summaryrefslogtreecommitdiffstats
path: root/3rd_party/ed25519
diff options
context:
space:
mode:
Diffstat (limited to '3rd_party/ed25519')
-rw-r--r--3rd_party/ed25519/LICENSE16
-rw-r--r--3rd_party/ed25519/Makefile.am26
-rw-r--r--3rd_party/ed25519/README.md165
-rw-r--r--3rd_party/ed25519/add_scalar.c69
-rw-r--r--3rd_party/ed25519/ed25519.h38
-rw-r--r--3rd_party/ed25519/fe.c1491
-rw-r--r--3rd_party/ed25519/fe.h41
-rw-r--r--3rd_party/ed25519/fixedint.h72
-rw-r--r--3rd_party/ed25519/ge.c467
-rw-r--r--3rd_party/ed25519/ge.h74
-rw-r--r--3rd_party/ed25519/key_exchange.c79
-rw-r--r--3rd_party/ed25519/keypair.c16
-rw-r--r--3rd_party/ed25519/precomp_data.h1391
-rw-r--r--3rd_party/ed25519/sc.c809
-rw-r--r--3rd_party/ed25519/sc.h12
-rw-r--r--3rd_party/ed25519/seed.c40
-rw-r--r--3rd_party/ed25519/sha512.c275
-rw-r--r--3rd_party/ed25519/sha512.h21
-rw-r--r--3rd_party/ed25519/sign.c31
-rw-r--r--3rd_party/ed25519/verify.c77
20 files changed, 5210 insertions, 0 deletions
diff --git a/3rd_party/ed25519/LICENSE b/3rd_party/ed25519/LICENSE
new file mode 100644
index 0000000..c1503f9
--- /dev/null
+++ b/3rd_party/ed25519/LICENSE
@@ -0,0 +1,16 @@
1Copyright (c) 2015 Orson Peters <orsonpeters@gmail.com>
2
3This software is provided 'as-is', without any express or implied warranty. In no event will the
4authors be held liable for any damages arising from the use of this software.
5
6Permission is granted to anyone to use this software for any purpose, including commercial
7applications, and to alter it and redistribute it freely, subject to the following restrictions:
8
91. The origin of this software must not be misrepresented; you must not claim that you wrote the
10 original software. If you use this software in a product, an acknowledgment in the product
11 documentation would be appreciated but is not required.
12
132. Altered source versions must be plainly marked as such, and must not be misrepresented as
14 being the original software.
15
163. This notice may not be removed or altered from any source distribution.
diff --git a/3rd_party/ed25519/Makefile.am b/3rd_party/ed25519/Makefile.am
new file mode 100644
index 0000000..d8e4e04
--- /dev/null
+++ b/3rd_party/ed25519/Makefile.am
@@ -0,0 +1,26 @@
1AUTOMAKE_OPTIONS = foreign no-dependencies
2
3AM_CPPFLAGS = \
4 -I$(top_srcdir)/include \
5 -I$(top_srcdir)
6
7AM_CFLAGS = \
8 $(GLOBAL_CFLAGS) \
9 $(ssl_lib_CFLAGS)
10
11AM_LDFLAGS =
12
13noinst_LTLIBRARIES = libed25519.la
14libed25519_la_LIBADD =
15libed25519_la_LDFLAGS = $(AM_LDFLAGS) -no-undefined
16libed25519_la_SOURCES = \
17 add_scalar.c \
18 fe.c \
19 ge.c \
20 keypair.c \
21 key_exchange.c \
22 sc.c \
23 seed.c \
24 sign.c \
25 sha512.c \
26 verify.c
diff --git a/3rd_party/ed25519/README.md b/3rd_party/ed25519/README.md
new file mode 100644
index 0000000..2c431c2
--- /dev/null
+++ b/3rd_party/ed25519/README.md
@@ -0,0 +1,165 @@
1Ed25519
2=======
3
4This is a portable implementation of [Ed25519](http://ed25519.cr.yp.to/) based
5on the SUPERCOP "ref10" implementation. Additionally there is key exchanging
6and scalar addition included to further aid building a PKI using Ed25519. All
7code is licensed under the permissive zlib license.
8
9All code is pure ANSI C without any dependencies, except for the random seed
10generation which uses standard OS cryptography APIs (`CryptGenRandom` on
11Windows, `/dev/urandom` on nix). If you wish to be entirely portable define
12`ED25519_NO_SEED`. This disables the `ed25519_create_seed` function, so if your
13application requires key generation you must supply your own seeding function
14(which is simply a 256 bit (32 byte) cryptographic random number generator).
15
16
17Performance
18-----------
19
20On a Windows machine with an Intel Pentium B970 @ 2.3GHz I got the following
21speeds (running on only one a single core):
22
23 Seed generation: 64us (15625 per second)
24 Key generation: 88us (11364 per second)
25 Message signing (short message): 87us (11494 per second)
26 Message verifying (short message): 228us (4386 per second)
27 Scalar addition: 100us (10000 per second)
28 Key exchange: 220us (4545 per second)
29
30The speeds on other machines may vary. Sign/verify times will be higher with
31longer messages. The implementation significantly benefits from 64 bit
32architectures, if possible compile as 64 bit.
33
34
35Usage
36-----
37
38Simply add all .c and .h files in the `src/` folder to your project and include
39`ed25519.h` in any file you want to use the API. If you prefer to use a shared
40library, only copy `ed25519.h` and define `ED25519_DLL` before importing.
41
42There are no defined types for seeds, private keys, public keys, shared secrets
43or signatures. Instead simple `unsigned char` buffers are used with the
44following sizes:
45
46```c
47unsigned char seed[32];
48unsigned char signature[64];
49unsigned char public_key[32];
50unsigned char private_key[64];
51unsigned char scalar[32];
52unsigned char shared_secret[32];
53```
54
55API
56---
57
58```c
59int ed25519_create_seed(unsigned char *seed);
60```
61
62Creates a 32 byte random seed in `seed` for key generation. `seed` must be a
63writable 32 byte buffer. Returns 0 on success, and nonzero on failure.
64
65```c
66void ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key,
67 const unsigned char *seed);
68```
69
70Creates a new key pair from the given seed. `public_key` must be a writable 32
71byte buffer, `private_key` must be a writable 64 byte buffer and `seed` must be
72a 32 byte buffer.
73
74```c
75void ed25519_sign(unsigned char *signature,
76 const unsigned char *message, size_t message_len,
77 const unsigned char *public_key, const unsigned char *private_key);
78```
79
80Creates a signature of the given message with the given key pair. `signature`
81must be a writable 64 byte buffer. `message` must have at least `message_len`
82bytes to be read.
83
84```c
85int ed25519_verify(const unsigned char *signature,
86 const unsigned char *message, size_t message_len,
87 const unsigned char *public_key);
88```
89
90Verifies the signature on the given message using `public_key`. `signature`
91must be a readable 64 byte buffer. `message` must have at least `message_len`
92bytes to be read. Returns 1 if the signature matches, 0 otherwise.
93
94```c
95void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key,
96 const unsigned char *scalar);
97```
98
99Adds `scalar` to the given key pair where scalar is a 32 byte buffer (possibly
100generated with `ed25519_create_seed`), generating a new key pair. You can
101calculate the public key sum without knowing the private key and vice versa by
102passing in `NULL` for the key you don't know. This is useful for enforcing
103randomness on a key pair by a third party while only knowing the public key,
104among other things. Warning: the last bit of the scalar is ignored - if
105comparing scalars make sure to clear it with `scalar[31] &= 127`.
106
107
108```c
109void ed25519_key_exchange(unsigned char *shared_secret,
110 const unsigned char *public_key, const unsigned char *private_key);
111```
112
113Performs a key exchange on the given public key and private key, producing a
114shared secret. It is recommended to hash the shared secret before using it.
115`shared_secret` must be a 32 byte writable buffer where the shared secret will
116be stored.
117
118Example
119-------
120
121```c
122unsigned char seed[32], public_key[32], private_key[64], signature[64];
123unsigned char other_public_key[32], other_private_key[64], shared_secret[32];
124const unsigned char message[] = "TEST MESSAGE";
125
126/* create a random seed, and a key pair out of that seed */
127if (ed25519_create_seed(seed)) {
128 printf("error while generating seed\n");
129 exit(1);
130}
131
132ed25519_create_keypair(public_key, private_key, seed);
133
134/* create signature on the message with the key pair */
135ed25519_sign(signature, message, strlen(message), public_key, private_key);
136
137/* verify the signature */
138if (ed25519_verify(signature, message, strlen(message), public_key)) {
139 printf("valid signature\n");
140} else {
141 printf("invalid signature\n");
142}
143
144/* create a dummy keypair to use for a key exchange, normally you'd only have
145the public key and receive it through some communication channel */
146if (ed25519_create_seed(seed)) {
147 printf("error while generating seed\n");
148 exit(1);
149}
150
151ed25519_create_keypair(other_public_key, other_private_key, seed);
152
153/* do a key exchange with other_public_key */
154ed25519_key_exchange(shared_secret, other_public_key, private_key);
155
156/*
157 the magic here is that ed25519_key_exchange(shared_secret, public_key,
158 other_private_key); would result in the same shared_secret
159*/
160
161```
162
163License
164-------
165All code is released under the zlib license. See LICENSE for details.
diff --git a/3rd_party/ed25519/add_scalar.c b/3rd_party/ed25519/add_scalar.c
new file mode 100644
index 0000000..7528a7a
--- /dev/null
+++ b/3rd_party/ed25519/add_scalar.c
@@ -0,0 +1,69 @@
1#include "ed25519.h"
2#include "ge.h"
3#include "sc.h"
4#include "sha512.h"
5
6
7/* see http://crypto.stackexchange.com/a/6215/4697 */
8void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar) {
9 const unsigned char SC_1[32] = {1}; /* scalar with value 1 */
10
11 unsigned char n[32];
12 ge_p3 nB;
13 ge_p1p1 A_p1p1;
14 ge_p3 A;
15 ge_p3 public_key_unpacked;
16 ge_cached T;
17
18 sha512_context hash;
19 unsigned char hashbuf[64];
20
21 int i;
22
23 /* copy the scalar and clear highest bit */
24 for (i = 0; i < 31; ++i) {
25 n[i] = scalar[i];
26 }
27 n[31] = scalar[31] & 127;
28
29 /* private key: a = n + t */
30 if (private_key) {
31 sc_muladd(private_key, SC_1, n, private_key);
32
33 // https://github.com/orlp/ed25519/issues/3
34 sha512_init(&hash);
35 sha512_update(&hash, private_key + 32, 32);
36 sha512_update(&hash, scalar, 32);
37 sha512_final(&hash, hashbuf);
38 for (i = 0; i < 32; ++i) {
39 private_key[32 + i] = hashbuf[i];
40 }
41 }
42
43 /* public key: A = nB + T */
44 if (public_key) {
45 /* if we know the private key we don't need a point addition, which is faster */
46 /* using a "timing attack" you could find out wether or not we know the private
47 key, but this information seems rather useless - if this is important pass
48 public_key and private_key seperately in 2 function calls */
49 if (private_key) {
50 ge_scalarmult_base(&A, private_key);
51 } else {
52 /* unpack public key into T */
53 ge_frombytes_negate_vartime(&public_key_unpacked, public_key);
54 fe_neg(public_key_unpacked.X, public_key_unpacked.X); /* undo negate */
55 fe_neg(public_key_unpacked.T, public_key_unpacked.T); /* undo negate */
56 ge_p3_to_cached(&T, &public_key_unpacked);
57
58 /* calculate n*B */
59 ge_scalarmult_base(&nB, n);
60
61 /* A = n*B + T */
62 ge_add(&A_p1p1, &nB, &T);
63 ge_p1p1_to_p3(&A, &A_p1p1);
64 }
65
66 /* pack public key */
67 ge_p3_tobytes(public_key, &A);
68 }
69}
diff --git a/3rd_party/ed25519/ed25519.h b/3rd_party/ed25519/ed25519.h
new file mode 100644
index 0000000..8924659
--- /dev/null
+++ b/3rd_party/ed25519/ed25519.h
@@ -0,0 +1,38 @@
1#ifndef ED25519_H
2#define ED25519_H
3
4#include <stddef.h>
5
6#if defined(_WIN32)
7 #if defined(ED25519_BUILD_DLL)
8 #define ED25519_DECLSPEC __declspec(dllexport)
9 #elif defined(ED25519_DLL)
10 #define ED25519_DECLSPEC __declspec(dllimport)
11 #else
12 #define ED25519_DECLSPEC
13 #endif
14#else
15 #define ED25519_DECLSPEC
16#endif
17
18
19#ifdef __cplusplus
20extern "C" {
21#endif
22
23#ifndef ED25519_NO_SEED
24int ED25519_DECLSPEC ed25519_create_seed(unsigned char *seed);
25#endif
26
27void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed);
28void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key);
29int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key);
30void ED25519_DECLSPEC ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar);
31void ED25519_DECLSPEC ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key);
32
33
34#ifdef __cplusplus
35}
36#endif
37
38#endif
diff --git a/3rd_party/ed25519/fe.c b/3rd_party/ed25519/fe.c
new file mode 100644
index 0000000..2105eb7
--- /dev/null
+++ b/3rd_party/ed25519/fe.c
@@ -0,0 +1,1491 @@
1#include "fixedint.h"
2#include "fe.h"
3
4
5/*
6 helper functions
7*/
8static uint64_t load_3(const unsigned char *in) {
9 uint64_t result;
10
11 result = (uint64_t) in[0];
12 result |= ((uint64_t) in[1]) << 8;
13 result |= ((uint64_t) in[2]) << 16;
14
15 return result;
16}
17
18static uint64_t load_4(const unsigned char *in) {
19 uint64_t result;
20
21 result = (uint64_t) in[0];
22 result |= ((uint64_t) in[1]) << 8;
23 result |= ((uint64_t) in[2]) << 16;
24 result |= ((uint64_t) in[3]) << 24;
25
26 return result;
27}
28
29
30
31/*
32 h = 0
33*/
34
35void fe_0(fe h) {
36 h[0] = 0;
37 h[1] = 0;
38 h[2] = 0;
39 h[3] = 0;
40 h[4] = 0;
41 h[5] = 0;
42 h[6] = 0;
43 h[7] = 0;
44 h[8] = 0;
45 h[9] = 0;
46}
47
48
49
50/*
51 h = 1
52*/
53
54void fe_1(fe h) {
55 h[0] = 1;
56 h[1] = 0;
57 h[2] = 0;
58 h[3] = 0;
59 h[4] = 0;
60 h[5] = 0;
61 h[6] = 0;
62 h[7] = 0;
63 h[8] = 0;
64 h[9] = 0;
65}
66
67
68
69/*
70 h = f + g
71 Can overlap h with f or g.
72
73 Preconditions:
74 |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
75 |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
76
77 Postconditions:
78 |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
79*/
80
81void fe_add(fe h, const fe f, const fe g) {
82 int32_t f0 = f[0];
83 int32_t f1 = f[1];
84 int32_t f2 = f[2];
85 int32_t f3 = f[3];
86 int32_t f4 = f[4];
87 int32_t f5 = f[5];
88 int32_t f6 = f[6];
89 int32_t f7 = f[7];
90 int32_t f8 = f[8];
91 int32_t f9 = f[9];
92 int32_t g0 = g[0];
93 int32_t g1 = g[1];
94 int32_t g2 = g[2];
95 int32_t g3 = g[3];
96 int32_t g4 = g[4];
97 int32_t g5 = g[5];
98 int32_t g6 = g[6];
99 int32_t g7 = g[7];
100 int32_t g8 = g[8];
101 int32_t g9 = g[9];
102 int32_t h0 = f0 + g0;
103 int32_t h1 = f1 + g1;
104 int32_t h2 = f2 + g2;
105 int32_t h3 = f3 + g3;
106 int32_t h4 = f4 + g4;
107 int32_t h5 = f5 + g5;
108 int32_t h6 = f6 + g6;
109 int32_t h7 = f7 + g7;
110 int32_t h8 = f8 + g8;
111 int32_t h9 = f9 + g9;
112
113 h[0] = h0;
114 h[1] = h1;
115 h[2] = h2;
116 h[3] = h3;
117 h[4] = h4;
118 h[5] = h5;
119 h[6] = h6;
120 h[7] = h7;
121 h[8] = h8;
122 h[9] = h9;
123}
124
125
126
127/*
128 Replace (f,g) with (g,g) if b == 1;
129 replace (f,g) with (f,g) if b == 0.
130
131 Preconditions: b in {0,1}.
132*/
133
134void fe_cmov(fe f, const fe g, unsigned int b) {
135 int32_t f0 = f[0];
136 int32_t f1 = f[1];
137 int32_t f2 = f[2];
138 int32_t f3 = f[3];
139 int32_t f4 = f[4];
140 int32_t f5 = f[5];
141 int32_t f6 = f[6];
142 int32_t f7 = f[7];
143 int32_t f8 = f[8];
144 int32_t f9 = f[9];
145 int32_t g0 = g[0];
146 int32_t g1 = g[1];
147 int32_t g2 = g[2];
148 int32_t g3 = g[3];
149 int32_t g4 = g[4];
150 int32_t g5 = g[5];
151 int32_t g6 = g[6];
152 int32_t g7 = g[7];
153 int32_t g8 = g[8];
154 int32_t g9 = g[9];
155 int32_t x0 = f0 ^ g0;
156 int32_t x1 = f1 ^ g1;
157 int32_t x2 = f2 ^ g2;
158 int32_t x3 = f3 ^ g3;
159 int32_t x4 = f4 ^ g4;
160 int32_t x5 = f5 ^ g5;
161 int32_t x6 = f6 ^ g6;
162 int32_t x7 = f7 ^ g7;
163 int32_t x8 = f8 ^ g8;
164 int32_t x9 = f9 ^ g9;
165
166 b = (unsigned int) (- (int) b); /* silence warning */
167 x0 &= b;
168 x1 &= b;
169 x2 &= b;
170 x3 &= b;
171 x4 &= b;
172 x5 &= b;
173 x6 &= b;
174 x7 &= b;
175 x8 &= b;
176 x9 &= b;
177
178 f[0] = f0 ^ x0;
179 f[1] = f1 ^ x1;
180 f[2] = f2 ^ x2;
181 f[3] = f3 ^ x3;
182 f[4] = f4 ^ x4;
183 f[5] = f5 ^ x5;
184 f[6] = f6 ^ x6;
185 f[7] = f7 ^ x7;
186 f[8] = f8 ^ x8;
187 f[9] = f9 ^ x9;
188}
189
190/*
191 Replace (f,g) with (g,f) if b == 1;
192 replace (f,g) with (f,g) if b == 0.
193
194 Preconditions: b in {0,1}.
195*/
196
197void fe_cswap(fe f,fe g,unsigned int b) {
198 int32_t f0 = f[0];
199 int32_t f1 = f[1];
200 int32_t f2 = f[2];
201 int32_t f3 = f[3];
202 int32_t f4 = f[4];
203 int32_t f5 = f[5];
204 int32_t f6 = f[6];
205 int32_t f7 = f[7];
206 int32_t f8 = f[8];
207 int32_t f9 = f[9];
208 int32_t g0 = g[0];
209 int32_t g1 = g[1];
210 int32_t g2 = g[2];
211 int32_t g3 = g[3];
212 int32_t g4 = g[4];
213 int32_t g5 = g[5];
214 int32_t g6 = g[6];
215 int32_t g7 = g[7];
216 int32_t g8 = g[8];
217 int32_t g9 = g[9];
218 int32_t x0 = f0 ^ g0;
219 int32_t x1 = f1 ^ g1;
220 int32_t x2 = f2 ^ g2;
221 int32_t x3 = f3 ^ g3;
222 int32_t x4 = f4 ^ g4;
223 int32_t x5 = f5 ^ g5;
224 int32_t x6 = f6 ^ g6;
225 int32_t x7 = f7 ^ g7;
226 int32_t x8 = f8 ^ g8;
227 int32_t x9 = f9 ^ g9;
228 b = (unsigned int) (- (int) b); /* silence warning */
229 x0 &= b;
230 x1 &= b;
231 x2 &= b;
232 x3 &= b;
233 x4 &= b;
234 x5 &= b;
235 x6 &= b;
236 x7 &= b;
237 x8 &= b;
238 x9 &= b;
239 f[0] = f0 ^ x0;
240 f[1] = f1 ^ x1;
241 f[2] = f2 ^ x2;
242 f[3] = f3 ^ x3;
243 f[4] = f4 ^ x4;
244 f[5] = f5 ^ x5;
245 f[6] = f6 ^ x6;
246 f[7] = f7 ^ x7;
247 f[8] = f8 ^ x8;
248 f[9] = f9 ^ x9;
249 g[0] = g0 ^ x0;
250 g[1] = g1 ^ x1;
251 g[2] = g2 ^ x2;
252 g[3] = g3 ^ x3;
253 g[4] = g4 ^ x4;
254 g[5] = g5 ^ x5;
255 g[6] = g6 ^ x6;
256 g[7] = g7 ^ x7;
257 g[8] = g8 ^ x8;
258 g[9] = g9 ^ x9;
259}
260
261
262
263/*
264 h = f
265*/
266
267void fe_copy(fe h, const fe f) {
268 int32_t f0 = f[0];
269 int32_t f1 = f[1];
270 int32_t f2 = f[2];
271 int32_t f3 = f[3];
272 int32_t f4 = f[4];
273 int32_t f5 = f[5];
274 int32_t f6 = f[6];
275 int32_t f7 = f[7];
276 int32_t f8 = f[8];
277 int32_t f9 = f[9];
278
279 h[0] = f0;
280 h[1] = f1;
281 h[2] = f2;
282 h[3] = f3;
283 h[4] = f4;
284 h[5] = f5;
285 h[6] = f6;
286 h[7] = f7;
287 h[8] = f8;
288 h[9] = f9;
289}
290
291
292
293/*
294 Ignores top bit of h.
295*/
296
297void fe_frombytes(fe h, const unsigned char *s) {
298 int64_t h0 = load_4(s);
299 int64_t h1 = load_3(s + 4) << 6;
300 int64_t h2 = load_3(s + 7) << 5;
301 int64_t h3 = load_3(s + 10) << 3;
302 int64_t h4 = load_3(s + 13) << 2;
303 int64_t h5 = load_4(s + 16);
304 int64_t h6 = load_3(s + 20) << 7;
305 int64_t h7 = load_3(s + 23) << 5;
306 int64_t h8 = load_3(s + 26) << 4;
307 int64_t h9 = (load_3(s + 29) & 8388607) << 2;
308 int64_t carry0;
309 int64_t carry1;
310 int64_t carry2;
311 int64_t carry3;
312 int64_t carry4;
313 int64_t carry5;
314 int64_t carry6;
315 int64_t carry7;
316 int64_t carry8;
317 int64_t carry9;
318
319 carry9 = (h9 + (int64_t) (1 << 24)) >> 25;
320 h0 += carry9 * 19;
321 h9 -= carry9 << 25;
322 carry1 = (h1 + (int64_t) (1 << 24)) >> 25;
323 h2 += carry1;
324 h1 -= carry1 << 25;
325 carry3 = (h3 + (int64_t) (1 << 24)) >> 25;
326 h4 += carry3;
327 h3 -= carry3 << 25;
328 carry5 = (h5 + (int64_t) (1 << 24)) >> 25;
329 h6 += carry5;
330 h5 -= carry5 << 25;
331 carry7 = (h7 + (int64_t) (1 << 24)) >> 25;
332 h8 += carry7;
333 h7 -= carry7 << 25;
334 carry0 = (h0 + (int64_t) (1 << 25)) >> 26;
335 h1 += carry0;
336 h0 -= carry0 << 26;
337 carry2 = (h2 + (int64_t) (1 << 25)) >> 26;
338 h3 += carry2;
339 h2 -= carry2 << 26;
340 carry4 = (h4 + (int64_t) (1 << 25)) >> 26;
341 h5 += carry4;
342 h4 -= carry4 << 26;
343 carry6 = (h6 + (int64_t) (1 << 25)) >> 26;
344 h7 += carry6;
345 h6 -= carry6 << 26;
346 carry8 = (h8 + (int64_t) (1 << 25)) >> 26;
347 h9 += carry8;
348 h8 -= carry8 << 26;
349
350 h[0] = (int32_t) h0;
351 h[1] = (int32_t) h1;
352 h[2] = (int32_t) h2;
353 h[3] = (int32_t) h3;
354 h[4] = (int32_t) h4;
355 h[5] = (int32_t) h5;
356 h[6] = (int32_t) h6;
357 h[7] = (int32_t) h7;
358 h[8] = (int32_t) h8;
359 h[9] = (int32_t) h9;
360}
361
362
363
364void fe_invert(fe out, const fe z) {
365 fe t0;
366 fe t1;
367 fe t2;
368 fe t3;
369 int i;
370
371 fe_sq(t0, z);
372
373 for (i = 1; i < 1; ++i) {
374 fe_sq(t0, t0);
375 }
376
377 fe_sq(t1, t0);
378
379 for (i = 1; i < 2; ++i) {
380 fe_sq(t1, t1);
381 }
382
383 fe_mul(t1, z, t1);
384 fe_mul(t0, t0, t1);
385 fe_sq(t2, t0);
386
387 for (i = 1; i < 1; ++i) {
388 fe_sq(t2, t2);
389 }
390
391 fe_mul(t1, t1, t2);
392 fe_sq(t2, t1);
393
394 for (i = 1; i < 5; ++i) {
395 fe_sq(t2, t2);
396 }
397
398 fe_mul(t1, t2, t1);
399 fe_sq(t2, t1);
400
401 for (i = 1; i < 10; ++i) {
402 fe_sq(t2, t2);
403 }
404
405 fe_mul(t2, t2, t1);
406 fe_sq(t3, t2);
407
408 for (i = 1; i < 20; ++i) {
409 fe_sq(t3, t3);
410 }
411
412 fe_mul(t2, t3, t2);
413 fe_sq(t2, t2);
414
415 for (i = 1; i < 10; ++i) {
416 fe_sq(t2, t2);
417 }
418
419 fe_mul(t1, t2, t1);
420 fe_sq(t2, t1);
421
422 for (i = 1; i < 50; ++i) {
423 fe_sq(t2, t2);
424 }
425
426 fe_mul(t2, t2, t1);
427 fe_sq(t3, t2);
428
429 for (i = 1; i < 100; ++i) {
430 fe_sq(t3, t3);
431 }
432
433 fe_mul(t2, t3, t2);
434 fe_sq(t2, t2);
435
436 for (i = 1; i < 50; ++i) {
437 fe_sq(t2, t2);
438 }
439
440 fe_mul(t1, t2, t1);
441 fe_sq(t1, t1);
442
443 for (i = 1; i < 5; ++i) {
444 fe_sq(t1, t1);
445 }
446
447 fe_mul(out, t1, t0);
448}
449
450
451
452/*
453 return 1 if f is in {1,3,5,...,q-2}
454 return 0 if f is in {0,2,4,...,q-1}
455
456 Preconditions:
457 |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
458*/
459
460int fe_isnegative(const fe f) {
461 unsigned char s[32];
462
463 fe_tobytes(s, f);
464
465 return s[0] & 1;
466}
467
468
469
470/*
471 return 1 if f == 0
472 return 0 if f != 0
473
474 Preconditions:
475 |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
476*/
477
478int fe_isnonzero(const fe f) {
479 unsigned char s[32];
480 unsigned char r;
481
482 fe_tobytes(s, f);
483
484 r = s[0];
485 #define F(i) r |= s[i]
486 F(1);
487 F(2);
488 F(3);
489 F(4);
490 F(5);
491 F(6);
492 F(7);
493 F(8);
494 F(9);
495 F(10);
496 F(11);
497 F(12);
498 F(13);
499 F(14);
500 F(15);
501 F(16);
502 F(17);
503 F(18);
504 F(19);
505 F(20);
506 F(21);
507 F(22);
508 F(23);
509 F(24);
510 F(25);
511 F(26);
512 F(27);
513 F(28);
514 F(29);
515 F(30);
516 F(31);
517 #undef F
518
519 return r != 0;
520}
521
522
523
524/*
525 h = f * g
526 Can overlap h with f or g.
527
528 Preconditions:
529 |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
530 |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
531
532 Postconditions:
533 |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
534 */
535
536 /*
537 Notes on implementation strategy:
538
539 Using schoolbook multiplication.
540 Karatsuba would save a little in some cost models.
541
542 Most multiplications by 2 and 19 are 32-bit precomputations;
543 cheaper than 64-bit postcomputations.
