7 #if defined HAVE_CONFIG_H
8 #include "libsecp256k1-config.h"
27 #ifdef SECP256K1_WIDEMUL_INT128
52 unsigned char b32[32];
72 CHECK(fe->magnitude == n);
105 unsigned char b32[32];
118 unsigned char b32[32];
139 unsigned char ctmp[32];
146 void *none_prealloc = NULL;
147 void *sign_prealloc = NULL;
148 void *vrfy_prealloc = NULL;
149 void *both_prealloc = NULL;
161 CHECK(none_prealloc != NULL);
162 CHECK(sign_prealloc != NULL);
163 CHECK(vrfy_prealloc != NULL);
164 CHECK(both_prealloc != NULL);
176 memset(&zero_pubkey, 0,
sizeof(zero_pubkey));
265 CHECK(ecount2 == 10);
267 CHECK(ecount2 == 11);
271 CHECK(ecount2 == 12);
275 CHECK(ecount2 == 13);
281 CHECK(ecount2 == 14);
291 CHECK(ecount2 == 14);
293 CHECK(ecount2 == 14);
347 CHECK(scratch != NULL);
389 memset(&local_scratch, 0,
sizeof(local_scratch));
390 scratch = &local_scratch;
416 static const uint32_t b32[] = {1, 0xffffffff, 0x5e56968f, 0xe0d63129};
417 static const uint64_t b64[] = {1, 0xffffffffffffffff, 0xbcd02462139b3fc3, 0x98b5f80c769693ef};
420 for (i = 0; i <
sizeof(b32) /
sizeof(b32[0]); ++i) {
421 for (shift = 0; shift < 32; ++shift) {
426 for (i = 0; i <
sizeof(b64) /
sizeof(b64[0]); ++i) {
427 for (shift = 0; shift < 64; ++shift) {
437 static const char *inputs[8] = {
438 "",
"abc",
"message digest",
"secure hash algorithm",
"SHA256 is considered to be safe",
439 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
440 "For this sample, this 63-byte string will be used as input data",
441 "This is exactly 64 bytes long, not counting the terminating byte"
443 static const unsigned char outputs[8][32] = {
444 {0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55},
445 {0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad},
446 {0xf7, 0x84, 0x6f, 0x55, 0xcf, 0x23, 0xe1, 0x4e, 0xeb, 0xea, 0xb5, 0xb4, 0xe1, 0x55, 0x0c, 0xad, 0x5b, 0x50, 0x9e, 0x33, 0x48, 0xfb, 0xc4, 0xef, 0xa3, 0xa1, 0x41, 0x3d, 0x39, 0x3c, 0xb6, 0x50},
447 {0xf3, 0x0c, 0xeb, 0x2b, 0xb2, 0x82, 0x9e, 0x79, 0xe4, 0xca, 0x97, 0x53, 0xd3, 0x5a, 0x8e, 0xcc, 0x00, 0x26, 0x2d, 0x16, 0x4c, 0xc0, 0x77, 0x08, 0x02, 0x95, 0x38, 0x1c, 0xbd, 0x64, 0x3f, 0x0d},
448 {0x68, 0x19, 0xd9, 0x15, 0xc7, 0x3f, 0x4d, 0x1e, 0x77, 0xe4, 0xe1, 0xb5, 0x2d, 0x1f, 0xa0, 0xf9, 0xcf, 0x9b, 0xea, 0xea, 0xd3, 0x93, 0x9f, 0x15, 0x87, 0x4b, 0xd9, 0x88, 0xe2, 0xa2, 0x36, 0x30},
449 {0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1},
450 {0xf0, 0x8a, 0x78, 0xcb, 0xba, 0xee, 0x08, 0x2b, 0x05, 0x2a, 0xe0, 0x70, 0x8f, 0x32, 0xfa, 0x1e, 0x50, 0xc5, 0xc4, 0x21, 0xaa, 0x77, 0x2b, 0xa5, 0xdb, 0xb4, 0x06, 0xa2, 0xea, 0x6b, 0xe3, 0x42},
451 {0xab, 0x64, 0xef, 0xf7, 0xe8, 0x8e, 0x2e, 0x46, 0x16, 0x5e, 0x29, 0xf2, 0xbc, 0xe4, 0x18, 0x26, 0xbd, 0x4c, 0x7b, 0x35, 0x52, 0xf6, 0xb3, 0x82, 0xa9, 0xe7, 0xd3, 0xaf, 0x47, 0xc2, 0x45, 0xf8}
454 for (i = 0; i < 8; i++) {
455 unsigned char out[32];
461 if (strlen(inputs[i]) > 0) {
473 static const char *keys[6] = {
474 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
476 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
477 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19",
478 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
479 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
481 static const char *inputs[6] = {
482 "\x48\x69\x20\x54\x68\x65\x72\x65",
483 "\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61\x20\x77\x61\x6e\x74\x20\x66\x6f\x72\x20\x6e\x6f\x74\x68\x69\x6e\x67\x3f",
484 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
485 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
486 "\x54\x65\x73\x74\x20\x55\x73\x69\x6e\x67\x20\x4c\x61\x72\x67\x65\x72\x20\x54\x68\x61\x6e\x20\x42\x6c\x6f\x63\x6b\x2d\x53\x69\x7a\x65\x20\x4b\x65\x79\x20\x2d\x20\x48\x61\x73\x68\x20\x4b\x65\x79\x20\x46\x69\x72\x73\x74",
487 "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x20\x75\x73\x69\x6e\x67\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x6b\x65\x79\x20\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74\x6f\x20\x62\x65\x20\x68\x61\x73\x68\x65\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x62\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20\x62\x79\x20\x74\x68\x65\x20\x48\x4d\x41\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d\x2e"
489 static const unsigned char outputs[6][32] = {
490 {0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7},
491 {0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43},
492 {0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe},
493 {0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b},
494 {0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54},
495 {0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2}
498 for (i = 0; i < 6; i++) {
500 unsigned char out[32];
505 if (strlen(inputs[i]) > 0) {
517 static const unsigned char key1[65] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x4b, 0xf5, 0x12, 0x2f, 0x34, 0x45, 0x54, 0xc5, 0x3b, 0xde, 0x2e, 0xbb, 0x8c, 0xd2, 0xb7, 0xe3, 0xd1, 0x60, 0x0a, 0xd6, 0x31, 0xc3, 0x85, 0xa5, 0xd7, 0xcc, 0xe2, 0x3c, 0x77, 0x85, 0x45, 0x9a, 0};
518 static const unsigned char out1[3][32] = {
519 {0x4f, 0xe2, 0x95, 0x25, 0xb2, 0x08, 0x68, 0x09, 0x15, 0x9a, 0xcd, 0xf0, 0x50, 0x6e, 0xfb, 0x86, 0xb0, 0xec, 0x93, 0x2c, 0x7b, 0xa4, 0x42, 0x56, 0xab, 0x32, 0x1e, 0x42, 0x1e, 0x67, 0xe9, 0xfb},
520 {0x2b, 0xf0, 0xff, 0xf1, 0xd3, 0xc3, 0x78, 0xa2, 0x2d, 0xc5, 0xde, 0x1d, 0x85, 0x65, 0x22, 0x32, 0x5c, 0x65, 0xb5, 0x04, 0x49, 0x1a, 0x0c, 0xbd, 0x01, 0xcb, 0x8f, 0x3a, 0xa6, 0x7f, 0xfd, 0x4a},
521 {0xf5, 0x28, 0xb4, 0x10, 0xcb, 0x54, 0x1f, 0x77, 0x00, 0x0d, 0x7a, 0xfb, 0x6c, 0x5b, 0x53, 0xc5, 0xc4, 0x71, 0xea, 0xb4, 0x3e, 0x46, 0x6d, 0x9a, 0xc5, 0x19, 0x0c, 0x39, 0xc8, 0x2f, 0xd8, 0x2e}
524 static const unsigned char key2[64] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55};
525 static const unsigned char out2[3][32] = {
526 {0x9c, 0x23, 0x6c, 0x16, 0x5b, 0x82, 0xae, 0x0c, 0xd5, 0x90, 0x65, 0x9e, 0x10, 0x0b, 0x6b, 0xab, 0x30, 0x36, 0xe7, 0xba, 0x8b, 0x06, 0x74, 0x9b, 0xaf, 0x69, 0x81, 0xe1, 0x6f, 0x1a, 0x2b, 0x95},
527 {0xdf, 0x47, 0x10, 0x61, 0x62, 0x5b, 0xc0, 0xea, 0x14, 0xb6, 0x82, 0xfe, 0xee, 0x2c, 0x9c, 0x02, 0xf2, 0x35, 0xda, 0x04, 0x20, 0x4c, 0x1d, 0x62, 0xa1, 0x53, 0x6c, 0x6e, 0x17, 0xae, 0xd7, 0xa9},
528 {0x75, 0x97, 0x88, 0x7c, 0xbd, 0x76, 0x32, 0x1f, 0x32, 0xe3, 0x04, 0x40, 0x67, 0x9a, 0x22, 0xcf, 0x7f, 0x8d, 0x9d, 0x2e, 0xac, 0x39, 0x0e, 0x58, 0x1f, 0xea, 0x09, 0x1c, 0xe2, 0x02, 0xba, 0x94}
532 unsigned char out[32];
536 for (i = 0; i < 3; i++) {
543 for (i = 0; i < 3; i++) {
550 for (i = 0; i < 3; i++) {
562 static const unsigned int rounds[7] = {1, 30, 73, 156, 322, 653, 1316};
565 static const uint32_t mults[6] = {1, 3, 21, 289, 0x9999, 0x80402011};
567 unsigned int usebits = bits > 6 ? 6 : bits;
568 unsigned int maxshift = bits - usebits;
571 uint64_t x[6][27] = {{0}};
572 unsigned int i, shift, m;
575 for (i = 0; i < rounds[usebits]; i++) {
577 CHECK((((uint64_t)r) >> bits) == 0);
578 for (m = 0; m <
sizeof(mults) /
sizeof(mults[0]); m++) {
579 uint32_t rm = r * mults[m];
580 for (shift = 0; shift <= maxshift; shift++) {
581 x[m][shift] |= (((uint64_t)1) << ((rm >> shift) & ((1 << usebits) - 1)));
585 for (m = 0; m <
sizeof(mults) /
sizeof(mults[0]); m++) {
586 for (shift = 0; shift <= maxshift; shift++) {
588 CHECK(((~x[m][shift]) << (64 - (1 << usebits))) == 0);
596 int rounds = (subrange * 2073) / 100;
599 CHECK((range % subrange) == 0);
600 for (i = 0; i < rounds; i++) {
604 x |= (((uint64_t)1) << r);
607 CHECK(((~x) << (64 - subrange)) == 0);
613 for (b = 1; b <= 32; b++) {
619 static const uint32_t ms[] = {1, 3, 17, 1000, 13771, 999999, 33554432};
620 static const uint32_t ss[] = {1, 3, 6, 9, 13, 31, 64};
622 for (m = 0; m <
sizeof(ms) /
sizeof(ms[0]); m++) {
623 for (s = 0; s <
sizeof(ss) /
sizeof(ss[0]); s++) {
640 for (l = 0; l < 6; ++l) w *= (2 - w*x);
648 void mulmod256(uint16_t* out,
const uint16_t* a,
const uint16_t* b,
const uint16_t* m) {
657 for (i = 0; i < 32; ++i) {
658 for (j = i <= 15 ? 0 : i - 15; j <= i && j <= 15; j++) {
659 c += (uint64_t)a[j] * b[i - j];
667 for (i = 511; i >= 0; --i) {
668 if ((mul[i >> 4] >> (i & 15)) & 1) {
676 memset(mul + 16, 0, 32);
678 for (i = 255; i >= 0; --i) {
679 if ((mul[i >> 4] >> (i & 15)) & 1) {
687 for (i = 255; i >= 0; --i) {
688 if ((m[i >> 4] >> (i & 15)) & 1) {
695 for (i = mul_bitlen - m_bitlen; i >= 0; --i) {
701 for (j = 0; j < 32; ++j) {
705 for (p = 0; p < 16; ++p) {
706 int bitpos = j * 16 - i + p;
707 if (bitpos >= 0 && bitpos < 256) {
708 sub |= ((m[bitpos >> 4] >> (bitpos & 15)) & 1) << p;
714 mul2[j] = (
cs & 0xFFFF);
719 memcpy(mul, mul2,
sizeof(mul));
723 for (i = (m_bitlen >> 4) + 1; i < 32; ++i) {
726 memcpy(out, mul, 32);
732 memset(out->
v, 0,
sizeof(out->
v));
733 for (i = 0; i < 256; ++i) {
734 out->
v[i / 30] |= (int32_t)(((in[i >> 4]) >> (i & 15)) & 1) << (i % 30);
742 for (i = 0; i < 256; ++i) {
743 out[i >> 4] |= (((in->
v[i / 30]) >> (i % 30)) & 1) << (i & 15);
750 for (i = 0; i < 16; ++i) {
752 if (x->
v[pos] > 0 && x->
v[pos + 1] <= 0x3fffffff) {
753 x->
v[pos] -= 0x40000000;
755 }
else if (x->
v[pos] < 0 && x->
v[pos + 1] >= 0x3fffffff) {
756 x->
v[pos] += 0x40000000;
767 int i, vartime, nonzero;
770 nonzero = (x.
v[0] | x.
v[1] | x.
v[2] | x.
v[3] | x.
v[4] | x.
v[5] | x.
v[6] | x.
v[7] | x.
v[8]) != 0;
778 for (vartime = 0; vartime < 2; ++vartime) {
787 CHECK(tmp[0] == nonzero);
788 for (i = 1; i < 16; ++i)
CHECK(tmp[i] == 0);
795 for (i = 0; i < 16; ++i)
CHECK(tmp[i] == in[i]);
799 #ifdef SECP256K1_WIDEMUL_INT128
803 memset(out->
v, 0,
sizeof(out->
v));
804 for (i = 0; i < 256; ++i) {
805 out->
v[i / 62] |= (int64_t)(((in[i >> 4]) >> (i & 15)) & 1) << (i % 62);
813 for (i = 0; i < 256; ++i) {
814 out[i >> 4] |= (((in->
v[i / 62]) >> (i % 62)) & 1) << (i & 15);
820 static const int64_t M62 = (int64_t)(UINT64_MAX >> 2);
822 for (i = 0; i < 8; ++i) {
824 if (x->
v[pos] > 0 && x->
v[pos + 1] <= M62) {
825 x->
v[pos] -= (M62 + 1);
827 }
else if (x->
v[pos] < 0 && x->
v[pos + 1] >= -M62) {
828 x->
v[pos] += (M62 + 1);
835 void test_modinv64_uint16(uint16_t* out,
const uint16_t* in,
const uint16_t* mod) {
836 static const int64_t M62 = (int64_t)(UINT64_MAX >> 2);
840 int i, vartime, nonzero;
842 uint16_to_signed62(&x, in);
843 nonzero = (x.
