,xmm0 - cmp rdx,0x40 - jb NEAR $L$xts_enc_three - pxor xmm14,xmm0 - je NEAR $L$xts_enc_four - - movdqu xmm2,XMMWORD[rdi] - movdqu xmm3,XMMWORD[16+rdi] - movdqu xmm4,XMMWORD[32+rdi] - pxor xmm2,xmm10 - movdqu xmm5,XMMWORD[48+rdi] - pxor xmm3,xmm11 - movdqu xmm6,XMMWORD[64+rdi] - lea rdi,[80+rdi] - pxor xmm4,xmm12 - pxor xmm5,xmm13 - pxor xmm6,xmm14 - pxor xmm7,xmm7 - - call _aesni_encrypt6 - - xorps xmm2,xmm10 - movdqa xmm10,xmm15 - xorps xmm3,xmm11 - xorps xmm4,xmm12 - movdqu XMMWORD[rsi],xmm2 - xorps xmm5,xmm13 - movdqu XMMWORD[16+rsi],xmm3 - xorps xmm6,xmm14 - movdqu XMMWORD[32+rsi],xmm4 - movdqu XMMWORD[48+rsi],xmm5 - movdqu XMMWORD[64+rsi],xmm6 - lea rsi,[80+rsi] - jmp NEAR $L$xts_enc_done - -ALIGN 16 -$L$xts_enc_one: - movups xmm2,XMMWORD[rdi] - lea rdi,[16+rdi] - xorps xmm2,xmm10 - movups xmm0,XMMWORD[rcx] - movups xmm1,XMMWORD[16+rcx] - lea rcx,[32+rcx] - xorps xmm2,xmm0 -$L$oop_enc1_9: -DB 102,15,56,220,209 - dec eax - movups xmm1,XMMWORD[rcx] - lea rcx,[16+rcx] - jnz NEAR $L$oop_enc1_9 -DB 102,15,56,221,209 - xorps xmm2,xmm10 - movdqa xmm10,xmm11 - movups XMMWORD[rsi],xmm2 - lea rsi,[16+rsi] - jmp NEAR $L$xts_enc_done - -ALIGN 16 -$L$xts_enc_two: - movups xmm2,XMMWORD[rdi] - movups xmm3,XMMWORD[16+rdi] - lea rdi,[32+rdi] - xorps xmm2,xmm10 - xorps xmm3,xmm11 - - call _aesni_encrypt2 - - xorps xmm2,xmm10 - movdqa xmm10,xmm12 - xorps xmm3,xmm11 - movups XMMWORD[rsi],xmm2 - movups XMMWORD[16+rsi],xmm3 - lea rsi,[32+rsi] - jmp NEAR $L$xts_enc_done - -ALIGN 16 -$L$xts_enc_three: - movups xmm2,XMMWORD[rdi] - movups xmm3,XMMWORD[16+rdi] - movups xmm4,XMMWORD[32+rdi] - lea rdi,[48+rdi] - xorps xmm2,xmm10 - xorps xmm3,xmm11 - xorps xmm4,xmm12 - - call _aesni_encrypt3 - - xorps xmm2,xmm10 - movdqa xmm10,xmm13 - xorps xmm3,xmm11 - xorps xmm4,xmm12 - movups XMMWORD[rsi],xmm2 - movups XMMWORD[16+rsi],xmm3 - movups XMMWORD[32+rsi],xmm4 - lea rsi,[48+rsi] - jmp NEAR $L$xts_enc_done - -ALIGN 16 -$L$xts_enc_four: - movups xmm2,XMMWORD[rdi] - movups xmm3,XMMWORD[16+rdi] - movups xmm4,XMMWORD[32+rdi] - xorps xmm2,xmm10 - movups xmm5,XMMWORD[48+rdi] - lea rdi,[64+rdi] - xorps xmm3,xmm11 - xorps xmm4,xmm12 - xorps xmm5,xmm13 - - call _aesni_encrypt4 - - pxor xmm2,xmm10 - movdqa xmm10,xmm14 - pxor xmm3,xmm11 - pxor xmm4,xmm12 - movdqu XMMWORD[rsi],xmm2 - pxor xmm5,xmm13 - movdqu XMMWORD[16+rsi],xmm3 - movdqu XMMWORD[32+rsi],xmm4 - movdqu XMMWORD[48+rsi],xmm5 - lea rsi,[64+rsi] - jmp NEAR $L$xts_enc_done - -ALIGN 16 -$L$xts_enc_done: - and r9,15 - jz NEAR $L$xts_enc_ret - mov rdx,r9 - -$L$xts_enc_steal: - movzx eax,BYTE[rdi] - movzx ecx,BYTE[((-16))+rsi] - lea rdi,[1+rdi] - mov BYTE[((-16))+rsi],al - mov BYTE[rsi],cl - lea rsi,[1+rsi] - sub rdx,1 - jnz NEAR $L$xts_enc_steal - - sub rsi,r9 - mov rcx,rbp - mov eax,r10d - - movups xmm2,XMMWORD[((-16))+rsi] - xorps xmm2,xmm10 - movups xmm0,XMMWORD[rcx] - movups xmm1,XMMWORD[16+rcx] - lea rcx,[32+rcx] - xorps xmm2,xmm0 -$L$oop_enc1_10: -DB 102,15,56,220,209 - dec eax - movups xmm1,XMMWORD[rcx] - lea rcx,[16+rcx] - jnz NEAR $L$oop_enc1_10 -DB 102,15,56,221,209 - xorps xmm2,xmm10 - movups XMMWORD[(-16)+rsi],xmm2 - -$L$xts_enc_ret: - xorps xmm0,xmm0 - pxor xmm1,xmm1 - pxor xmm2,xmm2 - pxor xmm3,xmm3 - pxor xmm4,xmm4 - pxor xmm5,xmm5 - movaps xmm6,XMMWORD[((-168))+r11] - movaps XMMWORD[(-168)+r11],xmm0 - movaps xmm7,XMMWORD[((-152))+r11] - movaps XMMWORD[(-152)+r11],xmm0 - movaps xmm8,XMMWORD[((-136))+r11] - movaps XMMWORD[(-136)+r11],xmm0 - movaps xmm9,XMMWORD[((-120))+r11] - movaps XMMWORD[(-120)+r11],xmm0 - movaps xmm10,XMMWORD[((-104))+r11] - movaps XMMWORD[(-104)+r11],xmm0 - movaps xmm11,XMMWORD[((-88))+r11] - movaps XMMWORD[(-88)+r11],xmm0 - movaps xmm12,XMMWORD[((-72))+r11] - movaps XMMWORD[(-72)+r11],xmm0 - movaps xmm13,XMMWORD[((-56))+r11] - movaps XMMWORD[(-56)+r11],xmm0 - movaps xmm14,XMMWORD[((-40))+r11] - movaps XMMWORD[(-40)+r11],xmm0 - movaps xmm15,XMMWORD[((-24))+r11] - movaps XMMWORD[(-24)+r11],xmm0 - movaps XMMWORD[rsp],xmm0 - movaps XMMWORD[16+rsp],xmm0 - movaps XMMWORD[32+rsp],xmm0 - movaps XMMWORD[48+rsp],xmm0 - movaps XMMWORD[64+rsp],xmm0 - movaps XMMWORD[80+rsp],xmm0 - movaps XMMWORD[96+rsp],xmm0 - mov rbp,QWORD[((-8))+r11] - - lea rsp,[r11] - -$L$xts_enc_epilogue: - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret - -$L$SEH_end_aes_hw_xts_encrypt: -global aes_hw_xts_decrypt - -ALIGN 16 -aes_hw_xts_decrypt: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_aes_hw_xts_decrypt: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - mov r8,QWORD[40+rsp] - mov r9,QWORD[48+rsp] - - - - lea r11,[rsp] - - push rbp - - sub rsp,272 - and rsp,-16 - movaps XMMWORD[(-168)+r11],xmm6 - movaps XMMWORD[(-152)+r11],xmm7 - movaps XMMWORD[(-136)+r11],xmm8 - movaps XMMWORD[(-120)+r11],xmm9 - movaps XMMWORD[(-104)+r11],xmm10 - movaps XMMWORD[(-88)+r11],xmm11 - movaps XMMWORD[(-72)+r11],xmm12 - movaps XMMWORD[(-56)+r11],xmm13 - movaps XMMWORD[(-40)+r11],xmm14 - movaps XMMWORD[(-24)+r11],xmm15 -$L$xts_dec_body: - movups xmm2,XMMWORD[r9] - mov eax,DWORD[240+r8] - mov r10d,DWORD[240+rcx] - movups xmm0,XMMWORD[r8] - movups xmm1,XMMWORD[16+r8] - lea r8,[32+r8] - xorps xmm2,xmm0 -$L$oop_enc1_11: -DB 102,15,56,220,209 - dec eax - movups xmm1,XMMWORD[r8] - lea r8,[16+r8] - jnz NEAR $L$oop_enc1_11 -DB 102,15,56,221,209 - xor eax,eax - test rdx,15 - setnz al - shl rax,4 - sub rdx,rax - - movups xmm0,XMMWORD[rcx] - mov rbp,rcx - mov eax,r10d - shl r10d,4 - mov r9,rdx - and rdx,-16 - - movups xmm1,XMMWORD[16+r10*1+rcx] - - movdqa xmm8,XMMWORD[$L$xts_magic] - movdqa xmm15,xmm2 - pshufd xmm9,xmm2,0x5f - pxor xmm1,xmm0 - movdqa xmm14,xmm9 - paddd xmm9,xmm9 - movdqa xmm10,xmm15 - psrad xmm14,31 - paddq xmm15,xmm15 - pand xmm14,xmm8 - pxor xmm10,xmm0 - pxor xmm15,xmm14 - movdqa xmm14,xmm9 - paddd xmm9,xmm9 - movdqa xmm11,xmm15 - psrad xmm14,31 - paddq xmm15,xmm15 - pand xmm14,xmm8 - pxor xmm11,xmm0 - pxor xmm15,xmm14 - movdqa xmm14,xmm9 - paddd xmm9,xmm9 - movdqa xmm12,xmm15 - psrad xmm14,31 - paddq xmm15,xmm15 - pand xmm14,xmm8 - pxor xmm12,xmm0 - pxor xmm15,xmm14 - movdqa xmm14,xmm9 - paddd xmm9,xmm9 - movdqa xmm13,xmm15 - psrad xmm14,31 - paddq xmm15,xmm15 - pand xmm14,xmm8 - pxor xmm13,xmm0 - pxor xmm15,xmm14 - movdqa xmm14,xmm15 - psrad xmm9,31 - paddq xmm15,xmm15 - pand xmm9,xmm8 - pxor xmm14,xmm0 - pxor xmm15,xmm9 - movaps XMMWORD[96+rsp],xmm1 - - sub rdx,16*6 - jc NEAR $L$xts_dec_short - - mov eax,16+96 - lea rcx,[32+r10*1+rbp] - sub rax,r10 - movups xmm1,XMMWORD[16+rbp] - mov r10,rax - lea r8,[$L$xts_magic] - jmp NEAR $L$xts_dec_grandloop - -ALIGN 32 -$L$xts_dec_grandloop: - movdqu xmm2,XMMWORD[rdi] - movdqa xmm8,xmm0 - movdqu xmm3,XMMWORD[16+rdi] - pxor xmm2,xmm10 - movdqu xmm4,XMMWORD[32+rdi] - pxor xmm3,xmm11 -DB 102,15,56,222,209 - movdqu xmm5,XMMWORD[48+rdi] - pxor xmm4,xmm12 -DB 102,15,56,222,217 - movdqu xmm6,XMMWORD[64+rdi] - pxor xmm5,xmm13 -DB 102,15,56,222,225 - movdqu xmm7,XMMWORD[80+rdi] - pxor xmm8,xmm15 - movdqa xmm9,XMMWORD[96+rsp] - pxor xmm6,xmm14 -DB 102,15,56,222,233 - movups xmm0,XMMWORD[32+rbp] - lea rdi,[96+rdi] - pxor xmm7,xmm8 - - pxor xmm10,xmm9 -DB 102,15,56,222,241 - pxor xmm11,xmm9 - movdqa XMMWORD[rsp],xmm10 -DB 102,15,56,222,249 - movups xmm1,XMMWORD[48+rbp] - pxor xmm12,xmm9 - -DB 102,15,56,222,208 - pxor xmm13,xmm9 - movdqa XMMWORD[16+rsp],xmm11 -DB 102,15,56,222,216 - pxor xmm14,xmm9 - movdqa XMMWORD[32+rsp],xmm12 -DB 102,15,56,222,224 -DB 102,15,56,222,232 - pxor xmm8,xmm9 - movdqa XMMWORD[64+rsp],xmm14 -DB 102,15,56,222,240 -DB 102,15,56,222,248 - movups xmm0,XMMWORD[64+rbp] - movdqa XMMWORD[80+rsp],xmm8 - pshufd xmm9,xmm15,0x5f - jmp NEAR $L$xts_dec_loop6 -ALIGN 32 -$L$xts_dec_loop6: -DB 102,15,56,222,209 -DB 102,15,56,222,217 -DB 102,15,56,222,225 -DB 102,15,56,222,233 -DB 102,15,56,222,241 -DB 102,15,56,222,249 - movups xmm1,XMMWORD[((-64))+rax*1+rcx] - add rax,32 - -DB 102,15,56,222,208 -DB 102,15,56,222,216 -DB 102,15,56,222,224 -DB 102,15,56,222,232 -DB 102,15,56,222,240 -DB 102,15,56,222,248 - movups xmm0,XMMWORD[((-80))+rax*1+rcx] - jnz NEAR $L$xts_dec_loop6 - - movdqa xmm8,XMMWORD[r8] - movdqa xmm14,xmm9 - paddd xmm9,xmm9 -DB 102,15,56,222,209 - paddq xmm15,xmm15 - psrad xmm14,31 -DB 102,15,56,222,217 - pand xmm14,xmm8 - movups xmm10,XMMWORD[rbp] -DB 102,15,56,222,225 -DB 102,15,56,222,233 -DB 102,15,56,222,241 - pxor xmm15,xmm14 - movaps xmm11,xmm10 -DB 102,15,56,222,249 - movups xmm1,XMMWORD[((-64))+rcx] - - movdqa xmm14,xmm9 -DB 102,15,56,222,208 - paddd xmm9,xmm9 - pxor xmm10,xmm15 -DB 102,15,56,222,216 - psrad xmm14,31 - paddq xmm15,xmm15 -DB 102,15,56,222,224 -DB 102,15,56,222,232 - pand xmm14,xmm8 - movaps xmm12,xmm11 -DB 102,15,56,222,240 - pxor xmm15,xmm14 - movdqa xmm14,xmm9 -DB 102,15,56,222,248 - movups xmm0,XMMWORD[((-48))+rcx] - - paddd xmm9,xmm9 -DB 102,15,56,222,209 - pxor xmm11,xmm15 - psrad xmm14,31 -DB 102,15,56,222,217 - paddq xmm15,xmm15 - pand xmm14,xmm8 -DB 102,15,56,222,225 -DB 102,15,56,222,233 - movdqa XMMWORD[48+rsp],xmm13 - pxor xmm15,xmm14 -DB 102,15,56,222,241 - movaps xmm13,xmm12 - movdqa xmm14,xmm9 -DB 102,15,56,222,249 - movups xmm1,XMMWORD[((-32))+rcx] - - paddd xmm9,xmm9 -DB 102,15,56,222,208 - pxor xmm12,xmm15 - psrad xmm14,31 -DB 102,15,56,222,216 - paddq xmm15,xmm15 - pand xmm14,xmm8 -DB 102,15,56,222,224 -DB 102,15,56,222,232 -DB 102,15,56,222,240 - pxor xmm15,xmm14 - movaps xmm14,xmm13 -DB 102,15,56,222,248 - - movdqa xmm0,xmm9 - paddd xmm9,xmm9 -DB 102,15,56,222,209 - pxor xmm13,xmm15 - psrad xmm0,31 -DB 102,15,56,222,217 - paddq xmm15,xmm15 - pand xmm0,xmm8 -DB 102,15,56,222,225 -DB 102,15,56,222,233 - pxor xmm15,xmm0 - movups xmm0,XMMWORD[rbp] -DB 102,15,56,222,241 -DB 102,15,56,222,249 - movups xmm1,XMMWORD[16+rbp] - - pxor xmm14,xmm15 -DB 102,15,56,223,84,36,0 - psrad xmm9,31 - paddq xmm15,xmm15 -DB 102,15,56,223,92,36,16 -DB 102,15,56,223,100,36,32 - pand xmm9,xmm8 - mov rax,r10 -DB 102,15,56,223,108,36,48 -DB 102,15,56,223,116,36,64 -DB 102,15,56,223,124,36,80 - pxor xmm15,xmm9 - - lea rsi,[96+rsi] - movups XMMWORD[(-96)+rsi],xmm2 - movups XMMWORD[(-80)+rsi],xmm3 - movups XMMWORD[(-64)+rsi],xmm4 - movups XMMWORD[(-48)+rsi],xmm5 - movups XMMWORD[(-32)+rsi],xmm6 - movups XMMWORD[(-16)+rsi],xmm7 - sub rdx,16*6 - jnc NEAR $L$xts_dec_grandloop - - mov eax,16+96 - sub eax,r10d - mov rcx,rbp - shr eax,4 - -$L$xts_dec_short: - - mov r10d,eax - pxor xmm10,xmm0 - pxor xmm11,xmm0 - add rdx,16*6 - jz NEAR $L$xts_dec_done - - pxor xmm12,xmm0 - cmp rdx,0x20 - jb NEAR $L$xts_dec_one - pxor xmm13,xmm0 - je NEAR $L$xts_dec_two - - pxor xmm14,xmm0 - cmp rdx,0x40 - jb NEAR $L$xts_dec_three - je NEAR $L$xts_dec_four - - movdqu xmm2,XMMWORD[rdi] - movdqu xmm3,XMMWORD[16+rdi] - movdqu xmm4,XMMWORD[32+rdi] - pxor xmm2,xmm10 - movdqu xmm5,XMMWORD[48+rdi] - pxor xmm3,xmm11 - movdqu xmm6,XMMWORD[64+rdi] - lea rdi,[80+rdi] - pxor xmm4,xmm12 - pxor xmm5,xmm13 - pxor xmm6,xmm14 - - call _aesni_decrypt6 - - xorps xmm2,xmm10 - xorps xmm3,xmm11 - xorps xmm4,xmm12 - movdqu XMMWORD[rsi],xmm2 - xorps xmm5,xmm13 - movdqu XMMWORD[16+rsi],xmm3 - xorps xmm6,xmm14 - movdqu XMMWORD[32+rsi],xmm4 - pxor xmm14,xmm14 - movdqu XMMWORD[48+rsi],xmm5 - pcmpgtd xmm14,xmm15 - movdqu XMMWORD[64+rsi],xmm6 - lea rsi,[80+rsi] - pshufd xmm11,xmm14,0x13 - and r9,15 - jz NEAR $L$xts_dec_ret - - movdqa xmm10,xmm15 - paddq xmm15,xmm15 - pand xmm11,xmm8 - pxor xmm11,xmm15 - jmp NEAR $L$xts_dec_done2 - -ALIGN 16 -$L$xts_dec_one: - movups xmm2,XMMWORD[rdi] - lea rdi,[16+rdi] - xorps xmm2,xmm10 - movups xmm0,XMMWORD[rcx] - movups xmm1,XMMWORD[16+rcx] - lea rcx,[32+rcx] - xorps xmm2,xmm0 -$L$oop_dec1_12: -DB 102,15,56,222,209 - dec eax - movups xmm1,XMMWORD[rcx] - lea rcx,[16+rcx] - jnz NEAR $L$oop_dec1_12 -DB 102,15,56,223,209 - xorps xmm2,xmm10 - movdqa xmm10,xmm11 - movups XMMWORD[rsi],xmm2 - movdqa xmm11,xmm12 - lea rsi,[16+rsi] - jmp NEAR $L$xts_dec_done - -ALIGN 16 -$L$xts_dec_two: - movups xmm2,XMMWORD[rdi] - movups xmm3,XMMWORD[16+rdi] - lea rdi,[32+rdi] - xorps xmm2,xmm10 - xorps xmm3,xmm11 - - call _aesni_decrypt2 - - xorps xmm2,xmm10 - movdqa xmm10,xmm12 - xorps xmm3,xmm11 - movdqa xmm11,xmm13 - movups XMMWORD[rsi],xmm2 - movups XMMWORD[16+rsi],xmm3 - lea rsi,[32+rsi] - jmp NEAR $L$xts_dec_done - -ALIGN 16 -$L$xts_dec_three: - movups xmm2,XMMWORD[rdi] - movups xmm3,XMMWORD[16+rdi] - movups xmm4,XMMWORD[32+rdi] - lea rdi,[48+rdi] - xorps xmm2,xmm10 - xorps xmm3,xmm11 - xorps xmm4,xmm12 - - call _aesni_decrypt3 - - xorps xmm2,xmm10 - movdqa xmm10,xmm13 - xorps xmm3,xmm11 - movdqa xmm11,xmm14 - xorps xmm4,xmm12 - movups XMMWORD[rsi],xmm2 - movups XMMWORD[16+rsi],xmm3 - movups XMMWORD[32+rsi],xmm4 - lea rsi,[48+rsi] - jmp NEAR $L$xts_dec_done - -ALIGN 16 -$L$xts_dec_four: - movups xmm2,XMMWORD[rdi] - movups xmm3,XMMWORD[16+rdi] - movups xmm4,XMMWORD[32+rdi] - xorps xmm2,xmm10 - movups xmm5,XMMWORD[48+rdi] - lea rdi,[64+rdi] - xorps xmm3,xmm11 - xorps xmm4,xmm12 - xorps xmm5,xmm13 - - call _aesni_decrypt4 - - pxor xmm2,xmm10 - movdqa xmm10,xmm14 - pxor xmm3,xmm11 - movdqa xmm11,xmm15 - pxor xmm4,xmm12 - movdqu XMMWORD[rsi],xmm2 - pxor xmm5,xmm13 - movdqu XMMWORD[16+rsi],xmm3 - movdqu XMMWORD[32+rsi],xmm4 - movdqu XMMWORD[48+rsi],xmm5 - lea rsi,[64+rsi] - jmp NEAR $L$xts_dec_done - -ALIGN 16 -$L$xts_dec_done: - and r9,15 - jz NEAR $L$xts_dec_ret -$L$xts_dec_done2: - mov rdx,r9 - mov rcx,rbp - mov eax,r10d - - movups xmm2,XMMWORD[rdi] - xorps xmm2,xmm11 - movups xmm0,XMMWORD[rcx] - movups xmm1,XMMWORD[16+rcx] - lea rcx,[32+rcx] - xorps xmm2,xmm0 -$L$oop_dec1_13: -DB 102,15,56,222,209 - dec eax - movups xmm1,XMMWORD[rcx] - lea rcx,[16+rcx] - jnz NEAR $L$oop_dec1_13 -DB 102,15,56,223,209 - xorps xmm2,xmm11 - movups XMMWORD[rsi],xmm2 - -$L$xts_dec_steal: - movzx eax,BYTE[16+rdi] - movzx ecx,BYTE[rsi] - lea rdi,[1+rdi] - mov BYTE[rsi],al - mov BYTE[16+rsi],cl - lea rsi,[1+rsi] - sub rdx,1 - jnz NEAR $L$xts_dec_steal - - sub rsi,r9 - mov rcx,rbp - mov eax,r10d - - movups xmm2,XMMWORD[rsi] - xorps xmm2,xmm10 - movups xmm0,XMMWORD[rcx] - movups xmm1,XMMWORD[16+rcx] - lea rcx,[32+rcx] - xorps xmm2,xmm0 -$L$oop_dec1_14: -DB 102,15,56,222,209 - dec eax - movups xmm1,XMMWORD[rcx] - lea rcx,[16+rcx] - jnz NEAR $L$oop_dec1_14 -DB 102,15,56,223,209 - xorps xmm2,xmm10 - movups XMMWORD[rsi],xmm2 - -$L$xts_dec_ret: - xorps xmm0,xmm0 - pxor xmm1,xmm1 - pxor xmm2,xmm2 - pxor xmm3,xmm3 - pxor xmm4,xmm4 - pxor xmm5,xmm5 - movaps xmm6,XMMWORD[((-168))+r11] - movaps XMMWORD[(-168)+r11],xmm0 - movaps xmm7,XMMWORD[((-152))+r11] - movaps XMMWORD[(-152)+r11],xmm0 - movaps xmm8,XMMWORD[((-136))+r11] - movaps XMMWORD[(-136)+r11],xmm0 - movaps xmm9,XMMWORD[((-120))+r11] - movaps XMMWORD[(-120)+r11],xmm0 - movaps xmm10,XMMWORD[((-104))+r11] - movaps XMMWORD[(-104)+r11],xmm0 - movaps xmm11,XMMWORD[((-88))+r11] - movaps XMMWORD[(-88)+r11],xmm0 - movaps xmm12,XMMWORD[((-72))+r11] - movaps XMMWORD[(-72)+r11],xmm0 - movaps xmm13,XMMWORD[((-56))+r11] - movaps XMMWORD[(-56)+r11],xmm0 - movaps xmm14,XMMWORD[((-40))+r11] - movaps XMMWORD[(-40)+r11],xmm0 - movaps xmm15,XMMWORD[((-24))+r11] - movaps XMMWORD[(-24)+r11],xmm0 - movaps XMMWORD[rsp],xmm0 - movaps XMMWORD[16+rsp],xmm0 - movaps XMMWORD[32+rsp],xmm0 - movaps XMMWORD[48+rsp],xmm0 - movaps XMMWORD[64+rsp],xmm0 - movaps XMMWORD[80+rsp],xmm0 - movaps XMMWORD[96+rsp],xmm0 - mov rbp,QWORD[((-8))+r11] - - lea rsp,[r11] - -$L$xts_dec_epilogue: - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret - -$L$SEH_end_aes_hw_xts_decrypt: -global aes_hw_ocb_encrypt - -ALIGN 32 -aes_hw_ocb_encrypt: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_aes_hw_ocb_encrypt: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - mov r8,QWORD[40+rsp] - mov r9,QWORD[48+rsp] - - - - lea rax,[rsp] - push rbx - - push rbp - - push r12 - - push r13 - - push r14 - - lea rsp,[((-160))+rsp] - movaps XMMWORD[rsp],xmm6 - movaps XMMWORD[16+rsp],xmm7 - movaps XMMWORD[32+rsp],xmm8 - movaps XMMWORD[48+rsp],xmm9 - movaps XMMWORD[64+rsp],xmm10 - movaps XMMWORD[80+rsp],xmm11 - movaps XMMWORD[96+rsp],xmm12 - movaps XMMWORD[112+rsp],xmm13 - movaps XMMWORD[128+rsp],xmm14 - movaps XMMWORD[144+rsp],xmm15 -$L$ocb_enc_body: - mov rbx,QWORD[56+rax] - mov rbp,QWORD[((56+8))+rax] - - mov r10d,DWORD[240+rcx] - mov r11,rcx - shl r10d,4 - movups xmm9,XMMWORD[rcx] - movups xmm1,XMMWORD[16+r10*1+rcx] - - movdqu xmm15,XMMWORD[r9] - pxor xmm9,xmm1 - pxor xmm15,xmm1 - - mov eax,16+32 - lea rcx,[32+r10*1+r11] - movups xmm1,XMMWORD[16+r11] - sub rax,r10 - mov r10,rax - - movdqu xmm10,XMMWORD[rbx] - movdqu xmm8,XMMWORD[rbp] - - test r8,1 - jnz NEAR $L$ocb_enc_odd - - bsf r12,r8 - add r8,1 - shl r12,4 - movdqu xmm7,XMMWORD[r12*1+rbx] - movdqu xmm2,XMMWORD[rdi] - lea rdi,[16+rdi] - - call __ocb_encrypt1 - - movdqa xmm15,xmm7 - movups XMMWORD[rsi],xmm2 - lea rsi,[16+rsi] - sub rdx,1 - jz NEAR $L$ocb_enc_done - -$L$ocb_enc_odd: - lea r12,[1+r8] - lea r13,[3+r8] - lea r14,[5+r8] - lea r8,[6+r8] - bsf r12,r12 - bsf r13,r13 - bsf r14,r14 - shl r12,4 - shl r13,4 - shl r14,4 - - sub rdx,6 - jc NEAR $L$ocb_enc_short - jmp NEAR $L$ocb_enc_grandloop - -ALIGN 32 -$L$ocb_enc_grandloop: - movdqu xmm2,XMMWORD[rdi] - movdqu xmm3,XMMWORD[16+rdi] - movdqu xmm4,XMMWORD[32+rdi] - movdqu xmm5,XMMWORD[48+rdi] - movdqu xmm6,XMMWORD[64+rdi] - movdqu xmm7,XMMWORD[80+rdi] - lea rdi,[96+rdi] - - call __ocb_encrypt6 - - movups XMMWORD[rsi],xmm2 - movups XMMWORD[16+rsi],xmm3 - movups XMMWORD[32+rsi],xmm4 - movups XMMWORD[48+rsi],xmm5 - movups XMMWORD[64+rsi],xmm6 - movups XMMWORD[80+rsi],xmm7 - lea rsi,[96+rsi] - sub rdx,6 - jnc NEAR $L$ocb_enc_grandloop - -$L$ocb_enc_short: - add rdx,6 - jz NEAR $L$ocb_enc_done - - movdqu xmm2,XMMWORD[rdi] - cmp rdx,2 - jb NEAR $L$ocb_enc_one - movdqu xmm3,XMMWORD[16+rdi] - je NEAR $L$ocb_enc_two - - movdqu xmm4,XMMWORD[32+rdi] - cmp rdx,4 - jb NEAR $L$ocb_enc_three - movdqu xmm5,XMMWORD[48+rdi] - je NEAR $L$ocb_enc_four - - movdqu xmm6,XMMWORD[64+rdi] - pxor xmm7,xmm7 - - call __ocb_encrypt6 - - movdqa xmm15,xmm14 - movups XMMWORD[rsi],xmm2 - movups XMMWORD[16+rsi],xmm3 - movups XMMWORD[32+rsi],xmm4 - movups XMMWORD[48+rsi],xmm5 - movups XMMWORD[64+rsi],xmm6 - - jmp NEAR $L$ocb_enc_done - -ALIGN 16 -$L$ocb_enc_one: - movdqa xmm7,xmm10 - - call __ocb_encrypt1 - - movdqa xmm15,xmm7 - movups XMMWORD[rsi],xmm2 - jmp NEAR $L$ocb_enc_done - -ALIGN 16 -$L$ocb_enc_two: - pxor xmm4,xmm4 - pxor xmm5,xmm5 - - call __ocb_encrypt4 - - movdqa xmm15,xmm11 - movups XMMWORD[rsi],xmm2 - movups XMMWORD[16+rsi],xmm3 - - jmp NEAR $L$ocb_enc_done - -ALIGN 16 -$L$ocb_enc_three: - pxor xmm5,xmm5 - - call __ocb_encrypt4 - - movdqa xmm15,xmm12 - movups XMMWORD[rsi],xmm2 - movups XMMWORD[16+rsi],xmm3 - movups XMMWORD[32+rsi],xmm4 - - jmp NEAR $L$ocb_enc_done - -ALIGN 16 -$L$ocb_enc_four: - call __ocb_encrypt4 - - movdqa xmm15,xmm13 - movups XMMWORD[rsi],xmm2 - movups XMMWORD[16+rsi],xmm3 - movups XMMWORD[32+rsi],xmm4 - movups XMMWORD[48+rsi],xmm5 - -$L$ocb_enc_done: - pxor xmm15,xmm0 - movdqu XMMWORD[rbp],xmm8 - movdqu XMMWORD[r9],xmm15 - - xorps xmm0,xmm0 - pxor xmm1,xmm1 - pxor xmm2,xmm2 - pxor xmm3,xmm3 - pxor xmm4,xmm4 - pxor xmm5,xmm5 - movaps xmm6,XMMWORD[rsp] - movaps XMMWORD[rsp],xmm0 - movaps xmm7,XMMWORD[16+rsp] - movaps XMMWORD[16+rsp],xmm0 - movaps xmm8,XMMWORD[32+rsp] - movaps XMMWORD[32+rsp],xmm0 - movaps xmm9,XMMWORD[48+rsp] - movaps XMMWORD[48+rsp],xmm0 - movaps xmm10,XMMWORD[64+rsp] - movaps XMMWORD[64+rsp],xmm0 - movaps xmm11,XMMWORD[80+rsp] - movaps XMMWORD[80+rsp],xmm0 - movaps xmm12,XMMWORD[96+rsp] - movaps XMMWORD[96+rsp],xmm0 - movaps xmm13,XMMWORD[112+rsp] - movaps XMMWORD[112+rsp],xmm0 - movaps xmm14,XMMWORD[128+rsp] - movaps XMMWORD[128+rsp],xmm0 - movaps xmm15,XMMWORD[144+rsp] - movaps XMMWORD[144+rsp],xmm0 - lea rax,[((160+40))+rsp] -$L$ocb_enc_pop: - mov r14,QWORD[((-40))+rax] - - mov r13,QWORD[((-32))+rax] - - mov r12,QWORD[((-24))+rax] - - mov rbp,QWORD[((-16))+rax] - - mov rbx,QWORD[((-8))+rax] - - lea rsp,[rax] - -$L$ocb_enc_epilogue: - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret - -$L$SEH_end_aes_hw_ocb_encrypt: - - -ALIGN 32 -__ocb_encrypt6: - pxor xmm15,xmm9 - movdqu xmm11,XMMWORD[r12*1+rbx] - movdqa xmm12,xmm10 - movdqu xmm13,XMMWORD[r13*1+rbx] - movdqa xmm14,xmm10 - pxor xmm10,xmm15 - movdqu xmm15,XMMWORD[r14*1+rbx] - pxor xmm11,xmm10 - pxor xmm8,xmm2 - pxor xmm2,xmm10 - pxor xmm12,xmm11 - pxor xmm8,xmm3 - pxor xmm3,xmm11 - pxor xmm13,xmm12 - pxor xmm8,xmm4 - pxor xmm4,xmm12 - pxor xmm14,xmm13 - pxor xmm8,xmm5 - pxor xmm5,xmm13 - pxor xmm15,xmm14 - pxor xmm8,xmm6 - pxor xmm6,xmm14 - pxor xmm8,xmm7 - pxor xmm7,xmm15 - movups xmm0,XMMWORD[32+r11] - - lea r12,[1+r8] - lea r13,[3+r8] - lea r14,[5+r8] - add r8,6 - pxor xmm10,xmm9 - bsf r12,r12 - bsf r13,r13 - bsf r14,r14 - -DB 102,15,56,220,209 -DB 102,15,56,220,217 -DB 102,15,56,220,225 -DB 102,15,56,220,233 - pxor xmm11,xmm9 - pxor xmm12,xmm9 -DB 102,15,56,220,241 - pxor xmm13,xmm9 - pxor xmm14,xmm9 -DB 102,15,56,220,249 - movups xmm1,XMMWORD[48+r11] - pxor xmm15,xmm9 - -DB 102,15,56,220,208 -DB 102,15,56,220,216 -DB 102,15,56,220,224 -DB 102,15,56,220,232 -DB 102,15,56,220,240 -DB 102,15,56,220,248 - movups xmm0,XMMWORD[64+r11] - shl r12,4 - shl r13,4 - jmp NEAR $L$ocb_enc_loop6 - -ALIGN 32 -$L$ocb_enc_loop6: -DB 102,15,56,220,209 -DB 102,15,56,220,217 -DB 102,15,56,220,225 -DB 102,15,56,220,233 -DB 102,15,56,220,241 -DB 102,15,56,220,249 - movups xmm1,XMMWORD[rax*1+rcx] - add rax,32 - -DB 102,15,56,220,208 -DB 102,15,56,220,216 -DB 102,15,56,220,224 -DB 102,15,56,220,232 -DB 102,15,56,220,240 -DB 102,15,56,220,248 - movups xmm0,XMMWORD[((-16))+rax*1+rcx] - jnz NEAR $L$ocb_enc_loop6 - -DB 102,15,56,220,209 -DB 102,15,56,220,217 -DB 102,15,56,220,225 -DB 102,15,56,220,233 -DB 102,15,56,220,241 -DB 102,15,56,220,249 - movups xmm1,XMMWORD[16+r11] - shl r14,4 - -DB 102,65,15,56,221,210 - movdqu xmm10,XMMWORD[rbx] - mov rax,r10 -DB 102,65,15,56,221,219 -DB 102,65,15,56,221,228 -DB 102,65,15,56,221,237 -DB 102,65,15,56,221,246 -DB 102,65,15,56,221,255 - DB 0F3h,0C3h ;repret - - - -ALIGN 32 -__ocb_encrypt4: - pxor xmm15,xmm9 - movdqu xmm11,XMMWORD[r12*1+rbx] - movdqa xmm12,xmm10 - movdqu xmm13,XMMWORD[r13*1+rbx] - pxor xmm10,xmm15 - pxor xmm11,xmm10 - pxor xmm8,xmm2 - pxor xmm2,xmm10 - pxor xmm12,xmm11 - pxor xmm8,xmm3 - pxor xmm3,xmm11 - pxor xmm13,xmm12 - pxor xmm8,xmm4 - pxor xmm4,xmm12 - pxor xmm8,xmm5 - pxor xmm5,xmm13 - movups xmm0,XMMWORD[32+r11] - - pxor xmm10,xmm9 - pxor xmm11,xmm9 - pxor xmm12,xmm9 - pxor xmm13,xmm9 - -DB 102,15,56,220,209 -DB 102,15,56,220,217 -DB 102,15,56,220,225 -DB 102,15,56,220,233 - movups xmm1,XMMWORD[48+r11] - -DB 102,15,56,220,208 -DB 102,15,56,220,216 -DB 102,15,56,220,224 -DB 102,15,56,220,232 - movups xmm0,XMMWORD[64+r11] - jmp NEAR $L$ocb_enc_loop4 - -ALIGN 32 -$L$ocb_enc_loop4: -DB 102,15,56,220,209 -DB 102,15,56,220,217 -DB 102,15,56,220,225 -DB 102,15,56,220,233 - movups xmm1,XMMWORD[rax*1+rcx] - add rax,32 - -DB 102,15,56,220,208 -DB 102,15,56,220,216 -DB 102,15,56,220,224 -DB 102,15,56,220,232 - movups xmm0,XMMWORD[((-16))+rax*1+rcx] - jnz NEAR $L$ocb_enc_loop4 - -DB 102,15,56,220,209 -DB 102,15,56,220,217 -DB 102,15,56,220,225 -DB 102,15,56,220,233 - movups xmm1,XMMWORD[16+r11] - mov rax,r10 - -DB 102,65,15,56,221,210 -DB 102,65,15,56,221,219 -DB 102,65,15,56,221,228 -DB 102,65,15,56,221,237 - DB 0F3h,0C3h ;repret - - - -ALIGN 32 -__ocb_encrypt1: - pxor xmm7,xmm15 - pxor xmm7,xmm9 - pxor xmm8,xmm2 - pxor xmm2,xmm7 - movups xmm0,XMMWORD[32+r11] - -DB 102,15,56,220,209 - movups xmm1,XMMWORD[48+r11] - pxor xmm7,xmm9 - -DB 102,15,56,220,208 - movups xmm0,XMMWORD[64+r11] - jmp NEAR $L$ocb_enc_loop1 - -ALIGN 32 -$L$ocb_enc_loop1: -DB 102,15,56,220,209 - movups xmm1,XMMWORD[rax*1+rcx] - add rax,32 - -DB 102,15,56,220,208 - movups xmm0,XMMWORD[((-16))+rax*1+rcx] - jnz NEAR $L$ocb_enc_loop1 - -DB 102,15,56,220,209 - movups xmm1,XMMWORD[16+r11] - mov rax,r10 - -DB 102,15,56,221,215 - DB 0F3h,0C3h ;repret - - -global aes_hw_ocb_decrypt - -ALIGN 32 -aes_hw_ocb_decrypt: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_aes_hw_ocb_decrypt: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - mov r8,QWORD[40+rsp] - mov r9,QWORD[48+rsp] - - - - lea rax,[rsp] - push rbx - - push rbp - - push r12 - - push r13 - - push r14 - - lea rsp,[((-160))+rsp] - movaps XMMWORD[rsp],xmm6 - movaps XMMWORD[16+rsp],xmm7 - movaps XMMWORD[32+rsp],xmm8 - movaps XMMWORD[48+rsp],xmm9 - movaps XMMWORD[64+rsp],xmm10 - movaps XMMWORD[80+rsp],xmm11 - movaps XMMWORD[96+rsp],xmm12 - movaps XMMWORD[112+rsp],xmm13 - movaps XMMWORD[128+rsp],xmm14 - movaps XMMWORD[144+rsp],xmm15 -$L$ocb_dec_body: - mov rbx,QWORD[56+rax] - mov rbp,QWORD[((56+8))+rax] - - mov r10d,DWORD[240+rcx] - mov r11,rcx - shl r10d,4 - movups xmm9,XMMWORD[rcx] - movups xmm1,XMMWORD[16+r10*1+rcx] - - movdqu xmm15,XMMWORD[r9] - pxor xmm9,xmm1 - pxor xmm15,xmm1 - - mov eax,16+32 - lea rcx,[32+r10*1+r11] - movups xmm1,XMMWORD[16+r11] - sub rax,r10 - mov r10,rax - - movdqu xmm10,XMMWORD[rbx] - movdqu xmm8,XMMWORD[rbp] - - test r8,1 - jnz NEAR $L$ocb_dec_odd - - bsf r12,r8 - add r8,1 - shl r12,4 - movdqu xmm7,XMMWORD[r12*1+rbx] - movdqu xmm2,XMMWORD[rdi] - lea rdi,[16+rdi] - - call __ocb_decrypt1 - - movdqa xmm15,xmm7 - movups XMMWORD[rsi],xmm2 - xorps xmm8,xmm2 - lea rsi,[16+rsi] - sub rdx,1 - jz NEAR $L$ocb_dec_done - -$L$ocb_dec_odd: - lea r12,[1+r8] - lea r13,[3+r8] - lea r14,[5+r8] - lea r8,[6+r8] - bsf r12,r12 - bsf r13,r13 - bsf r14,r14 - shl r12,4 - shl r13,4 - shl r14,4 - - sub rdx,6 - jc NEAR $L$ocb_dec_short - jmp NEAR $L$ocb_dec_grandloop - -ALIGN 32 -$L$ocb_dec_grandloop: - movdqu xmm2,XMMWORD[rdi] - movdqu xmm3,XMMWORD[16+rdi] - movdqu xmm4,XMMWORD[32+rdi] - movdqu xmm5,XMMWORD[48+rdi] - movdqu xmm6,XMMWORD[64+rdi] - movdqu xmm7,XMMWORD[80+rdi] - lea rdi,[96+rdi] - - call __ocb_decrypt6 - - movups XMMWORD[rsi],xmm2 - pxor xmm8,xmm2 - movups XMMWORD[16+rsi],xmm3 - pxor xmm8,xmm3 - movups XMMWORD[32+rsi],xmm4 - pxor xmm8,xmm4 - movups XMMWORD[48+rsi],xmm5 - pxor xmm8,xmm5 - movups XMMWORD[64+rsi],xmm6 - pxor xmm8,xmm6 - movups XMMWORD[80+rsi],xmm7 - pxor xmm8,xmm7 - lea rsi,[96+rsi] - sub rdx,6 - jnc NEAR $L$ocb_dec_grandloop - -$L$ocb_dec_short: - add rdx,6 - jz NEAR $L$ocb_dec_done - - movdqu xmm2,XMMWORD[rdi] - cmp rdx,2 - jb NEAR $L$ocb_dec_one - movdqu xmm3,XMMWORD[16+rdi] - je NEAR $L$ocb_dec_two - - movdqu xmm4,XMMWORD[32+rdi] - cmp rdx,4 - jb NEAR $L$ocb_dec_three - movdqu xmm5,XMMWORD[48+rdi] - je NEAR $L$ocb_dec_four - - movdqu xmm6,XMMWORD[64+rdi] - pxor xmm7,xmm7 - - call __ocb_decrypt6 - - movdqa xmm15,xmm14 - movups XMMWORD[rsi],xmm2 - pxor xmm8,xmm2 - movups XMMWORD[16+rsi],xmm3 - pxor xmm8,xmm3 - movups XMMWORD[32+rsi],xmm4 - pxor xmm8,xmm4 - movups XMMWORD[48+rsi],xmm5 - pxor xmm8,xmm5 - movups XMMWORD[64+rsi],xmm6 - pxor xmm8,xmm6 - - jmp NEAR $L$ocb_dec_done - -ALIGN 16 -$L$ocb_dec_one: - movdqa xmm7,xmm10 - - call __ocb_decrypt1 - - movdqa xmm15,xmm7 - movups XMMWORD[rsi],xmm2 - xorps xmm8,xmm2 - jmp NEAR $L$ocb_dec_done - -ALIGN 16 -$L$ocb_dec_two: - pxor xmm4,xmm4 - pxor xmm5,xmm5 - - call __ocb_decrypt4 - - movdqa xmm15,xmm11 - movups XMMWORD[rsi],xmm2 - xorps xmm8,xmm2 - movups XMMWORD[16+rsi],xmm3 - xorps xmm8,xmm3 - - jmp NEAR $L$ocb_dec_done - -ALIGN 16 -$L$ocb_dec_three: - pxor xmm5,xmm5 - - call __ocb_decrypt4 - - movdqa xmm15,xmm12 - movups XMMWORD[rsi],xmm2 - xorps xmm8,xmm2 - movups XMMWORD[16+rsi],xmm3 - xorps xmm8,xmm3 - movups XMMWORD[32+rsi],xmm4 - xorps xmm8,xmm4 - - jmp NEAR $L$ocb_dec_done - -ALIGN 16 -$L$ocb_dec_four: - call __ocb_decrypt4 - - movdqa xmm15,xmm13 - movups XMMWORD[rsi],xmm2 - pxor xmm8,xmm2 - movups XMMWORD[16+rsi],xmm3 - pxor xmm8,xmm3 - movups XMMWORD[32+rsi],xmm4 - pxor xmm8,xmm4 - movups