544
545 There is one remaining multiplication by 19 in the carry chain;
546 one *19 precomputation can be merged into this,
547 but the resulting data flow is considerably less clean.
548
549 There are 12 carries below.
550 10 of them are 2-way parallelizable and vectorizable.
551 Can get away with 11 carries, but then data flow is much deeper.
552
553 With tighter constraints on inputs can squeeze carries into int32.
554*/
555
556void fe_mul(fe h, const fe f, const fe g) {
557 int32_t f0 = f[0];
558 int32_t f1 = f[1];
559 int32_t f2 = f[2];
560 int32_t f3 = f[3];
561 int32_t f4 = f[4];
562 int32_t f5 = f[5];
563 int32_t f6 = f[6];
564 int32_t f7 = f[7];
565 int32_t f8 = f[8];
566 int32_t f9 = f[9];
567 int32_t g0 = g[0];
568 int32_t g1 = g[1];
569 int32_t g2 = g[2];
570 int32_t g3 = g[3];
571 int32_t g4 = g[4];
572 int32_t g5 = g[5];
573 int32_t g6 = g[6];
574 int32_t g7 = g[7];
575 int32_t g8 = g[8];
576 int32_t g9 = g[9];
577 int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
578 int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
579 int32_t g3_19 = 19 * g3;
580 int32_t g4_19 = 19 * g4;
581 int32_t g5_19 = 19 * g5;
582 int32_t g6_19 = 19 * g6;
583 int32_t g7_19 = 19 * g7;
584 int32_t g8_19 = 19 * g8;
585 int32_t g9_19 = 19 * g9;
586 int32_t f1_2 = 2 * f1;
587 int32_t f3_2 = 2 * f3;
588 int32_t f5_2 = 2 * f5;
589 int32_t f7_2 = 2 * f7;
590 int32_t f9_2 = 2 * f9;
591 int64_t f0g0 = f0 * (int64_t) g0;
592 int64_t f0g1 = f0 * (int64_t) g1;
593 int64_t f0g2 = f0 * (int64_t) g2;
594 int64_t f0g3 = f0 * (int64_t) g3;
595 int64_t f0g4 = f0 * (int64_t) g4;
596 int64_t f0g5 = f0 * (int64_t) g5;
597 int64_t f0g6 = f0 * (int64_t) g6;
598 int64_t f0g7 = f0 * (int64_t) g7;
599 int64_t f0g8 = f0 * (int64_t) g8;
600 int64_t f0g9 = f0 * (int64_t) g9;
601 int64_t f1g0 = f1 * (int64_t) g0;
602 int64_t f1g1_2 = f1_2 * (int64_t) g1;
603 int64_t f1g2 = f1 * (int64_t) g2;
604 int64_t f1g3_2 = f1_2 * (int64_t) g3;
605 int64_t f1g4 = f1 * (int64_t) g4;
606 int64_t f1g5_2 = f1_2 * (int64_t) g5;
607 int64_t f1g6 = f1 * (int64_t) g6;
608 int64_t f1g7_2 = f1_2 * (int64_t) g7;
609 int64_t f1g8 = f1 * (int64_t) g8;
610 int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
611 int64_t f2g0 = f2 * (int64_t) g0;
612 int64_t f2g1 = f2 * (int64_t) g1;
613 int64_t f2g2 = f2 * (int64_t) g2;
614 int64_t f2g3 = f2 * (int64_t) g3;
615 int64_t f2g4 = f2 * (int64_t) g4;
616 int64_t f2g5 = f2 * (int64_t) g5;
617 int64_t f2g6 = f2 * (int64_t) g6;
618 int64_t f2g7 = f2 * (int64_t) g7;
619 int64_t f2g8_19 = f2 * (int64_t) g8_19;
620 int64_t f2g9_19 = f2 * (int64_t) g9_19;
621 int64_t f3g0 = f3 * (int64_t) g0;
622 int64_t f3g1_2 = f3_2 * (int64_t) g1;
623 int64_t f3g2 = f3 * (int64_t) g2;
624 int64_t f3g3_2 = f3_2 * (int64_t) g3;
625 int64_t f3g4 = f3 * (int64_t) g4;
626 int64_t f3g5_2 = f3_2 * (int64_t) g5;
627 int64_t f3g6 = f3 * (int64_t) g6;
628 int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
629 int64_t f3g8_19 = f3 * (int64_t) g8_19;
630 int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
631 int64_t f4g0 = f4 * (int64_t) g0;
632 int64_t f4g1 = f4 * (int64_t) g1;
633 int64_t f4g2 = f4 * (int64_t) g2;
634 int64_t f4g3 = f4 * (int64_t) g3;
635 int64_t f4g4 = f4 * (int64_t) g4;
636 int64_t f4g5 = f4 * (int64_t) g5;
637 int64_t f4g6_19 = f4 * (int64_t) g6_19;
638 int64_t f4g7_19 = f4 * (int64_t) g7_19;
639 int64_t f4g8_19 = f4 * (int64_t) g8_19;
640 int64_t f4g9_19 = f4 * (int64_t) g9_19;
641 int64_t f5g0 = f5 * (int64_t) g0;
642 int64_t f5g1_2 = f5_2 * (int64_t) g1;
643 int64_t f5g2 = f5 * (int64_t) g2;
644 int64_t f5g3_2 = f5_2 * (int64_t) g3;
645 int64_t f5g4 = f5 * (int64_t) g4;
646 int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
647 int64_t f5g6_19 = f5 * (int64_t) g6_19;
648 int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
649 int64_t f5g8_19 = f5 * (int64_t) g8_19;
650 int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
651 int64_t f6g0 = f6 * (int64_t) g0;
652 int64_t f6g1 = f6 * (int64_t) g1;
653 int64_t f6g2 = f6 * (int64_t) g2;
654 int64_t f6g3 = f6 * (int64_t) g3;
655 int64_t f6g4_19 = f6 * (int64_t) g4_19;
656 int64_t f6g5_19 = f6 * (int64_t) g5_19;
657 int64_t f6g6_19 = f6 * (int64_t) g6_19;
658 int64_t f6g7_19 = f6 * (int64_t) g7_19;
659 int64_t f6g8_19 = f6 * (int64_t) g8_19;
660 int64_t f6g9_19 = f6 * (int64_t) g9_19;
661 int64_t f7g0 = f7 * (int64_t) g0;
662 int64_t f7g1_2 = f7_2 * (int64_t) g1;
663 int64_t f7g2 = f7 * (int64_t) g2;
664 int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
665 int64_t f7g4_19 = f7 * (int64_t) g4_19;
666 int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
667 int64_t f7g6_19 = f7 * (int64_t) g6_19;
668 int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
669 int64_t f7g8_19 = f7 * (int64_t) g8_19;
670 int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
671 int64_t f8g0 = f8 * (int64_t) g0;
672 int64_t f8g1 = f8 * (int64_t) g1;
673 int64_t f8g2_19 = f8 * (int64_t) g2_19;
674 int64_t f8g3_19 = f8 * (int64_t) g3_19;
675 int64_t f8g4_19 = f8 * (int64_t) g4_19;
676 int64_t f8g5_19 = f8 * (int64_t) g5_19;
677 int64_t f8g6_19 = f8 * (int64_t) g6_19;
678 int64_t f8g7_19 = f8 * (int64_t) g7_19;
679 int64_t f8g8_19 = f8 * (int64_t) g8_19;
680 int64_t f8g9_19 = f8 * (int64_t) g9_19;
681 int64_t f9g0 = f9 * (int64_t) g0;
682 int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
683 int64_t f9g2_19 = f9 * (int64_t) g2_19;
684 int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
685 int64_t f9g4_19 = f9 * (int64_t) g4_19;
686 int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
687 int64_t f9g6_19 = f9 * (int64_t) g6_19;
688 int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
689 int64_t f9g8_19 = f9 * (int64_t) g8_19;
690 int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
691 int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38;
692 int64_t h1 = f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19;
693 int64_t h2 = f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38;
694 int64_t h3 = f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19;
695 int64_t h4 = f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38;
696 int64_t h5 = f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19;
697 int64_t h6 = f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38;
698 int64_t h7 = f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19;
699 int64_t h8 = f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38;
700 int64_t h9 = f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0 ;
701 int64_t carry0;
702 int64_t carry1;
703 int64_t carry2;
704 int64_t carry3;
705 int64_t carry4;
706 int64_t carry5;
707 int64_t carry6;
708 int64_t carry7;
709 int64_t carry8;
710 int64_t carry9;
711
712 carry0 = (h0 + (int64_t) (1 << 25)) >> 26;
713 h1 += carry0;
714 h0 -= carry0 << 26;
715 carry4 = (h4 + (int64_t) (1 << 25)) >> 26;
716 h5 += carry4;
717 h4 -= carry4 << 26;
718
719 carry1 = (h1 + (int64_t) (1 << 24)) >> 25;
720 h2 += carry1;
721 h1 -= carry1 << 25;
722 carry5 = (h5 + (int64_t) (1 << 24)) >> 25;
723 h6 += carry5;
724 h5 -= carry5 << 25;
725
726 carry2 = (h2 + (int64_t) (1 << 25)) >> 26;
727 h3 += carry2;
728 h2 -= carry2 << 26;
729 carry6 = (h6 + (int64_t) (1 << 25)) >> 26;
730 h7 += carry6;
731 h6 -= carry6 << 26;
732
733 carry3 = (h3 + (int64_t) (1 << 24)) >> 25;
734 h4 += carry3;
735 h3 -= carry3 << 25;
736 carry7 = (h7 + (int64_t) (1 << 24)) >> 25;
737 h8 += carry7;
738 h7 -= carry7 << 25;
739
740 carry4 = (h4 + (int64_t) (1 << 25)) >> 26;
741 h5 += carry4;
742 h4 -= carry4 << 26;
743 carry8 = (h8 + (int64_t) (1 << 25)) >> 26;
744 h9 += carry8;
745 h8 -= carry8 << 26;
746
747 carry9 = (h9 + (int64_t) (1 << 24)) >> 25;
748 h0 += carry9 * 19;
749 h9 -= carry9 << 25;
750
751 carry0 = (h0 + (int64_t) (1 << 25)) >> 26;
752 h1 += carry0;
753 h0 -= carry0 << 26;
754
755 h[0] = (int32_t) h0;
756 h[1] = (int32_t) h1;
757 h[2] = (int32_t) h2;
758 h[3] = (int32_t) h3;
759 h[4] = (int32_t) h4;
760 h[5] = (int32_t) h5;
761 h[6] = (int32_t) h6;
762 h[7] = (int32_t) h7;
763 h[8] = (int32_t) h8;
764 h[9] = (int32_t) h9;
765}
766
767
768/*
769h = f * 121666
770Can overlap h with f.
771
772Preconditions:
773 |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
774
775Postconditions:
776 |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
777*/
778
779void fe_mul121666(fe h, fe f) {
780 int32_t f0 = f[0];
781 int32_t f1 = f[1];
782 int32_t f2 = f[2];
783 int32_t f3 = f[3];
784 int32_t f4 = f[4];
785 int32_t f5 = f[5];
786 int32_t f6 = f[6];
787 int32_t f7 = f[7];
788 int32_t f8 = f[8];
789 int32_t f9 = f[9];
790 int64_t h0 = f0 * (int64_t) 121666;
791 int64_t h1 = f1 * (int64_t) 121666;
792 int64_t h2 = f2 * (int64_t) 121666;
793 int64_t h3 = f3 * (int64_t) 121666;
794 int64_t h4 = f4 * (int64_t) 121666;
795 int64_t h5 = f5 * (int64_t) 121666;
796 int64_t h6 = f6 * (int64_t) 121666;
797 int64_t h7 = f7 * (int64_t) 121666;
798 int64_t h8 = f8 * (int64_t) 121666;
799 int64_t h9 = f9 * (int64_t) 121666;
800 int64_t carry0;
801 int64_t carry1;
802 int64_t carry2;
803 int64_t carry3;
804 int64_t carry4;
805 int64_t carry5;
806 int64_t carry6;
807 int64_t carry7;
808 int64_t carry8;
809 int64_t carry9;
810
811 carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
812 carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
813 carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
814 carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
815 carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
816
817 carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
818 carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
819 carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
820 carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
821 carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
822
823 h[0] = (int32_t) h0;
824 h[1] = (int32_t) h1;
825 h[2] = (int32_t) h2;
826 h[3] = (int32_t) h3;
827 h[4] = (int32_t) h4;
828 h[5] = (int32_t) h5;
829 h[6] = (int32_t) h6;
830 h[7] = (int32_t) h7;
831 h[8] = (int32_t) h8;
832 h[9] = (int32_t) h9;
833}
834
835
836/*
837h = -f
838
839Preconditions:
840 |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
841
842Postconditions:
843 |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
844*/
845
846void fe_neg(fe h, const fe f) {
847 int32_t f0 = f[0];
848 int32_t f1 = f[1];
849 int32_t f2 = f[2];
850 int32_t f3 = f[3];
851 int32_t f4 = f[4];
852 int32_t f5 = f[5];
853 int32_t f6 = f[6];
854 int32_t f7 = f[7];
855 int32_t f8 = f[8];
856 int32_t f9 = f[9];
857 int32_t h0 = -f0;
858 int32_t h1 = -f1;
859 int32_t h2 = -f2;
860 int32_t h3 = -f3;
861 int32_t h4 = -f4;
862 int32_t h5 = -f5;
863 int32_t h6 = -f6;
864 int32_t h7 = -f7;
865 int32_t h8 = -f8;
866 int32_t h9 = -f9;
867
868 h[0] = h0;
869 h[1] = h1;
870 h[2] = h2;
871 h[3] = h3;
872 h[4] = h4;
873 h[5] = h5;
874 h[6] = h6;
875 h[7] = h7;
876 h[8] = h8;
877 h[9] = h9;
878}
879
880
881void fe_pow22523(fe out, const fe z) {
882 fe t0;
883 fe t1;
884 fe t2;
885 int i;
886 fe_sq(t0, z);
887
888 for (i = 1; i < 1; ++i) {
889 fe_sq(t0, t0);
890 }
891
892 fe_sq(t1, t0);
893
894 for (i = 1; i < 2; ++i) {
895 fe_sq(t1, t1);
896 }
897
898 fe_mul(t1, z, t1);
899 fe_mul(t0, t0, t1);
900 fe_sq(t0, t0);
901
902 for (i = 1; i < 1; ++i) {
903 fe_sq(t0, t0);
904 }
905
906 fe_mul(t0, t1, t0);
907 fe_sq(t1, t0);
908
909 for (i = 1; i < 5; ++i) {
910 fe_sq(t1, t1);
911 }
912
913 fe_mul(t0, t1, t0);
914 fe_sq(t1, t0);
915
916 for (i = 1; i < 10; ++i) {
917 fe_sq(t1, t1);
918 }
919
920 fe_mul(t1, t1, t0);
921 fe_sq(t2, t1);
922
923 for (i = 1; i < 20; ++i) {
924 fe_sq(t2, t2);
925 }
926
927 fe_mul(t1, t2, t1);
928 fe_sq(t1, t1);
929
930 for (i = 1; i < 10; ++i) {
931 fe_sq(t1, t1);
932 }
933
934 fe_mul(t0, t1, t0);
935 fe_sq(t1, t0);
936
937 for (i = 1; i < 50; ++i) {
938 fe_sq(t1, t1);
939 }
940
941 fe_mul(t1, t1, t0);
942 fe_sq(t2, t1);
943
944 for (i = 1; i < 100; ++i) {
945 fe_sq(t2, t2);
946 }
947
948 fe_mul(t1, t2, t1);
949 fe_sq(t1, t1);
950
951 for (i = 1; i < 50; ++i) {
952 fe_sq(t1, t1);
953 }
954
955 fe_mul(t0, t1, t0);
956 fe_sq(t0, t0);
957
958 for (i = 1; i < 2; ++i) {
959 fe_sq(t0, t0);
960 }
961
962 fe_mul(out, t0, z);
963 return;
964}
965
966
967/*
968h = f * f
969Can overlap h with f.
970
971Preconditions:
972 |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
973
974Postconditions:
975 |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
976*/
977
978/*
979See fe_mul.c for discussion of implementation strategy.
980*/
981
982void fe_sq(fe h, const fe f) {
983 int32_t f0 = f[0];
984 int32_t f1 = f[1];
985 int32_t f2 = f[2];
986 int32_t f3 = f[3];
987 int32_t f4 = f[4];
988 int32_t f5 = f[5];
989 int32_t f6 = f[6];
990 int32_t f7 = f[7];
991 int32_t f8 = f[8];
992 int32_t f9 = f[9];
993 int32_t f0_2 = 2 * f0;
994 int32_t f1_2 = 2 * f1;
995 int32_t f2_2 = 2 * f2;
996 int32_t f3_2 = 2 * f3;
997 int32_t f4_2 = 2 * f4;
998 int32_t f5_2 = 2 * f5;
999 int32_t f6_2 = 2 * f6;
1000 int32_t f7_2 = 2 * f7;
1001 int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
1002 int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
1003 int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
1004 int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
1005 int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
1006 int64_t f0f0 = f0 * (int64_t) f0;
1007 int64_t f0f1_2 = f0_2 * (int64_t) f1;
1008 int64_t f0f2_2 = f0_2 * (int64_t) f2;
1009 int64_t f0f3_2 = f0_2 * (int64_t) f3;
1010 int64_t f0f4_2 = f0_2 * (int64_t) f4;
1011 int64_t f0f5_2 = f0_2 * (int64_t) f5;
1012 int64_t f0f6_2 = f0_2 * (int64_t) f6;
1013 int64_t f0f7_2 = f0_2 * (int64_t) f7;
1014 int64_t f0f8_2 = f0_2 * (int64_t) f8;
1015 int64_t f0f9_2 = f0_2 * (int64_t) f9;
1016 int64_t f1f1_2 = f1_2 * (int64_t) f1;
1017 int64_t f1f2_2 = f1_2 * (int64_t) f2;
1018 int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
1019 int64_t f1f4_2 = f1_2 * (int64_t) f4;
1020 int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
1021 int64_t f1f6_2 = f1_2 * (int64_t) f6;
1022 int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
1023 int64_t f1f8_2 = f1_2 * (int64_t) f8;
1024 int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
1025 int64_t f2f2 = f2 * (int64_t) f2;
1026 int64_t f2f3_2 = f2_2 * (int64_t) f3;
1027 int64_t f2f4_2 = f2_2 * (int64_t) f4;
1028 int64_t f2f5_2 = f2_2 * (int64_t) f5;
1029 int64_t f2f6_2 = f2_2 * (int64_t) f6;
1030 int64_t f2f7_2 = f2_2 * (int64_t) f7;
1031 int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
1032 int64_t f2f9_38 = f2 * (int64_t) f9_38;
1033 int64_t f3f3_2 = f3_2 * (int64_t) f3;
1034 int64_t f3f4_2 = f3_2 * (int64_t) f4;
1035 int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
1036 int64_t f3f6_2 = f3_2 * (int64_t) f6;
1037 int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
1038 int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
1039 int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
1040 int64_t f4f4 = f4 * (int64_t) f4;
1041 int64_t f4f5_2 = f4_2 * (int64_t) f5;
1042 int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
1043 int64_t f4f7_38 = f4 * (int64_t) f7_38;
1044 int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
1045 int64_t f4f9_38 = f4 * (int64_t) f9_38;
1046 int64_t f5f5_38 = f5 * (int64_t) f5_38;
1047 int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
1048 int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
1049 int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
1050 int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
1051 int64_t f6f6_19 = f6 * (int64_t) f6_19;
1052 int64_t f6f7_38 = f6 * (int64_t) f7_38;
1053 int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
1054 int64_t f6f9_38 = f6 * (int64_t) f9_38;
1055 int64_t f7f7_38 = f7 * (int64_t) f7_38;
1056 int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
1057 int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
1058 int64_t f8f8_19 = f8 * (int64_t) f8_19;
1059 int64_t f8f9_38 = f8 * (int64_t) f9_38;
1060 int64_t f9f9_38 = f9 * (int64_t) f9_38;
1061 int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
1062 int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
1063 int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
1064 int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38;
1065 int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38;
1066 int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38;
1067 int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19;
1068 int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38;
1069 int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38;
1070 int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2;
1071 int64_t carry0;
1072 int64_t carry1;
1073 int64_t carry2;
1074 int64_t carry3;
1075 int64_t carry4;
1076 int64_t carry5;
1077 int64_t carry6;
1078 int64_t carry7;
1079 int64_t carry8;
1080 int64_t carry9;
1081 carry0 = (h0 + (int64_t) (1 << 25)) >> 26;
1082 h1 += carry0;
1083 h0 -= carry0 << 26;
1084 carry4 = (h4 + (int64_t) (1 << 25)) >> 26;
1085 h5 += carry4;
1086 h4 -= carry4 << 26;
1087 carry1 = (h1 + (int64_t) (1 << 24)) >> 25;
1088 h2 += carry1;
1089 h1 -= carry1 << 25;
1090 carry5 = (h5 + (int64_t) (1 << 24)) >> 25;
1091 h6 += carry5;
1092 h5 -= carry5 << 25;
1093 carry2 = (h2 + (int64_t) (1 << 25)) >> 26;
1094 h3 += carry2;
1095 h2 -= carry2 << 26;
1096 carry6 = (h6 + (int64_t) (1 << 25)) >> 26;
1097 h7 += carry6;
1098 h6 -= carry6 << 26;
1099 carry3 = (h3 + (int64_t) (1 << 24)) >> 25;
1100 h4 += carry3;
1101 h3 -= carry3 << 25;
1102 carry7 = (h7 + (int64_t) (1 << 24)) >> 25;
1103 h8 += carry7;
1104 h7 -= carry7 << 25;
1105 carry4 = (h4 + (int64_t) (1 << 25)) >> 26;
1106 h5 += carry4;
1107 h4 -= carry4 << 26;
1108 carry8 = (h8 + (int64_t) (1 << 25)) >> 26;
1109 h9 += carry8;
1110 h8 -= carry8 << 26;
1111 carry9 = (h9 + (int64_t) (1 << 24)) >> 25;
1112 h0 += carry9 * 19;
1113 h9 -= carry9 << 25;
1114 carry0 = (h0 + (int64_t) (1 << 25)) >> 26;
1115 h1 += carry0;
1116 h0 -= carry0 << 26;
1117 h[0] = (int32_t) h0;
1118 h[1] = (int32_t) h1;
1119 h[2] = (int32_t) h2;
1120 h[3] = (int32_t) h3;
1121 h[4] = (int32_t) h4;
1122 h[5] = (int32_t) h5;
1123 h[6] = (int32_t) h6;
1124 h[7] = (int32_t) h7;
1125 h[8] = (int32_t) h8;
1126 h[9] = (int32_t) h9;
1127}
1128
1129
1130/*
1131h = 2 * f * f
1132Can overlap h with f.