v[0] | x.
v[1] | x.
v[2] | x.
v[3] | x.
v[4]) != 0;
844 uint16_to_signed62(&m.
modulus, mod);
845 mutate_sign_signed62(&m.
modulus);
851 for (vartime = 0; vartime < 2; ++vartime) {
856 signed62_to_uint16(out, &x);
860 CHECK(tmp[0] == nonzero);
861 for (i = 1; i < 16; ++i)
CHECK(tmp[i] == 0);
867 signed62_to_uint16(tmp, &x);
868 for (i = 0; i < 16; ++i)
CHECK(tmp[i] == in[i]);
874 int coprime(
const uint16_t* a,
const uint16_t* b) {
875 uint16_t x[16], y[16], t[16];
884 for (i = 0; i < 16; ++i) {
897 if (y[0] != 1)
return 0;
898 for (i = 1; i < 16; ++i) {
899 if (y[i] != 0)
return 0;
906 static const uint16_t CASES[][3][16] = {
908 {{0x1513, 0x5389, 0x54e9, 0x2798, 0x1957, 0x66a0, 0x8057, 0x3477,
909 0x7784, 0x1052, 0x326a, 0x9331, 0x6506, 0xa95c, 0x91f3, 0xfb5e},
910 {0x2bdd, 0x8df4, 0xcc61, 0x481f, 0xdae5, 0x5ca7, 0xf43b, 0x7d54,
911 0x13d6, 0x469b, 0x2294, 0x20f4, 0xb2a4, 0xa2d1, 0x3ff1, 0xfd4b},
912 {0xffd8, 0xd9a0, 0x456e, 0x81bb, 0xbabd, 0x6cea, 0x6dbd, 0x73ab,
913 0xbb94, 0x3d3c, 0xdf08, 0x31c4, 0x3e32, 0xc179, 0x2486, 0xb86b}},
916 {{0x3fb1, 0x903b, 0x4eb7, 0x4813, 0xd863, 0x26bf, 0xd89f, 0xa8a9,
917 0x02fe, 0x57c6, 0x554a, 0x4eab, 0x165e, 0x3d61, 0xee1e, 0x456c},
918 {0x9295, 0x823b, 0x5c1f, 0x5386, 0x48e0, 0x02ff, 0x4c2a, 0xa2da,
919 0xe58f, 0x967c, 0xc97e, 0x3f5a, 0x69fb, 0x52d9, 0x0a86, 0xb4a3},
920 {0x3d30, 0xb893, 0xa809, 0xa7a8, 0x26f5, 0x5b42, 0x55be, 0xf4d0,
921 0x12c2, 0x7e6a, 0xe41a, 0x90c7, 0xebfa, 0xf920, 0x304e, 0x1419}},
923 {{0x8583, 0x5058, 0xbeae, 0xeb69, 0x48bc, 0x52bb, 0x6a9d, 0xcc94,
924 0x2a21, 0x87d5, 0x5b0d, 0x42f6, 0x5b8a, 0x2214, 0xe9d6, 0xa040},
925 {0x7531, 0x27cb, 0x7e53, 0xb739, 0x6a5f, 0x83f5, 0xa45c, 0xcb1d,
926 0x8a87, 0x1c9c, 0x51d7, 0x851c, 0xb9d8, 0x1fbe, 0xc241, 0xd4a3},
927 {0xcdb4, 0x275c, 0x7d22, 0xa906, 0x0173, 0xc054, 0x7fdf, 0x5005,
928 0x7fb8, 0x9059, 0xdf51, 0x99df, 0x2654, 0x8f6e, 0x070f, 0xb347}},
930 {{0x95ed, 0x6c01, 0xd113, 0x5ff1, 0xd7d0, 0x29cc, 0x5817, 0x6120,
931 0xca8e, 0xaad1, 0x25ae, 0x8e84, 0x9af6, 0x30bf, 0xf0ed, 0x1686},
932 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
933 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
934 {0x1631, 0xbf4a, 0x286a, 0x2716, 0x469f, 0x2ac8, 0x1312, 0xe9bc,
935 0x04f4, 0x304b, 0x9931, 0x113b, 0xd932, 0xc8f4, 0x0d0d, 0x01a1}},
937 {{0x9ec3, 0x1919, 0xca84, 0x7c11, 0xf996, 0x06f3, 0x5408, 0x6688,
938 0x1320, 0xdb8a, 0x632a, 0x0dcb, 0x8a84, 0x6bee, 0x9c95, 0xe34e},
939 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
940 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
941 {0x18e5, 0x19b6, 0xdf92, 0x1aaa, 0x09fb, 0x8a3f, 0x52b0, 0x8701,
942 0xac0c, 0x2582, 0xda44, 0x9bcc, 0x6828, 0x1c53, 0xbd8f, 0xbd2c}},
945 {{0x1b37, 0xbdc3, 0x8bcd, 0x25e3, 0x1eae, 0x567d, 0x30b6, 0xf0d8,
946 0x9277, 0x0cf8, 0x9c2e, 0xecd7, 0x631d, 0xe38f, 0xd4f8, 0x5c93},
947 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
948 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
949 {0x1622, 0xe05b, 0xe880, 0x7de9, 0x3e45, 0xb682, 0xee6c, 0x67ed,
950 0xa179, 0x15db, 0x6b0d, 0xa656, 0x7ccb, 0x8ef7, 0xa2ff, 0xe279}},
953 {{0xfeb9, 0xb877, 0xee41, 0x7fa3, 0x87da, 0x94c4, 0x9d04, 0xc5ae,
954 0x5708, 0x0994, 0xfc79, 0x0916, 0xbf32, 0x3ad8, 0xe11c, 0x5ca2},
955 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
956 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
957 {0x0f12, 0x075e, 0xce1c, 0x6f92, 0xc80f, 0xca92, 0x9a04, 0x6126,
958 0x4b6c, 0x57d6, 0xca31, 0x97f3, 0x1f99, 0xf4fd, 0xda4d, 0x42ce}},
960 {{0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
961 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
962 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
963 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
964 {0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
965 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
967 {{0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
968 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
969 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
970 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
971 {0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
972 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
974 {{0x0002, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
975 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
976 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
977 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
978 {0xfe18, 0x7fff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
979 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x7fff}},
981 {{0xfc2e, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
982 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
983 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
984 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
985 {0xfc2e, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
986 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}},
988 {{0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
989 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
990 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
991 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
992 {0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
993 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
995 {{0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
996 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
997 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
998 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
999 {0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1000 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
1002 {{0x0002, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1003 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1004 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1005 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1006 {0x20a1, 0x681b, 0x2f46, 0xdfe9, 0x501d, 0x57a4, 0x6e73, 0x5d57,
1007 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x7fff}},
1009 {{0x4140, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1010 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1011 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1012 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1013 {0x4140, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1014 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}}
1020 for (i = 0; (size_t)i <
sizeof(CASES) /
sizeof(CASES[0]); ++i) {
1023 for (j = 0; j < 16; ++j)
CHECK(out[j] == CASES[i][2][j]);
1024 #ifdef SECP256K1_WIDEMUL_INT128
1025 test_modinv64_uint16(out, CASES[i][0], CASES[i][1]);
1026 for (j = 0; j < 16; ++j)
CHECK(out[j] == CASES[i][2][j]);
1030 for (i = 0; i < 100 *
count; ++i) {
1032 static const uint16_t ZERO[16] = {0};
1045 for (j = 1; j < 16; ++j) ok |= md[j] != 0;
1047 }
while (!(ok &&
coprime(xd, md)));
1050 #ifdef SECP256K1_WIDEMUL_INT128
1051 test_modinv64_uint16(
id, xd, md);
1057 #ifdef SECP256K1_WIDEMUL_INT128
1058 test_modinv64_uint16(
id, ZERO, md);
1071 unsigned char c[32];
1088 for (i = 0; i < 256; i += 4) {
1092 for (j = 0; j < 4; j++) {
1109 if (now + i > 256) {
1113 for (j = 0; j < now; j++) {
1127 for (i = 0; i < 100; ++i) {
1130 int expected = r.
d[0] % (1 << shift);
1132 CHECK(expected == low);
1152 for (i = 0; i < bit; i++) {
1233 unsigned char b32[32];
1243 memset(b32, 0,
sizeof(b32));
1245 memset(b32, 0xFF,
sizeof(b32));
1251 for (i = 0; i < 128 *
count; i++) {
1254 for (i = 0; i <
count; i++) {
1273 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
1274 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
1294 unsigned char chal[33][2][32] = {
1295 {{0xff, 0xff, 0x03, 0x07, 0x00, 0x00, 0x00, 0x00,
1296 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03,
1297 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff,
1298 0xff, 0xff, 0x03, 0x00, 0xc0, 0xff, 0xff, 0xff},
1299 {0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0x00,
1300 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8,
1301 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1302 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff}},
1303 {{0xef, 0xff, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00,
1304 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00,
1305 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1306 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
1307 {0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
1308 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0,
1309 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff,
1310 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x80, 0xff}},
1311 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
1312 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00,
1313 0x80, 0x00, 0x00, 0x80, 0xff, 0x3f, 0x00, 0x00,
1314 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0x00},
1315 {0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, 0x80,
1316 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0xe0,
1317 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x00,
1318 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff}},
1319 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
1320 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
1321 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
1322 0x00, 0x1e, 0xf8, 0xff, 0xff, 0xff, 0xfd, 0xff},
1323 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f,
1324 0x00, 0x00, 0x00, 0xf8, 0xff, 0x03, 0x00, 0xe0,
1325 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0xf0, 0xff,
1326 0xf3, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00}},
1327 {{0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00,
1328 0x00, 0x1c, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1329 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff, 0x00,
1330 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff},
1331 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00,
1332 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1333 0xff, 0x1f, 0x00, 0x00, 0x80, 0xff, 0xff, 0x3f,
1334 0x00, 0xfe, 0xff, 0xff, 0xff, 0xdf, 0xff, 0xff}},
1335 {{0xff, 0xff, 0xff, 0xff, 0x00, 0x0f, 0xfc, 0x9f,
1336 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80,
1337 0xff, 0x0f, 0xfc, 0xff, 0x7f, 0x00, 0x00, 0x00,
1338 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
1339 {0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
1340 0x00, 0x00, 0xf8, 0xff, 0x0f, 0xc0, 0xff, 0xff,
1341 0xff, 0x1f, 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff,
1342 0xff, 0xff, 0xff, 0x07, 0x80, 0xff, 0xff, 0xff}},
1343 {{0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00,
1344 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff,
1345 0xf7, 0xff, 0xff, 0xef, 0xff, 0xff, 0xff, 0x00,
1346 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xf0},
1347 {0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff,
1348 0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00,
1349 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff,
1350 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
1351 {{0x00, 0xf8, 0xff, 0x03, 0xff, 0xff, 0xff, 0x00,
1352 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
1353 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff,
1354 0xff, 0xff, 0x03, 0xc0, 0xff, 0x0f, 0xfc, 0xff},
1355 {0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff,
1356 0xff, 0x01, 0x00, 0x00, 0x00, 0x3f, 0x00, 0xc0,
1357 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1358 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
1359 {{0x8f, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1360 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff,
1361 0xff, 0x7f, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
1362 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
1363 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1364 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1365 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1366 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
1367 {{0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff,
1368 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1369 0xff, 0xff, 0x03, 0x00, 0x80, 0x00, 0x00, 0x80,
1370 0xff, 0xff, 0xff, 0x00, 0x00, 0x80, 0xff, 0x7f},
1371 {0xff, 0xcf, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00,
1372 0x00, 0xc0, 0xff, 0xcf, 0xff, 0xff, 0xff, 0xff,
1373 0xbf, 0xff, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00,
1374 0x80, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00}},
1375 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xff, 0xff,
1376 0xff, 0xff, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff,
1377 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80,
1378 0xff, 0x01, 0xfc, 0xff, 0x01, 0x00, 0xfe, 0xff},
1379 {0xff, 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00,
1380 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1381 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0,
1382 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00}},
1383 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
1384 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1385 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1386 0x7f, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80},