XMMWORD[48+rsi],xmm5 - pxor xmm8,xmm5 - -$L$ocb_dec_done: - pxor xmm15,xmm0 - movdqu XMMWORD[rbp],xmm8 - movdqu XMMWORD[r9],xmm15 - - xorps xmm0,xmm0 - pxor xmm1,xmm1 - pxor xmm2,xmm2 - pxor xmm3,xmm3 - pxor xmm4,xmm4 - pxor xmm5,xmm5 - movaps xmm6,XMMWORD[rsp] - movaps XMMWORD[rsp],xmm0 - movaps xmm7,XMMWORD[16+rsp] - movaps XMMWORD[16+rsp],xmm0 - movaps xmm8,XMMWORD[32+rsp] - movaps XMMWORD[32+rsp],xmm0 - movaps xmm9,XMMWORD[48+rsp] - movaps XMMWORD[48+rsp],xmm0 - movaps xmm10,XMMWORD[64+rsp] - movaps XMMWORD[64+rsp],xmm0 - movaps xmm11,XMMWORD[80+rsp] - movaps XMMWORD[80+rsp],xmm0 - movaps xmm12,XMMWORD[96+rsp] - movaps XMMWORD[96+rsp],xmm0 - movaps xmm13,XMMWORD[112+rsp] - movaps XMMWORD[112+rsp],xmm0 - movaps xmm14,XMMWORD[128+rsp] - movaps XMMWORD[128+rsp],xmm0 - movaps xmm15,XMMWORD[144+rsp] - movaps XMMWORD[144+rsp],xmm0 - lea rax,[((160+40))+rsp] -$L$ocb_dec_pop: - mov r14,QWORD[((-40))+rax] - - mov r13,QWORD[((-32))+rax] - - mov r12,QWORD[((-24))+rax] - - mov rbp,QWORD[((-16))+rax] - - mov rbx,QWORD[((-8))+rax] - - lea rsp,[rax] - -$L$ocb_dec_epilogue: - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret - -$L$SEH_end_aes_hw_ocb_decrypt: - - -ALIGN 32 -__ocb_decrypt6: - pxor xmm15,xmm9 - movdqu xmm11,XMMWORD[r12*1+rbx] - movdqa xmm12,xmm10 - movdqu xmm13,XMMWORD[r13*1+rbx] - movdqa xmm14,xmm10 - pxor xmm10,xmm15 - movdqu xmm15,XMMWORD[r14*1+rbx] - pxor xmm11,xmm10 - pxor xmm2,xmm10 - pxor xmm12,xmm11 - pxor xmm3,xmm11 - pxor xmm13,xmm12 - pxor xmm4,xmm12 - pxor xmm14,xmm13 - pxor xmm5,xmm13 - pxor xmm15,xmm14 - pxor xmm6,xmm14 - pxor xmm7,xmm15 - movups xmm0,XMMWORD[32+r11] - - lea r12,[1+r8] - lea r13,[3+r8] - lea r14,[5+r8] - add r8,6 - pxor xmm10,xmm9 - bsf r12,r12 - bsf r13,r13 - bsf r14,r14 - -DB 102,15,56,222,209 -DB 102,15,56,222,217 -DB 102,15,56,222,225 -DB 102,15,56,222,233 - pxor xmm11,xmm9 - pxor xmm12,xmm9 -DB 102,15,56,222,241 - pxor xmm13,xmm9 - pxor xmm14,xmm9 -DB 102,15,56,222,249 - movups xmm1,XMMWORD[48+r11] - pxor xmm15,xmm9 - -DB 102,15,56,222,208 -DB 102,15,56,222,216 -DB 102,15,56,222,224 -DB 102,15,56,222,232 -DB 102,15,56,222,240 -DB 102,15,56,222,248 - movups xmm0,XMMWORD[64+r11] - shl r12,4 - shl r13,4 - jmp NEAR $L$ocb_dec_loop6 - -ALIGN 32 -$L$ocb_dec_loop6: -DB 102,15,56,222,209 -DB 102,15,56,222,217 -DB 102,15,56,222,225 -DB 102,15,56,222,233 -DB 102,15,56,222,241 -DB 102,15,56,222,249 - movups xmm1,XMMWORD[rax*1+rcx] - add rax,32 - -DB 102,15,56,222,208 -DB 102,15,56,222,216 -DB 102,15,56,222,224 -DB 102,15,56,222,232 -DB 102,15,56,222,240 -DB 102,15,56,222,248 - movups xmm0,XMMWORD[((-16))+rax*1+rcx] - jnz NEAR $L$ocb_dec_loop6 - -DB 102,15,56,222,209 -DB 102,15,56,222,217 -DB 102,15,56,222,225 -DB 102,15,56,222,233 -DB 102,15,56,222,241 -DB 102,15,56,222,249 - movups xmm1,XMMWORD[16+r11] - shl r14,4 - -DB 102,65,15,56,223,210 - movdqu xmm10,XMMWORD[rbx] - mov rax,r10 -DB 102,65,15,56,223,219 -DB 102,65,15,56,223,228 -DB 102,65,15,56,223,237 -DB 102,65,15,56,223,246 -DB 102,65,15,56,223,255 - DB 0F3h,0C3h ;repret - - - -ALIGN 32 -__ocb_decrypt4: - pxor xmm15,xmm9 - movdqu xmm11,XMMWORD[r12*1+rbx] - movdqa xmm12,xmm10 - movdqu xmm13,XMMWORD[r13*1+rbx] - pxor xmm10,xmm15 - pxor xmm11,xmm10 - pxor xmm2,xmm10 - pxor xmm12,xmm11 - pxor xmm3,xmm11 - pxor xmm13,xmm12 - pxor xmm4,xmm12 - pxor xmm5,xmm13 - movups xmm0,XMMWORD[32+r11] - - pxor xmm10,xmm9 - pxor xmm11,xmm9 - pxor xmm12,xmm9 - pxor xmm13,xmm9 - -DB 102,15,56,222,209 -DB 102,15,56,222,217 -DB 102,15,56,222,225 -DB 102,15,56,222,233 - movups xmm1,XMMWORD[48+r11] - -DB 102,15,56,222,208 -DB 102,15,56,222,216 -DB 102,15,56,222,224 -DB 102,15,56,222,232 - movups xmm0,XMMWORD[64+r11] - jmp NEAR $L$ocb_dec_loop4 - -ALIGN 32 -$L$ocb_dec_loop4: -DB 102,15,56,222,209 -DB 102,15,56,222,217 -DB 102,15,56,222,225 -DB 102,15,56,222,233 - movups xmm1,XMMWORD[rax*1+rcx] - add rax,32 - -DB 102,15,56,222,208 -DB 102,15,56,222,216 -DB 102,15,56,222,224 -DB 102,15,56,222,232 - movups xmm0,XMMWORD[((-16))+rax*1+rcx] - jnz NEAR $L$ocb_dec_loop4 - -DB 102,15,56,222,209 -DB 102,15,56,222,217 -DB 102,15,56,222,225 -DB 102,15,56,222,233 - movups xmm1,XMMWORD[16+r11] - mov rax,r10 - -DB 102,65,15,56,223,210 -DB 102,65,15,56,223,219 -DB 102,65,15,56,223,228 -DB 102,65,15,56,223,237 - DB 0F3h,0C3h ;repret - - - -ALIGN 32 -__ocb_decrypt1: - pxor xmm7,xmm15 - pxor xmm7,xmm9 - pxor xmm2,xmm7 - movups xmm0,XMMWORD[32+r11] - -DB 102,15,56,222,209 - movups xmm1,XMMWORD[48+r11] - pxor xmm7,xmm9 - -DB 102,15,56,222,208 - movups xmm0,XMMWORD[64+r11] - jmp NEAR $L$ocb_dec_loop1 - -ALIGN 32 -$L$ocb_dec_loop1: -DB 102,15,56,222,209 - movups xmm1,XMMWORD[rax*1+rcx] - add rax,32 - -DB 102,15,56,222,208 - movups xmm0,XMMWORD[((-16))+rax*1+rcx] - jnz NEAR $L$ocb_dec_loop1 - -DB 102,15,56,222,209 - movups xmm1,XMMWORD[16+r11] - mov rax,r10 - -DB 102,15,56,223,215 - DB 0F3h,0C3h ;repret - -global aes_hw_cbc_encrypt - -ALIGN 16 -aes_hw_cbc_encrypt: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_aes_hw_cbc_encrypt: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - mov rcx,r9 - mov r8,QWORD[40+rsp] - mov r9,QWORD[48+rsp] - - - - test rdx,rdx - jz NEAR $L$cbc_ret - - mov r10d,DWORD[240+rcx] - mov r11,rcx - test r9d,r9d - jz NEAR $L$cbc_decrypt - - movups xmm2,XMMWORD[r8] - mov eax,r10d - cmp rdx,16 - jb NEAR $L$cbc_enc_tail - sub rdx,16 - jmp NEAR $L$cbc_enc_loop -ALIGN 16 -$L$cbc_enc_loop: - movups xmm3,XMMWORD[rdi] - lea rdi,[16+rdi] - - movups xmm0,XMMWORD[rcx] - movups xmm1,XMMWORD[16+rcx] - xorps xmm3,xmm0 - lea rcx,[32+rcx] - xorps xmm2,xmm3 -$L$oop_enc1_15: -DB 102,15,56,220,209 - dec eax - movups xmm1,XMMWORD[rcx] - lea rcx,[16+rcx] - jnz NEAR $L$oop_enc1_15 -DB 102,15,56,221,209 - mov eax,r10d - mov rcx,r11 - movups XMMWORD[rsi],xmm2 - lea rsi,[16+rsi] - sub rdx,16 - jnc NEAR $L$cbc_enc_loop - add rdx,16 - jnz NEAR $L$cbc_enc_tail - pxor xmm0,xmm0 - pxor xmm1,xmm1 - movups XMMWORD[r8],xmm2 - pxor xmm2,xmm2 - pxor xmm3,xmm3 - jmp NEAR $L$cbc_ret + mov rcx,r11 + movups XMMWORD[rsi],xmm2 + lea rsi,[16+rsi] + sub rdx,16 + jnc NEAR $L$cbc_enc_loop + add rdx,16 + jnz NEAR $L$cbc_enc_tail + pxor xmm0,xmm0 + pxor xmm1,xmm1 + movups XMMWORD[r8],xmm2 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + jmp NEAR $L$cbc_ret $L$cbc_enc_tail: mov rcx,rdx @@ -3758,12 +1614,12 @@ $L$cbc_decrypt: movups xmm1,XMMWORD[16+rcx] lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_dec1_16: +$L$oop_dec1_7: DB 102,15,56,222,209 dec r10d movups xmm1,XMMWORD[rcx] lea rcx,[16+rcx] - jnz NEAR $L$oop_dec1_16 + jnz NEAR $L$oop_dec1_7 DB 102,15,56,223,209 pxor xmm0,xmm0 pxor xmm1,xmm1 @@ -4187,12 +2043,12 @@ $L$cbc_dec_one: movups xmm1,XMMWORD[16+rcx] lea rcx,[32+rcx] xorps xmm2,xmm0 -$L$oop_dec1_17: +$L$oop_dec1_8: DB 102,15,56,222,209 dec eax movups xmm1,XMMWORD[rcx] lea rcx,[16+rcx] - jnz NEAR $L$oop_dec1_17 + jnz NEAR $L$oop_dec1_8 DB 102,15,56,223,209 xorps xmm2,xmm10 movaps xmm10,xmm11 @@ -4349,6 +2205,11 @@ ALIGN 16 aes_hw_set_encrypt_key: __aesni_set_encrypt_key: +%ifndef NDEBUG +%ifndef BORINGSSL_FIPS + mov BYTE[((BORINGSSL_function_hit+3))],1 +%endif +%endif DB 0x48,0x83,0xEC,0x08 mov rax,-1 @@ -4831,64 +2692,6 @@ ctr_xts_se_handler: -ALIGN 16 -ocb_se_handler: - push rsi - push rdi - push rbx - push rbp - push r12 - push r13 - push r14 - push r15 - pushfq - sub rsp,64 - - mov rax,QWORD[120+r8] - mov rbx,QWORD[248+r8] - - mov rsi,QWORD[8+r9] - mov r11,QWORD[56+r9] - - mov r10d,DWORD[r11] - lea r10,[r10*1+rsi] - cmp rbx,r10 - jb NEAR $L$common_seh_tail - - mov r10d,DWORD[4+r11] - lea r10,[r10*1+rsi] - cmp rbx,r10 - jae NEAR $L$common_seh_tail - - mov r10d,DWORD[8+r11] - lea r10,[r10*1+rsi] - cmp rbx,r10 - jae NEAR $L$ocb_no_xmm - - mov rax,QWORD[152+r8] - - lea rsi,[rax] - lea rdi,[512+r8] - mov ecx,20 - DD 0xa548f3fc - lea rax,[((160+40))+rax] - -$L$ocb_no_xmm: - mov rbx,QWORD[((-8))+rax] - mov rbp,QWORD[((-16))+rax] - mov r12,QWORD[((-24))+rax] - mov r13,QWORD[((-32))+rax] - mov r14,QWORD[((-40))+rax] - - mov QWORD[144+r8],rbx - mov QWORD[160+r8],rbp - mov QWORD[216+r8],r12 - mov QWORD[224+r8],r13 - mov QWORD[232+r8],r14 - - jmp NEAR $L$common_seh_tail - - ALIGN 16 cbc_se_handler: push rsi @@ -4977,33 +2780,9 @@ ALIGN 4 DD $L$SEH_end_aes_hw_ecb_encrypt wrt ..imagebase DD $L$SEH_info_ecb wrt ..imagebase - DD $L$SEH_begin_aes_hw_ccm64_encrypt_blocks wrt ..imagebase - DD $L$SEH_end_aes_hw_ccm64_encrypt_blocks wrt ..imagebase - DD $L$SEH_info_ccm64_enc wrt ..imagebase - - DD $L$SEH_begin_aes_hw_ccm64_decrypt_blocks wrt ..imagebase - DD $L$SEH_end_aes_hw_ccm64_decrypt_blocks wrt ..imagebase - DD $L$SEH_info_ccm64_dec wrt ..imagebase - DD $L$SEH_begin_aes_hw_ctr32_encrypt_blocks wrt ..imagebase DD $L$SEH_end_aes_hw_ctr32_encrypt_blocks wrt ..imagebase DD $L$SEH_info_ctr32 wrt ..imagebase - - DD $L$SEH_begin_aes_hw_xts_encrypt wrt ..imagebase - DD $L$SEH_end_aes_hw_xts_encrypt wrt ..imagebase - DD $L$SEH_info_xts_enc wrt ..imagebase - - DD $L$SEH_begin_aes_hw_xts_decrypt wrt ..imagebase - DD $L$SEH_end_aes_hw_xts_decrypt wrt ..imagebase - DD $L$SEH_info_xts_dec wrt ..imagebase - - DD $L$SEH_begin_aes_hw_ocb_encrypt wrt ..imagebase - DD $L$SEH_end_aes_hw_ocb_encrypt wrt ..imagebase - DD $L$SEH_info_ocb_enc wrt ..imagebase - - DD $L$SEH_begin_aes_hw_ocb_decrypt wrt ..imagebase - DD $L$SEH_end_aes_hw_ocb_decrypt wrt ..imagebase - DD $L$SEH_info_ocb_dec wrt ..imagebase DD $L$SEH_begin_aes_hw_cbc_encrypt wrt ..imagebase DD $L$SEH_end_aes_hw_cbc_encrypt wrt ..imagebase DD $L$SEH_info_cbc wrt ..imagebase @@ -5021,38 +2800,10 @@ $L$SEH_info_ecb: DB 9,0,0,0 DD ecb_ccm64_se_handler wrt ..imagebase DD $L$ecb_enc_body wrt ..imagebase,$L$ecb_enc_ret wrt ..imagebase -$L$SEH_info_ccm64_enc: -DB 9,0,0,0 - DD ecb_ccm64_se_handler wrt ..imagebase - DD $L$ccm64_enc_body wrt ..imagebase,$L$ccm64_enc_ret wrt ..imagebase -$L$SEH_info_ccm64_dec: -DB 9,0,0,0 - DD ecb_ccm64_se_handler wrt ..imagebase - DD $L$ccm64_dec_body wrt ..imagebase,$L$ccm64_dec_ret wrt ..imagebase $L$SEH_info_ctr32: DB 9,0,0,0 DD ctr_xts_se_handler wrt ..imagebase DD $L$ctr32_body wrt ..imagebase,$L$ctr32_epilogue wrt ..imagebase -$L$SEH_info_xts_enc: -DB 9,0,0,0 - DD ctr_xts_se_handler wrt ..imagebase - DD $L$xts_enc_body wrt ..imagebase,$L$xts_enc_epilogue wrt ..imagebase -$L$SEH_info_xts_dec: -DB 9,0,0,0 - DD ctr_xts_se_handler wrt ..imagebase - DD $L$xts_dec_body wrt ..imagebase,$L$xts_dec_epilogue wrt ..imagebase -$L$SEH_info_ocb_enc: -DB 9,0,0,0 - DD ocb_se_handler wrt ..imagebase - DD $L$ocb_enc_body wrt ..imagebase,$L$ocb_enc_epilogue wrt ..imagebase - DD $L$ocb_enc_pop wrt ..imagebase - DD 0 -$L$SEH_info_ocb_dec: -DB 9,0,0,0 - DD ocb_se_handler wrt ..imagebase - DD $L$ocb_dec_body wrt ..imagebase,$L$ocb_dec_epilogue wrt ..imagebase - DD $L$ocb_dec_pop wrt ..imagebase - DD 0 $L$SEH_info_cbc: DB 9,0,0,0 DD cbc_se_handler wrt ..imagebase diff --git a/win-x86_64/crypto/fipsmodule/bsaes-x86_64.asm b/win-x86_64/crypto/fipsmodule/bsaes-x86_64.asm index 923c9fa..bb5e4c0 100644 --- a/win-x86_64/crypto/fipsmodule/bsaes-x86_64.asm +++ b/win-x86_64/crypto/fipsmodule/bsaes-x86_64.asm @@ -18,6 +18,7 @@ EXTERN aes_nohw_decrypt ALIGN 64 _bsaes_encrypt8: + lea r11,[$L$BS0] movdqa xmm8,XMMWORD[rax] @@ -488,8 +489,10 @@ $L$enc_done: + ALIGN 64 _bsaes_decrypt8: + lea r11,[$L$BS0] movdqa xmm8,XMMWORD[rax] @@ -993,8 +996,10 @@ $L$dec_done: DB 0F3h,0C3h ;repret + ALIGN 16 _bsaes_key_convert: + lea r11,[$L$masks] movdqu xmm7,XMMWORD[rcx] lea rcx,[16+rcx] @@ -1074,6 +1079,7 @@ DB 102,15,56,0,244 DB 0F3h,0C3h ;repret + EXTERN aes_nohw_cbc_encrypt global bsaes_cbc_encrypt @@ -1373,6 +1379,12 @@ global bsaes_ctr32_encrypt_blocks ALIGN 16 bsaes_ctr32_encrypt_blocks: +%ifndef NDEBUG +%ifndef BORINGSSL_FIPS +EXTERN BORINGSSL_function_hit + mov BYTE[((BORINGSSL_function_hit+6))],1 +%endif +%endif mov rax,rsp $L$ctr_enc_prologue: push rbp diff --git a/win-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.asm b/win-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.asm new file mode 100644 index 0000000..434ba10 --- /dev/null +++ b/win-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.asm @@ -0,0 +1,495 @@ +; This file is generated from a similarly-named Perl script in the BoringSSL +; source tree. Do not edit by hand. + +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD + +%ifdef BORINGSSL_PREFIX +%include "boringssl_prefix_symbols_nasm.inc" +%endif +section .text code align=64 + + + + + + + +global gcm_gmult_ssse3 +ALIGN 16 +gcm_gmult_ssse3: + +$L$gmult_seh_begin: + sub rsp,40 +$L$gmult_seh_allocstack: + movdqa XMMWORD[rsp],xmm6 +$L$gmult_seh_save_xmm6: + movdqa XMMWORD[16+rsp],xmm10 +$L$gmult_seh_save_xmm10: +$L$gmult_seh_prolog_end: + movdqu xmm0,XMMWORD[rcx] + movdqa xmm10,XMMWORD[$L$reverse_bytes] + movdqa xmm2,XMMWORD[$L$low4_mask] + + +DB 102,65,15,56,0,194 + + + movdqa xmm1,xmm2 + pandn xmm1,xmm0 + psrld xmm1,4 + pand xmm0,xmm2 + + + + + pxor xmm2,xmm2 + pxor xmm3,xmm3 + mov rax,5 +$L$oop_row_1: + movdqa xmm4,XMMWORD[rdx] + lea rdx,[16+rdx] + + + movdqa xmm6,xmm2 +DB 102,15,58,15,243,1 + movdqa xmm3,xmm6 + psrldq xmm2,1 + + + + + movdqa xmm5,xmm4 +DB 102,15,56,0,224 +DB 102,15,56,0,233 + + + pxor xmm2,xmm5 + + + + movdqa xmm5,xmm4 + psllq xmm5,60 + movdqa xmm6,xmm5 + pslldq xmm6,8 + pxor xmm3,xmm6 + + + psrldq xmm5,8 + pxor xmm2,xmm5 + psrlq xmm4,4 + pxor xmm2,xmm4 + + sub rax,1 + jnz NEAR $L$oop_row_1 + + + + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,5 + pxor xmm2,xmm3 + pxor xmm3,xmm3 + mov rax,5 +$L$oop_row_2: + movdqa xmm4,XMMWORD[rdx] + lea rdx,[16+rdx] + + + movdqa xmm6,xmm2 +DB 102,15,58,15,243,1 + movdqa xmm3,xmm6 + psrldq xmm2,1 + + + + + movdqa xmm5,xmm4 +DB 102,15,56,0,224 +DB 102,15,56,0,233 + + + pxor xmm2,xmm5 + + + + movdqa xmm5,xmm4 + psllq xmm5,60 + movdqa xmm6,xmm5 + pslldq xmm6,8 + pxor xmm3,xmm6 + + + psrldq xmm5,8 + pxor xmm2,xmm5 + psrlq xmm4,4 + pxor xmm2,xmm4 + + sub rax,1 + jnz NEAR $L$oop_row_2 + + + + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,5 + pxor xmm2,xmm3 + pxor xmm3,xmm3 + mov rax,6 +$L$oop_row_3: + movdqa xmm4,XMMWORD[rdx] + lea rdx,[16+rdx] + + + movdqa xmm6,xmm2 +DB 102,15,58,15,243,1 + movdqa xmm3,xmm6 + psrldq xmm2,1 + + + + + movdqa xmm5,xmm4 +DB 102,15,56,0,224 +DB 102,15,56,0,233 + + + pxor xmm2,xmm5 + + + + movdqa xmm5,xmm4 + psllq xmm5,60 + movdqa xmm6,xmm5 + pslldq xmm6,8 + pxor xmm3,xmm6 + + + psrldq xmm5,8 + pxor xmm2,xmm5 + psrlq xmm4,4 + pxor xmm2,xmm4 + + sub rax,1 + jnz NEAR $L$oop_row_3 + + + + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,5 + pxor xmm2,xmm3 + pxor xmm3,xmm3 + +DB 102,65,15,56,0,210 + movdqu XMMWORD[rcx],xmm2 + + + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + pxor xmm6,xmm6 + movdqa xmm6,XMMWORD[rsp] + movdqa xmm10,XMMWORD[16+rsp] + add rsp,40 + DB 0F3h,0C3h ;repret +$L$gmult_seh_end: + + + + + + + + +global gcm_ghash_ssse3 +ALIGN 16 +gcm_ghash_ssse3: +$L$ghash_seh_begin: + + sub rsp,56 +$L$ghash_seh_allocstack: + movdqa XMMWORD[rsp],xmm6 +$L$ghash_seh_save_xmm6: + movdqa XMMWORD[16+rsp],xmm10 +$L$ghash_seh_save_xmm10: + movdqa XMMWORD[32+rsp],xmm11 +$L$ghash_seh_save_xmm11: +$L$ghash_seh_prolog_end: + movdqu xmm0,XMMWORD[rcx] + movdqa xmm10,XMMWORD[$L$reverse_bytes] + movdqa xmm11,XMMWORD[$L$low4_mask] + + + and r9,-16 + + + +DB 102,65,15,56,0,194 + + + pxor xmm3,xmm3 +$L$oop_ghash: + + movdqu xmm1,XMMWORD[r8] +DB 102,65,15,56,0,202 + pxor xmm0,xmm1 + + + movdqa xmm1,xmm11 + pandn xmm1,xmm0 + psrld xmm1,4 + pand xmm0,xmm11 + + + + + pxor xmm2,xmm2 + + mov rax,5 +$L$oop_row_4: + movdqa xmm4,XMMWORD[rdx] + lea rdx,[16+rdx] + + + movdqa xmm6,xmm2 +DB 102,15,58,15,243,1 + movdqa xmm3,xmm6 + psrldq xmm2,1 + + + + + movdqa xmm5,xmm4 +DB 102,15,56,0,224 +DB 102,15,56,0,233 + + + pxor xmm2,xmm5 + + + + movdqa xmm5,xmm4 + psllq xmm5,60 + movdqa xmm6,xmm5 + pslldq xmm6,8 + pxor xmm3,xmm6 + + + psrldq xmm5,8 + pxor xmm2,xmm5 + psrlq xmm4,4 + pxor xmm2,xmm4 + + sub rax,1 + jnz NEAR $L$oop_row_4 + + + + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,5 + pxor xmm2,xmm3 + pxor xmm3,xmm3 + mov rax,5 +$L$oop_row_5: + movdqa xmm4,XMMWORD[rdx] + lea rdx,[16+rdx] + + + movdqa xmm6,xmm2 +DB 102,15,58,15,243,1 + movdqa xmm3,xmm6 + psrldq xmm2,1 + + + + + movdqa xmm5,xmm4 +DB 102,15,56,0,224 +DB 102,15,56,0,233 + + + pxor xmm2,xmm5 + + + + movdqa xmm5,xmm4 + psllq xmm5,60 + movdqa xmm6,xmm5 + pslldq xmm6,8 + pxor xmm3,xmm6 + + + psrldq xmm5,8 + pxor xmm2,xmm5 + psrlq xmm4,4 + pxor xmm2,xmm4 + + sub rax,1 + jnz NEAR $L$oop_row_5 + + + + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,5 + pxor xmm2,xmm3 + pxor xmm3,xmm3 + mov rax,6 +$L$oop_row_6: + movdqa xmm4,XMMWORD[rdx] + lea rdx,[16+rdx] + + + movdqa xmm6,xmm2 +DB 102,15,58,15,243,1 + movdqa xmm3,xmm6 + psrldq xmm2,1 + + + + + movdqa xmm5,xmm4 +DB 102,15,56,0,224 +DB 102,15,56,0,233 + + + pxor xmm2,xmm5 + + + + movdqa xmm5,xmm4 + psllq xmm5,60 + movdqa xmm6,xmm5 + pslldq xmm6,8 + pxor xmm3,xmm6 + + + psrldq xmm5,8 + pxor xmm2,xmm5 + psrlq xmm4,4 + pxor xmm2,xmm4 + + sub rax,1 + jnz NEAR $L$oop_row_6 + + + + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,1 + pxor xmm2,xmm3 + psrlq xmm3,5 + pxor xmm2,xmm3 + pxor xmm3,xmm3 + movdqa xmm0,xmm2 + + + lea rdx,[((-256))+rdx] + + + lea r8,[16+r8] + sub r9,16 + jnz NEAR $L$oop_ghash + + +DB 102,65,15,56,0,194 + movdqu XMMWORD[rcx],xmm0 + + + pxor xmm0,xmm0 + pxor xmm1,xmm1 + pxor xmm2,xmm2 + pxor xmm3,xmm3 + pxor xmm4,xmm4 + pxor xmm5,xmm5 + pxor xmm6,xmm6 + movdqa xmm6,XMMWORD[rsp] + movdqa xmm10,XMMWORD[16+rsp] + movdqa xmm11,XMMWORD[32+rsp] + add rsp,56 + DB 0F3h,0C3h ;repret +$L$ghash_seh_end: + + + +ALIGN 16 + + +$L$reverse_bytes: +DB 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 + +$L$low4_mask: + DQ 0x0f0f0f0f0f0f0f0f,0x0f0f0f0f0f0f0f0f +section .pdata rdata align=4 +ALIGN 4 + DD $L$gmult_seh_begin wrt ..imagebase + DD $L$gmult_seh_end wrt ..imagebase + DD $L$gmult_seh_info wrt ..imagebase + + DD $L$ghash_seh_begin wrt ..imagebase + DD $L$ghash_seh_end wrt ..imagebase + DD $L$ghash_seh_info wrt ..imagebase + +section .xdata rdata align=8 +ALIGN 8 +$L$gmult_seh_info: +DB 1 +DB $L$gmult_seh_prolog_end-$L$gmult_seh_begin +DB 5 +DB 0 + +DB $L$gmult_seh_save_xmm10-$L$gmult_seh_begin +DB 168 + DW 1 + +DB $L$gmult_seh_save_xmm6-$L$gmult_seh_begin +DB 104 + DW 0 + +DB $L$gmult_seh_allocstack-$L$gmult_seh_begin +DB 66 + +ALIGN 8 +$L$ghash_seh_info: +DB 1 +DB $L$ghash_seh_prolog_end-$L$ghash_seh_begin +DB 7 +DB 0 + +DB $L$ghash_seh_save_xmm11-$L$ghash_seh_begin +DB 184 + DW 2 + +DB $L$ghash_seh_save_xmm10-$L$ghash_seh_begin +DB 168 + DW 1 + +DB $L$ghash_seh_save_xmm6-$L$ghash_seh_begin +DB 104 + DW 0 + +DB $L$ghash_seh_allocstack-$L$ghash_seh_begin +DB 98 diff --git a/win-x86_64/crypto/fipsmodule/ghash-x86_64.asm b/win-x86_64/crypto/fipsmodule/ghash-x86_64.asm index 31d601a..fdf914f 100644 --- a/win-x86_64/crypto/fipsmodule/ghash-x86_64.asm +++ b/win-x86_64/crypto/fipsmodule/ghash-x86_64.asm @@ -727,6 +727,7 @@ global gcm_init_clmul ALIGN 16 gcm_init_clmul: + $L$_init_clmul: $L$SEH_begin_gcm_init_clmul: @@ -886,10 +887,12 @@ DB 102,15,58,15,227,8 $L$SEH_end_gcm_init_clmul: DB 0F3h,0C3h ;repret + global gcm_gmult_clmul ALIGN 16 gcm_gmult_clmul: + $L$_gmult_clmul: movdqu xmm0,XMMWORD[rcx] movdqa xmm5,XMMWORD[$L$bswap_mask] @@ -937,10 +940,12 @@ DB 102,15,56,0,197 movdqu XMMWORD[rcx],xmm0 DB 0F3h,0C3h ;repret + global gcm_ghash_clmul ALIGN 32 gcm_ghash_clmul: + $L$_ghash_clmul: lea rax,[((-136))+rsp] $L$SEH_begin_gcm_ghash_clmul: @@ -1347,10 +1352,12 @@ DB 102,65,15,56,0,194 $L$SEH_end_gcm_ghash_clmul: DB 0F3h,0C3h ;repret + global gcm_init_avx ALIGN 32 gcm_init_avx: + $L$SEH_begin_gcm_init_avx: DB 0x48,0x83,0xec,0x18 @@ -1461,16 +1468,20 @@ $L$init_start_avx: $L$SEH_end_gcm_init_avx: DB 0F3h,0C3h ;repret + global gcm_gmult_avx ALIGN 32 gcm_gmult_avx: + jmp NEAR $L$_gmult_clmul + global gcm_ghash_avx ALIGN 32 gcm_ghash_avx: + lea rax,[((-136))+rsp] $L$SEH_begin_gcm_ghash_avx: @@ -1869,6 +1880,7 @@ $L$tail_no_xor_avx: $L$SEH_end_gcm_ghash_avx: DB 0F3h,0C3h ;repret + ALIGN 64 $L$bswap_mask: DB 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 diff --git a/win-x86_64/crypto/fipsmodule/md5-x86_64.asm b/win-x86_64/crypto/fipsmodule/md5-x86_64.asm index 2f79e33..646201b 100644 --- a/win-x86_64/crypto/fipsmodule/md5-x86_64.asm +++ b/win-x86_64/crypto/fipsmodule/md5-x86_64.asm @@ -25,11 +25,17 @@ $L$SEH_begin_md5_block_asm_data_order: mov rdx,r8 + push rbp + push rbx + push r12 + push r14 + push r15 + $L$prologue: @@ -679,15 +685,22 @@ $L$end: mov DWORD[12+rbp],edx mov r15,QWORD[rsp] + mov r14,QWORD[8+rsp] + mov r12,QWORD[16+rsp] + mov rbx,QWORD[24+rsp] + mov rbp,QWORD[32+rsp] + add rsp,40 + $L$epilogue: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_md5_block_asm_data_order: EXTERN __imp_RtlVirtualUnwind diff --git a/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm b/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm index 54a87bb..cdde939 100644 --- a/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm +++ b/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm @@ -1296,6 +1296,7 @@ ALIGN 32 __ecp_nistz256_mul_montq: + mov rbp,rax mul r9 mov r14,QWORD[(($L$poly+8))] @@ -1514,6 +1515,7 @@ __ecp_nistz256_mul_montq: + global ecp_nistz256_sqr_mont ALIGN 32 @@ -1587,6 +1589,7 @@ $L$SEH_end_ecp_nistz256_sqr_mont: ALIGN 32 __ecp_nistz256_sqr_montq: + mov r13,rax mul r14 mov r9,rax @@ -1746,10 +1749,12 @@ __ecp_nistz256_sqr_montq: DB 0F3h,0C3h ;repret + ALIGN 32 __ecp_nistz256_mul_montx: + mulx r9,r8,r9 mulx r10,rcx,r10 mov r14,32 @@ -1913,8 +1918,10 @@ __ecp_nistz256_mul_montx: + ALIGN 32 __ecp_nistz256_sqr_montx: + mulx r10,r9,r14 mulx r11,rcx,r15 xor eax,eax @@ -2041,10 +2048,12 @@ DB 0x67,0x67 + global ecp_nistz256_select_w5 ALIGN 32 ecp_nistz256_select_w5: + lea rax,[OPENSSL_ia32cap_P] mov rax,QWORD[8+rax] test eax,32 @@ -2124,6 +2133,7 @@ $L$select_loop_sse_w5: movaps xmm15,XMMWORD[144+rsp] lea rsp,[168+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_ecp_nistz256_select_w5: @@ -2133,6 +2143,7 @@ global ecp_nistz256_select_w7 ALIGN 32 ecp_nistz256_select_w7: + lea rax,[OPENSSL_ia32cap_P] mov rax,QWORD[8+rax] test eax,32 @@ -2201,6 +2212,7 @@ $L$select_loop_sse_w7: movaps xmm15,XMMWORD[144+rsp] lea rsp,[168+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_ecp_nistz256_select_w7: @@ -2208,6 +2220,7 @@ $L$SEH_end_ecp_nistz256_select_w7: ALIGN 32 ecp_nistz256_avx2_select_w5: + $L$avx2_select_w5: vzeroupper lea rax,[((-136))+rsp] @@ -2287,6 +2300,7 @@ $L$select_loop_avx2_w5: movaps xmm15,XMMWORD[144+rsp] lea rsp,[r11] DB 0F3h,0C3h ;repret + $L$SEH_end_ecp_nistz256_avx2_select_w5: @@ -2296,6 +2310,7 @@ global ecp_nistz256_avx2_select_w7 ALIGN 32 ecp_nistz256_avx2_select_w7: + $L$avx2_select_w7: vzeroupper mov r11,rsp @@ -2390,11 +2405,13 @@ $L$select_loop_avx2_w7: movaps xmm15,XMMWORD[144+rsp] lea rsp,[r11] DB 0F3h,0C3h ;repret + $L$SEH_end_ecp_nistz256_avx2_select_w7: ALIGN 32 __ecp_nistz256_add_toq: + xor r11,r11 add r12,QWORD[rbx] adc r13,QWORD[8+rbx] @@ -2425,8 +2442,10 @@ __ecp_nistz256_add_toq: + ALIGN 32 __ecp_nistz256_sub_fromq: + sub r12,QWORD[rbx] sbb r13,QWORD[8+rbx] mov rax,r12 @@ -2456,8 +2475,10 @@ __ecp_nistz256_sub_fromq: + ALIGN 32 __ecp_nistz256_subq: + sub rax,r12 sbb rbp,r13 mov r12,rax @@ -2483,8 +2504,10 @@ __ecp_nistz256_subq: + ALIGN 32 __ecp_nistz256_mul_by_2q: + xor r11,r11 add r12,r12 adc r13,r13 @@ -2513,6 +2536,7 @@ __ecp_nistz256_mul_by_2q: DB 0F3h,0C3h ;repret + global ecp_nistz256_point_double ALIGN 32 @@ -2953,8 +2977,10 @@ $L$add_doubleq: DB 102,72,15,126,206 DB 102,72,15,126,199 add rsp,416 + jmp NEAR $L$point_double_shortcutq + ALIGN 32 $L$add_proceedq: mov rax,QWORD[((0+64))+rsp] @@ -3523,6 +3549,7 @@ $L$SEH_end_ecp_nistz256_point_add_affine: ALIGN 32 __ecp_nistz256_add_tox: + xor r11,r11 adc r12,QWORD[rbx] adc r13,QWORD[8+rbx] @@ -3554,8 +3581,10 @@ __ecp_nistz256_add_tox: + ALIGN 32 __ecp_nistz256_sub_fromx: + xor r11,r11 sbb r12,QWORD[rbx] sbb r13,QWORD[8+rbx] @@ -3587,8 +3616,10 @@ __ecp_nistz256_sub_fromx: + ALIGN 32 __ecp_nistz256_subx: + xor r11,r11 sbb rax,r12 sbb rbp,r13 @@ -3616,8 +3647,10 @@ __ecp_nistz256_subx: + ALIGN 32 __ecp_nistz256_mul_by_2x: + xor r11,r11 adc r12,r12 adc r13,r13 @@ -3648,6 +3681,7 @@ __ecp_nistz256_mul_by_2x: DB 0F3h,0C3h ;repret + ALIGN 32 ecp_nistz256_point_doublex: mov QWORD[8+rsp],rdi ;WIN64 prologue @@ -4077,8 +4111,10 @@ $L$add_doublex: DB 102,72,15,126,206 DB 102,72,15,126,199 add rsp,416 + jmp NEAR $L$point_double_shortcutx + ALIGN 32 $L$add_proceedx: mov rdx,QWORD[((0+64))+rsp] diff --git a/win-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.asm b/win-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.asm index 81c09ce..563699d 100644 --- a/win-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.asm +++ b/win-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.asm @@ -32,9 +32,6 @@ $L$SEH_begin_beeu_mod_inverse_vartime: push rbp - mov rbp,rsp - - push r12 push r13 @@ -49,6 +46,7 @@ $L$SEH_begin_beeu_mod_inverse_vartime: sub rsp,80 + mov QWORD[rsp],rdi @@ -318,6 +316,7 @@ $L$beeu_err: $L$beeu_finish: add rsp,80 + pop rsi pop rbx @@ -332,10 +331,9 @@ $L$beeu_finish: pop rbp - - mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_beeu_mod_inverse_vartime: diff --git a/win-x86_64/crypto/fipsmodule/rdrand-x86_64.asm b/win-x86_64/crypto/fipsmodule/rdrand-x86_64.asm index a34249b..89b91de 100644 --- a/win-x86_64/crypto/fipsmodule/rdrand-x86_64.asm +++ b/win-x86_64/crypto/fipsmodule/rdrand-x86_64.asm @@ -19,23 +19,12 @@ global CRYPTO_rdrand ALIGN 16 CRYPTO_rdrand: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_CRYPTO_rdrand: - mov rdi,rcx - - xor rax,rax - - -DB 0x48,0x0f,0xc7,0xf1 +DB 73,15,199,240 adc rax,rax - mov QWORD[rdi],rcx - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] + mov QWORD[rcx],r8 DB 0F3h,0C3h ;repret @@ -43,39 +32,27 @@ DB 0x48,0x0f,0xc7,0xf1 + global CRYPTO_rdrand_multiple8_buf ALIGN 16 CRYPTO_rdrand_multiple8_buf: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_CRYPTO_rdrand_multiple8_buf: - mov rdi,rcx - mov rsi,rdx - - - test rsi,rsi + test rdx,rdx jz NEAR $L$out - mov rdx,8 + mov r8,8 $L$loop: - - -DB 0x48,0x0f,0xc7,0xf1 +DB 73,15,199,241 jnc NEAR $L$err - mov QWORD[rdi],rcx - add rdi,rdx - sub rsi,rdx + mov QWORD[rcx],r9 + add rcx,r8 + sub rdx,r8 jnz NEAR $L$loop $L$out: mov rax,1 - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret $L$err: xor rax,rax - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + diff --git a/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm b/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm index 5165c58..74e2705 100644 --- a/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm +++ b/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm @@ -1297,6 +1297,7 @@ global rsaz_1024_red2norm_avx2 ALIGN 32 rsaz_1024_red2norm_avx2: + sub rdx,-128 xor rax,rax mov r8,QWORD[((-128))+rdx] @@ -1490,10 +1491,12 @@ rsaz_1024_red2norm_avx2: DB 0F3h,0C3h ;repret + global rsaz_1024_norm2red_avx2 ALIGN 32 rsaz_1024_norm2red_avx2: + sub rcx,-128 mov r8,QWORD[rdx] mov eax,0x1fffffff @@ -1647,10 +1650,12 @@ rsaz_1024_norm2red_avx2: mov QWORD[184+rcx],r8 DB 0F3h,0C3h ;repret + global rsaz_1024_scatter5_avx2 ALIGN 32 rsaz_1024_scatter5_avx2: + vzeroupper vmovdqu ymm5,YMMWORD[$L$scatter_permd] shl r8d,4 @@ -1672,6 +1677,7 @@ $L$oop_scatter_1024: DB 0F3h,0C3h ;repret + global rsaz_1024_gather5_avx2 ALIGN 32 @@ -1817,23 +1823,6 @@ $L$oop_gather_1024: $L$SEH_end_rsaz_1024_gather5: -EXTERN OPENSSL_ia32cap_P -global rsaz_avx2_eligible - -ALIGN 32 -rsaz_avx2_eligible: - lea rax,[OPENSSL_ia32cap_P] - mov eax,DWORD[8+rax] - mov ecx,524544 - mov edx,0 - and ecx,eax - cmp ecx,524544 - cmove eax,edx - and eax,32 - shr eax,5 - DB 0F3h,0C3h ;repret - - ALIGN 64 $L$and_mask: DQ 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff diff --git a/win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm b/win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm index d1d1fe7..593d166 100644 --- a/win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm +++ b/win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm @@ -30,6 +30,7 @@ section .text code align=64 ALIGN 16 _vpaes_encrypt_core: + mov r9,rdx mov r11,16 mov eax,DWORD[240+rdx] @@ -118,8 +119,10 @@ DB 102,15,56,0,193 + ALIGN 16 _vpaes_decrypt_core: + mov r9,rdx mov eax,DWORD[240+rdx] movdqa xmm1,xmm9 @@ -224,6 +227,7 @@ DB 102,15,56,0,194 + ALIGN 16 _vpaes_schedule_core: @@ -231,6 +235,7 @@ _vpaes_schedule_core: + call _vpaes_preheat movdqa xmm8,XMMWORD[$L$k_rcon] movdqu xmm0,XMMWORD[rdi] @@ -409,8 +414,10 @@ $L$schedule_mangle_last_dec: + ALIGN 16 _vpaes_schedule_192_smear: + pshufd xmm1,xmm6,0x80 pshufd xmm0,xmm7,0xFE pxor xmm6,xmm1 @@ -438,11 +445,13 @@ _vpaes_schedule_192_smear: + ALIGN 16 _vpaes_schedule_round: + pxor xmm1,xmm1 DB 102,65,15,58,15,200,15 DB 102,69,15,58,15,192,15 @@ -507,8 +516,10 @@ DB 102,15,56,0,195 + ALIGN 16 _vpaes_schedule_transform: + movdqa xmm1,xmm9 pandn xmm1,xmm0 psrld xmm1,4 @@ -543,10 +554,12 @@ DB 102,15,56,0,193 + ALIGN 16 _vpaes_schedule_mangle: + movdqa xmm4,xmm0 movdqa xmm5,XMMWORD[$L$k_mc_forward] test rcx,rcx @@ -616,6 +629,7 @@ DB 102,15,56,0,217 + global vpaes_set_encrypt_key ALIGN 16 @@ -629,6 +643,14 @@ $L$SEH_begin_vpaes_set_encrypt_key: mov rdx,r8 + +%ifndef NDEBUG +%ifndef BORINGSSL_FIPS +EXTERN BORINGSSL_function_hit + mov BYTE[((BORINGSSL_function_hit+5))],1 +%endif +%endif + lea rsp,[((-184))+rsp] movaps XMMWORD[16+rsp],xmm6 movaps XMMWORD[32+rsp],xmm7 @@ -665,6 +687,7 @@ $L$enc_key_epilogue: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_vpaes_set_encrypt_key: global vpaes_set_decrypt_key @@ -680,6 +703,7 @@ $L$SEH_begin_vpaes_set_decrypt_key: mov rdx,r8 + lea rsp,[((-184))+rsp] movaps XMMWORD[16+rsp],xmm6 movaps XMMWORD[32+rsp],xmm7 @@ -721,6 +745,7 @@ $L$dec_key_epilogue: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_vpaes_set_decrypt_key: global vpaes_encrypt @@ -736,6 +761,13 @@ $L$SEH_begin_vpaes_encrypt: mov rdx,r8 + +%ifndef NDEBUG +%ifndef BORINGSSL_FIPS +EXTERN BORINGSSL_function_hit + mov BYTE[((BORINGSSL_function_hit+4))],1 +%endif +%endif lea rsp,[((-184))+rsp] movaps XMMWORD[16+rsp],xmm6 movaps XMMWORD[32+rsp],xmm7 @@ -767,6 +799,7 @@ $L$enc_epilogue: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_vpaes_encrypt: global vpaes_decrypt @@ -782,6 +815,7 @@ $L$SEH_begin_vpaes_decrypt: mov rdx,r8 + lea rsp,[((-184))+rsp] movaps XMMWORD[16+rsp],xmm6 movaps XMMWORD[32+rsp],xmm7 @@ -813,6 +847,7 @@ $L$dec_epilogue: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_vpaes_decrypt: global vpaes_cbc_encrypt @@ -830,6 +865,7 @@ $L$SEH_begin_vpaes_cbc_encrypt: mov r9,QWORD[48+rsp] + xchg rdx,rcx sub rcx,16 jc NEAR $L$cbc_abort @@ -891,6 +927,7 @@ $L$cbc_abort: mov rdi,QWORD[8+rsp] ;WIN64 epilogue mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret + $L$SEH_end_vpaes_cbc_encrypt: @@ -901,6 +938,7 @@ $L$SEH_end_vpaes_cbc_encrypt: ALIGN 16 _vpaes_preheat: + lea r10,[$L$k_s0F] movdqa xmm10,XMMWORD[((-32))+r10] movdqa xmm11,XMMWORD[((-16))+r10] @@ -917,6 +955,7 @@ _vpaes_preheat: + ALIGN 64 _vpaes_consts: $L$k_inv: diff --git a/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm b/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm index 2ef94fc..7a1d5db 100644 --- a/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm +++ b/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm @@ -591,6 +591,7 @@ $L$SEH_end_bn_mul4x_mont_gather5: ALIGN 32 mul4x_internal: + shl r9,5 movd xmm5,DWORD[56+rax] lea rax,[$L$inc] @@ -1113,6 +1114,7 @@ $L$inner4x: mov r15,QWORD[24+rbp] jmp NEAR $L$sqr4x_sub_entry + global bn_power5 ALIGN 32 @@ -1340,6 +1342,7 @@ __bn_sqr8x_internal: + lea rbp,[32+r10] @@ -2045,8 +2048,10 @@ DB 102,73,15,126,217 DB 0F3h,0C3h ;repret + ALIGN 32 __bn_post4x_internal: + mov r12,QWORD[rbp] lea rbx,[r9*1+rdi] mov rcx,r9 @@ -2098,10 +2103,12 @@ $L$sqr4x_sub_entry: neg r9 DB 0F3h,0C3h ;repret + global bn_from_montgomery ALIGN 32 bn_from_montgomery: + test DWORD[48+rsp],7 jz NEAR bn_from_mont8x xor eax,eax @@ -2109,6 +2116,7 @@ bn_from_montgomery: + ALIGN 32 bn_from_mont8x: mov QWORD[8+rsp],rdi ;WIN64 prologue @@ -2418,6 +2426,7 @@ $L$SEH_end_bn_mulx4x_mont_gather5: ALIGN 32 mulx4x_internal: + mov QWORD[8+rsp],r9 mov r10,r9 neg r9 @@ -2838,6 +2847,7 @@ $L$mulx4x_inner: jmp NEAR $L$sqrx4x_sub_entry + ALIGN 32 bn_powerx5: mov QWORD[8+rsp],rdi ;WIN64 prologue @@ -3030,6 +3040,7 @@ __bn_sqrx8x_internal: + lea rdi,[((48+8))+rsp] @@ -3604,8 +3615,11 @@ DB 102,72,15,126,213 jb NEAR $L$sqrx8x_reduction_loop DB 0F3h,0C3h ;repret + ALIGN 32 + __bn_postx4x_internal: + mov r12,QWORD[rbp] mov r10,rcx mov r9,rcx @@ -3654,10 +3668,12 @@ $L$sqrx4x_sub_entry: DB 0F3h,0C3h ;repret + global bn_scatter5 ALIGN 16 bn_scatter5: + cmp edx,0 jz NEAR $L$scatter_epilogue lea r8,[r9*8+r8] @@ -3672,13 +3688,16 @@ $L$scatter_epilogue: DB 0F3h,0C3h ;repret + global bn_gather5 ALIGN 32 bn_gather5: + $L$SEH_begin_bn_gather5: DB 0x4c,0x8d,0x14,0x24 + DB 0x48,0x81,0xec,0x08,0x01,0x00,0x00 lea rax,[$L$inc] and rsp,-16 @@ -3832,9 +3851,11 @@ $L$gather: jnz NEAR $L$gather lea rsp,[r10] + DB 0F3h,0C3h ;repret $L$SEH_end_bn_gather5: + ALIGN 64 $L$inc: DD 0,0,1,1 diff --git a/win-x86_64/crypto/test/trampoline-x86_64.asm b/win-x86_64/crypto/test/trampoline-x86_64.asm new file mode 100644 index 0000000..9900669 --- /dev/null +++ b/win-x86_64/crypto/test/trampoline-x86_64.asm @@ -0,0 +1,682 @@ +; This file is generated from a similarly-named Perl script in the BoringSSL +; source tree. Do not edit by hand. + +default rel +%define XMMWORD +%define YMMWORD +%define ZMMWORD + +%ifdef BORINGSSL_PREFIX +%include "boringssl_prefix_symbols_nasm.inc" +%endif +section .text code align=64 + + + + + + + + + + +global abi_test_trampoline +ALIGN 16 +abi_test_trampoline: +$L$abi_test_trampoline_seh_begin: + + + + + + + + + + + sub rsp,344 + +$L$abi_test_trampoline_seh_prolog_alloc: + mov QWORD[112+rsp],rbx + +$L$abi_test_trampoline_seh_prolog_rbx: + mov QWORD[120+rsp],rbp + +$L$abi_test_trampoline_seh_prolog_rbp: + mov QWORD[128+rsp],rdi + +$L$abi_test_trampoline_seh_prolog_rdi: + mov QWORD[136+rsp],rsi + +$L$abi_test_trampoline_seh_prolog_rsi: + mov QWORD[144+rsp],r12 + +$L$abi_test_trampoline_seh_prolog_r12: + mov QWORD[152+rsp],r13 + +$L$abi_test_trampoline_seh_prolog_r13: + mov QWORD[160+rsp],r14 + +$L$abi_test_trampoline_seh_prolog_r14: + mov QWORD[168+rsp],r15 + +$L$abi_test_trampoline_seh_prolog_r15: + movdqa XMMWORD[176+rsp],xmm6 + +$L$abi_test_trampoline_seh_prolog_xmm6: + movdqa XMMWORD[192+rsp],xmm7 + +$L$abi_test_trampoline_seh_prolog_xmm7: + movdqa XMMWORD[208+rsp],xmm8 + +$L$abi_test_trampoline_seh_prolog_xmm8: + movdqa XMMWORD[224+rsp],xmm9 + +$L$abi_test_trampoline_seh_prolog_xmm9: + movdqa XMMWORD[240+rsp],xmm10 + +$L$abi_test_trampoline_seh_prolog_xmm10: + movdqa XMMWORD[256+rsp],xmm11 + +$L$abi_test_trampoline_seh_prolog_xmm11: + movdqa XMMWORD[272+rsp],xmm12 + +$L$abi_test_trampoline_seh_prolog_xmm12: + movdqa XMMWORD[288+rsp],xmm13 + +$L$abi_test_trampoline_seh_prolog_xmm13: + movdqa XMMWORD[304+rsp],xmm14 + +$L$abi_test_trampoline_seh_prolog_xmm14: + movdqa XMMWORD[320+rsp],xmm15 + +$L$abi_test_trampoline_seh_prolog_xmm15: +$L$abi_test_trampoline_seh_prolog_end: + mov rbx,QWORD[rdx] + mov rbp,QWORD[8+rdx] + mov rdi,QWORD[16+rdx] + mov rsi,QWORD[24+rdx] + mov r12,QWORD[32+rdx] + mov r13,QWORD[40+rdx] + mov r14,QWORD[48+rdx] + mov r15,QWORD[56+rdx] + movdqa xmm6,XMMWORD[64+rdx] + movdqa xmm7,XMMWORD[80+rdx] + movdqa xmm8,XMMWORD[96+rdx] + movdqa xmm9,XMMWORD[112+rdx] + movdqa xmm10,XMMWORD[128+rdx] + movdqa xmm11,XMMWORD[144+rdx] + movdqa xmm12,XMMWORD[160+rdx] + movdqa xmm13,XMMWORD[176+rdx] + movdqa xmm14,XMMWORD[192+rdx] + movdqa xmm15,XMMWORD[208+rdx] + + mov QWORD[88+rsp],rcx + mov QWORD[96+rsp],rdx + + + + + mov r10,r8 + mov r11,r9 + dec r11 + js NEAR $L$args_done + mov rcx,QWORD[r10] + add r10,8 + dec r11 + js NEAR $L$args_done + mov rdx,QWORD[r10] + add r10,8 + dec r11 + js NEAR $L$args_done + mov r8,QWORD[r10] + add r10,8 + dec r11 + js NEAR $L$args_done + mov r9,QWORD[r10] + add r10,8 + lea rax,[32+rsp] +$L$args_loop: + dec r11 + js NEAR $L$args_done + + + + + + + mov QWORD[104+rsp],r11 + mov r11,QWORD[r10] + mov QWORD[rax],r11 + mov r11,QWORD[104+rsp] + + add r10,8 + add rax,8 + jmp NEAR $L$args_loop + +$L$args_done: + mov rax,QWORD[88+rsp] + mov r10,QWORD[384+rsp] + test r10,r10 + jz NEAR $L$no_unwind + + + pushfq + or QWORD[rsp],0x100 + popfq + + + + nop +global abi_test_unwind_start +abi_test_unwind_start: + + call rax +global abi_test_unwind_return +abi_test_unwind_return: + + + + + pushfq + and QWORD[rsp],-0x101 + popfq +global abi_test_unwind_stop +abi_test_unwind_stop: + + jmp NEAR $L$call_done + +$L$no_unwind: + call rax + +$L$call_done: + + mov rdx,QWORD[96+rsp] + mov QWORD[rdx],rbx + mov QWORD[8+rdx],rbp + mov QWORD[16+rdx],rdi + mov QWORD[24+rdx],rsi + mov QWORD[32+rdx],r12 + mov QWORD[40+rdx],r13 + mov QWORD[48+rdx],r14 + mov QWORD[56+rdx],r15 + movdqa XMMWORD[64+rdx],xmm6 + movdqa XMMWORD[80+rdx],xmm7 + movdqa XMMWORD[96+rdx],xmm8 + movdqa XMMWORD[112+rdx],xmm9 + movdqa XMMWORD[128+rdx],xmm10 + movdqa XMMWORD[144+rdx],xmm11 + movdqa XMMWORD[160+rdx],xmm12 + movdqa XMMWORD[176+rdx],xmm13 + movdqa XMMWORD[192+rdx],xmm14 + movdqa XMMWORD[208+rdx],xmm15 + mov rbx,QWORD[112+rsp] + + mov rbp,QWORD[120+rsp] + + mov rdi,QWORD[128+rsp] + + mov rsi,QWORD[136+rsp] + + mov r12,QWORD[144+rsp] + + mov r13,QWORD[152+rsp] + + mov r14,QWORD[160+rsp] + + mov r15,QWORD[168+rsp] + + movdqa xmm6,XMMWORD[176+rsp] + + movdqa xmm7,XMMWORD[192+rsp] + + movdqa xmm8,XMMWORD[208+rsp] + + movdqa xmm9,XMMWORD[224+rsp] + + movdqa xmm10,XMMWORD[240+rsp] + + movdqa xmm11,XMMWORD[256+rsp] + + movdqa xmm12,XMMWORD[272+rsp] + + movdqa xmm13,XMMWORD[288+rsp] + + movdqa xmm14,XMMWORD[304+rsp] + + movdqa xmm15,XMMWORD[320+rsp] + + add rsp,344 + + + + DB 0F3h,0C3h ;repret + +$L$abi_test_trampoline_seh_end: + + +global abi_test_clobber_rax +ALIGN 16 +abi_test_clobber_rax: + xor rax,rax + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_rbx +ALIGN 16 +abi_test_clobber_rbx: + xor rbx,rbx + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_rcx +ALIGN 16 +abi_test_clobber_rcx: + xor rcx,rcx + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_rdx +ALIGN 16 +abi_test_clobber_rdx: + xor rdx,rdx + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_rdi +ALIGN 16 +abi_test_clobber_rdi: + xor rdi,rdi + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_rsi +ALIGN 16 +abi_test_clobber_rsi: + xor rsi,rsi + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_rbp +ALIGN 16 +abi_test_clobber_rbp: + xor rbp,rbp + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_r8 +ALIGN 16 +abi_test_clobber_r8: + xor r8,r8 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_r9 +ALIGN 16 +abi_test_clobber_r9: + xor r9,r9 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_r10 +ALIGN 16 +abi_test_clobber_r10: + xor r10,r10 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_r11 +ALIGN 16 +abi_test_clobber_r11: + xor r11,r11 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_r12 +ALIGN 16 +abi_test_clobber_r12: + xor r12,r12 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_r13 +ALIGN 16 +abi_test_clobber_r13: + xor r13,r13 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_r14 +ALIGN 16 +abi_test_clobber_r14: + xor r14,r14 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_r15 +ALIGN 16 +abi_test_clobber_r15: + xor r15,r15 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm0 +ALIGN 16 +abi_test_clobber_xmm0: + pxor xmm0,xmm0 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm1 +ALIGN 16 +abi_test_clobber_xmm1: + pxor xmm1,xmm1 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm2 +ALIGN 16 +abi_test_clobber_xmm2: + pxor xmm2,xmm2 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm3 +ALIGN 16 +abi_test_clobber_xmm3: + pxor xmm3,xmm3 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm4 +ALIGN 16 +abi_test_clobber_xmm4: + pxor xmm4,xmm4 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm5 +ALIGN 16 +abi_test_clobber_xmm5: + pxor xmm5,xmm5 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm6 +ALIGN 16 +abi_test_clobber_xmm6: + pxor xmm6,xmm6 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm7 +ALIGN 16 +abi_test_clobber_xmm7: + pxor xmm7,xmm7 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm8 +ALIGN 16 +abi_test_clobber_xmm8: + pxor xmm8,xmm8 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm9 +ALIGN 16 +abi_test_clobber_xmm9: + pxor xmm9,xmm9 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm10 +ALIGN 16 +abi_test_clobber_xmm10: + pxor xmm10,xmm10 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm11 +ALIGN 16 +abi_test_clobber_xmm11: + pxor xmm11,xmm11 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm12 +ALIGN 16 +abi_test_clobber_xmm12: + pxor xmm12,xmm12 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm13 +ALIGN 16 +abi_test_clobber_xmm13: + pxor xmm13,xmm13 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm14 +ALIGN 16 +abi_test_clobber_xmm14: + pxor xmm14,xmm14 + DB 0F3h,0C3h ;repret + + +global abi_test_clobber_xmm15 +ALIGN 16 +abi_test_clobber_xmm15: + pxor xmm15,xmm15 + DB 0F3h,0C3h ;repret + + + + + +global abi_test_bad_unwind_wrong_register +ALIGN 16 +abi_test_bad_unwind_wrong_register: + +$L$abi_test_bad_unwind_wrong_register_seh_begin: + push r12 + +$L$abi_test_bad_unwind_wrong_register_seh_push_r13: + + + + nop + pop r12 + + DB 0F3h,0C3h ;repret +$L$abi_test_bad_unwind_wrong_register_seh_end: + + + + + + + +global abi_test_bad_unwind_temporary +ALIGN 16 +abi_test_bad_unwind_temporary: + +$L$abi_test_bad_unwind_temporary_seh_begin: + push r12 + +$L$abi_test_bad_unwind_temporary_seh_push_r12: + + mov rax,r12 + inc rax + mov QWORD[rsp],rax + + + + mov QWORD[rsp],r12 + + + pop r12 + + DB 0F3h,0C3h ;repret +$L$abi_test_bad_unwind_temporary_seh_end: + + + + + + + +global abi_test_get_and_clear_direction_flag +abi_test_get_and_clear_direction_flag: + pushfq + pop rax + and rax,0x400 + shr rax,10 + cld + DB 0F3h,0C3h ;repret + + + + + +global abi_test_set_direction_flag +abi_test_set_direction_flag: + std + DB 0F3h,0C3h ;repret + + + + + + +global abi_test_bad_unwind_epilog +ALIGN 16 +abi_test_bad_unwind_epilog: +$L$abi_test_bad_unwind_epilog_seh_begin: + push r12 +$L$abi_test_bad_unwind_epilog_seh_push_r12: + + nop + + + pop r12 + nop + DB 0F3h,0C3h ;repret +$L$abi_test_bad_unwind_epilog_seh_end: + +section .pdata rdata align=4 +ALIGN 4 + + DD $L$abi_test_trampoline_seh_begin wrt ..imagebase + DD $L$abi_test_trampoline_seh_end wrt ..imagebase + DD $L$abi_test_trampoline_seh_info wrt ..imagebase + + DD $L$abi_test_bad_unwind_wrong_register_seh_begin wrt ..imagebase + DD $L$abi_test_bad_unwind_wrong_register_seh_end wrt ..imagebase + DD $L$abi_test_bad_unwind_wrong_register_seh_info wrt ..imagebase + + DD $L$abi_test_bad_unwind_temporary_seh_begin wrt ..imagebase + DD $L$abi_test_bad_unwind_temporary_seh_end wrt ..imagebase + DD $L$abi_test_bad_unwind_temporary_seh_info wrt ..imagebase + + DD $L$abi_test_bad_unwind_epilog_seh_begin wrt ..imagebase + DD $L$abi_test_bad_unwind_epilog_seh_end wrt ..imagebase + DD $L$abi_test_bad_unwind_epilog_seh_info wrt ..imagebase + +section .xdata rdata align=8 +ALIGN 8 +$L$abi_test_trampoline_seh_info: + +DB 1 +DB $L$abi_test_trampoline_seh_prolog_end-$L$abi_test_trampoline_seh_begin +DB 38 +DB 0 +DB $L$abi_test_trampoline_seh_prolog_xmm15-$L$abi_test_trampoline_seh_begin +DB 248 + DW 20 +DB $L$abi_test_trampoline_seh_prolog_xmm14-$L$abi_test_trampoline_seh_begin +DB 232 + DW 19 +DB $L$abi_test_trampoline_seh_prolog_xmm13-$L$abi_test_trampoline_seh_begin +DB 216 + DW 18 +DB $L$abi_test_trampoline_seh_prolog_xmm12-$L$abi_test_trampoline_seh_begin +DB 200 + DW 17 +DB $L$abi_test_trampoline_seh_prolog_xmm11-$L$abi_test_trampoline_seh_begin +DB 184 + DW 16 +DB $L$abi_test_trampoline_seh_prolog_xmm10-$L$abi_test_trampoline_seh_begin +DB 168 + DW 15 +DB $L$abi_test_trampoline_seh_prolog_xmm9-$L$abi_test_trampoline_seh_begin +DB 152 + DW 14 +DB $L$abi_test_trampoline_seh_prolog_xmm8-$L$abi_test_trampoline_seh_begin +DB 136 + DW 13 +DB $L$abi_test_trampoline_seh_prolog_xmm7-$L$abi_test_trampoline_seh_begin +DB 120 + DW 12 +DB $L$abi_test_trampoline_seh_prolog_xmm6-$L$abi_test_trampoline_seh_begin +DB 104 + DW 11 +DB $L$abi_test_trampoline_seh_prolog_r15-$L$abi_test_trampoline_seh_begin +DB 244 + DW 21 +DB $L$abi_test_trampoline_seh_prolog_r14-$L$abi_test_trampoline_seh_begin +DB 228 + DW 20 +DB $L$abi_test_trampoline_seh_prolog_r13-$L$abi_test_trampoline_seh_begin +DB 212 + DW 19 +DB $L$abi_test_trampoline_seh_prolog_r12-$L$abi_test_trampoline_seh_begin +DB 196 + DW 18 +DB $L$abi_test_trampoline_seh_prolog_rsi-$L$abi_test_trampoline_seh_begin +DB 100 + DW 17 +DB $L$abi_test_trampoline_seh_prolog_rdi-$L$abi_test_trampoline_seh_begin +DB 116 + DW 16 +DB $L$abi_test_trampoline_seh_prolog_rbp-$L$abi_test_trampoline_seh_begin +DB 84 + DW 15 +DB $L$abi_test_trampoline_seh_prolog_rbx-$L$abi_test_trampoline_seh_begin +DB 52 + DW 14 +DB $L$abi_test_trampoline_seh_prolog_alloc-$L$abi_test_trampoline_seh_begin +DB 1 + DW 43 + + +ALIGN 8 +$L$abi_test_bad_unwind_wrong_register_seh_info: +DB 1 +DB $L$abi_test_bad_unwind_wrong_register_seh_push_r13-$L$abi_test_bad_unwind_wrong_register_seh_begin +DB 1 +DB 0 + +DB $L$abi_test_bad_unwind_wrong_register_seh_push_r13-$L$abi_test_bad_unwind_wrong_register_seh_begin +DB 208 + +ALIGN 8 +$L$abi_test_bad_unwind_temporary_seh_info: +DB 1 +DB $L$abi_test_bad_unwind_temporary_seh_push_r12-$L$abi_test_bad_unwind_temporary_seh_begin +DB 1 +DB 0 + +DB $L$abi_test_bad_unwind_temporary_seh_push_r12-$L$abi_test_bad_unwind_temporary_seh_begin +DB 192 + +ALIGN 8 +$L$abi_test_bad_unwind_epilog_seh_info: +DB 1 +DB $L$abi_test_bad_unwind_epilog_seh_push_r12-$L$abi_test_bad_unwind_epilog_seh_begin +DB 1 +DB 0 + +DB $L$abi_test_bad_unwind_epilog_seh_push_r12-$L$abi_test_bad_unwind_epilog_seh_begin +DB 192 -- GitLab