1133
1134Preconditions:
1135 |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
1136
1137Postconditions:
1138 |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
1139*/
1140
1141/*
1142See fe_mul.c for discussion of implementation strategy.
1143*/
1144
1145void fe_sq2(fe h, const fe f) {
1146 int32_t f0 = f[0];
1147 int32_t f1 = f[1];
1148 int32_t f2 = f[2];
1149 int32_t f3 = f[3];
1150 int32_t f4 = f[4];
1151 int32_t f5 = f[5];
1152 int32_t f6 = f[6];
1153 int32_t f7 = f[7];
1154 int32_t f8 = f[8];
1155 int32_t f9 = f[9];
1156 int32_t f0_2 = 2 * f0;
1157 int32_t f1_2 = 2 * f1;
1158 int32_t f2_2 = 2 * f2;
1159 int32_t f3_2 = 2 * f3;
1160 int32_t f4_2 = 2 * f4;
1161 int32_t f5_2 = 2 * f5;
1162 int32_t f6_2 = 2 * f6;
1163 int32_t f7_2 = 2 * f7;
1164 int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
1165 int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
1166 int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
1167 int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
1168 int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
1169 int64_t f0f0 = f0 * (int64_t) f0;
1170 int64_t f0f1_2 = f0_2 * (int64_t) f1;
1171 int64_t f0f2_2 = f0_2 * (int64_t) f2;
1172 int64_t f0f3_2 = f0_2 * (int64_t) f3;
1173 int64_t f0f4_2 = f0_2 * (int64_t) f4;
1174 int64_t f0f5_2 = f0_2 * (int64_t) f5;
1175 int64_t f0f6_2 = f0_2 * (int64_t) f6;
1176 int64_t f0f7_2 = f0_2 * (int64_t) f7;
1177 int64_t f0f8_2 = f0_2 * (int64_t) f8;
1178 int64_t f0f9_2 = f0_2 * (int64_t) f9;
1179 int64_t f1f1_2 = f1_2 * (int64_t) f1;
1180 int64_t f1f2_2 = f1_2 * (int64_t) f2;
1181 int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
1182 int64_t f1f4_2 = f1_2 * (int64_t) f4;
1183 int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
1184 int64_t f1f6_2 = f1_2 * (int64_t) f6;
1185 int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
1186 int64_t f1f8_2 = f1_2 * (int64_t) f8;
1187 int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
1188 int64_t f2f2 = f2 * (int64_t) f2;
1189 int64_t f2f3_2 = f2_2 * (int64_t) f3;
1190 int64_t f2f4_2 = f2_2 * (int64_t) f4;
1191 int64_t f2f5_2 = f2_2 * (int64_t) f5;
1192 int64_t f2f6_2 = f2_2 * (int64_t) f6;
1193 int64_t f2f7_2 = f2_2 * (int64_t) f7;
1194 int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
1195 int64_t f2f9_38 = f2 * (int64_t) f9_38;
1196 int64_t f3f3_2 = f3_2 * (int64_t) f3;
1197 int64_t f3f4_2 = f3_2 * (int64_t) f4;
1198 int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
1199 int64_t f3f6_2 = f3_2 * (int64_t) f6;
1200 int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
1201 int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
1202 int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
1203 int64_t f4f4 = f4 * (int64_t) f4;
1204 int64_t f4f5_2 = f4_2 * (int64_t) f5;
1205 int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
1206 int64_t f4f7_38 = f4 * (int64_t) f7_38;
1207 int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
1208 int64_t f4f9_38 = f4 * (int64_t) f9_38;
1209 int64_t f5f5_38 = f5 * (int64_t) f5_38;
1210 int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
1211 int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
1212 int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
1213 int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
1214 int64_t f6f6_19 = f6 * (int64_t) f6_19;
1215 int64_t f6f7_38 = f6 * (int64_t) f7_38;
1216 int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
1217 int64_t f6f9_38 = f6 * (int64_t) f9_38;
1218 int64_t f7f7_38 = f7 * (int64_t) f7_38;
1219 int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
1220 int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
1221 int64_t f8f8_19 = f8 * (int64_t) f8_19;
1222 int64_t f8f9_38 = f8 * (int64_t) f9_38;
1223 int64_t f9f9_38 = f9 * (int64_t) f9_38;
1224 int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
1225 int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
1226 int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
1227 int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38;
1228 int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38;
1229 int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38;
1230 int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19;
1231 int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38;
1232 int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38;
1233 int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2;
1234 int64_t carry0;
1235 int64_t carry1;
1236 int64_t carry2;
1237 int64_t carry3;
1238 int64_t carry4;
1239 int64_t carry5;
1240 int64_t carry6;
1241 int64_t carry7;
1242 int64_t carry8;
1243 int64_t carry9;
1244 h0 += h0;
1245 h1 += h1;
1246 h2 += h2;
1247 h3 += h3;
1248 h4 += h4;
1249 h5 += h5;
1250 h6 += h6;
1251 h7 += h7;
1252 h8 += h8;
1253 h9 += h9;
1254 carry0 = (h0 + (int64_t) (1 << 25)) >> 26;
1255 h1 += carry0;
1256 h0 -= carry0 << 26;
1257 carry4 = (h4 + (int64_t) (1 << 25)) >> 26;
1258 h5 += carry4;
1259 h4 -= carry4 << 26;
1260 carry1 = (h1 + (int64_t) (1 << 24)) >> 25;
1261 h2 += carry1;
1262 h1 -= carry1 << 25;
1263 carry5 = (h5 + (int64_t) (1 << 24)) >> 25;
1264 h6 += carry5;
1265 h5 -= carry5 << 25;
1266 carry2 = (h2 + (int64_t) (1 << 25)) >> 26;
1267 h3 += carry2;
1268 h2 -= carry2 << 26;
1269 carry6 = (h6 + (int64_t) (1 << 25)) >> 26;
1270 h7 += carry6;
1271 h6 -= carry6 << 26;
1272 carry3 = (h3 + (int64_t) (1 << 24)) >> 25;
1273 h4 += carry3;
1274 h3 -= carry3 << 25;
1275 carry7 = (h7 + (int64_t) (1 << 24)) >> 25;
1276 h8 += carry7;
1277 h7 -= carry7 << 25;
1278 carry4 = (h4 + (int64_t) (1 << 25)) >> 26;
1279 h5 += carry4;
1280 h4 -= carry4 << 26;
1281 carry8 = (h8 + (int64_t) (1 << 25)) >> 26;
1282 h9 += carry8;
1283 h8 -= carry8 << 26;
1284 carry9 = (h9 + (int64_t) (1 << 24)) >> 25;
1285 h0 += carry9 * 19;
1286 h9 -= carry9 << 25;
1287 carry0 = (h0 + (int64_t) (1 << 25)) >> 26;
1288 h1 += carry0;
1289 h0 -= carry0 << 26;
1290 h[0] = (int32_t) h0;
1291 h[1] = (int32_t) h1;
1292 h[2] = (int32_t) h2;
1293 h[3] = (int32_t) h3;
1294 h[4] = (int32_t) h4;
1295 h[5] = (int32_t) h5;
1296 h[6] = (int32_t) h6;
1297 h[7] = (int32_t) h7;
1298 h[8] = (int32_t) h8;
1299 h[9] = (int32_t) h9;
1300}
1301
1302
1303/*
1304h = f - g
1305Can overlap h with f or g.
1306
1307Preconditions:
1308 |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
1309 |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
1310
1311Postconditions:
1312 |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
1313*/
1314
1315void fe_sub(fe h, const fe f, const fe g) {
1316 int32_t f0 = f[0];
1317 int32_t f1 = f[1];
1318 int32_t f2 = f[2];
1319 int32_t f3 = f[3];
1320 int32_t f4 = f[4];
1321 int32_t f5 = f[5];
1322 int32_t f6 = f[6];
1323 int32_t f7 = f[7];
1324 int32_t f8 = f[8];
1325 int32_t f9 = f[9];
1326 int32_t g0 = g[0];
1327 int32_t g1 = g[1];
1328 int32_t g2 = g[2];
1329 int32_t g3 = g[3];
1330 int32_t g4 = g[4];
1331 int32_t g5 = g[5];
1332 int32_t g6 = g[6];
1333 int32_t g7 = g[7];
1334 int32_t g8 = g[8];
1335 int32_t g9 = g[9];
1336 int32_t h0 = f0 - g0;
1337 int32_t h1 = f1 - g1;
1338 int32_t h2 = f2 - g2;
1339 int32_t h3 = f3 - g3;
1340 int32_t h4 = f4 - g4;
1341 int32_t h5 = f5 - g5;
1342 int32_t h6 = f6 - g6;
1343 int32_t h7 = f7 - g7;
1344 int32_t h8 = f8 - g8;
1345 int32_t h9 = f9 - g9;
1346
1347 h[0] = h0;
1348 h[1] = h1;
1349 h[2] = h2;
1350 h[3] = h3;
1351 h[4] = h4;
1352 h[5] = h5;
1353 h[6] = h6;
1354 h[7] = h7;
1355 h[8] = h8;
1356 h[9] = h9;
1357}
1358
1359
1360
1361/*
1362Preconditions:
1363 |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
1364
1365Write p=2^255-19; q=floor(h/p).
1366Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
1367
1368Proof:
1369 Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
1370 Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
1371
1372 Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
1373 Then 0<y<1.
1374
1375 Write r=h-pq.
1376 Have 0<=r<=p-1=2^255-20.
1377 Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
1378
1379 Write x=r+19(2^-255)r+y.
1380 Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
1381
1382 Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
1383 so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
1384*/
1385
1386void fe_tobytes(unsigned char *s, const fe h) {
1387 int32_t h0 = h[0];
1388 int32_t h1 = h[1];
1389 int32_t h2 = h[2];
1390 int32_t h3 = h[3];
1391 int32_t h4 = h[4];
1392 int32_t h5 = h[5];
1393 int32_t h6 = h[6];
1394 int32_t h7 = h[7];
1395 int32_t h8 = h[8];
1396 int32_t h9 = h[9];
1397 int32_t q;
1398 int32_t carry0;
1399 int32_t carry1;
1400 int32_t carry2;
1401 int32_t carry3;
1402 int32_t carry4;
1403 int32_t carry5;
1404 int32_t carry6;
1405 int32_t carry7;
1406 int32_t carry8;
1407 int32_t carry9;
1408 q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
1409 q = (h0 + q) >> 26;
1410 q = (h1 + q) >> 25;
1411 q = (h2 + q) >> 26;
1412 q = (h3 + q) >> 25;
1413 q = (h4 + q) >> 26;
1414 q = (h5 + q) >> 25;
1415 q = (h6 + q) >> 26;
1416 q = (h7 + q) >> 25;
1417 q = (h8 + q) >> 26;
1418 q = (h9 + q) >> 25;
1419 /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
1420 h0 += 19 * q;
1421 /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
1422 carry0 = h0 >> 26;
1423 h1 += carry0;
1424 h0 -= carry0 << 26;
1425 carry1 = h1 >> 25;
1426 h2 += carry1;
1427 h1 -= carry1 << 25;
1428 carry2 = h2 >> 26;
1429 h3 += carry2;
1430 h2 -= carry2 << 26;
1431 carry3 = h3 >> 25;
1432 h4 += carry3;
1433 h3 -= carry3 << 25;
1434 carry4 = h4 >> 26;
1435 h5 += carry4;
1436 h4 -= carry4 << 26;
1437 carry5 = h5 >> 25;
1438 h6 += carry5;
1439 h5 -= carry5 << 25;
1440 carry6 = h6 >> 26;
1441 h7 += carry6;
1442 h6 -= carry6 << 26;
1443 carry7 = h7 >> 25;
1444 h8 += carry7;
1445 h7 -= carry7 << 25;
1446 carry8 = h8 >> 26;
1447 h9 += carry8;
1448 h8 -= carry8 << 26;
1449 carry9 = h9 >> 25;
1450 h9 -= carry9 << 25;
1451
1452 /* h10 = carry9 */
1453 /*
1454 Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
1455 Have h0+...+2^230 h9 between 0 and 2^255-1;
1456 evidently 2^255 h10-2^255 q = 0.
1457 Goal: Output h0+...+2^230 h9.
1458 */
1459 s[0] = (unsigned char) (h0 >> 0);
1460 s[1] = (unsigned char) (h0 >> 8);
1461 s[2] = (unsigned char) (h0 >> 16);
1462 s[3] = (unsigned char) ((h0 >> 24) | (h1 << 2));
1463 s[4] = (unsigned char) (h1 >> 6);
1464 s[5] = (unsigned char) (h1 >> 14);
1465 s[6] = (unsigned char) ((h1 >> 22) | (h2 << 3));
1466 s[7] = (unsigned char) (h2 >> 5);
1467 s[8] = (unsigned char) (h2 >> 13);
1468 s[9] = (unsigned char) ((h2 >> 21) | (h3 << 5));
1469 s[10] = (unsigned char) (h3 >> 3);
1470 s[11] = (unsigned char) (h3 >> 11);
1471 s[12] = (unsigned char) ((h3 >> 19) | (h4 << 6));
1472 s[13] = (unsigned char) (h4 >> 2);
1473 s[14] = (unsigned char) (h4 >> 10);
1474 s[15] = (unsigned char) (h4 >> 18);
1475 s[16] = (unsigned char) (h5 >> 0);
1476 s[17] = (unsigned char) (h5 >> 8);
1477 s[18] = (unsigned char) (h5 >> 16);
1478 s[19] = (unsigned char) ((h5 >> 24) | (h6 << 1));
1479 s[20] = (unsigned char) (h6 >> 7);
1480 s[21] = (unsigned char) (h6 >> 15);
1481 s[22] = (unsigned char) ((h6 >> 23) | (h7 << 3));
1482 s[23] = (unsigned char) (h7 >> 5);
1483 s[24] = (unsigned char) (h7 >> 13);
1484 s[25] = (unsigned char) ((h7 >> 21) | (h8 << 4));
1485 s[26] = (unsigned char) (h8 >> 4);
1486 s[27] = (unsigned char) (h8 >> 12);
1487 s[28] = (unsigned char) ((h8 >> 20) | (h9 << 6));
1488 s[29] = (unsigned char) (h9 >> 2);
1489 s[30] = (unsigned char) (h9 >> 10);
1490 s[31] = (unsigned char) (h9 >> 18);
1491}
diff --git a/3rd_party/ed25519/fe.h b/3rd_party/ed25519/fe.h
new file mode 100644
index 0000000..b4b62d2
--- /dev/null
+++ b/3rd_party/ed25519/fe.h
@@ -0,0 +1,41 @@
1#ifndef FE_H
2#define FE_H
3
4#include "fixedint.h"
5
6
7/*
8 fe means field element.
9 Here the field is \Z/(2^255-19).
10 An element t, entries t[0]...t[9], represents the integer
11 t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
12 Bounds on each t[i] vary depending on context.
13*/
14
15
16typedef int32_t fe[10];
17
18
19void fe_0(fe h);
20void fe_1(fe h);
21
22void fe_frombytes(fe h, const unsigned char *s);
23void fe_tobytes(unsigned char *s, const fe h);
24
25void fe_copy(fe h, const fe f);
26int fe_isnegative(const fe f);
27int fe_isnonzero(const fe f);
28void fe_cmov(fe f, const fe g, unsigned int b);
29void fe_cswap(fe f, fe g, unsigned int b);
30
31void fe_neg(fe h, const fe f);
32void fe_add(fe h, const fe f, const fe g);
33void fe_invert(fe out, const fe z);
34void fe_sq(fe h, const fe f);
35void fe_sq2(fe h, const fe f);
36void fe_mul(fe h, const fe f, const fe g);
37void fe_mul121666(fe h, fe f);
38void fe_pow22523(fe out, const fe z);
39void fe_sub(fe h, const fe f, const fe g);
40
41#endif
diff --git a/3rd_party/ed25519/fixedint.h b/3rd_party/ed25519/fixedint.h
new file mode 100644
index 0000000..1a8745b
--- /dev/null
+++ b/3rd_party/ed25519/fixedint.h
@@ -0,0 +1,72 @@
1/*
2 Portable header to provide the 32 and 64 bits type.
3
4 Not a compatible replacement for <stdint.h>, do not blindly use it as such.
5*/
6
7#if ((defined(__STDC__) && __STDC__ && __STDC_VERSION__ >= 199901L) || (defined(__WATCOMC__) && (defined(_STDINT_H_INCLUDED) || __WATCOMC__ >= 1250)) || (defined(__GNUC__) && (defined(_STDINT_H) || defined(_STDINT_H_) || defined(__UINT_FAST64_TYPE__)) )) && !defined(FIXEDINT_H_INCLUDED)
8 #include <stdint.h>
9 #define FIXEDINT_H_INCLUDED
10
11 #if defined(__WATCOMC__) && __WATCOMC__ >= 1250 && !defined(UINT64_C)
12 #include <limits.h>
13 #define UINT64_C(x) (x + (UINT64_MAX - UINT64_MAX))
14 #endif
15#endif
16
17
18#ifndef FIXEDINT_H_INCLUDED
19 #define FIXEDINT_H_INCLUDED
20
21 #include <limits.h>
22
23 /* (u)int32_t */
24 #ifndef uint32_t
25 #if (ULONG_MAX == 0xffffffffUL)
26 typedef unsigned long uint32_t;
27 #elif (UINT_MAX == 0xffffffffUL)
28 typedef unsigned int uint32_t;
29 #elif (USHRT_MAX == 0xffffffffUL)
30 typedef unsigned short uint32_t;
31 #endif
32 #endif
33
34
35 #ifndef int32_t
36 #if (LONG_MAX == 0x7fffffffL)
37 typedef signed long int32_t;
38 #elif (INT_MAX == 0x7fffffffL)
39 typedef signed int int32_t;
40 #elif (SHRT_MAX == 0x7fffffffL)
41 typedef signed short int32_t;
42 #endif
43 #endif
44
45
46 /* (u)int64_t */
47 #if (defined(__STDC__) && defined(__STDC_VERSION__) && __STDC__ && __STDC_VERSION__ >= 199901L)
48 typedef long long int64_t;
49 typedef unsigned long long uint64_t;
50
51 #define UINT64_C(v) v ##ULL
52 #define INT64_C(v) v ##LL
53 #elif defined(__GNUC__)
54 __extension__ typedef long long int64_t;
55 __extension__ typedef unsigned long long uint64_t;
56
57 #define UINT64_C(v) v ##ULL
58 #define INT64_C(v) v ##LL
59 #elif defined(__MWERKS__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) || defined(__APPLE_CC__) || defined(_LONG_LONG) || defined(_CRAYC)
60 typedef long long int64_t;
61 typedef unsigned long long uint64_t;
62
63 #define UINT64_C(v) v ##ULL
64 #define INT64_C(v) v ##LL
65 #elif (defined(__WATCOMC__) && defined(__WATCOM_INT64__)) || (defined(_MSC_VER) && _INTEGRAL_MAX_BITS >= 64) || (defined(__BORLANDC__) && __BORLANDC__ > 0x460) || defined(__alpha) || defined(__DECC)
66 typedef __int64 int64_t;
67 typedef unsigned __int64 uint64_t;
68
69 #define UINT64_C(v) v ##UI64
70 #define INT64_C(v) v ##I64
71 #endif
72#endif
diff --git a/3rd_party/ed25519/ge.c b/3rd_party/ed25519/ge.c
new file mode 100644
index 0000000..87c691b
--- /dev/null
+++ b/3rd_party/ed25519/ge.c
@@ -0,0 +1,467 @@
1#include "ge.h"
2#include "precomp_data.h"
3
4
5/*
6r = p + q
7*/
8
9void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
10 fe t0;
11 fe_add(r->X, p->Y, p->X);
12 fe_sub(r->Y, p->Y, p->X);
13 fe_mul(r->Z, r->X, q->YplusX);
14 fe_mul(r->Y, r->Y, q->YminusX);
15 fe_mul(r->T, q->T2d, p->T);
16 fe_mul(r->X, p->Z, q->Z);
17 fe_add(t0, r->X, r->X);
18 fe_sub(r->X, r->Z, r->Y);
19 fe_add(r->Y, r->Z, r->Y);
20 fe_add(r->Z, t0, r->T);
21 fe_sub(r->T, t0, r->T);
22}
23
24
25static void slide(signed char *r, const unsigned char *a) {
26 int i;
27 int b;
28 int k;
29
30 for (i = 0; i < 256; ++i) {
31 r[i] = 1 & (a[i >> 3] >> (i & 7));
32 }
33
34 for (i = 0; i < 256; ++i)
35 if (r[i]) {
36 for (b = 1; b <= 6 && i + b < 256; ++b) {
37 if (r[i + b]) {
38 if (r[i] + (r[i + b] << b) <= 15) {
39 r[i] += r[i + b] << b;
40 r[i + b] = 0;
41 } else if (r[i] - (r[i + b] << b) >= -15) {
42 r[i] -= r[i + b] << b;
43
44 for (k = i + b; k < 256; ++k) {
45 if (!r[k]) {
46 r[k] = 1;
47 break;
48 }
49
50 r[k] = 0;
51 }
52 } else {
53 break;
54 }
55 }
56 }
57 }
58}
59
60/*
61r = a * A + b * B
62where a = a[0]+256*a[1]+...+256^31 a[31].
63and b = b[0]+256*b[1]+...+256^31 b[31].
64B is the Ed25519 base point (x,4/5) with x positive.