1387 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1388 0x00, 0xf8, 0xff, 0x01, 0x00, 0xf0, 0xff, 0xff,
1389 0xe0, 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00,
1390 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
1391 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1392 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1393 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1394 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0x00},
1395 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
1396 0xfc, 0xff, 0xff, 0x3f, 0xf0, 0xff, 0xff, 0x3f,
1397 0x00, 0x00, 0xf8, 0x07, 0x00, 0x00, 0x00, 0xff,
1398 0xff, 0xff, 0xff, 0xff, 0x0f, 0x7e, 0x00, 0x00}},
1399 {{0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
1400 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
1401 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1402 0xff, 0xff, 0x1f, 0x00, 0x00, 0xfe, 0x07, 0x00},
1403 {0x00, 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff,
1404 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1405 0xff, 0xfb, 0xff, 0x07, 0x00, 0x00, 0x00, 0x00,
1406 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60}},
1407 {{0xff, 0x01, 0x00, 0xff, 0xff, 0xff, 0x0f, 0x00,
1408 0x80, 0x7f, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x03,
1409 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1410 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
1411 {0xff, 0xff, 0x1f, 0x00, 0xf0, 0xff, 0xff, 0xff,
1412 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1413 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1414 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00, 0x00}},
1415 {{0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
1416 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1417 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1418 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
1419 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1420 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf1, 0xff,
1421 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03,
1422 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff}},
1423 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
1424 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1425 0xc0, 0xff, 0xff, 0xcf, 0xff, 0x1f, 0x00, 0x00,
1426 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
1427 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1428 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff,
1429 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x7e,
1430 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
1431 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1432 0x00, 0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff,
1433 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
1434 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7c, 0x00},
1435 {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
1436 0xff, 0xff, 0x7f, 0x00, 0x80, 0x00, 0x00, 0x00,
1437 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
1438 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff}},
1439 {{0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80,
1440 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
1441 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
1442 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
1443 {0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1444 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x80,
1445 0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
1446 0xff, 0x7f, 0xf8, 0xff, 0xff, 0x1f, 0x00, 0xfe}},
1447 {{0xff, 0xff, 0xff, 0x3f, 0xf8, 0xff, 0xff, 0xff,
1448 0xff, 0x03, 0xfe, 0x01, 0x00, 0x00, 0x00, 0x00,
1449 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1450 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07},
1451 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
1452 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
1453 0xff, 0xff, 0xff, 0xff, 0x01, 0x80, 0xff, 0xff,
1454 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}},
1455 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1456 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1457 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1458 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
1459 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1460 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
1461 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
1462 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}},
1463 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1464 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1465 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1466 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
1467 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1468 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1469 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1470 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
1471 {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1472 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1473 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1474 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
1475 {0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1476 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1477 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1478 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
1479 {{0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0xc0,
1480 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1481 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff,
1482 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
1483 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, 0x00,
1484 0xf0, 0xff, 0xff, 0xff, 0xff, 0x07, 0x00, 0x00,
1485 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff,
1486 0xff, 0xff, 0xff, 0xff, 0x01, 0xff, 0xff, 0xff}},
1487 {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1488 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1489 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1490 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
1491 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1492 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1493 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1494 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}},
1495 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1496 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
1497 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
1498 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40},
1499 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1500 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1501 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1502 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}},
1503 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1504 0x7e, 0x00, 0x00, 0xc0, 0xff, 0xff, 0x07, 0x00,
1505 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00,
1506 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
1507 {0xff, 0x01, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff,
1508 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80,
1509 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00, 0x00,
1510 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
1511 {{0xff, 0xff, 0xf0, 0xff, 0xff, 0xff, 0xff, 0x00,
1512 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
1513 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01,
1514 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff},
1515 {0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff,
1516 0xff, 0xff, 0x3f, 0x00, 0xf8, 0xff, 0xff, 0xff,
1517 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1518 0xff, 0x3f, 0x00, 0x00, 0xc0, 0xf1, 0x7f, 0x00}},
1519 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
1520 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff,
1521 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
1522 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00},
1523 {0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01,
1524 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff,
1525 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0x80, 0x1f,
1526 0x00, 0x00, 0xfc, 0xff, 0xff, 0x01, 0xff, 0xff}},
1527 {{0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
1528 0x80, 0x00, 0x00, 0x80, 0xff, 0x03, 0xe0, 0x01,
1529 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0xfc, 0xff,
1530 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
1531 {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
1532 0xfe, 0xff, 0xff, 0xf0, 0x07, 0x00, 0x3c, 0x80,
1533 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff,
1534 0xff, 0xff, 0x07, 0xe0, 0xff, 0x00, 0x00, 0x00}},
1535 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
1536 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1537 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07, 0xf8,
1538 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80},
1539 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1540 0xff, 0xff, 0xff, 0xff, 0xff, 0x0c, 0x80, 0x00,
1541 0x00, 0x00, 0x00, 0xc0, 0x7f, 0xfe, 0xff, 0x1f,
1542 0x00, 0xfe, 0xff, 0x03, 0x00, 0x00, 0xfe, 0xff}},
1543 {{0xff, 0xff, 0x81, 0xff, 0xff, 0xff, 0xff, 0x00,
1544 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x83,
1545 0xff, 0xff, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
1546 0xff, 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0xf0},
1547 {0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff,
1548 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x00,
1549 0xf8, 0x07, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff,
1550 0xff, 0xc7, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff}},
1551 {{0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
1552 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
1553 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb,
1554 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03},
1555 {0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
1556 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
1557 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb,
1558 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03}}
1560 unsigned char res[33][2][32] = {
1561 {{0x0c, 0x3b, 0x0a, 0xca, 0x8d, 0x1a, 0x2f, 0xb9,
1562 0x8a, 0x7b, 0x53, 0x5a, 0x1f, 0xc5, 0x22, 0xa1,
1563 0x07, 0x2a, 0x48, 0xea, 0x02, 0xeb, 0xb3, 0xd6,
1564 0x20, 0x1e, 0x86, 0xd0, 0x95, 0xf6, 0x92, 0x35},
1565 {0xdc, 0x90, 0x7a, 0x07, 0x2e, 0x1e, 0x44, 0x6d,
1566 0xf8, 0x15, 0x24, 0x5b, 0x5a, 0x96, 0x37, 0x9c,
1567 0x37, 0x7b, 0x0d, 0xac, 0x1b, 0x65, 0x58, 0x49,
1568 0x43, 0xb7, 0x31, 0xbb, 0xa7, 0xf4, 0x97, 0x15}},
1569 {{0xf1, 0xf7, 0x3a, 0x50, 0xe6, 0x10, 0xba, 0x22,
1570 0x43, 0x4d, 0x1f, 0x1f, 0x7c, 0x27, 0xca, 0x9c,
1571 0xb8, 0xb6, 0xa0, 0xfc, 0xd8, 0xc0, 0x05, 0x2f,
1572 0xf7, 0x08, 0xe1, 0x76, 0xdd, 0xd0, 0x80, 0xc8},
1573 {0xe3, 0x80, 0x80, 0xb8, 0xdb, 0xe3, 0xa9, 0x77,
1574 0x00, 0xb0, 0xf5, 0x2e, 0x27, 0xe2, 0x68, 0xc4,
1575 0x88, 0xe8, 0x04, 0xc1, 0x12, 0xbf, 0x78, 0x59,
1576 0xe6, 0xa9, 0x7c, 0xe1, 0x81, 0xdd, 0xb9, 0xd5}},
1577 {{0x96, 0xe2, 0xee, 0x01, 0xa6, 0x80, 0x31, 0xef,
1578 0x5c, 0xd0, 0x19, 0xb4, 0x7d, 0x5f, 0x79, 0xab,
1579 0xa1, 0x97, 0xd3, 0x7e, 0x33, 0xbb, 0x86, 0x55,
1580 0x60, 0x20, 0x10, 0x0d, 0x94, 0x2d, 0x11, 0x7c},
1581 {0xcc, 0xab, 0xe0, 0xe8, 0x98, 0x65, 0x12, 0x96,
1582 0x38, 0x5a, 0x1a, 0xf2, 0x85, 0x23, 0x59, 0x5f,
1583 0xf9, 0xf3, 0xc2, 0x81, 0x70, 0x92, 0x65, 0x12,
1584 0x9c, 0x65, 0x1e, 0x96, 0x00, 0xef, 0xe7, 0x63}},
1585 {{0xac, 0x1e, 0x62, 0xc2, 0x59, 0xfc, 0x4e, 0x5c,
1586 0x83, 0xb0, 0xd0, 0x6f, 0xce, 0x19, 0xf6, 0xbf,
1587 0xa4, 0xb0, 0xe0, 0x53, 0x66, 0x1f, 0xbf, 0xc9,
1588 0x33, 0x47, 0x37, 0xa9, 0x3d, 0x5d, 0xb0, 0x48},
1589 {0x86, 0xb9, 0x2a, 0x7f, 0x8e, 0xa8, 0x60, 0x42,
1590 0x26, 0x6d, 0x6e, 0x1c, 0xa2, 0xec, 0xe0, 0xe5,
1591 0x3e, 0x0a, 0x33, 0xbb, 0x61, 0x4c, 0x9f, 0x3c,
1592 0xd1, 0xdf, 0x49, 0x33, 0xcd, 0x72, 0x78, 0x18}},
1593 {{0xf7, 0xd3, 0xcd, 0x49, 0x5c, 0x13, 0x22, 0xfb,
1594 0x2e, 0xb2, 0x2f, 0x27, 0xf5, 0x8a, 0x5d, 0x74,
1595 0xc1, 0x58, 0xc5, 0xc2, 0x2d, 0x9f, 0x52, 0xc6,
1596 0x63, 0x9f, 0xba, 0x05, 0x76, 0x45, 0x7a, 0x63},
1597 {0x8a, 0xfa, 0x55, 0x4d, 0xdd, 0xa3, 0xb2, 0xc3,
1598 0x44, 0xfd, 0xec, 0x72, 0xde, 0xef, 0xc0, 0x99,
1599 0xf5, 0x9f, 0xe2, 0x52, 0xb4, 0x05, 0x32, 0x58,
1600 0x57, 0xc1, 0x8f, 0xea, 0xc3, 0x24, 0x5b, 0x94}},
1601 {{0x05, 0x83, 0xee, 0xdd, 0x64, 0xf0, 0x14, 0x3b,
1602 0xa0, 0x14, 0x4a, 0x3a, 0x41, 0x82, 0x7c, 0xa7,
1603 0x2c, 0xaa, 0xb1, 0x76, 0xbb, 0x59, 0x64, 0x5f,
1604 0x52, 0xad, 0x25, 0x29, 0x9d, 0x8f, 0x0b, 0xb0},
1605 {0x7e, 0xe3, 0x7c, 0xca, 0xcd, 0x4f, 0xb0, 0x6d,
1606 0x7a, 0xb2, 0x3e, 0xa0, 0x08, 0xb9, 0xa8, 0x2d,
1607 0xc2, 0xf4, 0x99, 0x66, 0xcc, 0xac, 0xd8, 0xb9,
1608 0x72, 0x2a, 0x4a, 0x3e, 0x0f, 0x7b, 0xbf, 0xf4}},
1609 {{0x8c, 0x9c, 0x78, 0x2b, 0x39, 0x61, 0x7e, 0xf7,
1610 0x65, 0x37, 0x66, 0x09, 0x38, 0xb9, 0x6f, 0x70,
1611 0x78, 0x87, 0xff, 0xcf, 0x93, 0xca, 0x85, 0x06,
1612 0x44, 0x84, 0xa7, 0xfe, 0xd3, 0xa4, 0xe3, 0x7e},
1613 {0xa2, 0x56, 0x49, 0x23, 0x54, 0xa5, 0x50, 0xe9,
1614 0x5f, 0xf0, 0x4d, 0xe7, 0xdc, 0x38, 0x32, 0x79,
1615 0x4f, 0x1c, 0xb7, 0xe4, 0xbb, 0xf8, 0xbb, 0x2e,