65*/
66
67void ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b) {
68 signed char aslide[256];
69 signed char bslide[256];
70 ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
71 ge_p1p1 t;
72 ge_p3 u;
73 ge_p3 A2;
74 int i;
75 slide(aslide, a);
76 slide(bslide, b);
77 ge_p3_to_cached(&Ai[0], A);
78 ge_p3_dbl(&t, A);
79 ge_p1p1_to_p3(&A2, &t);
80 ge_add(&t, &A2, &Ai[0]);
81 ge_p1p1_to_p3(&u, &t);
82 ge_p3_to_cached(&Ai[1], &u);
83 ge_add(&t, &A2, &Ai[1]);
84 ge_p1p1_to_p3(&u, &t);
85 ge_p3_to_cached(&Ai[2], &u);
86 ge_add(&t, &A2, &Ai[2]);
87 ge_p1p1_to_p3(&u, &t);
88 ge_p3_to_cached(&Ai[3], &u);
89 ge_add(&t, &A2, &Ai[3]);
90 ge_p1p1_to_p3(&u, &t);
91 ge_p3_to_cached(&Ai[4], &u);
92 ge_add(&t, &A2, &Ai[4]);
93 ge_p1p1_to_p3(&u, &t);
94 ge_p3_to_cached(&Ai[5], &u);
95 ge_add(&t, &A2, &Ai[5]);
96 ge_p1p1_to_p3(&u, &t);
97 ge_p3_to_cached(&Ai[6], &u);
98 ge_add(&t, &A2, &Ai[6]);
99 ge_p1p1_to_p3(&u, &t);
100 ge_p3_to_cached(&Ai[7], &u);
101 ge_p2_0(r);
102
103 for (i = 255; i >= 0; --i) {
104 if (aslide[i] || bslide[i]) {
105 break;
106 }
107 }
108
109 for (; i >= 0; --i) {
110 ge_p2_dbl(&t, r);
111
112 if (aslide[i] > 0) {
113 ge_p1p1_to_p3(&u, &t);
114 ge_add(&t, &u, &Ai[aslide[i] / 2]);
115 } else if (aslide[i] < 0) {
116 ge_p1p1_to_p3(&u, &t);
117 ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
118 }
119
120 if (bslide[i] > 0) {
121 ge_p1p1_to_p3(&u, &t);
122 ge_madd(&t, &u, &Bi[bslide[i] / 2]);
123 } else if (bslide[i] < 0) {
124 ge_p1p1_to_p3(&u, &t);
125 ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]);
126 }
127
128 ge_p1p1_to_p2(r, &t);
129 }
130}
131
132
133static const fe d = {
134 -10913610, 13857413, -15372611, 6949391, 114729, -8787816, -6275908, -3247719, -18696448, -12055116
135};
136
137static const fe sqrtm1 = {
138 -32595792, -7943725, 9377950, 3500415, 12389472, -272473, -25146209, -2005654, 326686, 11406482
139};
140
141int ge_frombytes_negate_vartime(ge_p3 *h, const unsigned char *s) {
142 fe u;
143 fe v;
144 fe v3;
145 fe vxx;
146 fe check;
147 fe_frombytes(h->Y, s);
148 fe_1(h->Z);
149 fe_sq(u, h->Y);
150 fe_mul(v, u, d);
151 fe_sub(u, u, h->Z); /* u = y^2-1 */
152 fe_add(v, v, h->Z); /* v = dy^2+1 */
153 fe_sq(v3, v);
154 fe_mul(v3, v3, v); /* v3 = v^3 */
155 fe_sq(h->X, v3);
156 fe_mul(h->X, h->X, v);
157 fe_mul(h->X, h->X, u); /* x = uv^7 */
158 fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */
159 fe_mul(h->X, h->X, v3);
160 fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */
161 fe_sq(vxx, h->X);
162 fe_mul(vxx, vxx, v);
163 fe_sub(check, vxx, u); /* vx^2-u */
164
165 if (fe_isnonzero(check)) {
166 fe_add(check, vxx, u); /* vx^2+u */
167
168 if (fe_isnonzero(check)) {
169 return -1;
170 }
171
172 fe_mul(h->X, h->X, sqrtm1);
173 }
174
175 if (fe_isnegative(h->X) == (s[31] >> 7)) {
176 fe_neg(h->X, h->X);
177 }
178
179 fe_mul(h->T, h->X, h->Y);
180 return 0;
181}
182
183
184/*
185r = p + q
186*/
187
188void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
189 fe t0;
190 fe_add(r->X, p->Y, p->X);
191 fe_sub(r->Y, p->Y, p->X);
192 fe_mul(r->Z, r->X, q->yplusx);
193 fe_mul(r->Y, r->Y, q->yminusx);
194 fe_mul(r->T, q->xy2d, p->T);
195 fe_add(t0, p->Z, p->Z);
196 fe_sub(r->X, r->Z, r->Y);
197 fe_add(r->Y, r->Z, r->Y);
198 fe_add(r->Z, t0, r->T);
199 fe_sub(r->T, t0, r->T);
200}
201
202
203/*
204r = p - q
205*/
206
207void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
208 fe t0;
209
210 fe_add(r->X, p->Y, p->X);
211 fe_sub(r->Y, p->Y, p->X);
212 fe_mul(r->Z, r->X, q->yminusx);
213 fe_mul(r->Y, r->Y, q->yplusx);
214 fe_mul(r->T, q->xy2d, p->T);
215 fe_add(t0, p->Z, p->Z);
216 fe_sub(r->X, r->Z, r->Y);
217 fe_add(r->Y, r->Z, r->Y);
218 fe_sub(r->Z, t0, r->T);
219 fe_add(r->T, t0, r->T);
220}
221
222
223/*
224r = p
225*/
226
227void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) {
228 fe_mul(r->X, p->X, p->T);
229 fe_mul(r->Y, p->Y, p->Z);
230 fe_mul(r->Z, p->Z, p->T);
231}
232
233
234
235/*
236r = p
237*/
238
239void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) {
240 fe_mul(r->X, p->X, p->T);
241 fe_mul(r->Y, p->Y, p->Z);
242 fe_mul(r->Z, p->Z, p->T);
243 fe_mul(r->T, p->X, p->Y);
244}
245
246
247void ge_p2_0(ge_p2 *h) {
248 fe_0(h->X);
249 fe_1(h->Y);
250 fe_1(h->Z);
251}
252
253
254
255/*
256r = 2 * p
257*/
258
259void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) {
260 fe t0;
261
262 fe_sq(r->X, p->X);
263 fe_sq(r->Z, p->Y);
264 fe_sq2(r->T, p->Z);
265 fe_add(r->Y, p->X, p->Y);
266 fe_sq(t0, r->Y);
267 fe_add(r->Y, r->Z, r->X);
268 fe_sub(r->Z, r->Z, r->X);
269 fe_sub(r->X, t0, r->Y);
270 fe_sub(r->T, r->T, r->Z);
271}
272
273
274void ge_p3_0(ge_p3 *h) {
275 fe_0(h->X);
276 fe_1(h->Y);
277 fe_1(h->Z);
278 fe_0(h->T);
279}
280
281
282/*
283r = 2 * p
284*/
285
286void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) {
287 ge_p2 q;
288 ge_p3_to_p2(&q, p);
289 ge_p2_dbl(r, &q);
290}
291
292
293
294/*
295r = p
296*/
297
298static const fe d2 = {
299 -21827239, -5839606, -30745221, 13898782, 229458, 15978800, -12551817, -6495438, 29715968, 9444199
300};
301
302void ge_p3_to_cached(ge_cached *r, const ge_p3 *p) {
303 fe_add(r->YplusX, p->Y, p->X);
304 fe_sub(r->YminusX, p->Y, p->X);
305 fe_copy(r->Z, p->Z);
306 fe_mul(r->T2d, p->T, d2);
307}
308
309
310/*
311r = p
312*/
313
314void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) {
315 fe_copy(r->X, p->X);
316 fe_copy(r->Y, p->Y);
317 fe_copy(r->Z, p->Z);
318}
319
320
321void ge_p3_tobytes(unsigned char *s, const ge_p3 *h) {
322 fe recip;
323 fe x;
324 fe y;
325 fe_invert(recip, h->Z);
326 fe_mul(x, h->X, recip);
327 fe_mul(y, h->Y, recip);
328 fe_tobytes(s, y);
329 s[31] ^= fe_isnegative(x) << 7;
330}
331
332
333static unsigned char equal(signed char b, signed char c) {
334 unsigned char ub = b;
335 unsigned char uc = c;
336 unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */
337 uint64_t y = x; /* 0: yes; 1..255: no */
338 y -= 1; /* large: yes; 0..254: no */
339 y >>= 63; /* 1: yes; 0: no */
340 return (unsigned char) y;
341}
342
343static unsigned char negative(signed char b) {
344 uint64_t x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
345 x >>= 63; /* 1: yes; 0: no */
346 return (unsigned char) x;
347}
348
349static void cmov(ge_precomp *t, const ge_precomp *u, unsigned char b) {
350 fe_cmov(t->yplusx, u->yplusx, b);
351 fe_cmov(t->yminusx, u->yminusx, b);
352 fe_cmov(t->xy2d, u->xy2d, b);
353}
354
355
356static void select(ge_precomp *t, int pos, signed char b) {
357 ge_precomp minust;
358 unsigned char bnegative = negative(b);
359 unsigned char babs = b - (((-bnegative) & b) << 1);
360 fe_1(t->yplusx);
361 fe_1(t->yminusx);
362 fe_0(t->xy2d);
363 cmov(t, &base[pos][0], equal(babs, 1));
364 cmov(t, &base[pos][1], equal(babs, 2));
365 cmov(t, &base[pos][2], equal(babs, 3));
366 cmov(t, &base[pos][3], equal(babs, 4));
367 cmov(t, &base[pos][4], equal(babs, 5));
368 cmov(t, &base[pos][5], equal(babs, 6));
369 cmov(t, &base[pos][6], equal(babs, 7));
370 cmov(t, &base[pos][7], equal(babs, 8));
371 fe_copy(minust.yplusx, t->yminusx);
372 fe_copy(minust.yminusx, t->yplusx);
373 fe_neg(minust.xy2d, t->xy2d);
374 cmov(t, &minust, bnegative);
375}
376
377/*
378h = a * B
379where a = a[0]+256*a[1]+...+256^31 a[31]
380B is the Ed25519 base point (x,4/5) with x positive.
381
382Preconditions:
383 a[31] <= 127
384*/
385
386void ge_scalarmult_base(ge_p3 *h, const unsigned char *a) {
387 signed char e[64];
388 signed char carry;
389 ge_p1p1 r;
390 ge_p2 s;
391 ge_precomp t;
392 int i;
393
394 for (i = 0; i < 32; ++i) {
395 e[2 * i + 0] = (a[i] >> 0) & 15;
396 e[2 * i + 1] = (a[i] >> 4) & 15;
397 }
398
399 /* each e[i] is between 0 and 15 */
400 /* e[63] is between 0 and 7 */
401 carry = 0;
402
403 for (i = 0; i < 63; ++i) {
404 e[i] += carry;
405 carry = e[i] + 8;
406 carry >>= 4;
407 e[i] -= carry << 4;
408 }
409
410 e[63] += carry;
411 /* each e[i] is between -8 and 8 */
412 ge_p3_0(h);
413
414 for (i = 1; i < 64; i += 2) {
415 select(&t, i / 2, e[i]);
416 ge_madd(&r, h, &t);
417 ge_p1p1_to_p3(h, &r);
418 }
419
420 ge_p3_dbl(&r, h);
421 ge_p1p1_to_p2(&s, &r);
422 ge_p2_dbl(&r, &s);
423 ge_p1p1_to_p2(&s, &r);
424 ge_p2_dbl(&r, &s);
425 ge_p1p1_to_p2(&s, &r);
426 ge_p2_dbl(&r, &s);
427 ge_p1p1_to_p3(h, &r);
428
429 for (i = 0; i < 64; i += 2) {
430 select(&t, i / 2, e[i]);
431 ge_madd(&r, h, &t);
432 ge_p1p1_to_p3(h, &r);
433 }
434}
435
436
437/*
438r = p - q
439*/
440
441void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
442 fe t0;
443
444 fe_add(r->X, p->Y, p->X);
445 fe_sub(r->Y, p->Y, p->X);
446 fe_mul(r->Z, r->X, q->YminusX);
447 fe_mul(r->Y, r->Y, q->YplusX);
448 fe_mul(r->T, q->T2d, p->T);
449 fe_mul(r->X, p->Z, q->Z);
450 fe_add(t0, r->X, r->X);
451 fe_sub(r->X, r->Z, r->Y);
452 fe_add(r->Y, r->Z, r->Y);
453 fe_sub(r->Z, t0, r->T);
454 fe_add(r->T, t0, r->T);
455}
456
457
458void ge_tobytes(unsigned char *s, const ge_p2 *h) {
459 fe recip;
460 fe x;
461 fe y;
462 fe_invert(recip, h->Z);
463 fe_mul(x, h->X, recip);
464 fe_mul(y, h->Y, recip);
465 fe_tobytes(s, y);
466 s[31] ^= fe_isnegative(x) << 7;
467}
diff --git a/3rd_party/ed25519/ge.h b/3rd_party/ed25519/ge.h
new file mode 100644
index 0000000..17fde2d
--- /dev/null
+++ b/3rd_party/ed25519/ge.h
@@ -0,0 +1,74 @@
1#ifndef GE_H
2#define GE_H
3
4#include "fe.h"
5
6
7/*
8ge means group element.
9
10Here the group is the set of pairs (x,y) of field elements (see fe.h)
11satisfying -x^2 + y^2 = 1 + d x^2y^2
12where d = -121665/121666.
13
14Representations:
15 ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
16 ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
17 ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
18 ge_precomp (Duif): (y+x,y-x,2dxy)
19*/
20
21typedef struct {
22 fe X;
23 fe Y;
24 fe Z;
25} ge_p2;
26
27typedef struct {
28 fe X;
29 fe Y;
30 fe Z;
31 fe T;
32} ge_p3;
33
34typedef struct {
35 fe X;
36 fe Y;
37 fe Z;
38 fe T;
39} ge_p1p1;
40
41typedef struct {
42 fe yplusx;
43 fe yminusx;
44 fe xy2d;
45} ge_precomp;
46
47typedef struct {
48 fe YplusX;
49 fe YminusX;
50 fe Z;
51 fe T2d;
52} ge_cached;
53
54void ge_p3_tobytes(unsigned char *s, const ge_p3 *h);
55void ge_tobytes(unsigned char *s, const ge_p2 *h);
56int ge_frombytes_negate_vartime(ge_p3 *h, const unsigned char *s);
57
58void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
59void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
60void ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b);
61void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q);
62void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q);
63void ge_scalarmult_base(ge_p3 *h, const unsigned char *a);
64
65void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
66void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p);
67void ge_p2_0(ge_p2 *h);
68void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p);
69void ge_p3_0(ge_p3 *h);
70void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p);
71void ge_p3_to_cached(ge_cached *r, const ge_p3 *p);
72void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p);
73
74#endif
diff --git a/3rd_party/ed25519/key_exchange.c b/3rd_party/ed25519/key_exchange.c
new file mode 100644
index 0000000..abd75da
--- /dev/null
+++ b/3rd_party/ed25519/key_exchange.c
@@ -0,0 +1,79 @@
1#include "ed25519.h"
2#include "fe.h"
3
4void ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key) {
5 unsigned char e[32];
6 unsigned int i;
7
8 fe x1;
9 fe x2;
10 fe z2;
11 fe x3;
12 fe z3;
13 fe tmp0;
14 fe tmp1;
15
16 int pos;
17 unsigned int swap;
18 unsigned int b;
19
20 /* copy the private key and make sure it's valid */
21 for (i = 0; i < 32; ++i) {
22 e[i] = private_key[i];
23 }
24
25 e[0] &= 248;
26 e[31] &= 63;
27 e[31] |= 64;
28
29 /* unpack the public key and convert edwards to montgomery */
30 /* due to CodesInChaos: montgomeryX = (edwardsY + 1)*inverse(1 - edwardsY) mod p */
31 fe_frombytes(x1, public_key);
32 fe_1(tmp1);
33 fe_add(tmp0, x1, tmp1);
34 fe_sub(tmp1, tmp1, x1);
35 fe_invert(tmp1, tmp1);
36 fe_mul(x1, tmp0, tmp1);
37
38 fe_1(x2);
39 fe_0(z2);
40 fe_copy(x3, x1);
41 fe_1(z3);
42
43 swap = 0;
44 for (pos = 254; pos >= 0; --pos) {
45 b = e[pos / 8] >> (pos & 7);
46 b &= 1;
47 swap ^= b;
48 fe_cswap(x2, x3, swap);
49 fe_cswap(z2, z3, swap);
50 swap = b;
51
52 /* from montgomery.h */
53 fe_sub(tmp0, x3, z3);
54 fe_sub(tmp1, x2, z2);
55 fe_add(x2, x2, z2);
56 fe_add(z2, x3, z3);
57 fe_mul(z3, tmp0, x2);
58 fe_mul(z2, z2, tmp1);
59 fe_sq(tmp0, tmp1);
60 fe_sq(tmp1, x2);
61 fe_add(x3, z3, z2);
62 fe_sub(z2, z3, z2);
63 fe_mul(x2, tmp1, tmp0);
64 fe_sub(tmp1, tmp1, tmp0);
65 fe_sq(z2, z2);
66 fe_mul121666(z3, tmp1);
67 fe_sq(x3, x3);
68 fe_add(tmp0, tmp0, z3);
69 fe_mul(z3, x1, z2);
70 fe_mul(z2, tmp1, tmp0);
71 }
72
73 fe_cswap(x2, x3, swap);
74 fe_cswap(z2, z3, swap);
75
76 fe_invert(z2, z2);
77 fe_mul(x2, x2, z2);
78 fe_tobytes(shared_secret, x2);
79}
diff --git a/3rd_party/ed25519/keypair.c b/3rd_party/ed25519/keypair.c
new file mode 100644
index 0000000..dc1b8ec
--- /dev/null
+++ b/3rd_party/ed25519/keypair.c
@@ -0,0 +1,16 @@
1#include "ed25519.h"
2#include "sha512.h"
3#include "ge.h"
4
5
6void ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed) {
7 ge_p3 A;
8
9 sha512(seed, 32, private_key);
10 private_key[0] &= 248;
11 private_key[31] &= 63;
12 private_key[31] |= 64;
13
14 ge_scalarmult_base(&A, private_key);
15 ge_p3_tobytes(public_key, &A);
16}
diff --git a/3rd_party/ed25519/precomp_data.h b/3rd_party/ed25519/precomp_data.h
new file mode 100644
index 0000000..ff23986
--- /dev/null
+++ b/3rd_party/ed25519/precomp_data.h
@@ -0,0 +1,1391 @@
1static const ge_precomp Bi[8] = {
2 {
3 { 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605 },
4 { -12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, 5043384, 19500929, -15469378 },
5 { -8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, 11864899, -24514362, -4438546 },
6 },
7 {
8 { 15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, -14772189, 28944400, -1550024 },
9 { 16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, -11775962, 7689662, 11199574 },
10 { 30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, 10017326, -17749093, -9920357 },
11 },
12 {
13 { 10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, 14515107, -15438304, 10819380 },
14 { 4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, 12483688, -12668491, 5581306 },
15 { 19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, 13850243, -23678021, -15815942 },
16 },
17 {
18 { 5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, 5230134, -23952439, -15175766 },
19 { -30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701 },
20 { 28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, 1370708, 29794553, -1409300 },
21 },
22 {
23 { -22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211, -1361450, -13062696, 13821877 },
24 { -6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028, -7212327, 18853322, -14220951 },
25 { 4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358, -10431137, 2207753, -3209784 },
26 },
27 {
28 { -25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364, -663000, -31111463, -16132436 },
29 { 25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789, 15725684, 171356, 6466918 },
30 { 23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339, -14088058, -30714912, 16193877 },
31 },
32 {
33 { -33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398, 4729455, -18074513, 9256800 },
34 { -25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405, 9761698, -19827198, 630305 },
35 { -13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551, -15960994, -2449256, -14291300 },
36 },
37 {
38 { -3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575, 15033784, 25105118, -7894876 },
39 { -24326370, 15950226, -31801215, -14592823, -11662737, -5090925, 1573892, -2625887, 2198790, -15804619 },
40 { -3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022, -16236442, -32461234, -12290683 },
41 },
42};
43
44
45/* base[i][j] = (j+1)*256^i*B */
46static const ge_precomp base[32][8] = {
47 {
48 {
49 { 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605 },
50 { -12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, 5043384, 19500929, -15469378 },
51 { -8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, 11864899, -24514362, -4438546 },
52 },
53 {
54 { -12815894, -12976347, -21581243, 11784320, -25355658, -2750717, -11717903, -3814571, -358445, -10211303 },
55 { -21703237, 6903825, 27185491, 6451973, -29577724, -9554005, -15616551, 11189268, -26829678, -5319081 },
56 { 26966642, 11152617, 32442495, 15396054, 14353839, -12752335, -3128826, -9541118, -15472047, -4166697 },
57 },
58 {
59 { 15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, -14772189, 28944400, -1550024 },
60 { 16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, -11775962, 7689662, 11199574 },
61 { 30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, 10017326, -17749093, -9920357 },
62 },
63 {
64 { -17036878, 13921892, 10945806, -6033431, 27105052, -16084379, -28926210, 15006023, 3284568, -6276540 },
65 { 23599295, -8306047, -11193664, -7687416, 13236774, 10506355, 7464579, 9656445, 13059162, 10374397 },
66 { 7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664, -3839045, -641708, -101325 },
67 },
68 {
69 { 10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, 14515107, -15438304, 10819380 },
70 { 4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, 12483688, -12668491, 5581306 },
71 { 19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, 13850243, -23678021, -15815942 },
72 },
73 {
74 { -15371964, -12862754, 32573250, 4720197, -26436522, 5875511, -19188627, -15224819, -9818940, -12085777 },
75 { -8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240, -15689887, 1762328, 14866737 },
76 { -18199695, -15951423, -10473290, 1707278, -17185920, 3916101, -28236412, 3959421, 27914454, 4383652 },
77 },
78 {
79 { 5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, 5230134, -23952439, -15175766 },
80 { -30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701 },
81 { 28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, 1370708, 29794553, -1409300 },
82 },
83 {
84 { 14499471, -2729599, -33191113, -4254652, 28494862, 14271267, 30290735, 10876454, -33154098, 2381726 },
85 { -7195431, -2655363, -14730155, 462251, -27724326, 3941372, -6236617, 3696005, -32300832, 15351955 },
86 { 27431194, 8222322, 16448760, -3907995, -18707002, 11938355, -32961401, -2970515, 29551813, 10109425 },
87 },
88 },
89 {
90 {
91 { -13657040, -13155431, -31283750, 11777098, 21447386, 6519384, -2378284, -1627556, 10092783, -4764171 },
92 { 27939166, 14210322, 4677035, 16277044, -22964462, -12398139, -32508754, 12005538, -17810127, 12803510 },
93 { 17228999, -15661624, -1233527, 300140, -1224870, -11714777, 30364213, -9038194, 18016357, 4397660 },
94 },
95 {
96 { -10958843, -7690207, 4776341, -14954238, 27850028, -15602212, -26619106, 14544525, -17477504, 982639 },
97 { 29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899, -4120128, -21047696, 9934963 },
98 { 5793303, 16271923, -24131614, -10116404, 29188560, 1206517, -14747930, 4559895, -30123922, -10897950 },
99 },
100 {
101 { -27643952, -11493006, 16282657, -11036493, 28414021, -15012264, 24191034, 4541697, -13338309, 5500568 },
102 { 12650548, -1497113, 9052871, 11355358, -17680037, -8400164, -17430592, 12264343, 10874051, 13524335 },
103 { 25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038, 5080568, -22528059, 5376628 },
104 },
105 {
106 { -26088264, -4011052, -17013699, -3537628, -6726793, 1920897, -22321305, -9447443, 4535768, 1569007 },
107 { -2255422, 14606630, -21692440, -8039818, 28430649, 8775819, -30494562, 3044290, 31848280, 12543772 },
108 { -22028579, 2943893, -31857513, 6777306, 13784462, -4292203, -27377195, -2062731, 7718482, 14474653 },
109 },
110 {
111 { 2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965, -7236665, 24316168, -5253567 },
112 { 13741529, 10911568, -33233417, -8603737, -20177830, -1033297, 33040651, -13424532, -20729456, 8321686 },
113 { 21060490, -2212744, 15712757, -4336099, 1639040, 10656336, 23845965, -11874838, -9984458, 608372 },
114 },
115 {
116 { -13672732, -15087586, -10889693, -7557059, -6036909, 11305547, 1123968, -6780577, 27229399, 23887 },
117 { -23244140, -294205, -11744728, 14712571, -29465699, -2029617, 12797024, -6440308, -1633405, 16678954 },
118 { -29500620, 4770662, -16054387, 14001338, 7830047, 9564805, -1508144, -4795045, -17169265, 4904953 },
119 },
120 {
121 { 24059557, 14617003, 19037157, -15039908, 19766093, -14906429, 5169211, 16191880, 2128236, -4326833 },
122 { -16981152, 4124966, -8540610, -10653797, 30336522, -14105247, -29806336, 916033, -6882542, -2986532 },
123 { -22630907, 12419372, -7134229, -7473371, -16478904, 16739175, 285431, 2763829, 15736322, 4143876 },
124 },
125 {
126 { 2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801, -14594663, 23527084, -16458268 },
127 { 33431127, -11130478, -17838966, -15626900, 8909499, 8376530, -32625340, 4087881, -15188911, -14416214 },
128 { 1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055, 4357868, -4774191, -16323038 },
129 },
130 },
131 {
132 {
133 { 6721966, 13833823, -23523388, -1551314, 26354293, -11863321, 23365147, -3949732, 7390890, 2759800 },
134 { 4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353, -4264057, 1244380, -12919645 },
135 { -4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413, 9208236, 15886429, 16489664 },
136 },
137 {
138 { 1996075, 10375649, 14346367, 13311202, -6874135, -16438411, -13693198, 398369, -30606455, -712933 },
139 { -25307465, 9795880, -2777414, 14878809, -33531835, 14780363, 13348553, 12076947, -30836462, 5113182 },
140 { -17770784, 11797796, 31950843, 13929123, -25888302, 12288344, -30341101, -7336386, 13847711, 5387222 },
141 },
142 {
143 { -18582163, -3416217, 17824843, -2340966, 22744343, -10442611, 8763061, 3617786, -19600662, 10370991 },
144 { 20246567, -14369378, 22358229, -543712, 18507283, -10413996, 14554437, -8746092, 32232924, 16763880 },