1616 0x40, 0x41, 0x4b, 0xcc, 0xe3, 0x1e, 0x16, 0x36}},
1617 {{0x0c, 0x1e, 0xd7, 0x09, 0x25, 0x40, 0x97, 0xcb,
1618 0x5c, 0x46, 0xa8, 0xda, 0xef, 0x25, 0xd5, 0xe5,
1619 0x92, 0x4d, 0xcf, 0xa3, 0xc4, 0x5d, 0x35, 0x4a,
1620 0xe4, 0x61, 0x92, 0xf3, 0xbf, 0x0e, 0xcd, 0xbe},
1621 {0xe4, 0xaf, 0x0a, 0xb3, 0x30, 0x8b, 0x9b, 0x48,
1622 0x49, 0x43, 0xc7, 0x64, 0x60, 0x4a, 0x2b, 0x9e,
1623 0x95, 0x5f, 0x56, 0xe8, 0x35, 0xdc, 0xeb, 0xdc,
1624 0xc7, 0xc4, 0xfe, 0x30, 0x40, 0xc7, 0xbf, 0xa4}},
1625 {{0xd4, 0xa0, 0xf5, 0x81, 0x49, 0x6b, 0xb6, 0x8b,
1626 0x0a, 0x69, 0xf9, 0xfe, 0xa8, 0x32, 0xe5, 0xe0,
1627 0xa5, 0xcd, 0x02, 0x53, 0xf9, 0x2c, 0xe3, 0x53,
1628 0x83, 0x36, 0xc6, 0x02, 0xb5, 0xeb, 0x64, 0xb8},
1629 {0x1d, 0x42, 0xb9, 0xf9, 0xe9, 0xe3, 0x93, 0x2c,
1630 0x4c, 0xee, 0x6c, 0x5a, 0x47, 0x9e, 0x62, 0x01,
1631 0x6b, 0x04, 0xfe, 0xa4, 0x30, 0x2b, 0x0d, 0x4f,
1632 0x71, 0x10, 0xd3, 0x55, 0xca, 0xf3, 0x5e, 0x80}},
1633 {{0x77, 0x05, 0xf6, 0x0c, 0x15, 0x9b, 0x45, 0xe7,
1634 0xb9, 0x11, 0xb8, 0xf5, 0xd6, 0xda, 0x73, 0x0c,
1635 0xda, 0x92, 0xea, 0xd0, 0x9d, 0xd0, 0x18, 0x92,
1636 0xce, 0x9a, 0xaa, 0xee, 0x0f, 0xef, 0xde, 0x30},
1637 {0xf1, 0xf1, 0xd6, 0x9b, 0x51, 0xd7, 0x77, 0x62,
1638 0x52, 0x10, 0xb8, 0x7a, 0x84, 0x9d, 0x15, 0x4e,
1639 0x07, 0xdc, 0x1e, 0x75, 0x0d, 0x0c, 0x3b, 0xdb,
1640 0x74, 0x58, 0x62, 0x02, 0x90, 0x54, 0x8b, 0x43}},
1641 {{0xa6, 0xfe, 0x0b, 0x87, 0x80, 0x43, 0x67, 0x25,
1642 0x57, 0x5d, 0xec, 0x40, 0x50, 0x08, 0xd5, 0x5d,
1643 0x43, 0xd7, 0xe0, 0xaa, 0xe0, 0x13, 0xb6, 0xb0,
1644 0xc0, 0xd4, 0xe5, 0x0d, 0x45, 0x83, 0xd6, 0x13},
1645 {0x40, 0x45, 0x0a, 0x92, 0x31, 0xea, 0x8c, 0x60,
1646 0x8c, 0x1f, 0xd8, 0x76, 0x45, 0xb9, 0x29, 0x00,
1647 0x26, 0x32, 0xd8, 0xa6, 0x96, 0x88, 0xe2, 0xc4,
1648 0x8b, 0xdb, 0x7f, 0x17, 0x87, 0xcc, 0xc8, 0xf2}},
1649 {{0xc2, 0x56, 0xe2, 0xb6, 0x1a, 0x81, 0xe7, 0x31,
1650 0x63, 0x2e, 0xbb, 0x0d, 0x2f, 0x81, 0x67, 0xd4,
1651 0x22, 0xe2, 0x38, 0x02, 0x25, 0x97, 0xc7, 0x88,
1652 0x6e, 0xdf, 0xbe, 0x2a, 0xa5, 0x73, 0x63, 0xaa},
1653 {0x50, 0x45, 0xe2, 0xc3, 0xbd, 0x89, 0xfc, 0x57,
1654 0xbd, 0x3c, 0xa3, 0x98, 0x7e, 0x7f, 0x36, 0x38,
1655 0x92, 0x39, 0x1f, 0x0f, 0x81, 0x1a, 0x06, 0x51,
1656 0x1f, 0x8d, 0x6a, 0xff, 0x47, 0x16, 0x06, 0x9c}},
1657 {{0x33, 0x95, 0xa2, 0x6f, 0x27, 0x5f, 0x9c, 0x9c,
1658 0x64, 0x45, 0xcb, 0xd1, 0x3c, 0xee, 0x5e, 0x5f,
1659 0x48, 0xa6, 0xaf, 0xe3, 0x79, 0xcf, 0xb1, 0xe2,
1660 0xbf, 0x55, 0x0e, 0xa2, 0x3b, 0x62, 0xf0, 0xe4},
1661 {0x14, 0xe8, 0x06, 0xe3, 0xbe, 0x7e, 0x67, 0x01,
1662 0xc5, 0x21, 0x67, 0xd8, 0x54, 0xb5, 0x7f, 0xa4,
1663 0xf9, 0x75, 0x70, 0x1c, 0xfd, 0x79, 0xdb, 0x86,
1664 0xad, 0x37, 0x85, 0x83, 0x56, 0x4e, 0xf0, 0xbf}},
1665 {{0xbc, 0xa6, 0xe0, 0x56, 0x4e, 0xef, 0xfa, 0xf5,
1666 0x1d, 0x5d, 0x3f, 0x2a, 0x5b, 0x19, 0xab, 0x51,
1667 0xc5, 0x8b, 0xdd, 0x98, 0x28, 0x35, 0x2f, 0xc3,
1668 0x81, 0x4f, 0x5c, 0xe5, 0x70, 0xb9, 0xeb, 0x62},
1669 {0xc4, 0x6d, 0x26, 0xb0, 0x17, 0x6b, 0xfe, 0x6c,
1670 0x12, 0xf8, 0xe7, 0xc1, 0xf5, 0x2f, 0xfa, 0x91,
1671 0x13, 0x27, 0xbd, 0x73, 0xcc, 0x33, 0x31, 0x1c,
1672 0x39, 0xe3, 0x27, 0x6a, 0x95, 0xcf, 0xc5, 0xfb}},
1673 {{0x30, 0xb2, 0x99, 0x84, 0xf0, 0x18, 0x2a, 0x6e,
1674 0x1e, 0x27, 0xed, 0xa2, 0x29, 0x99, 0x41, 0x56,
1675 0xe8, 0xd4, 0x0d, 0xef, 0x99, 0x9c, 0xf3, 0x58,
1676 0x29, 0x55, 0x1a, 0xc0, 0x68, 0xd6, 0x74, 0xa4},
1677 {0x07, 0x9c, 0xe7, 0xec, 0xf5, 0x36, 0x73, 0x41,
1678 0xa3, 0x1c, 0xe5, 0x93, 0x97, 0x6a, 0xfd, 0xf7,
1679 0x53, 0x18, 0xab, 0xaf, 0xeb, 0x85, 0xbd, 0x92,
1680 0x90, 0xab, 0x3c, 0xbf, 0x30, 0x82, 0xad, 0xf6}},
1681 {{0xc6, 0x87, 0x8a, 0x2a, 0xea, 0xc0, 0xa9, 0xec,
1682 0x6d, 0xd3, 0xdc, 0x32, 0x23, 0xce, 0x62, 0x19,
1683 0xa4, 0x7e, 0xa8, 0xdd, 0x1c, 0x33, 0xae, 0xd3,
1684 0x4f, 0x62, 0x9f, 0x52, 0xe7, 0x65, 0x46, 0xf4},
1685 {0x97, 0x51, 0x27, 0x67, 0x2d, 0xa2, 0x82, 0x87,
1686 0x98, 0xd3, 0xb6, 0x14, 0x7f, 0x51, 0xd3, 0x9a,
1687 0x0b, 0xd0, 0x76, 0x81, 0xb2, 0x4f, 0x58, 0x92,
1688 0xa4, 0x86, 0xa1, 0xa7, 0x09, 0x1d, 0xef, 0x9b}},
1689 {{0xb3, 0x0f, 0x2b, 0x69, 0x0d, 0x06, 0x90, 0x64,
1690 0xbd, 0x43, 0x4c, 0x10, 0xe8, 0x98, 0x1c, 0xa3,
1691 0xe1, 0x68, 0xe9, 0x79, 0x6c, 0x29, 0x51, 0x3f,
1692 0x41, 0xdc, 0xdf, 0x1f, 0xf3, 0x60, 0xbe, 0x33},
1693 {0xa1, 0x5f, 0xf7, 0x1d, 0xb4, 0x3e, 0x9b, 0x3c,
1694 0xe7, 0xbd, 0xb6, 0x06, 0xd5, 0x60, 0x06, 0x6d,
1695 0x50, 0xd2, 0xf4, 0x1a, 0x31, 0x08, 0xf2, 0xea,
1696 0x8e, 0xef, 0x5f, 0x7d, 0xb6, 0xd0, 0xc0, 0x27}},
1697 {{0x62, 0x9a, 0xd9, 0xbb, 0x38, 0x36, 0xce, 0xf7,
1698 0x5d, 0x2f, 0x13, 0xec, 0xc8, 0x2d, 0x02, 0x8a,
1699 0x2e, 0x72, 0xf0, 0xe5, 0x15, 0x9d, 0x72, 0xae,
1700 0xfc, 0xb3, 0x4f, 0x02, 0xea, 0xe1, 0x09, 0xfe},
1701 {0x00, 0x00, 0x00, 0x00, 0xfa, 0x0a, 0x3d, 0xbc,
1702 0xad, 0x16, 0x0c, 0xb6, 0xe7, 0x7c, 0x8b, 0x39,
1703 0x9a, 0x43, 0xbb, 0xe3, 0xc2, 0x55, 0x15, 0x14,
1704 0x75, 0xac, 0x90, 0x9b, 0x7f, 0x9a, 0x92, 0x00}},
1705 {{0x8b, 0xac, 0x70, 0x86, 0x29, 0x8f, 0x00, 0x23,
1706 0x7b, 0x45, 0x30, 0xaa, 0xb8, 0x4c, 0xc7, 0x8d,
1707 0x4e, 0x47, 0x85, 0xc6, 0x19, 0xe3, 0x96, 0xc2,
1708 0x9a, 0xa0, 0x12, 0xed, 0x6f, 0xd7, 0x76, 0x16},
1709 {0x45, 0xaf, 0x7e, 0x33, 0xc7, 0x7f, 0x10, 0x6c,
1710 0x7c, 0x9f, 0x29, 0xc1, 0xa8, 0x7e, 0x15, 0x84,
1711 0xe7, 0x7d, 0xc0, 0x6d, 0xab, 0x71, 0x5d, 0xd0,
1712 0x6b, 0x9f, 0x97, 0xab, 0xcb, 0x51, 0x0c, 0x9f}},
1713 {{0x9e, 0xc3, 0x92, 0xb4, 0x04, 0x9f, 0xc8, 0xbb,
1714 0xdd, 0x9e, 0xc6, 0x05, 0xfd, 0x65, 0xec, 0x94,
1715 0x7f, 0x2c, 0x16, 0xc4, 0x40, 0xac, 0x63, 0x7b,
1716 0x7d, 0xb8, 0x0c, 0xe4, 0x5b, 0xe3, 0xa7, 0x0e},
1717 {0x43, 0xf4, 0x44, 0xe8, 0xcc, 0xc8, 0xd4, 0x54,
1718 0x33, 0x37, 0x50, 0xf2, 0x87, 0x42, 0x2e, 0x00,
1719 0x49, 0x60, 0x62, 0x02, 0xfd, 0x1a, 0x7c, 0xdb,
1720 0x29, 0x6c, 0x6d, 0x54, 0x53, 0x08, 0xd1, 0xc8}},
1721 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1722 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1723 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1724 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
1725 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1726 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1727 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1728 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
1729 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1730 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1731 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1732 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
1733 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1734 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1735 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1736 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}},
1737 {{0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1,
1738 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0,
1739 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59,
1740 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92},
1741 {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1,
1742 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0,
1743 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59,
1744 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}},
1745 {{0x28, 0x56, 0xac, 0x0e, 0x4f, 0x98, 0x09, 0xf0,
1746 0x49, 0xfa, 0x7f, 0x84, 0xac, 0x7e, 0x50, 0x5b,
1747 0x17, 0x43, 0x14, 0x89, 0x9c, 0x53, 0xa8, 0x94,
1748 0x30, 0xf2, 0x11, 0x4d, 0x92, 0x14, 0x27, 0xe8},
1749 {0x39, 0x7a, 0x84, 0x56, 0x79, 0x9d, 0xec, 0x26,
1750 0x2c, 0x53, 0xc1, 0x94, 0xc9, 0x8d, 0x9e, 0x9d,
1751 0x32, 0x1f, 0xdd, 0x84, 0x04, 0xe8, 0xe2, 0x0a,
1752 0x6b, 0xbe, 0xbb, 0x42, 0x40, 0x67, 0x30, 0x6c}},
1753 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1754 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1755 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4,
1756 0x40, 0x2d, 0xa1, 0x73, 0x2f, 0xc9, 0xbe, 0xbd},
1757 {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1,
1758 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0,
1759 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59,
1760 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}},
1761 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1762 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
1763 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
1764 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40},
1765 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1766 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1767 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1768 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}},
1769 {{0x1c, 0xc4, 0xf7, 0xda, 0x0f, 0x65, 0xca, 0x39,
1770 0x70, 0x52, 0x92, 0x8e, 0xc3, 0xc8, 0x15, 0xea,
1771 0x7f, 0x10, 0x9e, 0x77, 0x4b, 0x6e, 0x2d, 0xdf,
1772 0xe8, 0x30, 0x9d, 0xda, 0xe8, 0x9a, 0x65, 0xae},
1773 {0x02, 0xb0, 0x16, 0xb1, 0x1d, 0xc8, 0x57, 0x7b,
1774 0xa2, 0x3a, 0xa2, 0xa3, 0x38, 0x5c, 0x8f, 0xeb,
1775 0x66, 0x37, 0x91, 0xa8, 0x5f, 0xef, 0x04, 0xf6,
1776 0x59, 0x75, 0xe1, 0xee, 0x92, 0xf6, 0x0e, 0x30}},
1777 {{0x8d, 0x76, 0x14, 0xa4, 0x14, 0x06, 0x9f, 0x9a,
1778 0xdf, 0x4a, 0x85, 0xa7, 0x6b, 0xbf, 0x29, 0x6f,
1779 0xbc, 0x34, 0x87, 0x5d, 0xeb, 0xbb, 0x2e, 0xa9,
1780 0xc9, 0x1f, 0x58, 0xd6, 0x9a, 0x82, 0xa0, 0x56},
1781 {0xd4, 0xb9, 0xdb, 0x88, 0x1d, 0x04, 0xe9, 0x93,
1782 0x8d, 0x3f, 0x20, 0xd5, 0x86, 0xa8, 0x83, 0x07,
1783 0xdb, 0x09, 0xd8, 0x22, 0x1f, 0x7f, 0xf1, 0x71,
1784 0xc8, 0xe7, 0x5d, 0x47, 0xaf, 0x8b, 0x72, 0xe9}},
1785 {{0x83, 0xb9, 0x39, 0xb2, 0xa4, 0xdf, 0x46, 0x87,
1786 0xc2, 0xb8, 0xf1, 0xe6, 0x4c, 0xd1, 0xe2, 0xa9,
1787 0xe4, 0x70, 0x30, 0x34, 0xbc, 0x52, 0x7c, 0x55,
1788 0xa6, 0xec, 0x80, 0xa4, 0xe5, 0xd2, 0xdc, 0x73},
1789 {0x08, 0xf1, 0x03, 0xcf, 0x16, 0x73, 0xe8, 0x7d,
1790 0xb6, 0x7e, 0x9b, 0xc0, 0xb4, 0xc2, 0xa5, 0x86,
1791 0x02, 0x77, 0xd5, 0x27, 0x86, 0xa5, 0x15, 0xfb,
1792 0xae, 0x9b, 0x8c, 0xa9, 0xf9, 0xf8, 0xa8, 0x4a}},
1793 {{0x8b, 0x00, 0x49, 0xdb, 0xfa, 0xf0, 0x1b, 0xa2,
1794 0xed, 0x8a, 0x9a, 0x7a, 0x36, 0x78, 0x4a, 0xc7,
1795 0xf7, 0xad, 0x39, 0xd0, 0x6c, 0x65, 0x7a, 0x41,
1796 0xce, 0xd6, 0xd6, 0x4c, 0x20, 0x21, 0x6b, 0xc7},
1797 {0xc6, 0xca, 0x78, 0x1d, 0x32, 0x6c, 0x6c, 0x06,
1798 0x91, 0xf2, 0x1a, 0xe8, 0x43, 0x16, 0xea, 0x04,
1799 0x3c, 0x1f, 0x07, 0x85, 0xf7, 0x09, 0x22, 0x08,
1800 0xba, 0x13, 0xfd, 0x78, 0x1e, 0x3f, 0x6f, 0x62}},
1801 {{0x25, 0x9b, 0x7c, 0xb0, 0xac, 0x72, 0x6f, 0xb2,
1802 0xe3, 0x53, 0x84, 0x7a, 0x1a, 0x9a, 0x98, 0x9b,
1803 0x44, 0xd3, 0x59, 0xd0, 0x8e, 0x57, 0x41, 0x40,
1804 0x78, 0xa7, 0x30, 0x2f, 0x4c, 0x9c, 0xb9, 0x68},
1805 {0xb7, 0x75, 0x03, 0x63, 0x61, 0xc2, 0x48, 0x6e,
1806 0x12, 0x3d, 0xbf, 0x4b, 0x27, 0xdf, 0xb1, 0x7a,
1807 0xff, 0x4e, 0x31, 0x07, 0x83, 0xf4, 0x62, 0x5b,
1808 0x19, 0xa5, 0xac, 0xa0, 0x32, 0x58, 0x0d, 0xa7}},
1809 {{0x43, 0x4f, 0x10, 0xa4, 0xca, 0xdb, 0x38, 0x67,
1810 0xfa, 0xae, 0x96, 0xb5, 0x6d, 0x97, 0xff, 0x1f,
1811 0xb6, 0x83, 0x43, 0xd3, 0xa0, 0x2d, 0x70, 0x7a,
1812 0x64, 0x05, 0x4c, 0xa7, 0xc1, 0xa5, 0x21, 0x51},
1813 {0xe4, 0xf1, 0x23, 0x84, 0xe1, 0xb5, 0x9d, 0xf2,
1814 0xb8, 0x73, 0x8b, 0x45, 0x2b, 0x35, 0x46, 0x38,
1815 0x10, 0x2b, 0x50, 0xf8, 0x8b, 0x35, 0xcd, 0x34,
1816 0xc8, 0x0e, 0xf6, 0xdb, 0x09, 0x35, 0xf0, 0xda}},
1817 {{0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34,
1818 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13,
1819 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46,
1820 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5},
1821 {0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34,
1822 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13,
1823 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46,
1824 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5}}
1827 for (i = 0; i < 33; i++) {
1858 unsigned char bin[32];
1868 unsigned char bin[32];
1879 while (--tries >= 0) {
1907 static const unsigned char b32[32] = {
1908 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1909 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
1910 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
1911 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40
1914 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL,
1915 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL
1918 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL,
1919 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL
1922 unsigned char b322[32];
1939 t.magnitude = a->magnitude;
1940 t.normalized = a->normalized;
1952 for (i = 0; i < 5*
count; i++) {
1965 CHECK(x.normalized && x.magnitude == 1);
1972 CHECK(!q.normalized && q.magnitude == z.magnitude);
1981 CHECK(q.normalized && q.magnitude == 1);
1983 for (j = 0; j < 6; j++) {
1988 CHECK((q.normalized != (j&1)) && q.magnitude == ((j&1) ? z.magnitude : 1));
2033 for (i = 1; i <= 512; ++i) {
2044 CHECK((v == 0) == (k == NULL));
2065 for (i = 1; i <= 100; i++) {
2074 for (i = 0; i < 10; i++) {
2077 for (j = 0; j <
count; j++) {
2092 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE,
2093 0xBAAEDCE6, 0xAF48A03B, 0xBFD25E8C, 0xD0364140
2097 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
2098 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFC2E
2166 {
SECP256K1_FE_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xfffffc2e),
2167 SECP256K1_FE_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xfffffc2e)},
2170 SECP256K1_FE_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x7ffffe18)},
2173 SECP256K1_FE_CONST(0xbcb223fe, 0xdc24a059, 0xd838091d, 0xd2253530, 0xffffffff, 0xffffffff, 0xffffffff, 0x434dd931)},
2175 {
SECP256K1_FE_CONST(0xe34e9c95, 0x6bee8a84, 0x0dcb632a, 0xdb8a1320, 0x66885408, 0x06f3f996, 0x7c11ca84, 0x19199ec3),
2176 SECP256K1_FE_CONST(0xbd2cbd8f, 0x1c536828, 0x9bccda44, 0x2582ac0c, 0x870152b0, 0x8a3f09fb, 0x1aaadf92, 0x19b618e5)}
2187 {
SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140),
2188 SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140)},
2191 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x5d576e73, 0x57a4501d, 0xdfe92f46, 0x681b20a1)},
2194 SECP256K1_SCALAR_CONST(0x50a51ac8, 0x34b9ec24, 0x4b0dff66, 0x5588b13e, 0x9984d5b3, 0xcf80ef0f, 0xd6a23766, 0xa3ee9f22)},
2196 {
SECP256K1_SCALAR_CONST(0xcb9f1d35, 0xdd4416c2, 0xcd71bf3f, 0x6365da66, 0x3c9b3376, 0x8feb7ae9, 0x32a5ef60, 0x19199ec3),
2197 SECP256K1_SCALAR_CONST(0x1d7c7bba, 0xf1893d53, 0xb834bd09, 0x36b411dc, 0x42c2e42f, 0xec72c428, 0x5e189791, 0x8e9bc708)}
2199 int i, var, testrand;
2200 unsigned char b32[32];
2203 memset(b32, 0,
sizeof(b32));
2205 for (i = 0; (size_t)i <
sizeof(fe_cases)/
sizeof(fe_cases[0]); ++i) {
2206 for (var = 0; var <= 1; ++var) {
2213 for (i = 0; (size_t)i <
sizeof(scalar_cases)/
sizeof(scalar_cases[0]); ++i) {
2214 for (var = 0; var <= 1; ++var) {
2222 for (i = 0; i < 1000; ++i) {
2224 b32[30] = (i >> 8) & 0xff;
2227 for (var = 0; var <= 1; ++var) {
2233 for (var = 0; var <= 1; ++var) {
2239 for (testrand = 0; testrand <= 1; ++testrand) {
2240 for (i = 0; i < 64 *
count; ++i) {
2244 for (var = 0; var <= 1; ++var) {
2319 for (i = 0; i < runs; i++) {
2323 if (i >= runs - 2) {
2326 if (i >= runs - 1) {
2337 for (j = 0; j < 4; j++) {
2355 for (i1 = 0; i1 < 1 + 4 * runs; i1++) {
2357 for (i2 = 0; i2 < 1 + 4 * runs; i2++) {
2397 if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 == ((i2 + 3)%4)/2)) {
2414 if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 != ((i2 + 3)%4)/2)) {
2436 for (i = 0; i < 4 * runs + 1; i++) {
2437 gej_shuffled[i] = gej[i];
2439 for (i = 0; i < 4 * runs + 1; i++) {
2443 gej_shuffled[i] = gej_shuffled[swap];
2444 gej_shuffled[swap] = t;
2447 for (i = 0; i < 4 * runs + 1; i++) {
2458 for (i = 0; i < 4 * runs + 1; i++) {
2468 for (i = 0; i < 4 * runs + 1; i++) {
2479 for (i = 0; i < 4 * runs + 1; i++) {
2552 0x8d24cd95, 0x0a355af1, 0x3c543505, 0x44238d30,
2553 0x0643d79f, 0x05a59614, 0x2f8ec030, 0xd58977cb,
2554 0x001e337a, 0x38093dcd, 0x6c0f386d, 0x0b1293a8,
2555 0x4d72c879, 0xd7681924, 0x44e6d2f3, 0x9190117d
2558 0xc7b74206, 0x1f788cd9, 0xabd0937d, 0x164a0d86,
2559 0x95f6ff75, 0xf19a4ce9, 0xd013bd7b, 0xbf92d2a7,
2560 0xffe1cc85, 0xc7f6c232, 0x93f0c792, 0xf4ed6c57,
2561 0xb28d3786, 0x2897e6db, 0xbb192d0b, 0x6e6feab2
2564 0x671a63c0, 0x3efdad4c, 0x389a7798, 0x24356027,
2565 0xb3d69010, 0x278625c3, 0x5c86d390, 0x184a8f7a,
2566 0x5f6409c2, 0x2ce01f2b, 0x511fd375, 0x25071d08,
2567 0xda651801, 0x70e95caf, 0x8f0d893c, 0xbed8fbbe
2589 for (i = 0; i <
count * 32; i++) {
2605 for (i = 1; i <= 6; i++) {
2612 d[i - 1] = &data[i - 1];
2623 for (i = 0; i <
count * 8; i++) {
2636 int res_quad, res_even, res_odd;
2644 CHECK(res_quad == res_even);
2645 CHECK(res_quad == res_odd);
2694 for (i = 0; i <
count * 4; i++) {
2706 0x8b30bbe9, 0xae2a9906, 0x96b22f67, 0x0709dff3,
2707 0x727fd8bc, 0x04d3362c, 0x6c7bf458, 0xe2846004,
2708 0xa357ae91, 0x5c4a6528, 0x1309edf2, 0x0504740f,
2709 0x0eb33439, 0x90216b4f, 0x81063cb6, 0x5f2f7e0f
2713 0x84cc5452, 0xf7fde1ed, 0xb4d38a8c, 0xe9b1b84c,
2714 0xcef31f14, 0x6e569be9, 0x705d357a, 0x42985407
2717 0xa1e58d22, 0x553dcd42, 0xb2398062, 0x5d4c57a9,
2718 0x6e9323d4, 0x2b3152e5, 0xca2c3990, 0xedc7c9de
2733 for (i = 0; i < 200*
count; i++) {
2749 0xD6E96687, 0xF9B10D09, 0x2A6F3543, 0x9D86CEBE,
2750 0xA4535D0D, 0x409F5358, 0x6440BD74, 0xB933E830,
2751 0xB95CBCA2, 0xC77DA786, 0x539BE8FD, 0x53354D2D,
2752 0x3B4F566A, 0xE6580454, 0x07ED6015, 0xEE1B2A88
2775 unsigned char pub[65];
2809 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fc),
2810 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fd),
2811 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fe),
2812 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6ff),
2813 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632d),
2814 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632e),
2815 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632f),
2816 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf76330),
2817 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b209f),
2818 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a0),
2819 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a1),
2820 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a2),
2821 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede11),
2822 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede12),
2823 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede13),
2824 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede14),
2825 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a42),
2826 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a43),
2827 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a44),
2828 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a45)
2854 }
else if (mode == 1) {
2873 for (i = 0; i < 4*
count; ++i) {
2886 0x7603CB59, 0xB0EF6C63, 0xFE608479, 0x2A0C378C,
2887 0xDB3233A8, 0x0F8A9A09, 0xA877DEAD, 0x31B38C45
2889 for (i = 0; i < 500; i++) {
2906 0x6d986544, 0x57ff52b8, 0xcf1b8126, 0x5b802a5b,
2907 0xa97f9263, 0xb1e88044, 0x93351325, 0x91bc450a,
2908 0x535c59f7, 0x325e5d2b, 0xc391fbe8, 0x3c12787c,
2909 0x337e4a98, 0xe82a9011, 0x0123ba37, 0xdd769c7d
2913 0x649d4f77, 0xc4242df7, 0x7f2079c9, 0x14530327,
2914 0xa31b876a, 0xd2d8ce2a, 0x2236d5c6, 0xd7b2029b
2918 0x23773684, 0x4d209dc7, 0x098a786f, 0x20d06fcd,
2919 0x070a38bf, 0xc11ac651, 0x03004319, 0x1e2a8786,
2920 0xed8c3b8e, 0xc06dd57b, 0xd06ea66e, 0x45492b0f,
2921 0xb84e4e1b, 0xfb77e21f, 0x96baae2a, 0x63dec956
2976 0x4968d524, 0x2abf9b7a, 0x466abbcf, 0x34b11b6d,
2977 0xcd83d307, 0x827bed62, 0x05fad0ce, 0x18fae63b
2980 0x5494c15d, 0x32099706, 0xc2395f94, 0x348745fd,
2981 0x757ce30e, 0x4e8c90fb, 0xa2bad184, 0xf883c69f,
2982 0x5d195d20, 0xe191bf7f, 0x1be3e55f, 0x56a80196,
2983 0x6071ad01, 0xf1462f66, 0xc997fa94, 0xdb858435
2990 for (i = 0; i < 100; ++i) {
3013 *sc = data->
sc[idx];
3014 *pt = data->
pt[idx];
3043 for (ncount = 0; ncount <
count; ncount++) {
3087 for (ncount = 0; ncount <
count; ncount++) {
3090 size_t sizes[] = { 2, 10, 32 };
3092 for (j = 0; j < 3; j++) {
3093 for (i = 0; i < 32; i++) {
3101 for (j = 0; j < 3; j++) {
3102 for (i = 0; i < 32; i++) {
3111 for (j = 0; j < 3; j++) {
3113 for (i = 0; i < 16; i++) {
3117 pt[2 * i + 1] = ptg;
3124 for (i = 0; i < 16; i++) {
3140 for (i = 1; i < 32; i++) {
3153 for (ncount = 0; ncount <
count; ncount++) {
3158 for (i = 0; i < 20; i++) {
3174 for (ncount = 0; ncount <
count; ncount++) {
3182 for (i = 0; i < 20; i++) {
3197 for (ncount = 0; ncount < 20; ncount++) {
3213 const size_t TOP = 8;
3222 for(t0i = 0; t0i < TOP; t0i++) {
3223 for(t1i = 0; t1i < TOP; t1i++) {
3235 for(s0i = 0; s0i < TOP; s0i++) {
3236 for(s1i = 0; s1i < TOP; s1i++) {
3308 size_t n_points_supported;
3309 int bucket_window = 0;
3311 for(; scratch_size < max_size; scratch_size+=256) {
3316 CHECK(scratch != NULL);
3319 if (n_points_supported == 0) {
3338 size_t n_batches, n_batch_points, max_n_batch_points, n;
3340 max_n_batch_points = 0;
3344 max_n_batch_points = 1;
3347 CHECK(n_batches == 0);
3348 CHECK(n_batch_points == 0);
3350 max_n_batch_points = 2;
3353 CHECK(n_batches == 3);
3354 CHECK(n_batch_points == 2);
3359 CHECK(n_batches == 1);
3365 CHECK(n_batches == 2);
3368 max_n_batch_points = 1;
3371 CHECK(n_batches == SIZE_MAX);
3372 CHECK(n_batch_points == 1);
3374 max_n_batch_points = 2;
3377 CHECK(n_batches == SIZE_MAX/2 + 1);
3378 CHECK(n_batch_points == 2);
3403 for(i = 0; i < n_points; i++) {
3434 for(i = 1; i <= n_points; i++) {
3485 for (i = bits-1; i >= 0; i--) {
3489 CHECK(zeroes == -1 || zeroes >= w-1);
3491 CHECK((v & 1) == 1);
3492 CHECK(v <= (1 << (w-1)) - 1);
3493 CHECK(v >= -(1 << (w-1)) - 1);
3495 CHECK(zeroes != -1);
3520 CHECK(sign1 == sign2);
3526 int wnaf[256] = {0};
3535 for (i = 0; i < 16; ++i) {
3546 CHECK(v > -(1 << w));
3547 CHECK(v < (1 << w));
3566 int wnaf[256] = {0};
3573 for (i = 0; i < 16; ++i) {
3581 CHECK(v == 0 || v & 1);
3582 CHECK(v > -(1 << w));
3583 CHECK(v < (1 << w));
3604 CHECK(wnaf[i] == 0);
3606 for (i = 7; i >= 0; --i) {
3607 CHECK(wnaf[i] == wnaf_expected[i]);
3613 int wnaf[256] = {0};
3632 CHECK(wnaf[0] == 1);
3636 int wnaf_expected[8] = { 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf };
3643 int wnaf_expected[8] = { -1, -1, -1, -1, -1, -1, -1, 0xf };
3650 int wnaf_expected[8] = { 1, 0, 1, 0, 1, 0, 1, 0 };
3657 int wnaf_expected[8] = { -0xf, 0, 0xf, -0xf, 0, 0xf, 1, 0 };
3697 for (i = 0; i <
count; i++) {
3719 for (i = 0; i < 36; i++ ) {
3722 for (j = 0; j < i; j++) {
3730 for (i = 1; i <= 36; i++ ) {
3734 for (j = 0; j < i; j++) {
3752 unsigned char seed32[32];
3786 for (i = 0; i < 10; i++) {
3794 const unsigned char zero[32] = {0};
3795 unsigned char tmp[32];
3830 for (i = 0; i < 100U *
count; ++i) {
3841 unsigned char pubkeyc[65];
3848 for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) {
3851 memcpy(&pubkeyc[1], input, 64);
3852 VG_UNDEF(&pubkeyc[pubkeyclen], 65 - pubkeyclen);
3853 for (i = 0; i < 256; i++) {
3860 ysign = (input[63] & 1) + 2;
3862 xpass = xvalid && (pubkeyclen == 33) && ((i & 254) == 2);
3864 ypass = xvalid && yvalid && ((i & 4) == ((pubkeyclen == 65) << 2)) &&
3865 ((i == 4) || ((i & 251) == ysign)) && ((pubkeyclen == 33) || (pubkeyclen == 65));
3866 if (xpass || ypass) {
3868 unsigned char pubkeyo[65];
3870 memset(&pubkey, 0,
sizeof(pubkey));
3881 CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0]));
3884 CHECK(pubkeyo[0] == ysign);
3886 memset(&pubkey, 0,
sizeof(pubkey));
3895 CHECK(pubkeyo[0] == 4);
3901 memset(&pubkey, 0xfe,
sizeof(pubkey));
3916 #define SECP256K1_EC_PARSE_TEST_NVALID (12)
3920 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x52,
3921 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3922 0x00, 0x00, 0x64, 0xef, 0xa1, 0x7b, 0x77, 0x61, 0xe1, 0xe4, 0x27, 0x06, 0x98, 0x9f, 0xb4, 0x83,
3923 0xb8, 0xd2, 0xd4, 0x9b, 0xf7, 0x8f, 0xae, 0x98, 0x03, 0xf0, 0x99, 0xb8, 0x34, 0xed, 0xeb, 0x00
3927 0x7a, 0xe9, 0x6a, 0x2b, 0x65, 0x7c, 0x07, 0x10, 0x6e, 0x64, 0x47, 0x9e, 0xac, 0x34, 0x34, 0xe9,
3928 0x9c, 0xf0, 0x49, 0x75, 0x12, 0xf5, 0x89, 0x95, 0xc1, 0x39, 0x6c, 0x28, 0x71, 0x95, 0x01, 0xee,
3929 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
3930 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
3934 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
3935 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c,
3936 0x0e, 0x99, 0x4b, 0x14, 0xea, 0x72, 0xf8, 0xc3, 0xeb, 0x95, 0xc7, 0x1e, 0xf6, 0x92, 0x57, 0x5e,
3937 0x77, 0x50, 0x58, 0x33, 0x2d, 0x7e, 0x52, 0xd0, 0x99, 0x5c, 0xf8, 0x03, 0x88, 0x71, 0xb6, 0x7d,
3941 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
3942 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c,
3943 0xf1, 0x66, 0xb4, 0xeb, 0x15, 0x8d, 0x07, 0x3c, 0x14, 0x6a, 0x38, 0xe1, 0x09, 0x6d, 0xa8, 0xa1,
3944 0x88, 0xaf, 0xa7, 0xcc, 0xd2, 0x81, 0xad, 0x2f, 0x66, 0xa3, 0x07, 0xfb, 0x77, 0x8e, 0x45, 0xb2,
3948 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3949 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
3950 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
3951 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
3955 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3956 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
3957 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb,
3958 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41,
3962 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
3963 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
3964 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
3965 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
3969 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
3970 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
3971 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
3972 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
3976 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
3977 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
3978 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
3979 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
3983 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
3984 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
3985 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3986 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
3990 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
3991 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
3992 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3993 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
3997 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
3998 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
3999 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4000 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
4003 #define SECP256K1_EC_PARSE_TEST_NXVALID (4)
4007 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