145 { 9648505, 10094563, 26416693, 14745928, -30374318, -6472621, 11094161, 15689506, 3140038, -16510092 },
146 },
147 {
148 { -16160072, 5472695, 31895588, 4744994, 8823515, 10365685, -27224800, 9448613, -28774454, 366295 },
149 { 19153450, 11523972, -11096490, -6503142, -24647631, 5420647, 28344573, 8041113, 719605, 11671788 },
150 { 8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916, -15266516, 27000813, -10195553 },
151 },
152 {
153 { -15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065, 5336097, 6750977, -14521026 },
154 { 11836410, -3979488, 26297894, 16080799, 23455045, 15735944, 1695823, -8819122, 8169720, 16220347 },
155 { -18115838, 8653647, 17578566, -6092619, -8025777, -16012763, -11144307, -2627664, -5990708, -14166033 },
156 },
157 {
158 { -23308498, -10968312, 15213228, -10081214, -30853605, -11050004, 27884329, 2847284, 2655861, 1738395 },
159 { -27537433, -14253021, -25336301, -8002780, -9370762, 8129821, 21651608, -3239336, -19087449, -11005278 },
160 { 1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092, 5821408, 10478196, 8544890 },
161 },
162 {
163 { 32173121, -16129311, 24896207, 3921497, 22579056, -3410854, 19270449, 12217473, 17789017, -3395995 },
164 { -30552961, -2228401, -15578829, -10147201, 13243889, 517024, 15479401, -3853233, 30460520, 1052596 },
165 { -11614875, 13323618, 32618793, 8175907, -15230173, 12596687, 27491595, -4612359, 3179268, -9478891 },
166 },
167 {
168 { 31947069, -14366651, -4640583, -15339921, -15125977, -6039709, -14756777, -16411740, 19072640, -9511060 },
169 { 11685058, 11822410, 3158003, -13952594, 33402194, -4165066, 5977896, -5215017, 473099, 5040608 },
170 { -20290863, 8198642, -27410132, 11602123, 1290375, -2799760, 28326862, 1721092, -19558642, -3131606 },
171 },
172 },
173 {
174 {
175 { 7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786, 8076149, -27868496, 11538389 },
176 { -19935666, 3899861, 18283497, -6801568, -15728660, -11249211, 8754525, 7446702, -5676054, 5797016 },
177 { -11295600, -3793569, -15782110, -7964573, 12708869, -8456199, 2014099, -9050574, -2369172, -5877341 },
178 },
179 {
180 { -22472376, -11568741, -27682020, 1146375, 18956691, 16640559, 1192730, -3714199, 15123619, 10811505 },
181 { 14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363, 15776356, -28886779, -11974553 },
182 { -28241164, -8072475, -4978962, -5315317, 29416931, 1847569, -20654173, -16484855, 4714547, -9600655 },
183 },
184 {
185 { 15200332, 8368572, 19679101, 15970074, -31872674, 1959451, 24611599, -4543832, -11745876, 12340220 },
186 { 12876937, -10480056, 33134381, 6590940, -6307776, 14872440, 9613953, 8241152, 15370987, 9608631 },
187 { -4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868, 15866074, -28210621, -8814099 },
188 },
189 {
190 { 26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233, 858697, 20571223, 8420556 },
191 { 14620715, 13067227, -15447274, 8264467, 14106269, 15080814, 33531827, 12516406, -21574435, -12476749 },
192 { 236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519, 7256740, 8791136, 15069930 },
193 },
194 {
195 { 1276410, -9371918, 22949635, -16322807, -23493039, -5702186, 14711875, 4874229, -30663140, -2331391 },
196 { 5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175, -7912378, -33069337, 9234253 },
197 { 20590503, -9018988, 31529744, -7352666, -2706834, 10650548, 31559055, -11609587, 18979186, 13396066 },
198 },
199 {
200 { 24474287, 4968103, 22267082, 4407354, 24063882, -8325180, -18816887, 13594782, 33514650, 7021958 },
201 { -11566906, -6565505, -21365085, 15928892, -26158305, 4315421, -25948728, -3916677, -21480480, 12868082 },
202 { -28635013, 13504661, 19988037, -2132761, 21078225, 6443208, -21446107, 2244500, -12455797, -8089383 },
203 },
204 {
205 { -30595528, 13793479, -5852820, 319136, -25723172, -6263899, 33086546, 8957937, -15233648, 5540521 },
206 { -11630176, -11503902, -8119500, -7643073, 2620056, 1022908, -23710744, -1568984, -16128528, -14962807 },
207 { 23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819, 892185, -11513277, -15205948 },
208 },
209 {
210 { 9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819, 4763127, -19179614, 5867134 },
211 { -32765025, 1927590, 31726409, -4753295, 23962434, -16019500, 27846559, 5931263, -29749703, -16108455 },
212 { 27461885, -2977536, 22380810, 1815854, -23033753, -3031938, 7283490, -15148073, -19526700, 7734629 },
213 },
214 },
215 {
216 {
217 { -8010264, -9590817, -11120403, 6196038, 29344158, -13430885, 7585295, -3176626, 18549497, 15302069 },
218 { -32658337, -6171222, -7672793, -11051681, 6258878, 13504381, 10458790, -6418461, -8872242, 8424746 },
219 { 24687205, 8613276, -30667046, -3233545, 1863892, -1830544, 19206234, 7134917, -11284482, -828919 },
220 },
221 {
222 { 11334899, -9218022, 8025293, 12707519, 17523892, -10476071, 10243738, -14685461, -5066034, 16498837 },
223 { 8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925, -14124238, 6536641, 10543906 },
224 { -28946384, 15479763, -17466835, 568876, -1497683, 11223454, -2669190, -16625574, -27235709, 8876771 },
225 },
226 {
227 { -25742899, -12566864, -15649966, -846607, -33026686, -796288, -33481822, 15824474, -604426, -9039817 },
228 { 10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697, -4890037, 1657394, 3084098 },
229 { 10477963, -7470260, 12119566, -13250805, 29016247, -5365589, 31280319, 14396151, -30233575, 15272409 },
230 },
231 {
232 { -12288309, 3169463, 28813183, 16658753, 25116432, -5630466, -25173957, -12636138, -25014757, 1950504 },
233 { -26180358, 9489187, 11053416, -14746161, -31053720, 5825630, -8384306, -8767532, 15341279, 8373727 },
234 { 28685821, 7759505, -14378516, -12002860, -31971820, 4079242, 298136, -10232602, -2878207, 15190420 },
235 },
236 {
237 { -32932876, 13806336, -14337485, -15794431, -24004620, 10940928, 8669718, 2742393, -26033313, -6875003 },
238 { -1580388, -11729417, -25979658, -11445023, -17411874, -10912854, 9291594, -16247779, -12154742, 6048605 },
239 { -30305315, 14843444, 1539301, 11864366, 20201677, 1900163, 13934231, 5128323, 11213262, 9168384 },
240 },
241 {
242 { -26280513, 11007847, 19408960, -940758, -18592965, -4328580, -5088060, -11105150, 20470157, -16398701 },
243 { -23136053, 9282192, 14855179, -15390078, -7362815, -14408560, -22783952, 14461608, 14042978, 5230683 },
244 { 29969567, -2741594, -16711867, -8552442, 9175486, -2468974, 21556951, 3506042, -5933891, -12449708 },
245 },
246 {
247 { -3144746, 8744661, 19704003, 4581278, -20430686, 6830683, -21284170, 8971513, -28539189, 15326563 },
248 { -19464629, 10110288, -17262528, -3503892, -23500387, 1355669, -15523050, 15300988, -20514118, 9168260 },
249 { -5353335, 4488613, -23803248, 16314347, 7780487, -15638939, -28948358, 9601605, 33087103, -9011387 },
250 },
251 {
252 { -19443170, -15512900, -20797467, -12445323, -29824447, 10229461, -27444329, -15000531, -5996870, 15664672 },
253 { 23294591, -16632613, -22650781, -8470978, 27844204, 11461195, 13099750, -2460356, 18151676, 13417686 },
254 { -24722913, -4176517, -31150679, 5988919, -26858785, 6685065, 1661597, -12551441, 15271676, -15452665 },
255 },
256 },
257 {
258 {
259 { 11433042, -13228665, 8239631, -5279517, -1985436, -725718, -18698764, 2167544, -6921301, -13440182 },
260 { -31436171, 15575146, 30436815, 12192228, -22463353, 9395379, -9917708, -8638997, 12215110, 12028277 },
261 { 14098400, 6555944, 23007258, 5757252, -15427832, -12950502, 30123440, 4617780, -16900089, -655628 },
262 },
263 {
264 { -4026201, -15240835, 11893168, 13718664, -14809462, 1847385, -15819999, 10154009, 23973261, -12684474 },
265 { -26531820, -3695990, -1908898, 2534301, -31870557, -16550355, 18341390, -11419951, 32013174, -10103539 },
266 { -25479301, 10876443, -11771086, -14625140, -12369567, 1838104, 21911214, 6354752, 4425632, -837822 },
267 },
268 {
269 { -10433389, -14612966, 22229858, -3091047, -13191166, 776729, -17415375, -12020462, 4725005, 14044970 },
270 { 19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390, -1411784, -19522291, -16109756 },
271 { -24864089, 12986008, -10898878, -5558584, -11312371, -148526, 19541418, 8180106, 9282262, 10282508 },
272 },
273 {
274 { -26205082, 4428547, -8661196, -13194263, 4098402, -14165257, 15522535, 8372215, 5542595, -10702683 },
275 { -10562541, 14895633, 26814552, -16673850, -17480754, -2489360, -2781891, 6993761, -18093885, 10114655 },
276 { -20107055, -929418, 31422704, 10427861, -7110749, 6150669, -29091755, -11529146, 25953725, -106158 },
277 },
278 {
279 { -4234397, -8039292, -9119125, 3046000, 2101609, -12607294, 19390020, 6094296, -3315279, 12831125 },
280 { -15998678, 7578152, 5310217, 14408357, -33548620, -224739, 31575954, 6326196, 7381791, -2421839 },
281 { -20902779, 3296811, 24736065, -16328389, 18374254, 7318640, 6295303, 8082724, -15362489, 12339664 },
282 },
283 {
284 { 27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414, 15768922, 25091167, 14856294 },
285 { -18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300, -12695493, -22182473, -9012899 },
286 { -11423429, -5421590, 11632845, 3405020, 30536730, -11674039, -27260765, 13866390, 30146206, 9142070 },
287 },
288 {
289 { 3924129, -15307516, -13817122, -10054960, 12291820, -668366, -27702774, 9326384, -8237858, 4171294 },
290 { -15921940, 16037937, 6713787, 16606682, -21612135, 2790944, 26396185, 3731949, 345228, -5462949 },
291 { -21327538, 13448259, 25284571, 1143661, 20614966, -8849387, 2031539, -12391231, -16253183, -13582083 },
292 },
293 {
294 { 31016211, -16722429, 26371392, -14451233, -5027349, 14854137, 17477601, 3842657, 28012650, -16405420 },
295 { -5075835, 9368966, -8562079, -4600902, -15249953, 6970560, -9189873, 16292057, -8867157, 3507940 },
296 { 29439664, 3537914, 23333589, 6997794, -17555561, -11018068, -15209202, -15051267, -9164929, 6580396 },
297 },
298 },
299 {
300 {
301 { -12185861, -7679788, 16438269, 10826160, -8696817, -6235611, 17860444, -9273846, -2095802, 9304567 },
302 { 20714564, -4336911, 29088195, 7406487, 11426967, -5095705, 14792667, -14608617, 5289421, -477127 },
303 { -16665533, -10650790, -6160345, -13305760, 9192020, -1802462, 17271490, 12349094, 26939669, -3752294 },
304 },
305 {
306 { -12889898, 9373458, 31595848, 16374215, 21471720, 13221525, -27283495, -12348559, -3698806, 117887 },
307 { 22263325, -6560050, 3984570, -11174646, -15114008, -566785, 28311253, 5358056, -23319780, 541964 },
308 { 16259219, 3261970, 2309254, -15534474, -16885711, -4581916, 24134070, -16705829, -13337066, -13552195 },
309 },
310 {
311 { 9378160, -13140186, -22845982, -12745264, 28198281, -7244098, -2399684, -717351, 690426, 14876244 },
312 { 24977353, -314384, -8223969, -13465086, 28432343, -1176353, -13068804, -12297348, -22380984, 6618999 },
313 { -1538174, 11685646, 12944378, 13682314, -24389511, -14413193, 8044829, -13817328, 32239829, -5652762 },
314 },
315 {
316 { -18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647, -10350059, 32779359, 5095274 },
317 { -33008130, -5214506, -32264887, -3685216, 9460461, -9327423, -24601656, 14506724, 21639561, -2630236 },
318 { -16400943, -13112215, 25239338, 15531969, 3987758, -4499318, -1289502, -6863535, 17874574, 558605 },
319 },
320 {
321 { -13600129, 10240081, 9171883, 16131053, -20869254, 9599700, 33499487, 5080151, 2085892, 5119761 },
322 { -22205145, -2519528, -16381601, 414691, -25019550, 2170430, 30634760, -8363614, -31999993, -5759884 },
323 { -6845704, 15791202, 8550074, -1312654, 29928809, -12092256, 27534430, -7192145, -22351378, 12961482 },
324 },
325 {
326 { -24492060, -9570771, 10368194, 11582341, -23397293, -2245287, 16533930, 8206996, -30194652, -5159638 },
327 { -11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630, 7031275, 7589640, 8945490 },
328 { -32152748, 8917967, 6661220, -11677616, -1192060, -15793393, 7251489, -11182180, 24099109, -14456170 },
329 },
330 {
331 { 5019558, -7907470, 4244127, -14714356, -26933272, 6453165, -19118182, -13289025, -6231896, -10280736 },
332 { 10853594, 10721687, 26480089, 5861829, -22995819, 1972175, -1866647, -10557898, -3363451, -6441124 },
333 { -17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661, -2008168, -13866408, 7421392 },
334 },
335 {
336 { 8139927, -6546497, 32257646, -5890546, 30375719, 1886181, -21175108, 15441252, 28826358, -4123029 },
337 { 6267086, 9695052, 7709135, -16603597, -32869068, -1886135, 14795160, -7840124, 13746021, -1742048 },
338 { 28584902, 7787108, -6732942, -15050729, 22846041, -7571236, -3181936, -363524, 4771362, -8419958 },
339 },
340 },
341 {
342 {
343 { 24949256, 6376279, -27466481, -8174608, -18646154, -9930606, 33543569, -12141695, 3569627, 11342593 },
344 { 26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886, 4608608, 7325975, -14801071 },
345 { -11618399, -14554430, -24321212, 7655128, -1369274, 5214312, -27400540, 10258390, -17646694, -8186692 },
346 },
347 {
348 { 11431204, 15823007, 26570245, 14329124, 18029990, 4796082, -31446179, 15580664, 9280358, -3973687 },
349 { -160783, -10326257, -22855316, -4304997, -20861367, -13621002, -32810901, -11181622, -15545091, 4387441 },
350 { -20799378, 12194512, 3937617, -5805892, -27154820, 9340370, -24513992, 8548137, 20617071, -7482001 },
351 },
352 {
353 { -938825, -3930586, -8714311, 16124718, 24603125, -6225393, -13775352, -11875822, 24345683, 10325460 },
354 { -19855277, -1568885, -22202708, 8714034, 14007766, 6928528, 16318175, -1010689, 4766743, 3552007 },
355 { -21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514, 14481909, 10988822, -3994762 },
356 },
357 {
358 { 15564307, -14311570, 3101243, 5684148, 30446780, -8051356, 12677127, -6505343, -8295852, 13296005 },
359 { -9442290, 6624296, -30298964, -11913677, -4670981, -2057379, 31521204, 9614054, -30000824, 12074674 },
360 { 4771191, -135239, 14290749, -13089852, 27992298, 14998318, -1413936, -1556716, 29832613, -16391035 },
361 },
362 {
363 { 7064884, -7541174, -19161962, -5067537, -18891269, -2912736, 25825242, 5293297, -27122660, 13101590 },
364 { -2298563, 2439670, -7466610, 1719965, -27267541, -16328445, 32512469, -5317593, -30356070, -4190957 },
365 { -30006540, 10162316, -33180176, 3981723, -16482138, -13070044, 14413974, 9515896, 19568978, 9628812 },
366 },
367 {
368 { 33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894, -6106839, -6291786, 3437740 },
369 { -18978877, 3884493, 19469877, 12726490, 15913552, 13614290, -22961733, 70104, 7463304, 4176122 },
370 { -27124001, 10659917, 11482427, -16070381, 12771467, -6635117, -32719404, -5322751, 24216882, 5944158 },
371 },
372 {
373 { 8894125, 7450974, -2664149, -9765752, -28080517, -12389115, 19345746, 14680796, 11632993, 5847885 },
374 { 26942781, -2315317, 9129564, -4906607, 26024105, 11769399, -11518837, 6367194, -9727230, 4782140 },
375 { 19916461, -4828410, -22910704, -11414391, 25606324, -5972441, 33253853, 8220911, 6358847, -1873857 },
376 },
377 {
378 { 801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388, -4480480, -13538503, 1387155 },
379 { 19646058, 5720633, -11416706, 12814209, 11607948, 12749789, 14147075, 15156355, -21866831, 11835260 },
380 { 19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523, 15467869, -26560550, 5052483 },
381 },
382 },
383 {
384 {
385 { -3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123, -12618185, 12228557, -7003677 },
386 { 32944382, 14922211, -22844894, 5188528, 21913450, -8719943, 4001465, 13238564, -6114803, 8653815 },
387 { 22865569, -4652735, 27603668, -12545395, 14348958, 8234005, 24808405, 5719875, 28483275, 2841751 },
388 },
389 {
390 { -16420968, -1113305, -327719, -12107856, 21886282, -15552774, -1887966, -315658, 19932058, -12739203 },
391 { -11656086, 10087521, -8864888, -5536143, -19278573, -3055912, 3999228, 13239134, -4777469, -13910208 },
392 { 1382174, -11694719, 17266790, 9194690, -13324356, 9720081, 20403944, 11284705, -14013818, 3093230 },
393 },
394 {
395 { 16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424, 16271225, -24049421, -6691850 },
396 { -21911077, -5927941, -4611316, -5560156, -31744103, -10785293, 24123614, 15193618, -21652117, -16739389 },
397 { -9935934, -4289447, -25279823, 4372842, 2087473, 10399484, 31870908, 14690798, 17361620, 11864968 },
398 },
399 {
400 { -11307610, 6210372, 13206574, 5806320, -29017692, -13967200, -12331205, -7486601, -25578460, -16240689 },
401 { 14668462, -12270235, 26039039, 15305210, 25515617, 4542480, 10453892, 6577524, 9145645, -6443880 },
402 { 5974874, 3053895, -9433049, -10385191, -31865124, 3225009, -7972642, 3936128, -5652273, -3050304 },
403 },
404 {
405 { 30625386, -4729400, -25555961, -12792866, -20484575, 7695099, 17097188, -16303496, -27999779, 1803632 },
406 { -3553091, 9865099, -5228566, 4272701, -5673832, -16689700, 14911344, 12196514, -21405489, 7047412 },
407 { 20093277, 9920966, -11138194, -5343857, 13161587, 12044805, -32856851, 4124601, -32343828, -10257566 },
408 },
409 {
410 { -20788824, 14084654, -13531713, 7842147, 19119038, -13822605, 4752377, -8714640, -21679658, 2288038 },
411 { -26819236, -3283715, 29965059, 3039786, -14473765, 2540457, 29457502, 14625692, -24819617, 12570232 },
412 { -1063558, -11551823, 16920318, 12494842, 1278292, -5869109, -21159943, -3498680, -11974704, 4724943 },
413 },
414 {
415 { 17960970, -11775534, -4140968, -9702530, -8876562, -1410617, -12907383, -8659932, -29576300, 1903856 },
416 { 23134274, -14279132, -10681997, -1611936, 20684485, 15770816, -12989750, 3190296, 26955097, 14109738 },
417 { 15308788, 5320727, -30113809, -14318877, 22902008, 7767164, 29425325, -11277562, 31960942, 11934971 },
418 },
419 {
420 { -27395711, 8435796, 4109644, 12222639, -24627868, 14818669, 20638173, 4875028, 10491392, 1379718 },
421 { -13159415, 9197841, 3875503, -8936108, -1383712, -5879801, 33518459, 16176658, 21432314, 12180697 },
422 { -11787308, 11500838, 13787581, -13832590, -22430679, 10140205, 1465425, 12689540, -10301319, -13872883 },
423 },
424 },
425 {
426 {
427 { 5414091, -15386041, -21007664, 9643570, 12834970, 1186149, -2622916, -1342231, 26128231, 6032912 },
428 { -26337395, -13766162, 32496025, -13653919, 17847801, -12669156, 3604025, 8316894, -25875034, -10437358 },
429 { 3296484, 6223048, 24680646, -12246460, -23052020, 5903205, -8862297, -4639164, 12376617, 3188849 },
430 },
431 {
432 { 29190488, -14659046, 27549113, -1183516, 3520066, -10697301, 32049515, -7309113, -16109234, -9852307 },
433 { -14744486, -9309156, 735818, -598978, -20407687, -5057904, 25246078, -15795669, 18640741, -960977 },
434 { -6928835, -16430795, 10361374, 5642961, 4910474, 12345252, -31638386, -494430, 10530747, 1053335 },
435 },
436 {
437 { -29265967, -14186805, -13538216, -12117373, -19457059, -10655384, -31462369, -2948985, 24018831, 15026644 },
438 { -22592535, -3145277, -2289276, 5953843, -13440189, 9425631, 25310643, 13003497, -2314791, -15145616 },
439 { -27419985, -603321, -8043984, -1669117, -26092265, 13987819, -27297622, 187899, -23166419, -2531735 },
440 },
441 {
442 { -21744398, -13810475, 1844840, 5021428, -10434399, -15911473, 9716667, 16266922, -5070217, 726099 },
443 { 29370922, -6053998, 7334071, -15342259, 9385287, 2247707, -13661962, -4839461, 30007388, -15823341 },
444 { -936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109, 730663, 9835848, 4555336 },
445 },
446 {
447 { -23376435, 1410446, -22253753, -12899614, 30867635, 15826977, 17693930, 544696, -11985298, 12422646 },
448 { 31117226, -12215734, -13502838, 6561947, -9876867, -12757670, -5118685, -4096706, 29120153, 13924425 },
449 { -17400879, -14233209, 19675799, -2734756, -11006962, -5858820, -9383939, -11317700, 7240931, -237388 },
450 },
451 {
452 { -31361739, -11346780, -15007447, -5856218, -22453340, -12152771, 1222336, 4389483, 3293637, -15551743 },
453 { -16684801, -14444245, 11038544, 11054958, -13801175, -3338533, -24319580, 7733547, 12796905, -6335822 },
454 { -8759414, -10817836, -25418864, 10783769, -30615557, -9746811, -28253339, 3647836, 3222231, -11160462 },
455 },
456 {
457 { 18606113, 1693100, -25448386, -15170272, 4112353, 10045021, 23603893, -2048234, -7550776, 2484985 },
458 { 9255317, -3131197, -12156162, -1004256, 13098013, -9214866, 16377220, -2102812, -19802075, -3034702 },
459 { -22729289, 7496160, -5742199, 11329249, 19991973, -3347502, -31718148, 9936966, -30097688, -10618797 },
460 },
461 {
462 { 21878590, -5001297, 4338336, 13643897, -3036865, 13160960, 19708896, 5415497, -7360503, -4109293 },
463 { 27736861, 10103576, 12500508, 8502413, -3413016, -9633558, 10436918, -1550276, -23659143, -8132100 },
464 { 19492550, -12104365, -29681976, -852630, -3208171, 12403437, 30066266, 8367329, 13243957, 8709688 },
465 },
466 },
467 {
468 {
469 { 12015105, 2801261, 28198131, 10151021, 24818120, -4743133, -11194191, -5645734, 5150968, 7274186 },
470 { 2831366, -12492146, 1478975, 6122054, 23825128, -12733586, 31097299, 6083058, 31021603, -9793610 },
471 { -2529932, -2229646, 445613, 10720828, -13849527, -11505937, -23507731, 16354465, 15067285, -14147707 },
472 },
473 {
474 { 7840942, 14037873, -33364863, 15934016, -728213, -3642706, 21403988, 1057586, -19379462, -12403220 },
475 { 915865, -16469274, 15608285, -8789130, -24357026, 6060030, -17371319, 8410997, -7220461, 16527025 },
476 { 32922597, -556987, 20336074, -16184568, 10903705, -5384487, 16957574, 52992, 23834301, 6588044 },
477 },
478 {
479 { 32752030, 11232950, 3381995, -8714866, 22652988, -10744103, 17159699, 16689107, -20314580, -1305992 },
480 { -4689649, 9166776, -25710296, -10847306, 11576752, 12733943, 7924251, -2752281, 1976123, -7249027 },
481 { 21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041, -3371252, 12331345, -8237197 },
482 },
483 {
484 { 8651614, -4477032, -16085636, -4996994, 13002507, 2950805, 29054427, -5106970, 10008136, -4667901 },
485 { 31486080, 15114593, -14261250, 12951354, 14369431, -7387845, 16347321, -13662089, 8684155, -10532952 },
486 { 19443825, 11385320, 24468943, -9659068, -23919258, 2187569, -26263207, -6086921, 31316348, 14219878 },
487 },
488 {
489 { -28594490, 1193785, 32245219, 11392485, 31092169, 15722801, 27146014, 6992409, 29126555, 9207390 },
490 { 32382935, 1110093, 18477781, 11028262, -27411763, -7548111, -4980517, 10843782, -7957600, -14435730 },
491 { 2814918, 7836403, 27519878, -7868156, -20894015, -11553689, -21494559, 8550130, 28346258, 1994730 },
492 },
493 {
494 { -19578299, 8085545, -14000519, -3948622, 2785838, -16231307, -19516951, 7174894, 22628102, 8115180 },
495 { -30405132, 955511, -11133838, -15078069, -32447087, -13278079, -25651578, 3317160, -9943017, 930272 },
496 { -15303681, -6833769, 28856490, 1357446, 23421993, 1057177, 24091212, -1388970, -22765376, -10650715 },
497 },
498 {
499 { -22751231, -5303997, -12907607, -12768866, -15811511, -7797053, -14839018, -16554220, -1867018, 8398970 },
500 { -31969310, 2106403, -4736360, 1362501, 12813763, 16200670, 22981545, -6291273, 18009408, -15772772 },
501 { -17220923, -9545221, -27784654, 14166835, 29815394, 7444469, 29551787, -3727419, 19288549, 1325865 },
502 },
503 {
504 { 15100157, -15835752, -23923978, -1005098, -26450192, 15509408, 12376730, -3479146, 33166107, -8042750 },
505 { 20909231, 13023121, -9209752, 16251778, -5778415, -8094914, 12412151, 10018715, 2213263, -13878373 },
506 { 32529814, -11074689, 30361439, -16689753, -9135940, 1513226, 22922121, 6382134, -5766928, 8371348 },
507 },
508 },
509 {
510 {
511 { 9923462, 11271500, 12616794, 3544722, -29998368, -1721626, 12891687, -8193132, -26442943, 10486144 },
512 { -22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726, 2610596, -23921530, -11455195 },
513 { 5408411, -1136691, -4969122, 10561668, 24145918, 14240566, 31319731, -4235541, 19985175, -3436086 },
514 },
515 {
516 { -13994457, 16616821, 14549246, 3341099, 32155958, 13648976, -17577068, 8849297, 65030, 8370684 },
517 { -8320926, -12049626, 31204563, 5839400, -20627288, -1057277, -19442942, 6922164, 12743482, -9800518 },
518 { -2361371, 12678785, 28815050, 4759974, -23893047, 4884717, 23783145, 11038569, 18800704, 255233 },
519 },
520 {
521 { -5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847, 9066957, 19258688, -14753793 },
522 { -2936654, -10827535, -10432089, 14516793, -3640786, 4372541, -31934921, 2209390, -1524053, 2055794 },
523 { 580882, 16705327, 5468415, -2683018, -30926419, -14696000, -7203346, -8994389, -30021019, 7394435 },
524 },
525 {
526 { 23838809, 1822728, -15738443, 15242727, 8318092, -3733104, -21672180, -3492205, -4821741, 14799921 },
527 { 13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804, 13496856, -9056018, 7402518 },
528 { 2286874, -4435931, -20042458, -2008336, -13696227, 5038122, 11006906, -15760352, 8205061, 1607563 },
529 },
530 {
531 { 14414086, -8002132, 3331830, -3208217, 22249151, -5594188, 18364661, -2906958, 30019587, -9029278 },
532 { -27688051, 1585953, -10775053, 931069, -29120221, -11002319, -14410829, 12029093, 9944378, 8024 },
533 { 4368715, -3709630, 29874200, -15022983, -20230386, -11410704, -16114594, -999085, -8142388, 5640030 },
534 },
535 {
536 { 10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887, -16694564, 15219798, -14327783 },
537 { 27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605, -1173195, -18342183, 9742717 },
538 { 6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614, 7406442, 12420155, 1994844 },
539 },
540 {
541 { 14012521, -5024720, -18384453, -9578469, -26485342, -3936439, -13033478, -10909803, 24319929, -6446333 },
542 { 16412690, -4507367, 10772641, 15929391, -17068788, -4658621, 10555945, -10484049, -30102368, -4739048 },
543 { 22397382, -7767684, -9293161, -12792868, 17166287, -9755136, -27333065, 6199366, 21880021, -12250760 },
544 },
545 {
546 { -4283307, 5368523, -31117018, 8163389, -30323063, 3209128, 16557151, 8890729, 8840445, 4957760 },
547 { -15447727, 709327, -6919446, -10870178, -29777922, 6522332, -21720181, 12130072, -14796503, 5005757 },
548 { -2114751, -14308128, 23019042, 15765735, -25269683, 6002752, 10183197, -13239326, -16395286, -2176112 },
549 },
550 },
551 {
552 {
553 { -19025756, 1632005, 13466291, -7995100, -23640451, 16573537, -32013908, -3057104, 22208662, 2000468 },
554 { 3065073, -1412761, -25598674, -361432, -17683065, -5703415, -8164212, 11248527, -3691214, -7414184 },
555 { 10379208, -6045554, 8877319, 1473647, -29291284, -12507580, 16690915, 2553332, -3132688, 16400289 },
556 },
557 {
558 { 15716668, 1254266, -18472690, 7446274, -8448918, 6344164, -22097271, -7285580, 26894937, 9132066 },
559 { 24158887, 12938817, 11085297, -8177598, -28063478, -4457083, -30576463, 64452, -6817084, -2692882 },
560 { 13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710, -3418511, -4688006, 2364226 },
561 },
562 {
563 { 16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024, -11697457, 15445875, -7798101 },
564 { 29004207, -7867081, 28661402, -640412, -12794003, -7943086, 31863255, -4135540, -278050, -15759279 },
565 { -6122061, -14866665, -28614905, 14569919, -10857999, -3591829, 10343412, -6976290, -29828287, -10815811 },
566 },
567 {
568 { 27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636, 15372179, 17293797, 960709 },
569 { 20263915, 11434237, -5765435, 11236810, 13505955, -10857102, -16111345, 6493122, -19384511, 7639714 },
570 { -2830798, -14839232, 25403038, -8215196, -8317012, -16173699, 18006287, -16043750, 29994677, -15808121 },
571 },
572 {
573 { 9769828, 5202651, -24157398, -13631392, -28051003, -11561624, -24613141, -13860782, -31184575, 709464 },
574 { 12286395, 13076066, -21775189, -1176622, -25003198, 4057652, -32018128, -8890874, 16102007, 13205847 },
575 { 13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170, 8525972, 10151379, 10394400 },
576 },
577 {
578 { 4024660, -16137551, 22436262, 12276534, -9099015, -2686099, 19698229, 11743039, -33302334, 8934414 },
579 { -15879800, -4525240, -8580747, -2934061, 14634845, -698278, -9449077, 3137094, -11536886, 11721158 },
580 { 17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229, 8835153, -9205489, -1280045 },
581 },
582 {
583 { -461409, -7830014, 20614118, 16688288, -7514766, -4807119, 22300304, 505429, 6108462, -6183415 },
584 { -5070281, 12367917, -30663534, 3234473, 32617080, -8422642, 29880583, -13483331, -26898490, -7867459 },
585 { -31975283, 5726539, 26934134, 10237677, -3173717, -605053, 24199304, 3795095, 7592688, -14992079 },
586 },
587 {
588 { 21594432, -14964228, 17466408, -4077222, 32537084, 2739898, 6407723, 12018833, -28256052, 4298412 },
589 { -20650503, -11961496, -27236275, 570498, 3767144, -1717540, 13891942, -1569194, 13717174, 10805743 },
590 { -14676630, -15644296, 15287174, 11927123, 24177847, -8175568, -796431, 14860609, -26938930, -5863836 },
591 },
592 },
593 {
594 {
595 { 12962541, 5311799, -10060768, 11658280, 18855286, -7954201, 13286263, -12808704, -4381056, 9882022 },
596 { 18512079, 11319350, -20123124, 15090309, 18818594, 5271736, -22727904, 3666879, -23967430, -3299429 },
597 { -6789020, -3146043, 16192429, 13241070, 15898607, -14206114, -10084880, -6661110, -2403099, 5276065 },
598 },
599 {
600 { 30169808, -5317648, 26306206, -11750859, 27814964, 7069267, 7152851, 3684982, 1449224, 13082861 },
601 { 10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382, 15056736, -21016438, -8202000 },
602 { -33150110, 3261608, 22745853, 7948688, 19370557, -15177665, -26171976, 6482814, -10300080, -11060101 },
603 },
604 {
605 { 32869458, -5408545, 25609743, 15678670, -10687769, -15471071, 26112421, 2521008, -22664288, 6904815 },
606 { 29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737, 3841096, -29003639, -6657642 },
607 { 10340844, -6630377, -18656632, -2278430, 12621151, -13339055, 30878497, -11824370, -25584551, 5181966 },
608 },
609 {
610 { 25940115, -12658025, 17324188, -10307374, -8671468, 15029094, 24396252, -16450922, -2322852, -12388574 },
611 { -21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390, 12641087, 20603771, -6561742 },
612 { -18882287, -11673380, 24849422, 11501709, 13161720, -4768874, 1925523, 11914390, 4662781, 7820689 },
613 },
614 {
615 { 12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456, 12172924, 16136752, 15264020 },
616 { -10349955, -14680563, -8211979, 2330220, -17662549, -14545780, 10658213, 6671822, 19012087, 3772772 },
617 { 3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732, -15762884, 20527771, 12988982 },
618 },
619 {
620 { -14822485, -5797269, -3707987, 12689773, -898983, -10914866, -24183046, -10564943, 3299665, -12424953 },
621 { -16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197, 6461331, -25583147, 8991218 },
622 { -17226263, 1816362, -1673288, -6086439, 31783888, -8175991, -32948145, 7417950, -30242287, 1507265 },
623 },
624 {
625 { 29692663, 6829891, -10498800, 4334896, 20945975, -11906496, -28887608, 8209391, 14606362, -10647073 },
626 { -3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695, 9761487, 4170404, -2085325 },
627 { -11587470, 14855945, -4127778, -1531857, -26649089, 15084046, 22186522, 16002000, -14276837, -8400798 },
628 },
629 {
630 { -4811456, 13761029, -31703877, -2483919, -3312471, 7869047, -7113572, -9620092, 13240845, 10965870 },
631 { -7742563, -8256762, -14768334, -13656260, -23232383, 12387166, 4498947, 14147411, 29514390, 4302863 },
632 { -13413405, -12407859, 20757302, -13801832, 14785143, 8976368, -5061276, -2144373, 17846988, -13971927 },
633 },
634 },
635 {
636 {
637 { -2244452, -754728, -4597030, -1066309, -6247172, 1455299, -21647728, -9214789, -5222701, 12650267 },
638 { -9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813, 13770293, -19134326, 10958663 },
639 { 22470984, 12369526, 23446014, -5441109, -21520802, -9698723, -11772496, -11574455, -25083830, 4271862 },
640 },
641 {
642 { -25169565, -10053642, -19909332, 15361595, -5984358, 2159192, 75375, -4278529, -32526221, 8469673 },
643 { 15854970, 4148314, -8893890, 7259002, 11666551, 13824734, -30531198, 2697372, 24154791, -9460943 },
644 { 15446137, -15806644, 29759747, 14019369, 30811221, -9610191, -31582008, 12840104, 24913809, 9815020 },
645 },
646 {
647 { -4709286, -5614269, -31841498, -12288893, -14443537, 10799414, -9103676, 13438769, 18735128, 9466238 },
648 { 11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821, -10896103, -22728655, 16199064 },
649 { 14576810, 379472, -26786533, -8317236, -29426508, -10812974, -102766, 1876699, 30801119, 2164795 },
650 },
651 {
652 { 15995086, 3199873, 13672555, 13712240, -19378835, -4647646, -13081610, -15496269, -13492807, 1268052 },
653 { -10290614, -3659039, -3286592, 10948818, 23037027, 3794475, -3470338, -12600221, -17055369, 3565904 },
654 { 29210088, -9419337, -5919792, -4952785, 10834811, -13327726, -16512102, -10820713, -27162222, -14030531 },
655 },
656 {
657 { -13161890, 15508588, 16663704, -8156150, -28349942, 9019123, -29183421, -3769423, 2244111, -14001979 },
658 { -5152875, -3800936, -9306475, -6071583, 16243069, 14684434, -25673088, -16180800, 13491506, 4641841 },
659 { 10813417, 643330, -19188515, -728916, 30292062, -16600078, 27548447, -7721242, 14476989, -12767431 },
660 },
661 {
662 { 10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937, -1644259, -27912810, 12651324 },
663 { -31185513, -813383, 22271204, 11835308, 10201545, 15351028, 17099662, 3988035, 21721536, -3148940 },
664 { 10202177, -6545839, -31373232, -9574638, -32150642, -8119683, -12906320, 3852694, 13216206, 14842320 },
665 },
666 {
667 { -15815640, -10601066, -6538952, -7258995, -6984659, -6581778, -31500847, 13765824, -27434397, 9900184 },
668 { 14465505, -13833331, -32133984, -14738873, -27443187, 12990492, 33046193, 15796406, -7051866, -8040114 },
669 { 30924417, -8279620, 6359016, -12816335, 16508377, 9071735, -25488601, 15413635, 9524356, -7018878 },
670 },
671 {
672 { 12274201, -13175547, 32627641, -1785326, 6736625, 13267305, 5237659, -5109483, 15663516, 4035784 },
673 { -2951309, 8903985, 17349946, 601635, -16432815, -4612556, -13732739, -15889334, -22258478, 4659091 },
674 { -16916263, -4952973, -30393711, -15158821, 20774812, 15897498, 5736189, 15026997, -2178256, -13455585 },
675 },
676 },
677 {
678 {
679 { -8858980, -2219056, 28571666, -10155518, -474467, -10105698, -3801496, 278095, 23440562, -290208 },
680 { 10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275, 11551483, -16571960, -7442864 },
681 { 17932739, -12437276, -24039557, 10749060, 11316803, 7535897, 22503767, 5561594, -3646624, 3898661 },
682 },
683 {
684 { 7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531, 7152530, 21831162, 1245233 },
685 { 26958459, -14658026, 4314586, 8346991, -5677764, 11960072, -32589295, -620035, -30402091, -16716212 },
686 { -12165896, 9166947, 33491384, 13673479, 29787085, 13096535, 6280834, 14587357, -22338025, 13987525 },
687 },
688 {
689 { -24349909, 7778775, 21116000, 15572597, -4833266, -5357778, -4300898, -5124639, -7469781, -2858068 },
690 { 9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781, 6439245, -14581012, 4091397 },
691 { -8426427, 1470727, -28109679, -1596990, 3978627, -5123623, -19622683, 12092163, 29077877, -14741988 },
692 },
693 {
694 { 5269168, -6859726, -13230211, -8020715, 25932563, 1763552, -5606110, -5505881, -20017847, 2357889 },
695 { 32264008, -15407652, -5387735, -1160093, -2091322, -3946900, 23104804, -12869908, 5727338, 189038 },
696 { 14609123, -8954470, -6000566, -16622781, -14577387, -7743898, -26745169, 10942115, -25888931, -14884697 },
697 },
698 {
699 { 20513500, 5557931, -15604613, 7829531, 26413943, -2019404, -21378968, 7471781, 13913677, -5137875 },
700 { -25574376, 11967826, 29233242, 12948236, -6754465, 4713227, -8940970, 14059180, 12878652, 8511905 },
701 { -25656801, 3393631, -2955415, -7075526, -2250709, 9366908, -30223418, 6812974, 5568676, -3127656 },
702 },
703 {
704 { 11630004, 12144454, 2116339, 13606037, 27378885, 15676917, -17408753, -13504373, -14395196, 8070818 },
705 { 27117696, -10007378, -31282771, -5570088, 1127282, 12772488, -29845906, 10483306, -11552749, -1028714 },
706 { 10637467, -5688064, 5674781, 1072708, -26343588, -6982302, -1683975, 9177853, -27493162, 15431203 },
707 },
708 {
709 { 20525145, 10892566, -12742472, 12779443, -29493034, 16150075, -28240519, 14943142, -15056790, -7935931 },
710 { -30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767, -3239766, -3356550, 9594024 },
711 { -23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683, -6492290, 13352335, -10977084 },
712 },
713 {
714 { -1931799, -5407458, 3304649, -12884869, 17015806, -4877091, -29783850, -7752482, -13215537, -319204 },
715 { 20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742, 15077870, -22750759, 14523817 },
716 { 27406042, -6041657, 27423596, -4497394, 4996214, 10002360, -28842031, -4545494, -30172742, -4805667 },
717 },
718 },
719 {
720 {
721 { 11374242, 12660715, 17861383, -12540833, 10935568, 1099227, -13886076, -9091740, -27727044, 11358504 },
722 { -12730809, 10311867, 1510375, 10778093, -2119455, -9145702, 32676003, 11149336, -26123651, 4985768 },
723 { -19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043, 13794114, -19414307, -15621255 },
724 },
725 {
726 { 6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603, 6970005, -1691065, -9004790 },
727 { 1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622, -5475723, -16796596, -5031438 },
728 { -22273315, -13524424, -64685, -4334223, -18605636, -10921968, -20571065, -7007978, -99853, -10237333 },
729 },
730 {
731 { 17747465, 10039260, 19368299, -4050591, -20630635, -16041286, 31992683, -15857976, -29260363, -5511971 },
732 { 31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999, -3744247, 4882242, -10626905 },
733 { 29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198, 3272828, -5190932, -4162409 },
734 },
735 {
736 { 12501286, 4044383, -8612957, -13392385, -32430052, 5136599, -19230378, -3529697, 330070, -3659409 },
737 { 6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522, -8573892, -271295, 12071499 },
738 { -8365515, -4042521, 25133448, -4517355, -6211027, 2265927, -32769618, 1936675, -5159697, 3829363 },
739 },
740 {
741 { 28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550, -6567787, 26333140, 14267664 },
742 { -11067219, 11871231, 27385719, -10559544, -4585914, -11189312, 10004786, -8709488, -21761224, 8930324 },
743 { -21197785, -16396035, 25654216, -1725397, 12282012, 11008919, 1541940, 4757911, -26491501, -16408940 },
744 },
745 {
746 { 13537262, -7759490, -20604840, 10961927, -5922820, -13218065, -13156584, 6217254, -15943699, 13814990 },
747 { -17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681, 9257833, -1956526, -1776914 },
748 { -25045300, -10191966, 15366585, 15166509, -13105086, 8423556, -29171540, 12361135, -18685978, 4578290 },
749 },
750 {
751 { 24579768, 3711570, 1342322, -11180126, -27005135, 14124956, -22544529, 14074919, 21964432, 8235257 },
752 { -6528613, -2411497, 9442966, -5925588, 12025640, -1487420, -2981514, -1669206, 13006806, 2355433 },
753 { -16304899, -13605259, -6632427, -5142349, 16974359, -10911083, 27202044, 1719366, 1141648, -12796236 },
754 },
755 {
756 { -12863944, -13219986, -8318266, -11018091, -6810145, -4843894, 13475066, -3133972, 32674895, 13715045 },
757 { 11423335, -5468059, 32344216, 8962751, 24989809, 9241752, -13265253, 16086212, -28740881, -15642093 },
758 { -1409668, 12530728, -6368726, 10847387, 19531186, -14132160, -11709148, 7791794, -27245943, 4383347 },
759 },
760 },
761 {
762 {
763 { -28970898, 5271447, -1266009, -9736989, -12455236, 16732599, -4862407, -4906449, 27193557, 6245191 },
764 { -15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898, 3260492, 22510453, 8577507 },
765 { -12632451, 11257346, -32692994, 13548177, -721004, 10879011, 31168030, 13952092, -29571492, -3635906 },
766 },
767 {
768 { 3877321, -9572739, 32416692, 5405324, -11004407, -13656635, 3759769, 11935320, 5611860, 8164018 },
769 { -16275802, 14667797, 15906460, 12155291, -22111149, -9039718, 32003002, -8832289, 5773085, -8422109 },
770 { -23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725, 12376320, 31632953, 190926 },
771 },
772 {
773 { -24593607, -16138885, -8423991, 13378746, 14162407, 6901328, -8288749, 4508564, -25341555, -3627528 },
774 { 8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941, -14786005, -1672488, 827625 },
775 { -32720583, -16289296, -32503547, 7101210, 13354605, 2659080, -1800575, -14108036, -24878478, 1541286 },
776 },
777 {
778 { 2901347, -1117687, 3880376, -10059388, -17620940, -3612781, -21802117, -3567481, 20456845, -1885033 },
779 { 27019610, 12299467, -13658288, -1603234, -12861660, -4861471, -19540150, -5016058, 29439641, 15138866 },
780 { 21536104, -6626420, -32447818, -10690208, -22408077, 5175814, -5420040, -16361163, 7779328, 109896 },
781 },
782 {
783 { 30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390, 12180118, 23177719, -554075 },
784 { 26572847, 3405927, -31701700, 12890905, -19265668, 5335866, -6493768, 2378492, 4439158, -13279347 },
785 { -22716706, 3489070, -9225266, -332753, 18875722, -1140095, 14819434, -12731527, -17717757, -5461437 },
786 },
787 {
788 { -5056483, 16566551, 15953661, 3767752, -10436499, 15627060, -820954, 2177225, 8550082, -15114165 },
789 { -18473302, 16596775, -381660, 15663611, 22860960, 15585581, -27844109, -3582739, -23260460, -8428588 },
790 { -32480551, 15707275, -8205912, -5652081, 29464558, 2713815, -22725137, 15860482, -21902570, 1494193 },
791 },
792 {
793 { -19562091, -14087393, -25583872, -9299552, 13127842, 759709, 21923482, 16529112, 8742704, 12967017 },
794 { -28464899, 1553205, 32536856, -10473729, -24691605, -406174, -8914625, -2933896, -29903758, 15553883 },
795 { 21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572, 14513274, 19375923, -12647961 },
796 },
797 {
798 { 8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818, -6222716, 2862653, 9455043 },
799 { 29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124, -2990080, 15511449, 4789663 },
800 { -20679756, 7004547, 8824831, -9434977, -4045704, -3750736, -5754762, 108893, 23513200, 16652362 },
801 },
802 },
803 {
804 {
805 { -33256173, 4144782, -4476029, -6579123, 10770039, -7155542, -6650416, -12936300, -18319198, 10212860 },
806 { 2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801, 2600940, -9988298, -12506466 },
807 { -24645692, 13317462, -30449259, -15653928, 21365574, -10869657, 11344424, 864440, -2499677, -16710063 },
808 },
809 {
810 { -26432803, 6148329, -17184412, -14474154, 18782929, -275997, -22561534, 211300, 2719757, 4940997 },
811 { -1323882, 3911313, -6948744, 14759765, -30027150, 7851207, 21690126, 8518463, 26699843, 5276295 },
812 { -13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586, 149635, -15452774, 7159369 },
813 },
814 {
815 { 9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009, 8312176, 22477218, -8403385 },
816 { 18155857, -16504990, 19744716, 9006923, 15154154, -10538976, 24256460, -4864995, -22548173, 9334109 },
817 { 2986088, -4911893, 10776628, -3473844, 10620590, -7083203, -21413845, 14253545, -22587149, 536906 },
818 },
819 {
820 { 4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551, 10589625, 10838060, -15420424 },
821 { -19342404, 867880, 9277171, -3218459, -14431572, -1986443, 19295826, -15796950, 6378260, 699185 },
822 { 7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039, 15693155, -5045064, -13373962 },
823 },
824 {
825 { -7737563, -5869402, -14566319, -7406919, 11385654, 13201616, 31730678, -10962840, -3918636, -9669325 },
826 { 10188286, -15770834, -7336361, 13427543, 22223443, 14896287, 30743455, 7116568, -21786507, 5427593 },
827 { 696102, 13206899, 27047647, -10632082, 15285305, -9853179, 10798490, -4578720, 19236243, 12477404 },
828 },
829 {
830 { -11229439, 11243796, -17054270, -8040865, -788228, -8167967, -3897669, 11180504, -23169516, 7733644 },
831 { 17800790, -14036179, -27000429, -11766671, 23887827, 3149671, 23466177, -10538171, 10322027, 15313801 },
832 { 26246234, 11968874, 32263343, -5468728, 6830755, -13323031, -15794704, -101982, -24449242, 10890804 },
833 },
834 {
835 { -31365647, 10271363, -12660625, -6267268, 16690207, -13062544, -14982212, 16484931, 25180797, -5334884 },