4008 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
4009 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
4010 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
4014 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
4015 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
4016 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
4017 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
4021 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
4022 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
4023 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
4024 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
4028 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4029 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
4030 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4031 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03
4034 #define SECP256K1_EC_PARSE_TEST_NINVALID (7)
4038 0x0a, 0x2d, 0x2b, 0xa9, 0x35, 0x07, 0xf1, 0xdf, 0x23, 0x37, 0x70, 0xc2, 0xa7, 0x97, 0x96, 0x2c,
4039 0xc6, 0x1f, 0x6d, 0x15, 0xda, 0x14, 0xec, 0xd4, 0x7d, 0x8d, 0x27, 0xae, 0x1c, 0xd5, 0xf8, 0x53,
4040 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4041 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
4045 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
4046 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
4047 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
4048 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
4052 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
4053 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
4054 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb,
4055 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41,
4059 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
4060 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
4061 0xf4, 0x84, 0x14, 0x5c, 0xb0, 0x14, 0x9b, 0x82, 0x5d, 0xff, 0x41, 0x2f, 0xa0, 0x52, 0xa8, 0x3f,
4062 0xcb, 0x72, 0xdb, 0x61, 0xd5, 0x6f, 0x37, 0x70, 0xce, 0x06, 0x6b, 0x73, 0x49, 0xa2, 0xaa, 0x28,
4066 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
4067 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
4068 0x0b, 0x7b, 0xeb, 0xa3, 0x4f, 0xeb, 0x64, 0x7d, 0xa2, 0x00, 0xbe, 0xd0, 0x5f, 0xad, 0x57, 0xc0,
4069 0x34, 0x8d, 0x24, 0x9e, 0x2a, 0x90, 0xc8, 0x8f, 0x31, 0xf9, 0x94, 0x8b, 0xb6, 0x5d, 0x52, 0x07,
4073 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4074 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4075 0x8f, 0x53, 0x7e, 0xef, 0xdf, 0xc1, 0x60, 0x6a, 0x07, 0x27, 0xcd, 0x69, 0xb4, 0xa7, 0x33, 0x3d,
4076 0x38, 0xed, 0x44, 0xe3, 0x93, 0x2a, 0x71, 0x79, 0xee, 0xcb, 0x4b, 0x6f, 0xba, 0x93, 0x60, 0xdc,
4080 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4081 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
4082 0x70, 0xac, 0x81, 0x10, 0x20, 0x3e, 0x9f, 0x95, 0xf8, 0xd8, 0x32, 0x96, 0x4b, 0x58, 0xcc, 0xc2,
4083 0xc7, 0x12, 0xbb, 0x1c, 0x6c, 0xd5, 0x8e, 0x86, 0x11, 0x34, 0xb4, 0x8f, 0x45, 0x6c, 0x9b, 0x53
4086 const unsigned char pubkeyc[66] = {
4088 0x04, 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B,
4089 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17,
4090 0x98, 0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08,
4091 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4,
4094 unsigned char sout[65];
4095 unsigned char shortkey[2];
4107 memset(&pubkey, 0xfe,
sizeof(pubkey));
4117 for (i = 0; i < 256 ; i++) {
4118 memset(&pubkey, 0xfe,
sizeof(pubkey));
4130 for (i = 0; i < 65536 ; i++) {
4131 memset(&pubkey, 0xfe,
sizeof(pubkey));
4133 shortkey[0] = i & 255;
4134 shortkey[1] = i >> 8;
4142 memset(&pubkey, 0xfe,
sizeof(pubkey));
4155 memset(&pubkey, 0xfe,
sizeof(pubkey));
4164 memset(&pubkey, 0xfe,
sizeof(pubkey));
4173 memset(&pubkey, 0xfe,
sizeof(pubkey));
4182 memset(&pubkey, 0,
sizeof(pubkey));
4229 CHECK(ecount2 == 10);
4244 const unsigned char orderc[32] = {
4245 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
4246 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
4247 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
4248 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41
4251 unsigned char ctmp[33];
4252 unsigned char ctmp2[33];
4267 memset(ctmp, 255, 32);
4269 memset(&pubkey, 1,
sizeof(pubkey));
4275 memset(ctmp, 0, 32);
4277 memset(&pubkey, 1,
sizeof(pubkey));
4285 memset(&pubkey, 0,
sizeof(pubkey));
4290 pubkey_one = pubkey;
4292 memcpy(ctmp, orderc, 32);
4295 memset(&pubkey, 1,
sizeof(pubkey));
4303 memset(&pubkey, 0,
sizeof(pubkey));
4308 pubkey_negone = pubkey;
4310 memset(ctmp2, 0, 32);
4313 memcpy(&pubkey2, &pubkey,
sizeof(pubkey));
4321 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
4324 memcpy(ctmp, orderc, 32);
4325 memset(ctmp2, 0, 32);
4331 memcpy(ctmp, orderc, 32);
4336 memcpy(ctmp, orderc, 32);
4340 memcpy(ctmp, orderc, 32);
4344 memcpy(ctmp, orderc, 32);
4350 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
4353 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
4357 memcpy(ctmp, orderc, 32);
4359 memset(ctmp2, 0, 32);
4366 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
4386 memset(&pubkey, 0, 32);
4390 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
4391 memset(&pubkey2, 0, 32);
4402 memset(ctmp2, 0, 32);
4409 memset(ctmp2, 0, 32);
4416 memset(ctmp2, 0, 32);
4422 memset(ctmp2, 0, 32);
4431 memset(&pubkey, 1,
sizeof(pubkey));
4437 pubkeys[0] = &pubkey_one;
4456 pubkeys[0] = &pubkey_negone;
4468 pubkeys[0] = &pubkey_one;
4469 pubkeys[1] = &pubkey_negone;
4477 pubkeys[2] = &pubkey_one;
4489 pubkeys[1] = &pubkey_one;
4500 unsigned char seckey[32];
4501 unsigned char seckey_tmp[32];
4504 memcpy(seckey_tmp, seckey, 32);
4518 memset(seckey, 0, 32);
4519 memset(seckey_tmp, 0, 32);
4528 memset(seckey, 0xFF, 16);
4529 memset(seckey_tmp, 0, 32);
4558 CHECK(recid >= 0 && recid < 4);
4570 for (i = 0; i < 10*
count; i++) {
4576 static int precomputed_nonce_function(
unsigned char *nonce32,
const unsigned char *msg32,
const unsigned char *key32,
const unsigned char *algo16,
void *data,
unsigned int counter) {
4580 memcpy(nonce32, data, 32);
4581 return (counter == 0);
4584 static int nonce_function_test_fail(
unsigned char *nonce32,
const unsigned char *msg32,
const unsigned char *key32,
const unsigned char *algo16,
void *data,
unsigned int counter) {
4592 static int nonce_function_test_retry(
unsigned char *nonce32,
const unsigned char *msg32,
const unsigned char *key32,
const unsigned char *algo16,
void *data,
unsigned int counter) {
4595 memset(nonce32, counter==0 ? 0 : 255, 32);
4602 static const unsigned char order[] = {
4603 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
4604 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
4605 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
4606 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41
4608 memcpy(nonce32, order, 32);
4628 unsigned char extra[32] = {0x00};
4629 unsigned char privkey[32];
4630 unsigned char message[32];
4631 unsigned char privkey2[32];
4634 unsigned char sig[74];
4636 unsigned char pubkeyc[65];
4637 size_t pubkeyclen = 65;
4640 unsigned char seckey[300];
4641 size_t seckeylen = 300;
4658 memset(&pubkey, 0,
sizeof(pubkey));
4662 memcpy(&pubkey_tmp, &pubkey,
sizeof(pubkey));
4678 unsigned char rnd[32];
4679 unsigned char privkey_tmp[32];
4682 memcpy(privkey_tmp, privkey, 32);
4687 CHECK(ret1 == ret2);
4688 CHECK(ret2 == ret3);
4702 unsigned char rnd[32];
4703 unsigned char privkey_tmp[32];
4706 memcpy(privkey_tmp, privkey, 32);
4711 CHECK(ret1 == ret2);
4712 CHECK(ret2 == ret3);
4761 memset(&signature[0], 0,
sizeof(signature[0]));
4775 unsigned char in[65];
4796 unsigned char out[65];
4797 unsigned char firstb;
4806 if ((in[0] != 6) && (in[0] != 7)) {
4807 CHECK(in[0] == out[0]);
4817 if (firstb == 2 || firstb == 3) {
4818 if (in[0] == firstb + 4) {
4834 for (i = 0; i < 10*
count; i++) {
4841 for (i = 0; i < 64*
count; i++) {
4847 static const unsigned char zeroes[32] = {0};
4852 unsigned char roundtrip_der[2048];
4853 unsigned char compact_der[64];
4854 size_t len_der = 2048;
4855 int parsed_der = 0, valid_der = 0, roundtrips_der = 0;
4858 unsigned char roundtrip_der_lax[2048];
4859 unsigned char compact_der_lax[64];
4860 size_t len_der_lax = 2048;
4861 int parsed_der_lax = 0, valid_der_lax = 0, roundtrips_der_lax = 0;
4874 if (parsed_der_lax) {
4878 if (valid_der_lax) {
4883 if (certainly_der) {
4884 ret |= (!parsed_der) << 2;
4886 if (certainly_not_der) {
4887 ret |= (parsed_der) << 17;
4890 ret |= (!roundtrips_der) << 3;
4894 ret |= (!roundtrips_der_lax) << 12;
4895 ret |= (len_der != len_der_lax) << 13;
4896 ret |= ((len_der != len_der_lax) || (
secp256k1_memcmp_var(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14;
4898 ret |= (roundtrips_der != roundtrips_der_lax) << 15;
4900 ret |= (!parsed_der_lax) << 16;
4908 for (i = 0; i < ptrlen; i++) {
4909 int shift = ptrlen - 1 - i;
4913 ptr[i] = (val >> shift) & 0xFF;
4921 if (action < 1 && *len > 3) {
4924 memmove(
sig + pos,
sig + pos + 1, *len - pos - 1);
4927 }
else if (action < 2 && *len < 2048) {
4930 memmove(
sig + pos + 1,
sig + pos, *len - pos);
4934 }
else if (action < 4) {
4947 int nlow[2], nlen[2], nlenlen[2], nhbit[2], nhbyte[2], nzlen[2];
4948 size_t tlen, elen, glen;
4954 *certainly_der = der;
4955 *certainly_not_der = 0;
4958 for (n = 0; n < 2; n++) {
4963 CHECK(nlen[n] <= 232);
4970 if (nzlen[n] > ((nlen[n] == 0 || nhbit[n]) ? 1 : 0)) {
4971 *certainly_not_der = 1;
4973 CHECK(nlen[n] + nzlen[n] <= 300);
4975 nlenlen[n] = nlen[n] + nzlen[n] < 128 ? 0 : (nlen[n] + nzlen[n] < 256 ? 1 : 2);
4981 *certainly_not_der = 1;
4984 CHECK(nlen[n] + nzlen[n] + nlenlen[n] <= 427);
4988 tlen = 2 + nlenlen[0] + nlen[0] + nzlen[0] + 2 + nlenlen[1] + nlen[1] + nzlen[1];
4994 *certainly_not_der = 1;
5002 *certainly_not_der = 1;
5004 CHECK(tlen + glen <= 990);
5007 sig[(*len)++] = 0x30;
5010 sig[(*len)++] = 0x80;
5011 *certainly_not_der = 1;
5013 int tlenlen = tlen < 128 ? 0 : (tlen < 256 ? 1 : 2);
5018 *certainly_not_der = 1;
5023 sig[(*len)++] = tlen;
5026 sig[(*len)++] = 128 + tlenlen;
5033 CHECK(tlen + glen <= 1119);
5035 for (n = 0; n < 2; n++) {
5037 sig[(*len)++] = 0x02;
5038 if (nlenlen[n] == 0) {
5040 sig[(*len)++] = nlen[n] + nzlen[n];
5043 sig[(*len)++] = 128 + nlenlen[n];
5048 while (nzlen[n] > 0) {
5049 sig[(*len)++] = 0x00;
5052 if (nlen[n] == 32 && !nlow[n]) {
5055 for (i = 0; i < 16; i++) {
5056 sig[(*len)++] = 0xFF;
5062 sig[(*len)++] = nhbyte[n];
5081 CHECK(tlen + glen <= 1121);
5087 CHECK(tlen <= 1121);
5088 CHECK(tlen == *len);
5093 for (i = 0; i < 200 *
count; i++) {
5094 unsigned char buffer[2048];
5096 int certainly_der = 0;
5097 int certainly_not_der = 0;
5099 CHECK(buflen <= 2048);
5100 for (j = 0; j < 16; j++) {
5106 certainly_not_der = 0;
5111 fprintf(stderr,
"Failure %x on ", ret);
5112 for (k = 0; k < buflen; k++) {
5113 fprintf(stderr,
"%02x ", buffer[k]);
5115 fprintf(stderr,
"\n");
5145 const unsigned char pubkey_mods_zero[33] = {
5146 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5147 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5148 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
5149 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
5164 const unsigned char pubkey[33] = {
5165 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5166 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5167 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5183 const unsigned char pubkey[33] = {
5184 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5185 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5186 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5187 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5190 const unsigned char pubkey2[33] = {
5191 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5192 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5193 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
5194 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
5218 const unsigned char pubkey[33] = {
5219 0x02, 0x14, 0x4e, 0x5a, 0x58, 0xef, 0x5b, 0x22,
5220 0x6f, 0xd2, 0xe2, 0x07, 0x6a, 0x77, 0xcf, 0x05,
5221 0xb4, 0x1d, 0xe7, 0x4a, 0x30, 0x98, 0x27, 0x8c,
5222 0x93, 0xe6, 0xe6, 0x3c, 0x0b, 0xc4, 0x73, 0x76,
5225 const unsigned char pubkey2[33] = {
5226 0x02, 0x8a, 0xd5, 0x37, 0xed, 0x73, 0xd9, 0x40,
5227 0x1d, 0xa0, 0x33, 0xd2, 0xdc, 0xf0, 0xaf, 0xae,
5228 0x34, 0xcf, 0x5f, 0x96, 0x4c, 0x73, 0x28, 0x0f,
5229 0x92, 0xc0, 0xf6, 0x9d, 0xd9, 0xb2, 0x09, 0x10,
5232 const unsigned char csr[32] = {
5233 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5234 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
5235 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4,
5236 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xeb
5260 const unsigned char pubkey[33] = {
5261 0x03, 0xaf, 0x97, 0xff, 0x7d, 0x3a, 0xf6, 0xa0,
5262 0x02, 0x94, 0xbd, 0x9f, 0x4b, 0x2e, 0xd7, 0x52,
5263 0x28, 0xdb, 0x49, 0x2a, 0x65, 0xcb, 0x1e, 0x27,
5264 0x57, 0x9c, 0xba, 0x74, 0x20, 0xd5, 0x1d, 0x20,
5267 const unsigned char csr[32] = {
5268 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5269 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
5270 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4,
5271 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xee