836 { -586574, 10376444, -32586414, -11286356, 19801893, 10997610, 2276632, 9482883, 316878, 13820577 },
837 { -9882808, -4510367, -2115506, 16457136, -11100081, 11674996, 30756178, -7515054, 30696930, -3712849 },
838 },
839 {
840 { 32988917, -9603412, 12499366, 7910787, -10617257, -11931514, -7342816, -9985397, -32349517, 7392473 },
841 { -8855661, 15927861, 9866406, -3649411, -2396914, -16655781, -30409476, -9134995, 25112947, -2926644 },
842 { -2504044, -436966, 25621774, -5678772, 15085042, -5479877, -24884878, -13526194, 5537438, -13914319 },
843 },
844 },
845 {
846 {
847 { -11225584, 2320285, -9584280, 10149187, -33444663, 5808648, -14876251, -1729667, 31234590, 6090599 },
848 { -9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721, 15878753, -6970405, -9034768 },
849 { -27757857, 247744, -15194774, -9002551, 23288161, -10011936, -23869595, 6503646, 20650474, 1804084 },
850 },
851 {
852 { -27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995, -10329713, 27842616, -202328 },
853 { -15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656, 5031932, -11375082, 12714369 },
854 { 20807691, -7270825, 29286141, 11421711, -27876523, -13868230, -21227475, 1035546, -19733229, 12796920 },
855 },
856 {
857 { 12076899, -14301286, -8785001, -11848922, -25012791, 16400684, -17591495, -12899438, 3480665, -15182815 },
858 { -32361549, 5457597, 28548107, 7833186, 7303070, -11953545, -24363064, -15921875, -33374054, 2771025 },
859 { -21389266, 421932, 26597266, 6860826, 22486084, -6737172, -17137485, -4210226, -24552282, 15673397 },
860 },
861 {
862 { -20184622, 2338216, 19788685, -9620956, -4001265, -8740893, -20271184, 4733254, 3727144, -12934448 },
863 { 6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594, 7975683, 31123697, -10958981 },
864 { 30069250, -11435332, 30434654, 2958439, 18399564, -976289, 12296869, 9204260, -16432438, 9648165 },
865 },
866 {
867 { 32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266, 5248604, -26008332, -11377501 },
868 { 17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711, 15298639, 2662509, -16297073 },
869 { -1172927, -7558695, -4366770, -4287744, -21346413, -8434326, 32087529, -1222777, 32247248, -14389861 },
870 },
871 {
872 { 14312628, 1221556, 17395390, -8700143, -4945741, -8684635, -28197744, -9637817, -16027623, -13378845 },
873 { -1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502, 9803137, 17597934, 2346211 },
874 { 18510800, 15337574, 26171504, 981392, -22241552, 7827556, -23491134, -11323352, 3059833, -11782870 },
875 },
876 {
877 { 10141598, 6082907, 17829293, -1947643, 9830092, 13613136, -25556636, -5544586, -33502212, 3592096 },
878 { 33114168, -15889352, -26525686, -13343397, 33076705, 8716171, 1151462, 1521897, -982665, -6837803 },
879 { -32939165, -4255815, 23947181, -324178, -33072974, -12305637, -16637686, 3891704, 26353178, 693168 },
880 },
881 {
882 { 30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294, -400668, 31375464, 14369965 },
883 { -14370654, -7772529, 1510301, 6434173, -18784789, -6262728, 32732230, -13108839, 17901441, 16011505 },
884 { 18171223, -11934626, -12500402, 15197122, -11038147, -15230035, -19172240, -16046376, 8764035, 12309598 },
885 },
886 },
887 {
888 {
889 { 5975908, -5243188, -19459362, -9681747, -11541277, 14015782, -23665757, 1228319, 17544096, -10593782 },
890 { 5811932, -1715293, 3442887, -2269310, -18367348, -8359541, -18044043, -15410127, -5565381, 12348900 },
891 { -31399660, 11407555, 25755363, 6891399, -3256938, 14872274, -24849353, 8141295, -10632534, -585479 },
892 },
893 {
894 { -12675304, 694026, -5076145, 13300344, 14015258, -14451394, -9698672, -11329050, 30944593, 1130208 },
895 { 8247766, -6710942, -26562381, -7709309, -14401939, -14648910, 4652152, 2488540, 23550156, -271232 },
896 { 17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737, -5908146, -408818, -137719 },
897 },
898 {
899 { 16091085, -16253926, 18599252, 7340678, 2137637, -1221657, -3364161, 14550936, 3260525, -7166271 },
900 { -4910104, -13332887, 18550887, 10864893, -16459325, -7291596, -23028869, -13204905, -12748722, 2701326 },
901 { -8574695, 16099415, 4629974, -16340524, -20786213, -6005432, -10018363, 9276971, 11329923, 1862132 },
902 },
903 {
904 { 14763076, -15903608, -30918270, 3689867, 3511892, 10313526, -21951088, 12219231, -9037963, -940300 },
905 { 8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216, -2909717, -15438168, 11595570 },
906 { 15214962, 3537601, -26238722, -14058872, 4418657, -15230761, 13947276, 10730794, -13489462, -4363670 },
907 },
908 {
909 { -2538306, 7682793, 32759013, 263109, -29984731, -7955452, -22332124, -10188635, 977108, 699994 },
910 { -12466472, 4195084, -9211532, 550904, -15565337, 12917920, 19118110, -439841, -30534533, -14337913 },
911 { 31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237, -10051775, 12493932, -5409317 },
912 },
913 {
914 { -25680606, 5260744, -19235809, -6284470, -3695942, 16566087, 27218280, 2607121, 29375955, 6024730 },
915 { 842132, -2794693, -4763381, -8722815, 26332018, -12405641, 11831880, 6985184, -9940361, 2854096 },
916 { -4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645, 960770, 12121869, 16648078 },
917 },
918 {
919 { -15218652, 14667096, -13336229, 2013717, 30598287, -464137, -31504922, -7882064, 20237806, 2838411 },
920 { -19288047, 4453152, 15298546, -16178388, 22115043, -15972604, 12544294, -13470457, 1068881, -12499905 },
921 { -9558883, -16518835, 33238498, 13506958, 30505848, -1114596, -8486907, -2630053, 12521378, 4845654 },
922 },
923 {
924 { -28198521, 10744108, -2958380, 10199664, 7759311, -13088600, 3409348, -873400, -6482306, -12885870 },
925 { -23561822, 6230156, -20382013, 10655314, -24040585, -11621172, 10477734, -1240216, -3113227, 13974498 },
926 { 12966261, 15550616, -32038948, -1615346, 21025980, -629444, 5642325, 7188737, 18895762, 12629579 },
927 },
928 },
929 {
930 {
931 { 14741879, -14946887, 22177208, -11721237, 1279741, 8058600, 11758140, 789443, 32195181, 3895677 },
932 { 10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575, -3566119, -8982069, 4429647 },
933 { -2453894, 15725973, -20436342, -10410672, -5803908, -11040220, -7135870, -11642895, 18047436, -15281743 },
934 },
935 {
936 { -25173001, -11307165, 29759956, 11776784, -22262383, -15820455, 10993114, -12850837, -17620701, -9408468 },
937 { 21987233, 700364, -24505048, 14972008, -7774265, -5718395, 32155026, 2581431, -29958985, 8773375 },
938 { -25568350, 454463, -13211935, 16126715, 25240068, 8594567, 20656846, 12017935, -7874389, -13920155 },
939 },
940 {
941 { 6028182, 6263078, -31011806, -11301710, -818919, 2461772, -31841174, -5468042, -1721788, -2776725 },
942 { -12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845, -4166698, 28408820, 6816612 },
943 { -10358094, -8237829, 19549651, -12169222, 22082623, 16147817, 20613181, 13982702, -10339570, 5067943 },
944 },
945 {
946 { -30505967, -3821767, 12074681, 13582412, -19877972, 2443951, -19719286, 12746132, 5331210, -10105944 },
947 { 30528811, 3601899, -1957090, 4619785, -27361822, -15436388, 24180793, -12570394, 27679908, -1648928 },
948 { 9402404, -13957065, 32834043, 10838634, -26580150, -13237195, 26653274, -8685565, 22611444, -12715406 },
949 },
950 {
951 { 22190590, 1118029, 22736441, 15130463, -30460692, -5991321, 19189625, -4648942, 4854859, 6622139 },
952 { -8310738, -2953450, -8262579, -3388049, -10401731, -271929, 13424426, -3567227, 26404409, 13001963 },
953 { -31241838, -15415700, -2994250, 8939346, 11562230, -12840670, -26064365, -11621720, -15405155, 11020693 },
954 },
955 {
956 { 1866042, -7949489, -7898649, -10301010, 12483315, 13477547, 3175636, -12424163, 28761762, 1406734 },
957 { -448555, -1777666, 13018551, 3194501, -9580420, -11161737, 24760585, -4347088, 25577411, -13378680 },
958 { -24290378, 4759345, -690653, -1852816, 2066747, 10693769, -29595790, 9884936, -9368926, 4745410 },
959 },
960 {
961 { -9141284, 6049714, -19531061, -4341411, -31260798, 9944276, -15462008, -11311852, 10931924, -11931931 },
962 { -16561513, 14112680, -8012645, 4817318, -8040464, -11414606, -22853429, 10856641, -20470770, 13434654 },
963 { 22759489, -10073434, -16766264, -1871422, 13637442, -10168091, 1765144, -12654326, 28445307, -5364710 },
964 },
965 {
966 { 29875063, 12493613, 2795536, -3786330, 1710620, 15181182, -10195717, -8788675, 9074234, 1167180 },
967 { -26205683, 11014233, -9842651, -2635485, -26908120, 7532294, -18716888, -9535498, 3843903, 9367684 },
968 { -10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123, 8601684, -139197, 4242895 },
969 },
970 },
971 {
972 {
973 { 22092954, -13191123, -2042793, -11968512, 32186753, -11517388, -6574341, 2470660, -27417366, 16625501 },
974 { -11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857, 2602725, -27351616, 14247413 },
975 { 6314175, -10264892, -32772502, 15957557, -10157730, 168750, -8618807, 14290061, 27108877, -1180880 },
976 },
977 {
978 { -8586597, -7170966, 13241782, 10960156, -32991015, -13794596, 33547976, -11058889, -27148451, 981874 },
979 { 22833440, 9293594, -32649448, -13618667, -9136966, 14756819, -22928859, -13970780, -10479804, -16197962 },
980 { -7768587, 3326786, -28111797, 10783824, 19178761, 14905060, 22680049, 13906969, -15933690, 3797899 },
981 },
982 {
983 { 21721356, -4212746, -12206123, 9310182, -3882239, -13653110, 23740224, -2709232, 20491983, -8042152 },
984 { 9209270, -15135055, -13256557, -6167798, -731016, 15289673, 25947805, 15286587, 30997318, -6703063 },
985 { 7392032, 16618386, 23946583, -8039892, -13265164, -1533858, -14197445, -2321576, 17649998, -250080 },
986 },
987 {
988 { -9301088, -14193827, 30609526, -3049543, -25175069, -1283752, -15241566, -9525724, -2233253, 7662146 },
989 { -17558673, 1763594, -33114336, 15908610, -30040870, -12174295, 7335080, -8472199, -3174674, 3440183 },
990 { -19889700, -5977008, -24111293, -9688870, 10799743, -16571957, 40450, -4431835, 4862400, 1133 },
991 },
992 {
993 { -32856209, -7873957, -5422389, 14860950, -16319031, 7956142, 7258061, 311861, -30594991, -7379421 },
994 { -3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763, 16527196, 18278453, 15405622 },
995 { -4381906, 8508652, -19898366, -3674424, -5984453, 15149970, -13313598, 843523, -21875062, 13626197 },
996 },
997 {
998 { 2281448, -13487055, -10915418, -2609910, 1879358, 16164207, -10783882, 3953792, 13340839, 15928663 },
999 { 31727126, -7179855, -18437503, -8283652, 2875793, -16390330, -25269894, -7014826, -23452306, 5964753 },
1000 { 4100420, -5959452, -17179337, 6017714, -18705837, 12227141, -26684835, 11344144, 2538215, -7570755 },
1001 },
1002 {
1003 { -9433605, 6123113, 11159803, -2156608, 30016280, 14966241, -20474983, 1485421, -629256, -15958862 },
1004 { -26804558, 4260919, 11851389, 9658551, -32017107, 16367492, -20205425, -13191288, 11659922, -11115118 },
1005 { 26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568, -10170080, 33100372, -1306171 },
1006 },
1007 {
1008 { 15121113, -5201871, -10389905, 15427821, -27509937, -15992507, 21670947, 4486675, -5931810, -14466380 },
1009 { 16166486, -9483733, -11104130, 6023908, -31926798, -1364923, 2340060, -16254968, -10735770, -10039824 },
1010 { 28042865, -3557089, -12126526, 12259706, -3717498, -6945899, 6766453, -8689599, 18036436, 5803270 },
1011 },
1012 },
1013 {
1014 {
1015 { -817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391, 4598332, -6159431, -14117438 },
1016 { -31031306, -14256194, 17332029, -2383520, 31312682, -5967183, 696309, 50292, -20095739, 11763584 },
1017 { -594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117, -12613632, -19773211, -10713562 },
1018 },
1019 {
1020 { 30464590, -11262872, -4127476, -12734478, 19835327, -7105613, -24396175, 2075773, -17020157, 992471 },
1021 { 18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841, 8080033, -11574335, -10601610 },
1022 { 19598397, 10334610, 12555054, 2555664, 18821899, -10339780, 21873263, 16014234, 26224780, 16452269 },
1023 },
1024 {
1025 { -30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804, -7618186, -20533829, 3698650 },
1026 { 14187449, 3448569, -10636236, -10810935, -22663880, -3433596, 7268410, -10890444, 27394301, 12015369 },
1027 { 19695761, 16087646, 28032085, 12999827, 6817792, 11427614, 20244189, -1312777, -13259127, -3402461 },
1028 },
1029 {
1030 { 30860103, 12735208, -1888245, -4699734, -16974906, 2256940, -8166013, 12298312, -8550524, -10393462 },
1031 { -5719826, -11245325, -1910649, 15569035, 26642876, -7587760, -5789354, -15118654, -4976164, 12651793 },
1032 { -2848395, 9953421, 11531313, -5282879, 26895123, -12697089, -13118820, -16517902, 9768698, -2533218 },
1033 },
1034 {
1035 { -24719459, 1894651, -287698, -4704085, 15348719, -8156530, 32767513, 12765450, 4940095, 10678226 },
1036 { 18860224, 15980149, -18987240, -1562570, -26233012, -11071856, -7843882, 13944024, -24372348, 16582019 },
1037 { -15504260, 4970268, -29893044, 4175593, -20993212, -2199756, -11704054, 15444560, -11003761, 7989037 },
1038 },
1039 {
1040 { 31490452, 5568061, -2412803, 2182383, -32336847, 4531686, -32078269, 6200206, -19686113, -14800171 },
1041 { -17308668, -15879940, -31522777, -2831, -32887382, 16375549, 8680158, -16371713, 28550068, -6857132 },
1042 { -28126887, -5688091, 16837845, -1820458, -6850681, 12700016, -30039981, 4364038, 1155602, 5988841 },
1043 },
1044 {
1045 { 21890435, -13272907, -12624011, 12154349, -7831873, 15300496, 23148983, -4470481, 24618407, 8283181 },
1046 { -33136107, -10512751, 9975416, 6841041, -31559793, 16356536, 3070187, -7025928, 1466169, 10740210 },
1047 { -1509399, -15488185, -13503385, -10655916, 32799044, 909394, -13938903, -5779719, -32164649, -15327040 },
1048 },
1049 {
1050 { 3960823, -14267803, -28026090, -15918051, -19404858, 13146868, 15567327, 951507, -3260321, -573935 },
1051 { 24740841, 5052253, -30094131, 8961361, 25877428, 6165135, -24368180, 14397372, -7380369, -6144105 },
1052 { -28888365, 3510803, -28103278, -1158478, -11238128, -10631454, -15441463, -14453128, -1625486, -6494814 },
1053 },
1054 },
1055 {
1056 {
1057 { 793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843, -4885251, -9906200, -621852 },
1058 { 5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374, 1468826, -6171428, -15186581 },
1059 { -4859255, -3779343, -2917758, -6748019, 7778750, 11688288, -30404353, -9871238, -1558923, -9863646 },
1060 },
1061 {
1062 { 10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958, 14783338, -30581476, -15757844 },
1063 { 10566929, 12612572, -31944212, 11118703, -12633376, 12362879, 21752402, 8822496, 24003793, 14264025 },
1064 { 27713862, -7355973, -11008240, 9227530, 27050101, 2504721, 23886875, -13117525, 13958495, -5732453 },
1065 },
1066 {
1067 { -23481610, 4867226, -27247128, 3900521, 29838369, -8212291, -31889399, -10041781, 7340521, -15410068 },
1068 { 4646514, -8011124, -22766023, -11532654, 23184553, 8566613, 31366726, -1381061, -15066784, -10375192 },
1069 { -17270517, 12723032, -16993061, 14878794, 21619651, -6197576, 27584817, 3093888, -8843694, 3849921 },
1070 },
1071 {
1072 { -9064912, 2103172, 25561640, -15125738, -5239824, 9582958, 32477045, -9017955, 5002294, -15550259 },
1073 { -12057553, -11177906, 21115585, -13365155, 8808712, -12030708, 16489530, 13378448, -25845716, 12741426 },
1074 { -5946367, 10645103, -30911586, 15390284, -3286982, -7118677, 24306472, 15852464, 28834118, -7646072 },
1075 },
1076 {
1077 { -17335748, -9107057, -24531279, 9434953, -8472084, -583362, -13090771, 455841, 20461858, 5491305 },
1078 { 13669248, -16095482, -12481974, -10203039, -14569770, -11893198, -24995986, 11293807, -28588204, -9421832 },
1079 { 28497928, 6272777, -33022994, 14470570, 8906179, -1225630, 18504674, -14165166, 29867745, -8795943 },
1080 },
1081 {
1082 { -16207023, 13517196, -27799630, -13697798, 24009064, -6373891, -6367600, -13175392, 22853429, -4012011 },
1083 { 24191378, 16712145, -13931797, 15217831, 14542237, 1646131, 18603514, -11037887, 12876623, -2112447 },
1084 { 17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753, 608397, 16031844, 3723494 },
1085 },
1086 {
1087 { -28632773, 12763728, -20446446, 7577504, 33001348, -13017745, 17558842, -7872890, 23896954, -4314245 },
1088 { -20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064, 7229064, -9919646, -8826859 },
1089 { 28816045, 298879, -28165016, -15920938, 19000928, -1665890, -12680833, -2949325, -18051778, -2082915 },
1090 },
1091 {
1092 { 16000882, -344896, 3493092, -11447198, -29504595, -13159789, 12577740, 16041268, -19715240, 7847707 },
1093 { 10151868, 10572098, 27312476, 7922682, 14825339, 4723128, -32855931, -6519018, -10020567, 3852848 },
1094 { -11430470, 15697596, -21121557, -4420647, 5386314, 15063598, 16514493, -15932110, 29330899, -15076224 },
1095 },
1096 },
1097 {
1098 {
1099 { -25499735, -4378794, -15222908, -6901211, 16615731, 2051784, 3303702, 15490, -27548796, 12314391 },
1100 { 15683520, -6003043, 18109120, -9980648, 15337968, -5997823, -16717435, 15921866, 16103996, -3731215 },
1101 { -23169824, -10781249, 13588192, -1628807, -3798557, -1074929, -19273607, 5402699, -29815713, -9841101 },
1102 },
1103 {
1104 { 23190676, 2384583, -32714340, 3462154, -29903655, -1529132, -11266856, 8911517, -25205859, 2739713 },
1105 { 21374101, -3554250, -33524649, 9874411, 15377179, 11831242, -33529904, 6134907, 4931255, 11987849 },
1106 { -7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539, 13861388, -30076310, 10117930 },
1107 },
1108 {
1109 { -29501170, -10744872, -26163768, 13051539, -25625564, 5089643, -6325503, 6704079, 12890019, 15728940 },
1110 { -21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376, -10428139, 12885167, 8311031 },
1111 { -17516482, 5352194, 10384213, -13811658, 7506451, 13453191, 26423267, 4384730, 1888765, -5435404 },
1112 },
1113 {
1114 { -25817338, -3107312, -13494599, -3182506, 30896459, -13921729, -32251644, -12707869, -19464434, -3340243 },
1115 { -23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245, 14845197, 17151279, -9854116 },
1116 { -24830458, -12733720, -15165978, 10367250, -29530908, -265356, 22825805, -7087279, -16866484, 16176525 },
1117 },
1118 {
1119 { -23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182, -10363426, -28746253, -10197509 },
1120 { -10626600, -4486402, -13320562, -5125317, 3432136, -6393229, 23632037, -1940610, 32808310, 1099883 },
1121 { 15030977, 5768825, -27451236, -2887299, -6427378, -15361371, -15277896, -6809350, 2051441, -15225865 },
1122 },
1123 {
1124 { -3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398, -14154188, -22686354, 16633660 },
1125 { 4577086, -16752288, 13249841, -15304328, 19958763, -14537274, 18559670, -10759549, 8402478, -9864273 },
1126 { -28406330, -1051581, -26790155, -907698, -17212414, -11030789, 9453451, -14980072, 17983010, 9967138 },
1127 },
1128 {
1129 { -25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990, 7806337, 17507396, 3651560 },
1130 { -10420457, -4118111, 14584639, 15971087, -15768321, 8861010, 26556809, -5574557, -18553322, -11357135 },
1131 { 2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121, 8459447, -5605463, -7621941 },
1132 },
1133 {
1134 { -4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813, -849066, 17258084, -7977739 },
1135 { 18164541, -10595176, -17154882, -1542417, 19237078, -9745295, 23357533, -15217008, 26908270, 12150756 },
1136 { -30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168, -5537701, -32302074, 16215819 },
1137 },
1138 },
1139 {
1140 {
1141 { -6898905, 9824394, -12304779, -4401089, -31397141, -6276835, 32574489, 12532905, -7503072, -8675347 },
1142 { -27343522, -16515468, -27151524, -10722951, 946346, 16291093, 254968, 7168080, 21676107, -1943028 },
1143 { 21260961, -8424752, -16831886, -11920822, -23677961, 3968121, -3651949, -6215466, -3556191, -7913075 },
1144 },
1145 {
1146 { 16544754, 13250366, -16804428, 15546242, -4583003, 12757258, -2462308, -8680336, -18907032, -9662799 },
1147 { -2415239, -15577728, 18312303, 4964443, -15272530, -12653564, 26820651, 16690659, 25459437, -4564609 },
1148 { -25144690, 11425020, 28423002, -11020557, -6144921, -15826224, 9142795, -2391602, -6432418, -1644817 },
1149 },
1150 {
1151 { -23104652, 6253476, 16964147, -3768872, -25113972, -12296437, -27457225, -16344658, 6335692, 7249989 },
1152 { -30333227, 13979675, 7503222, -12368314, -11956721, -4621693, -30272269, 2682242, 25993170, -12478523 },
1153 { 4364628, 5930691, 32304656, -10044554, -8054781, 15091131, 22857016, -10598955, 31820368, 15075278 },
1154 },
1155 {
1156 { 31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788, -9650886, -17970238, 12833045 },
1157 { 19073683, 14851414, -24403169, -11860168, 7625278, 11091125, -19619190, 2074449, -9413939, 14905377 },
1158 { 24483667, -11935567, -2518866, -11547418, -1553130, 15355506, -25282080, 9253129, 27628530, -7555480 },
1159 },
1160 {
1161 { 17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324, -9157582, -14110875, 15297016 },
1162 { 510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417, -11864220, 8683221, 2921426 },
1163 { 18606791, 11874196, 27155355, -5281482, -24031742, 6265446, -25178240, -1278924, 4674690, 13890525 },
1164 },
1165 {
1166 { 13609624, 13069022, -27372361, -13055908, 24360586, 9592974, 14977157, 9835105, 4389687, 288396 },
1167 { 9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062, 8317628, 23388070, 16052080 },
1168 { 12720016, 11937594, -31970060, -5028689, 26900120, 8561328, -20155687, -11632979, -14754271, -10812892 },
1169 },
1170 {
1171 { 15961858, 14150409, 26716931, -665832, -22794328, 13603569, 11829573, 7467844, -28822128, 929275 },
1172 { 11038231, -11582396, -27310482, -7316562, -10498527, -16307831, -23479533, -9371869, -21393143, 2465074 },
1173 { 20017163, -4323226, 27915242, 1529148, 12396362, 15675764, 13817261, -9658066, 2463391, -4622140 },
1174 },
1175 {
1176 { -16358878, -12663911, -12065183, 4996454, -1256422, 1073572, 9583558, 12851107, 4003896, 12673717 },
1177 { -1731589, -15155870, -3262930, 16143082, 19294135, 13385325, 14741514, -9103726, 7903886, 2348101 },