5294 unsigned char signature[72];
5295 static const unsigned char nonce[32] = {
5296 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5297 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5298 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5299 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
5301 static const unsigned char nonce2[32] = {
5302 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
5303 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
5304 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
5305 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x40
5307 const unsigned char key[32] = {
5308 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5309 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5310 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5311 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
5313 unsigned char msg[32] = {
5314 0x86, 0x41, 0x99, 0x81, 0x06, 0x23, 0x44, 0x53,
5315 0xaa, 0x5f, 0x9d, 0x6a, 0x31, 0x78, 0xf4, 0xf7,
5316 0xb8, 0x12, 0xe0, 0x0b, 0x81, 0x7a, 0x77, 0x62,
5317 0x65, 0xdf, 0xdd, 0x31, 0xb9, 0x3e, 0x29, 0xa9,
5351 CHECK(ecount == 10);
5353 CHECK(ecount == 11);
5355 CHECK(ecount == 11);
5357 CHECK(ecount == 12);
5359 CHECK(ecount == 13);
5361 CHECK(ecount == 13);
5365 CHECK(ecount == 13);
5381 memset(signature, 255, 64);
5388 for (t = 0; t < 2; t++) {
5389 static const unsigned char zero[32] = {0x00};
5391 unsigned char key[32];
5392 unsigned char msg[32];
5395 const unsigned char *extra;
5396 extra = t == 0 ? NULL : zero;
5400 memset(key, 0xFF, 32);
5422 for(i = 0; i < 256; i++) {
5428 for (j = 0; j < i; j++) {
5435 for(i = 256; i < 512; i++) {
5441 for (j = 0; j < i; j++) {
5450 const unsigned char zeros[32] = {0};
5451 unsigned char nonce[32];
5452 unsigned char nonce2[32];
5453 unsigned char nonce3[32];
5454 unsigned char nonce4[32];
5478 unsigned char privkey[300];
5479 unsigned char seckey[32] = {
5480 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5481 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
5482 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
5483 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41,
5485 size_t outlen = 300;
5496 #ifdef ENABLE_MODULE_ECDH
5500 #ifdef ENABLE_MODULE_MULTISET
5504 #ifdef ENABLE_MODULE_RECOVERY
5508 #ifdef ENABLE_MODULE_SCHNORR
5512 #ifdef ENABLE_MODULE_EXTRAKEYS
5516 #ifdef ENABLE_MODULE_SCHNORRSIG
5521 unsigned char buf1[6] = {1, 2, 3, 4, 5, 6};
5522 unsigned char buf2[
sizeof(buf1)];
5525 memcpy(buf2, buf1,
sizeof(buf1));
5530 memset(buf2, 0,
sizeof(buf2));
5540 CHECK(r == INT_MAX);
5544 CHECK(r == INT_MAX);
5564 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
5565 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
5594 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
5595 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
5624 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
5625 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
5651 static const secp256k1_ge_storage zero =
SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
5652 static const secp256k1_ge_storage one =
SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1);
5654 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
5655 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
5656 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
5657 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
5694 setbuf(stdout, NULL);
5697 setbuf(stderr, NULL);
5701 count = strtol(argv[1], NULL, 0);
5703 const char* env = getenv(
"SECP256K1_TEST_ITERS");
5704 if (env && strlen(env) > 0) {
5705 count = strtol(env, NULL, 0);
5709 fputs(
"An iteration count of 0 or less is not allowed.\n", stderr);
5710 return EXIT_FAILURE;
5723 unsigned char rand32[32];
5775 #ifdef ENABLE_MODULE_ECDH
5787 #ifdef ENABLE_MODULE_MULTISET
5791 #ifdef ENABLE_MODULE_RECOVERY
5796 #ifdef ENABLE_MODULE_SCHNORR
5801 #ifdef ENABLE_MODULE_EXTRAKEYS
5805 #ifdef ENABLE_MODULE_SCHNORRSIG
5819 printf(
"no problems found\n");
void run_ecdh_tests(void)
static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar *r, secp256k1_scalar *s, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid)
static int secp256k1_ecdsa_sig_verify(const secp256k1_ecmult_context *ctx, const secp256k1_scalar *r, const secp256k1_scalar *s, const secp256k1_ge *pubkey, const secp256k1_scalar *message)
static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size)
static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed)
static void secp256k1_ecmult(const secp256k1_ecmult_context *ctx, secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng)
Double multiply: R = na*A + ng*G.
static int secp256k1_ecmult_multi_var(const secp256k1_callback *error_callback, const secp256k1_ecmult_context *ctx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n)
Multi-multiply: R = inp_g_sc * G + sum_i ni * Ai.
static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q, int bits)
Multiply: R = q*A (in constant-time) Here bits should be set to the maximum bitlength of the absolute...
static int secp256k1_wnaf_const(int *wnaf, const secp256k1_scalar *scalar, int w, int size)
Convert a number to WNAF notation.
static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *a)
Multiply with the generator: R = a*G.
static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32)
#define STRAUSS_SCRATCH_OBJECTS
static size_t secp256k1_pippenger_bucket_window_inv(int bucket_window)
Returns the maximum optimal number of points for a bucket_window.
static size_t secp256k1_pippenger_max_points(const secp256k1_callback *error_callback, secp256k1_scratch *scratch)
Returns the maximum number of points in addition to G that can be used with a given scratch space.
static int secp256k1_wnaf_fixed(int *wnaf, const secp256k1_scalar *s, int w)
Convert a number to WNAF notation.
static int secp256k1_ecmult_wnaf(int *wnaf, int len, const secp256k1_scalar *a, int w)
Convert a number to WNAF notation.
static int secp256k1_ecmult_pippenger_batch_single(const secp256k1_callback *error_callback, const secp256k1_ecmult_context *actx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n)
static size_t secp256k1_strauss_scratch_size(size_t n_points)
#define ECMULT_PIPPENGER_THRESHOLD
static int secp256k1_pippenger_bucket_window(size_t n)
Returns optimal bucket_window (number of bits of a scalar represented by a set of buckets) for a give...
#define ECMULT_MAX_POINTS_PER_BATCH
#define PIPPENGER_MAX_BUCKET_WINDOW
#define PIPPENGER_SCRATCH_OBJECTS
static int secp256k1_ecmult_multi_batch_size_helper(size_t *n_batches, size_t *n_batch_points, size_t max_n_batch_points, size_t n)
static size_t secp256k1_pippenger_scratch_size(size_t n_points, int bucket_window)
Returns the scratch size required for a given number of points (excluding base point G) without consi...
int(* secp256k1_ecmult_multi_func)(const secp256k1_callback *error_callback, const secp256k1_ecmult_context *, secp256k1_scratch *, secp256k1_gej *, const secp256k1_scalar *, secp256k1_ecmult_multi_callback cb, void *, size_t)
static int secp256k1_ecmult_strauss_batch_single(const secp256k1_callback *error_callback, const secp256k1_ecmult_context *actx, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n)
#define WNAF_SIZE_BITS(bits, w)
static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a)
Potentially faster version of secp256k1_fe_inv, without constant-time guarantee.
static void secp256k1_fe_normalize_weak(secp256k1_fe *r)
Weakly normalize a field element: reduce its magnitude to 1, but don't fully normalize.
static int secp256k1_fe_is_quad_var(const secp256k1_fe *a)
Checks whether a field element is a quadratic residue.
static int secp256k1_fe_equal_var(const secp256k1_fe *a, const secp256k1_fe *b)
Same as secp256k1_fe_equal, but may be variable time.
static int secp256k1_fe_sqrt(secp256k1_fe *r, const secp256k1_fe *a)
If a has a square root, it is computed in r and 1 is returned.
static void secp256k1_fe_normalize_var(secp256k1_fe *r)
Normalize a field element, without constant-time guarantee.
static void secp256k1_fe_clear(secp256k1_fe *a)
Sets a field element equal to zero, initializing all fields.
static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a)
Sets a field element to be the (modular) inverse of another.
static void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
static void secp256k1_fe_mul_int(secp256k1_fe *r, int a)
Multiplies the passed field element with a small integer constant.
static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k1_fe *a, int m)
Set a field element equal to the additive inverse of another.
static int secp256k1_fe_is_odd(const secp256k1_fe *a)
Check the "oddness" of a field element.
static void secp256k1_fe_set_int(secp256k1_fe *r, int a)
Set a field element equal to a small integer.
static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe *SECP256K1_RESTRICT b)
Sets a field element to be the product of two others.
static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a)
Set a field element equal to 32-byte big endian value.
static int secp256k1_fe_is_zero(const secp256k1_fe *a)
Verify whether a field element is zero.
static void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a)
Convert a field element back from the storage type.
static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r)
Verify whether a field element represents zero i.e.
static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a)
Sets a field element to be the square of another.
static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a)
Adds a field element to another.
static void secp256k1_fe_normalize(secp256k1_fe *r)
Field element module.
static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a)
Convert a field element to the storage type.
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a)
Convert a field element to a 32-byte big endian value.
static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r)
Verify whether a field element represents zero i.e.
static void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b)
Compare two field elements.
#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0)
#define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0)
static const secp256k1_fe secp256k1_fe_one
#define SECP256K1_GEJ_CONST_INFINITY
#define SECP256K1_GE_STORAGE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p)
static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr)
Set r equal to the double of a.
static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv)
Set r equal to the sum of a and b (with the inverse of b's Z coordinate passed as bzinv).
static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a)
Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast.
static void secp256k1_gej_set_infinity(secp256k1_gej *r)
Set a group element (jacobian) equal to the point at infinity.
static int secp256k1_gej_is_infinity(const secp256k1_gej *a)
Check whether a group element is the point at infinity.
static void secp256k1_ge_clear(secp256k1_ge *r)
Clear a secp256k1_ge to prevent leaking sensitive information.
static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd)
Set a group element (affine) equal to the point with the given X coordinate, and given oddness for Y.
static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b (with b given in affine coordinates).
static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b)
Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity).
static int secp256k1_ge_is_valid_var(const secp256k1_ge *a)
Check whether a group element is valid (i.e., on the curve).
static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b.
static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *b)
Rescale a jacobian point by b which must be non-zero.
static void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
static int secp256k1_ge_set_xquad(secp256k1_ge *r, const secp256k1_fe *x)
Set a group element (affine) equal to the point with the given X coordinate and a Y coordinate that i...
static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a)
Set a group element equal to another which is given in jacobian coordinates.
static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a)
Set r equal to the inverse of a (i.e., mirrored around the X axis)
static int secp256k1_ge_is_infinity(const secp256k1_ge *a)
Check whether a group element is the point at infinity.
static void secp256k1_ge_set_infinity(secp256k1_ge *r)
Set a group element (affine) equal to the point at infinity.
static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len)
Set a batch of group elements equal to the inputs given in jacobian coordinates.
static void secp256k1_gej_double(secp256k1_gej *r, const secp256k1_gej *a)
Set r equal to the double of a.
static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a)
Set a group element (jacobian) equal to another which is given in affine coordinates.
#define SECP256K1_GE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p)
static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a)
Set a group element equal to another which is given in jacobian coordinates.
static int secp256k1_gej_has_quad_y_var(const secp256k1_gej *a)
Check whether a group element's y coordinate is a quadratic residue.
#define SECP256K1_GEJ_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p)
static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a)
Set r equal to the inverse of a (i.e., mirrored around the X axis)
static const secp256k1_ge secp256k1_ge_const_g
Generator for secp256k1, value 'g' defined in "Standards for Efficient Cryptography" (SEC2) 2....
int ec_privkey_export_der(const secp256k1_context *ctx, uint8_t *privkey, size_t *privkeylen, const uint8_t *key32, bool compressed)
This serializes to a DER encoding of the ECPrivateKey type from section C.4 of SEC 1 http://www....
int ec_privkey_import_der(const secp256k1_context *ctx, uint8_t *out32, const uint8_t *privkey, size_t privkeylen)
These functions are taken from the libsecp256k1 distribution and are very ugly.
static void secp256k1_modinv32_var(secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo)
static void secp256k1_modinv32(secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo)
static void secp256k1_modinv64(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo)
static void secp256k1_modinv64_var(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo)
void run_multiset_tests(void)
int ecdsa_signature_parse_der_lax(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const uint8_t *input, size_t inputlen)
This function is taken from the libsecp256k1 distribution and implements DER parsing for ECDSA signat...
void run_recovery_tests(void)
static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.
static int secp256k1_scalar_set_b32_seckey(secp256k1_scalar *r, const unsigned char *bin)
Set a scalar from a big endian byte array and returns 1 if it is a valid seckey and 0 otherwise.
static int secp256k1_scalar_is_even(const secp256k1_scalar *a)
Check whether a scalar, considered as an nonnegative integer, is even.
static int secp256k1_scalar_is_zero(const secp256k1_scalar *a)
Check whether a scalar equals zero.
static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v)
Set a scalar to an unsigned integer.
static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b)
Compare two scalars.
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.
static int secp256k1_scalar_cond_negate(secp256k1_scalar *a, int flag)
Conditionally negate a number, in constant time.
static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the inverse of a scalar (modulo the group order), without constant-time guarantee.
static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count)
Access bits from a scalar.
static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Add two scalars together (modulo the group order).
static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Multiply two scalars (modulo the group order).
static int secp256k1_scalar_is_one(const secp256k1_scalar *a)
Check whether a scalar equals one.
static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the complement of a scalar (modulo the group order).
static int secp256k1_scalar_is_high(const secp256k1_scalar *a)
Check whether a scalar is higher than the group order divided by 2.
static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count)
Access bits from a scalar.
static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the inverse of a scalar (modulo the group order).
static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag)
Conditionally add a power of two to a scalar.
static void secp256k1_scalar_clear(secp256k1_scalar *r)
Clear a scalar to prevent the leak of sensitive data.
static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k)
Find r1 and r2 such that r1+r2*lambda = k, where r1 and r2 or their negations are maximum 128 bits lo...
static int secp256k1_scalar_shr_int(secp256k1_scalar *r, int n)
Shift a scalar right by some amount strictly between 0 and 16, returning the low bits that were shift...
#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0)
static SECP256K1_INLINE int secp256k1_scalar_check_overflow(const secp256k1_scalar *a)
static const secp256k1_scalar secp256k1_scalar_zero
static const secp256k1_scalar secp256k1_scalar_one
static const secp256k1_scalar secp256k1_const_lambda
The Secp256k1 curve has an endomorphism, where lambda * (x, y) = (beta * x, y), where lambda is:
void run_schnorr_tests(void)
void run_schnorrsig_tests(void)
static void secp256k1_scratch_apply_checkpoint(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, size_t checkpoint)
Applies a check point received from secp256k1_scratch_checkpoint, undoing all allocations since that ...
static void * secp256k1_scratch_alloc(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, size_t n)
Returns a pointer into the most recently allocated frame, or NULL if there is insufficient available ...
static void secp256k1_scratch_destroy(const secp256k1_callback *error_callback, secp256k1_scratch *scratch)
static secp256k1_scratch * secp256k1_scratch_create(const secp256k1_callback *error_callback, size_t max_size)
static size_t secp256k1_scratch_max_allocation(const secp256k1_callback *error_callback, const secp256k1_scratch *scratch, size_t n_objects)
Returns the maximum allocation the scratch space will allow.
static size_t secp256k1_scratch_checkpoint(const secp256k1_callback *error_callback, const secp256k1_scratch *scratch)
Returns an opaque object used to "checkpoint" a scratch space.
static void secp256k1_sha256_initialize(secp256k1_sha256 *hash)
static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen)
static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32)
static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t size)
static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32)
static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen)
static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng)
static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size)
static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t size)
static SECP256K1_INLINE int secp256k1_ctz64_var(uint64_t x)
static SECP256K1_INLINE void * checked_malloc(const secp256k1_callback *cb, size_t size)
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
static SECP256K1_INLINE void secp256k1_int_cmov(int *r, const int *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
static SECP256K1_INLINE int secp256k1_ctz32_var(uint32_t x)
static SECP256K1_INLINE int secp256k1_ctz64_var_debruijn(uint64_t x)
static SECP256K1_INLINE int secp256k1_ctz32_var_debruijn(uint32_t x)
static SECP256K1_INLINE void secp256k1_memczero(void *s, size_t len, int flag)
static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature *sig, const secp256k1_scalar *r, const secp256k1_scalar *s)
static int secp256k1_pubkey_load(const secp256k1_context *ctx, secp256k1_ge *ge, const secp256k1_pubkey *pubkey)
static void secp256k1_pubkey_save(secp256k1_pubkey *pubkey, secp256k1_ge *ge)
static void secp256k1_default_illegal_callback_fn(const char *str, void *data)
static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
static void secp256k1_ecdsa_signature_load(const secp256k1_context *ctx, secp256k1_scalar *r, secp256k1_scalar *s, const secp256k1_ecdsa_signature *sig)
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
#define SECP256K1_CONTEXT_SIGN
SECP256K1_API const secp256k1_context * secp256k1_context_no_precomp
A simple secp256k1 context object with no precomputed tables.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call.
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(const secp256k1_context *ctx, secp256k1_pubkey *out, const secp256k1_pubkey *const *ins, size_t n) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Add a number of public keys together.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
#define SECP256K1_CONTEXT_NONE
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Same as secp256k1_ec_seckey_negate, but DEPRECATED.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object (into dynamically allocated memory).
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space * secp256k1_scratch_space_create(const secp256k1_context *ctx, size_t size) SECP256K1_ARG_NONNULL(1)
Create a secp256k1 scratch space object.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED.
#define SECP256K1_EC_UNCOMPRESSED
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Same as secp256k1_ec_seckey_tweak_mul, but DEPRECATED.
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate(const secp256k1_context *ctx, secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a public key in place.
SECP256K1_API void secp256k1_scratch_space_destroy(const secp256k1_context *ctx, secp256k1_scratch_space *scratch) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 scratch space.
#define SECP256K1_CONTEXT_VERIFY
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context...
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by multiplying it by a tweak value.
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
SECP256K1_API secp256k1_context * secp256k1_context_preallocated_create(void *prealloc, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object in caller-provided memory.
SECP256K1_API void secp256k1_context_preallocated_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object that has been created in caller-provided memory.
SECP256K1_API size_t secp256k1_context_preallocated_clone_size(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Determine the memory size of a secp256k1 context object to be copied into caller-provided memory.
SECP256K1_API size_t secp256k1_context_preallocated_size(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Determine the memory size of a secp256k1 context object to be created in caller-provided memory.
SECP256K1_API secp256k1_context * secp256k1_context_preallocated_clone(const secp256k1_context *ctx, void *prealloc) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object into caller-provided memory.
void(* fn)(const char *text, void *data)
secp256k1_callback error_callback
secp256k1_ecmult_gen_context ecmult_gen_ctx
secp256k1_ecmult_context ecmult_ctx
Opaque data structured that holds a parsed ECDSA signature.
A group element of the secp256k1 curve, in affine coordinates.
A group element of the secp256k1 curve, in jacobian coordinates.
secp256k1_modinv32_signed30 modulus
secp256k1_modinv64_signed62 modulus
Opaque data structure that holds a parsed and valid public key.
A scalar modulo the group order of the secp256k1 curve.
size_t alloc_size
amount that has been allocated (i.e.
static uint32_t secp256k1_testrand_int(uint32_t range)
Generate a pseudorandom number in the range [0..range-1].
static uint32_t secp256k1_testrand32(void)
Generate a pseudorandom number in the range [0..2**32-1].
static void secp256k1_testrand_bytes_test(unsigned char *bytes, size_t len)
Generate pseudorandom bytes with long sequences of zero and one bits.
static void secp256k1_testrand256(unsigned char *b32)
Generate a pseudorandom 32-byte array.
static void secp256k1_testrand_init(const char *hexseed)
Initialize the test RNG using (hex encoded) array up to 16 bytes, or randomly if hexseed is NULL.
static void secp256k1_testrand_finish(void)
Print final test information.
static void secp256k1_testrand256_test(unsigned char *b32)
Generate a pseudorandom 32-byte array with long sequences of zero and one bits.
static uint32_t secp256k1_testrand_bits(int bits)
Generate a pseudorandom number in the range [0..2**bits-1].
void test_ecmult_multi_batching(void)
Run secp256k1_ecmult_multi_var with num points and a scratch space restricted to 1 <= i <= num points...
void random_scalar_order(secp256k1_scalar *num)
void run_group_decompress(void)
void run_random_pubkeys(void)
static secp256k1_context * ctx
void test_intialized_inf(void)
void test_ecmult_target(const secp256k1_scalar *target, int mode)
void test_inverse_field(secp256k1_fe *out, const secp256k1_fe *x, int var)
void run_modinv_tests(void)
int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_der, int certainly_not_der)
void test_ecmult_multi_batch_size_helper(void)
void run_ec_pubkey_parse_test(void)
static int nonce_function_test_fail(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
#define SECP256K1_EC_PARSE_TEST_NINVALID
void run_endomorphism_tests(void)
void run_sha256_tests(void)
void ecmult_const_random_mult(void)
void run_eckey_edge_case_test(void)
void test_ecmult_gen_blind_reset(void)
void run_ec_combine(void)
int main(int argc, char **argv)
void test_secp256k1_pippenger_bucket_window_inv(void)
void run_cmov_tests(void)
void run_field_convert(void)
void test_ecdsa_end_to_end(void)
#define SECP256K1_EC_PARSE_TEST_NVALID
void run_field_misc(void)
void test_sqrt(const secp256k1_fe *a, const secp256k1_fe *k)
void random_field_element_magnitude(secp256k1_fe *fe)
void mulmod256(uint16_t *out, const uint16_t *a, const uint16_t *b, const uint16_t *m)
void random_scalar_order_test(secp256k1_scalar *num)
void test_point_times_order(const secp256k1_gej *point)
static void random_ber_signature(unsigned char *sig, size_t *len, int *certainly_der, int *certainly_not_der)
void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func ecmult_multi)
void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid)
void ecmult_const_chain_multiply(void)
static void assign_big_endian(unsigned char *ptr, size_t ptrlen, uint32_t val)
void random_group_element_test(secp256k1_ge *ge)
void test_modinv32_uint16(uint16_t *out, const uint16_t *in, const uint16_t *mod)
void scalar_cmov_test(void)
void run_hmac_sha256_tests(void)
void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b)
void test_rand_int(uint32_t range, uint32_t subrange)
void random_fe_test(secp256k1_fe *x)
void ge_equals_gej(const secp256k1_ge *a, const secp256k1_gej *b)
void test_wnaf(const secp256k1_scalar *number, int w)
int is_empty_signature(const secp256k1_ecdsa_signature *sig)
void random_fe_non_zero(secp256k1_fe *nz)
static int precomputed_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
Dummy nonce generation function that just uses a precomputed nonce, and fails if it is not accepted.
void test_add_neg_y_diff_x(void)
void run_ecdsa_sign_verify(void)
static const secp256k1_scalar scalar_minus_one
void random_group_element_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge)
int coprime(const uint16_t *a, const uint16_t *b)
void run_ecmult_constants(void)
void random_scalar_order_b32(unsigned char *b32)
int gej_xyz_equals_gej(const secp256k1_gej *a, const secp256k1_gej *b)
void test_random_pubkeys(void)
void test_ecdsa_sign_verify(void)
void ge_storage_cmov_test(void)
void run_inverse_tests(void)
void ecmult_const_mult_zero_one(void)
void test_ecmult_constants(void)
void run_ecdsa_end_to_end(void)
void ecmult_const_commutativity(void)
void test_constant_wnaf(const secp256k1_scalar *number, int w)
void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid)
void test_ecmult_gen_blind(void)
static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata)
void fe_storage_cmov_test(void)
void run_ecmult_near_split_bound(void)
void test_fixed_wnaf(const secp256k1_scalar *number, int w)
void test_ecdsa_edge_cases(void)
void test_inverse_scalar(secp256k1_scalar *out, const secp256k1_scalar *x, int var)
void test_group_decompress(const secp256k1_fe *x)
void test_fixed_wnaf_small_helper(int *wnaf, int *wnaf_expected, int w)
void run_ecmult_gen_blind(void)
void run_scalar_set_b32_seckey_tests(void)
void run_secp256k1_memczero_test(void)
static void counting_illegal_callback_fn(const char *str, void *data)
void random_fe_non_square(secp256k1_fe *ns)
void run_point_times_order(void)
static void uncounting_illegal_callback_fn(const char *str, void *data)
void test_scalar_split(const secp256k1_scalar *full)
static const secp256k1_scalar scalars_near_split_bounds[20]
void run_eckey_negate_test(void)
void uint16_to_signed30(secp256k1_modinv32_signed30 *out, const uint16_t *in)
void random_fe(secp256k1_fe *x)
void test_fixed_wnaf_small(void)
void test_ecmult_multi_pippenger_max_points(void)
Probabilistically test the function returning the maximum number of possible points for a given scrat...
void run_ecmult_multi_tests(void)
void run_ecdsa_edge_cases(void)
void test_ecmult_multi_batch_single(secp256k1_ecmult_multi_func ecmult_multi)
int fe_secp256k1_memcmp_var(const secp256k1_fe *a, const secp256k1_fe *b)
void test_constant_wnaf_negate(const secp256k1_scalar *number)
void run_rfc6979_hmac_sha256_tests(void)
static int ecmult_multi_false_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata)
int check_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b)
void run_ecmult_chain(void)
void run_ecdsa_der_parse(void)
void mutate_sign_signed30(secp256k1_modinv32_signed30 *x)
uint64_t modinv2p64(uint64_t x)
void random_field_element_test(secp256k1_fe *fe)
void run_scratch_tests(void)
void run_context_tests(int use_prealloc)
void signed30_to_uint16(uint16_t *out, const secp256k1_modinv32_signed30 *in)
void test_ec_combine(void)
void run_ecmult_const_tests(void)
#define SECP256K1_EC_PARSE_TEST_NXVALID
static void damage_array(unsigned char *sig, size_t *len)
void test_rand_bits(int rand32, int bits)
void run_scalar_tests(void)
static const secp256k1_fe fe_minus_one