1178 { 24536016, -16515207, 12715592, -3862155, 1511293, 10047386, -3842346, -7129159, -28377538, 10048127 },
1179 },
1180 },
1181 {
1182 {
1183 { -12622226, -6204820, 30718825, 2591312, -10617028, 12192840, 18873298, -7297090, -32297756, 15221632 },
1184 { -26478122, -11103864, 11546244, -1852483, 9180880, 7656409, -21343950, 2095755, 29769758, 6593415 },
1185 { -31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345, -6118678, 30958054, 8292160 },
1186 },
1187 {
1188 { 31429822, -13959116, 29173532, 15632448, 12174511, -2760094, 32808831, 3977186, 26143136, -3148876 },
1189 { 22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633, -1674433, -3758243, -2304625 },
1190 { -15491917, 8012313, -2514730, -12702462, -23965846, -10254029, -1612713, -1535569, -16664475, 8194478 },
1191 },
1192 {
1193 { 27338066, -7507420, -7414224, 10140405, -19026427, -6589889, 27277191, 8855376, 28572286, 3005164 },
1194 { 26287124, 4821776, 25476601, -4145903, -3764513, -15788984, -18008582, 1182479, -26094821, -13079595 },
1195 { -7171154, 3178080, 23970071, 6201893, -17195577, -4489192, -21876275, -13982627, 32208683, -1198248 },
1196 },
1197 {
1198 { -16657702, 2817643, -10286362, 14811298, 6024667, 13349505, -27315504, -10497842, -27672585, -11539858 },
1199 { 15941029, -9405932, -21367050, 8062055, 31876073, -238629, -15278393, -1444429, 15397331, -4130193 },
1200 { 8934485, -13485467, -23286397, -13423241, -32446090, 14047986, 31170398, -1441021, -27505566, 15087184 },
1201 },
1202 {
1203 { -18357243, -2156491, 24524913, -16677868, 15520427, -6360776, -15502406, 11461896, 16788528, -5868942 },
1204 { -1947386, 16013773, 21750665, 3714552, -17401782, -16055433, -3770287, -10323320, 31322514, -11615635 },
1205 { 21426655, -5650218, -13648287, -5347537, -28812189, -4920970, -18275391, -14621414, 13040862, -12112948 },
1206 },
1207 {
1208 { 11293895, 12478086, -27136401, 15083750, -29307421, 14748872, 14555558, -13417103, 1613711, 4896935 },
1209 { -25894883, 15323294, -8489791, -8057900, 25967126, -13425460, 2825960, -4897045, -23971776, -11267415 },
1210 { -15924766, -5229880, -17443532, 6410664, 3622847, 10243618, 20615400, 12405433, -23753030, -8436416 },
1211 },
1212 {
1213 { -7091295, 12556208, -20191352, 9025187, -17072479, 4333801, 4378436, 2432030, 23097949, -566018 },
1214 { 4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264, 10103221, -18512313, 2424778 },
1215 { 366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678, 1344109, -3642553, 12412659 },
1216 },
1217 {
1218 { -24001791, 7690286, 14929416, -168257, -32210835, -13412986, 24162697, -15326504, -3141501, 11179385 },
1219 { 18289522, -14724954, 8056945, 16430056, -21729724, 7842514, -6001441, -1486897, -18684645, -11443503 },
1220 { 476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959, 13403813, 11052904, 5219329 },
1221 },
1222 },
1223 {
1224 {
1225 { 20678546, -8375738, -32671898, 8849123, -5009758, 14574752, 31186971, -3973730, 9014762, -8579056 },
1226 { -13644050, -10350239, -15962508, 5075808, -1514661, -11534600, -33102500, 9160280, 8473550, -3256838 },
1227 { 24900749, 14435722, 17209120, -15292541, -22592275, 9878983, -7689309, -16335821, -24568481, 11788948 },
1228 },
1229 {
1230 { -3118155, -11395194, -13802089, 14797441, 9652448, -6845904, -20037437, 10410733, -24568470, -1458691 },
1231 { -15659161, 16736706, -22467150, 10215878, -9097177, 7563911, 11871841, -12505194, -18513325, 8464118 },
1232 { -23400612, 8348507, -14585951, -861714, -3950205, -6373419, 14325289, 8628612, 33313881, -8370517 },
1233 },
1234 {
1235 { -20186973, -4967935, 22367356, 5271547, -1097117, -4788838, -24805667, -10236854, -8940735, -5818269 },
1236 { -6948785, -1795212, -32625683, -16021179, 32635414, -7374245, 15989197, -12838188, 28358192, -4253904 },
1237 { -23561781, -2799059, -32351682, -1661963, -9147719, 10429267, -16637684, 4072016, -5351664, 5596589 },
1238 },
1239 {
1240 { -28236598, -3390048, 12312896, 6213178, 3117142, 16078565, 29266239, 2557221, 1768301, 15373193 },
1241 { -7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902, -4504991, -24660491, 3442910 },
1242 { -30210571, 5124043, 14181784, 8197961, 18964734, -11939093, 22597931, 7176455, -18585478, 13365930 },
1243 },
1244 {
1245 { -7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107, -8570186, -9689599, -3031667 },
1246 { 25008904, -10771599, -4305031, -9638010, 16265036, 15721635, 683793, -11823784, 15723479, -15163481 },
1247 { -9660625, 12374379, -27006999, -7026148, -7724114, -12314514, 11879682, 5400171, 519526, -1235876 },
1248 },
1249 {
1250 { 22258397, -16332233, -7869817, 14613016, -22520255, -2950923, -20353881, 7315967, 16648397, 7605640 },
1251 { -8081308, -8464597, -8223311, 9719710, 19259459, -15348212, 23994942, -5281555, -9468848, 4763278 },
1252 { -21699244, 9220969, -15730624, 1084137, -25476107, -2852390, 31088447, -7764523, -11356529, 728112 },
1253 },
1254 {
1255 { 26047220, -11751471, -6900323, -16521798, 24092068, 9158119, -4273545, -12555558, -29365436, -5498272 },
1256 { 17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007, 12327945, 10750447, 10014012 },
1257 { -10312768, 3936952, 9156313, -8897683, 16498692, -994647, -27481051, -666732, 3424691, 7540221 },
1258 },
1259 {
1260 { 30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422, -16317219, -9244265, 15258046 },
1261 { 13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406, 2711395, 1062915, -5136345 },
1262 { -19240248, -11254599, -29509029, -7499965, -5835763, 13005411, -6066489, 12194497, 32960380, 1459310 },
1263 },
1264 },
1265 {
1266 {
1267 { 19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197, -6101885, 18638003, -11174937 },
1268 { 31395534, 15098109, 26581030, 8030562, -16527914, -5007134, 9012486, -7584354, -6643087, -5442636 },
1269 { -9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222, 9677543, -32294889, -6456008 },
1270 },
1271 {
1272 { -2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579, -7839692, -7852844, -8138429 },
1273 { -15236356, -15433509, 7766470, 746860, 26346930, -10221762, -27333451, 10754588, -9431476, 5203576 },
1274 { 31834314, 14135496, -770007, 5159118, 20917671, -16768096, -7467973, -7337524, 31809243, 7347066 },
1275 },
1276 {
1277 { -9606723, -11874240, 20414459, 13033986, 13716524, -11691881, 19797970, -12211255, 15192876, -2087490 },
1278 { -12663563, -2181719, 1168162, -3804809, 26747877, -14138091, 10609330, 12694420, 33473243, -13382104 },
1279 { 33184999, 11180355, 15832085, -11385430, -1633671, 225884, 15089336, -11023903, -6135662, 14480053 },
1280 },
1281 {
1282 { 31308717, -5619998, 31030840, -1897099, 15674547, -6582883, 5496208, 13685227, 27595050, 8737275 },
1283 { -20318852, -15150239, 10933843, -16178022, 8335352, -7546022, -31008351, -12610604, 26498114, 66511 },
1284 { 22644454, -8761729, -16671776, 4884562, -3105614, -13559366, 30540766, -4286747, -13327787, -7515095 },
1285 },
1286 {
1287 { -28017847, 9834845, 18617207, -2681312, -3401956, -13307506, 8205540, 13585437, -17127465, 15115439 },
1288 { 23711543, -672915, 31206561, -8362711, 6164647, -9709987, -33535882, -1426096, 8236921, 16492939 },
1289 { -23910559, -13515526, -26299483, -4503841, 25005590, -7687270, 19574902, 10071562, 6708380, -6222424 },
1290 },
1291 {
1292 { 2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017, 9328700, 29955601, -11678310 },
1293 { 3096359, 9271816, -21620864, -15521844, -14847996, -7592937, -25892142, -12635595, -9917575, 6216608 },
1294 { -32615849, 338663, -25195611, 2510422, -29213566, -13820213, 24822830, -6146567, -26767480, 7525079 },
1295 },
1296 {
1297 { -23066649, -13985623, 16133487, -7896178, -3389565, 778788, -910336, -2782495, -19386633, 11994101 },
1298 { 21691500, -13624626, -641331, -14367021, 3285881, -3483596, -25064666, 9718258, -7477437, 13381418 },
1299 { 18445390, -4202236, 14979846, 11622458, -1727110, -3582980, 23111648, -6375247, 28535282, 15779576 },
1300 },
1301 {
1302 { 30098053, 3089662, -9234387, 16662135, -21306940, 11308411, -14068454, 12021730, 9955285, -16303356 },
1303 { 9734894, -14576830, -7473633, -9138735, 2060392, 11313496, -18426029, 9924399, 20194861, 13380996 },
1304 { -26378102, -7965207, -22167821, 15789297, -18055342, -6168792, -1984914, 15707771, 26342023, 10146099 },
1305 },
1306 },
1307 {
1308 {
1309 { -26016874, -219943, 21339191, -41388, 19745256, -2878700, -29637280, 2227040, 21612326, -545728 },
1310 { -13077387, 1184228, 23562814, -5970442, -20351244, -6348714, 25764461, 12243797, -20856566, 11649658 },
1311 { -10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944, 6114064, 33514190, 2333242 },
1312 },
1313 {
1314 { -21433588, -12421821, 8119782, 7219913, -21830522, -9016134, -6679750, -12670638, 24350578, -13450001 },
1315 { -4116307, -11271533, -23886186, 4843615, -30088339, 690623, -31536088, -10406836, 8317860, 12352766 },
1316 { 18200138, -14475911, -33087759, -2696619, -23702521, -9102511, -23552096, -2287550, 20712163, 6719373 },
1317 },
1318 {
1319 { 26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530, -3763210, 26224235, -3297458 },
1320 { -17168938, -14854097, -3395676, -16369877, -19954045, 14050420, 21728352, 9493610, 18620611, -16428628 },
1321 { -13323321, 13325349, 11432106, 5964811, 18609221, 6062965, -5269471, -9725556, -30701573, -16479657 },
1322 },
1323 {
1324 { -23860538, -11233159, 26961357, 1640861, -32413112, -16737940, 12248509, -5240639, 13735342, 1934062 },
1325 { 25089769, 6742589, 17081145, -13406266, 21909293, -16067981, -15136294, -3765346, -21277997, 5473616 },
1326 { 31883677, -7961101, 1083432, -11572403, 22828471, 13290673, -7125085, 12469656, 29111212, -5451014 },
1327 },
1328 {
1329 { 24244947, -15050407, -26262976, 2791540, -14997599, 16666678, 24367466, 6388839, -10295587, 452383 },
1330 { -25640782, -3417841, 5217916, 16224624, 19987036, -4082269, -24236251, -5915248, 15766062, 8407814 },
1331 { -20406999, 13990231, 15495425, 16395525, 5377168, 15166495, -8917023, -4388953, -8067909, 2276718 },
1332 },
1333 {
1334 { 30157918, 12924066, -17712050, 9245753, 19895028, 3368142, -23827587, 5096219, 22740376, -7303417 },
1335 { 2041139, -14256350, 7783687, 13876377, -25946985, -13352459, 24051124, 13742383, -15637599, 13295222 },
1336 { 33338237, -8505733, 12532113, 7977527, 9106186, -1715251, -17720195, -4612972, -4451357, -14669444 },
1337 },
1338 {
1339 { -20045281, 5454097, -14346548, 6447146, 28862071, 1883651, -2469266, -4141880, 7770569, 9620597 },
1340 { 23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528, -1694323, -33502340, -14767970 },
1341 { 1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801, 1220118, 30494170, -11440799 },
1342 },
1343 {
1344 { -5037580, -13028295, -2970559, -3061767, 15640974, -6701666, -26739026, 926050, -1684339, -13333647 },
1345 { 13908495, -3549272, 30919928, -6273825, -21521863, 7989039, 9021034, 9078865, 3353509, 4033511 },
1346 { -29663431, -15113610, 32259991, -344482, 24295849, -12912123, 23161163, 8839127, 27485041, 7356032 },
1347 },
1348 },
1349 {
1350 {
1351 { 9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142, 2625015, 28431036, -16771834 },
1352 { -23839233, -8311415, -25945511, 7480958, -17681669, -8354183, -22545972, 14150565, 15970762, 4099461 },
1353 { 29262576, 16756590, 26350592, -8793563, 8529671, -11208050, 13617293, -9937143, 11465739, 8317062 },
1354 },
1355 {
1356 { -25493081, -6962928, 32500200, -9419051, -23038724, -2302222, 14898637, 3848455, 20969334, -5157516 },
1357 { -20384450, -14347713, -18336405, 13884722, -33039454, 2842114, -21610826, -3649888, 11177095, 14989547 },
1358 { -24496721, -11716016, 16959896, 2278463, 12066309, 10137771, 13515641, 2581286, -28487508, 9930240 },
1359 },
1360 {
1361 { -17751622, -2097826, 16544300, -13009300, -15914807, -14949081, 18345767, -13403753, 16291481, -5314038 },
1362 { -33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774, 6957617, 4368891, 9788741 },
1363 { 16660756, 7281060, -10830758, 12911820, 20108584, -8101676, -21722536, -8613148, 16250552, -11111103 },
1364 },
1365 {
1366 { -19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584, 10604807, -30190403, 4782747 },
1367 { -1354539, 14736941, -7367442, -13292886, 7710542, -14155590, -9981571, 4383045, 22546403, 437323 },
1368 { 31665577, -12180464, -16186830, 1491339, -18368625, 3294682, 27343084, 2786261, -30633590, -14097016 },
1369 },
1370 {
1371 { -14467279, -683715, -33374107, 7448552, 19294360, 14334329, -19690631, 2355319, -19284671, -6114373 },
1372 { 15121312, -15796162, 6377020, -6031361, -10798111, -12957845, 18952177, 15496498, -29380133, 11754228 },
1373 { -2637277, -13483075, 8488727, -14303896, 12728761, -1622493, 7141596, 11724556, 22761615, -10134141 },
1374 },
1375 {
1376 { 16918416, 11729663, -18083579, 3022987, -31015732, -13339659, -28741185, -12227393, 32851222, 11717399 },
1377 { 11166634, 7338049, -6722523, 4531520, -29468672, -7302055, 31474879, 3483633, -1193175, -4030831 },
1378 { -185635, 9921305, 31456609, -13536438, -12013818, 13348923, 33142652, 6546660, -19985279, -3948376 },
1379 },
1380 {
1381 { -32460596, 11266712, -11197107, -7899103, 31703694, 3855903, -8537131, -12833048, -30772034, -15486313 },
1382 { -18006477, 12709068, 3991746, -6479188, -21491523, -10550425, -31135347, -16049879, 10928917, 3011958 },
1383 { -6957757, -15594337, 31696059, 334240, 29576716, 14796075, -30831056, -12805180, 18008031, 10258577 },
1384 },
1385 {
1386 { -22448644, 15655569, 7018479, -4410003, -30314266, -1201591, -1853465, 1367120, 25127874, 6671743 },
1387 { 29701166, -14373934, -10878120, 9279288, -17568, 13127210, 21382910, 11042292, 25838796, 4642684 },
1388 { -20430234, 14955537, -24126347, 8124619, -5369288, -5990470, 30468147, -13900640, 18423289, 4177476 },
1389 },
1390 },
1391};
diff --git a/3rd_party/ed25519/sc.c b/3rd_party/ed25519/sc.c
new file mode 100644
index 0000000..ca5bad2
--- /dev/null
+++ b/3rd_party/ed25519/sc.c
@@ -0,0 +1,809 @@
1#include "fixedint.h"
2#include "sc.h"
3
4static uint64_t load_3(const unsigned char *in) {
5 uint64_t result;
6
7 result = (uint64_t) in[0];
8 result |= ((uint64_t) in[1]) << 8;
9 result |= ((uint64_t) in[2]) << 16;
10
11 return result;
12}
13
14static uint64_t load_4(const unsigned char *in) {
15 uint64_t result;
16
17 result = (uint64_t) in[0];
18 result |= ((uint64_t) in[1]) << 8;
19 result |= ((uint64_t) in[2]) << 16;
20 result |= ((uint64_t) in[3]) << 24;
21
22 return result;
23}
24
25/*
26Input:
27 s[0]+256*s[1]+...+256^63*s[63] = s
28
29Output:
30 s[0]+256*s[1]+...+256^31*s[31] = s mod l
31 where l = 2^252 + 27742317777372353535851937790883648493.
32 Overwrites s in place.
33*/
34
35void sc_reduce(unsigned char *s) {
36 int64_t s0 = 2097151 & load_3(s);
37 int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
38 int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
39 int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
40 int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
41 int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
42 int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
43 int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
44 int64_t s8 = 2097151 & load_3(s + 21);
45 int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
46 int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
47 int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
48 int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
49 int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
50 int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
51 int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
52 int64_t s16 = 2097151 & load_3(s + 42);
53 int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
54 int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
55 int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
56 int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
57 int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
58 int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
59 int64_t s23 = (load_4(s + 60) >> 3);
60 int64_t carry0;
61 int64_t carry1;
62 int64_t carry2;
63 int64_t carry3;
64 int64_t carry4;
65 int64_t carry5;
66 int64_t carry6;
67 int64_t carry7;
68 int64_t carry8;
69 int64_t carry9;
70 int64_t carry10;
71 int64_t carry11;
72 int64_t carry12;
73 int64_t carry13;
74 int64_t carry14;
75 int64_t carry15;
76 int64_t carry16;
77
78 s11 += s23 * 666643;
79 s12 += s23 * 470296;
80 s13 += s23 * 654183;
81 s14 -= s23 * 997805;
82 s15 += s23 * 136657;
83 s16 -= s23 * 683901;
84 s23 = 0;
85 s10 += s22 * 666643;
86 s11 += s22 * 470296;
87 s12 += s22 * 654183;
88 s13 -= s22 * 997805;
89 s14 += s22 * 136657;
90 s15 -= s22 * 683901;
91 s22 = 0;
92 s9 += s21 * 666643;
93 s10 += s21 * 470296;
94 s11 += s21 * 654183;
95 s12 -= s21 * 997805;
96 s13 += s21 * 136657;
97 s14 -= s21 * 683901;
98 s21 = 0;
99 s8 += s20 * 666643;
100 s9 += s20 * 470296;
101 s10 += s20 * 654183;
102 s11 -= s20 * 997805;
103 s12 += s20 * 136657;
104 s13 -= s20 * 683901;
105 s20 = 0;
106 s7 += s19 * 666643;
107 s8 += s19 * 470296;
108 s9 += s19 * 654183;
109 s10 -= s19 * 997805;
110 s11 += s19 * 136657;
111 s12 -= s19 * 683901;
112 s19 = 0;
113 s6 += s18 * 666643;
114 s7 += s18 * 470296;
115 s8 += s18 * 654183;
116 s9 -= s18 * 997805;
117 s10 += s18 * 136657;
118 s11 -= s18 * 683901;
119 s18 = 0;
120 carry6 = (s6 + (1 << 20)) >> 21;
121 s7 += carry6;
122 s6 -= carry6 << 21;
123 carry8 = (s8 + (1 << 20)) >> 21;
124 s9 += carry8;
125 s8 -= carry8 << 21;
126 carry10 = (s10 + (1 << 20)) >> 21;
127 s11 += carry10;
128 s10 -= carry10 << 21;
129 carry12 = (s12 + (1 << 20)) >> 21;
130 s13 += carry12;
131 s12 -= carry12 << 21;
132 carry14 = (s14 + (1 << 20)) >> 21;
133 s15 += carry14;
134 s14 -= carry14 << 21;
135 carry16 = (s16 + (1 << 20)) >> 21;
136 s17 += carry16;
137 s16 -= carry16 << 21;
138 carry7 = (s7 + (1 << 20)) >> 21;
139 s8 += carry7;
140 s7 -= carry7 << 21;
141 carry9 = (s9 + (1 << 20)) >> 21;
142 s10 += carry9;
143 s9 -= carry9 << 21;
144 carry11 = (s11 + (1 << 20)) >> 21;
145 s12 += carry11;
146 s11 -= carry11 << 21;
147 carry13 = (s13 + (1 << 20)) >> 21;
148 s14 += carry13;
149 s13 -= carry13 << 21;
150 carry15 = (s15 + (1 << 20)) >> 21;
151 s16 += carry15;
152 s15 -= carry15 << 21;
153 s5 += s17 * 666643;
154 s6 += s17 * 470296;
155 s7 += s17 * 654183;
156 s8 -= s17 * 997805;
157 s9 += s17 * 136657;
158 s10 -= s17 * 683901;
159 s17 = 0;
160 s4 += s16 * 666643;
161 s5 += s16 * 470296;
162 s6 += s16 * 654183;
163 s7 -= s16 * 997805;
164 s8 += s16 * 136657;
165 s9 -= s16 * 683901;
166 s16 = 0;
167 s3 += s15 * 666643;
168 s4 += s15 * 470296;
169 s5 += s15 * 654183;
170 s6 -= s15 * 997805;
171 s7 += s15 * 136657;
172 s8 -= s15 * 683901;
173 s15 = 0;
174 s2 += s14 * 666643;
175 s3 += s14 * 470296;
176 s4 += s14 * 654183;
177 s5 -= s14 * 997805;
178 s6 += s14 * 136657;
179 s7 -= s14 * 683901;
180 s14 = 0;
181 s1 += s13 * 666643;
182 s2 += s13 * 470296;
183 s3 += s13 * 654183;
184 s4 -= s13 * 997805;
185 s5 += s13 * 136657;
186 s6 -= s13 * 683901;
187 s13 = 0;
188 s0 += s12 * 666643;
189 s1 += s12 * 470296;
190 s2 += s12 * 654183;
191 s3 -= s12 * 997805;
192 s4 += s12 * 136657;
193 s5 -= s12 * 683901;
194 s12 = 0;
195 carry0 = (s0 + (1 << 20)) >> 21;
196 s1 += carry0;
197 s0 -= carry0 << 21;
198 carry2 = (s2 + (1 << 20)) >> 21;
199 s3 += carry2;
200 s2 -= carry2 << 21;
201 carry4 = (s4 + (1 << 20)) >> 21;
202 s5 += carry4;
203 s4 -= carry4 << 21;
204 carry6 = (s6 + (1 << 20)) >> 21;
205 s7 += carry6;
206 s6 -= carry6 << 21;
207 carry8 = (s8 + (1 << 20)) >> 21;
208 s9 += carry8;
209 s8 -= carry8 << 21;
210 carry10 = (s10 + (1 << 20)) >> 21;
211 s11 += carry10;
212 s10 -= carry10 << 21;
213 carry1 = (s1 + (1 << 20)) >> 21;
214 s2 += carry1;
215 s1 -= carry1 << 21;
216 carry3 = (s3 + (1 << 20)) >> 21;
217 s4 += carry3;
218 s3 -= carry3 << 21;
219 carry5 = (s5 + (1 << 20)) >> 21;
220 s6 += carry5;
221 s5 -= carry5 << 21;
222 carry7 = (s7 + (1 << 20)) >> 21;
223 s8 += carry7;
224 s7 -= carry7 << 21;
225 carry9 = (s9 + (1 << 20)) >> 21;
226 s10 += carry9;
227 s9 -= carry9 << 21;
228 carry11 = (s11 + (1 << 20)) >> 21;
229 s12 += carry11;
230 s11 -= carry11 << 21;
231 s0 += s12 * 666643;
232 s1 += s12 * 470296;
233 s2 += s12 * 654183;
234 s3 -= s12 * 997805;
235 s4 += s12 * 136657;
236 s5 -= s12 * 683901;
237 s12 = 0;
238 carry0 = s0 >> 21;
239 s1 += carry0;
240 s0 -= carry0 << 21;
241 carry1 = s1 >> 21;
242 s2 += carry1;
243 s1 -= carry1 << 21;
244 carry2 = s2 >> 21;
245 s3 += carry2;
246 s2 -= carry2 << 21;
247 carry3 = s3 >> 21;
248 s4 += carry3;
249 s3 -= carry3 << 21;
250 carry4 = s4 >> 21;
251 s5 += carry4;
252 s4 -= carry4 << 21;
253 carry5 = s5 >> 21;
254 s6 += carry5;
255 s5 -= carry5 << 21;
256 carry6 = s6 >> 21;
257 s7 += carry6;
258 s6 -= carry6 << 21;
259 carry7 = s7 >> 21;
260 s8 += carry7;
261 s7 -= carry7 << 21;
262 carry8 = s8 >> 21;
263 s9 += carry8;
264 s8 -= carry8 << 21;
265 carry9 = s9 >> 21;
266 s10 += carry9;
267 s9 -= carry9 << 21;
268 carry10 = s10 >> 21;
269 s11 += carry10;
270 s10 -= carry10 << 21;
271 carry11 = s11 >> 21;
272 s12 += carry11;
273 s11 -= carry11 << 21;
274 s0 += s12 * 666643;
275 s1 += s12 * 470296;
276 s2 += s12 * 654183;
277 s3 -= s12 * 997805;
278 s4 += s12 * 136657;
279 s5 -= s12 * 683901;
280 s12 = 0;
281 carry0 = s0 >> 21;
282 s1 += carry0;
283 s0 -= carry0 << 21;
284 carry1 = s1 >> 21;
285 s2 += carry1;
286 s1 -= carry1 << 21;
287 carry2 = s2 >> 21;
288 s3 += carry2;
289 s2 -= carry2 << 21;
290 carry3 = s3 >> 21;
291 s4 += carry3;
292 s3 -= carry3 << 21;
293 carry4 = s4 >> 21;
294 s5 += carry4;
295 s4 -= carry4 << 21;
296 carry5 = s5 >> 21;
297 s6 += carry5;
298 s5 -= carry5 << 21;
299 carry6 = s6 >> 21;
300 s7 += carry6;
301 s6 -= carry6 << 21;
302 carry7 = s7 >> 21;
303 s8 += carry7;
304 s7 -= carry7 << 21;
305 carry8 = s8 >> 21;
306 s9 += carry8;
307 s8 -= carry8 << 21;
308 carry9 = s9 >> 21;
309 s10 += carry9;
310 s9 -= carry9 << 21;
311 carry10 = s10 >> 21;
312 s11 += carry10;
313 s10 -= carry10 << 21;
314
315 s[0] = (unsigned char) (s0 >> 0);
316 s[1] = (unsigned char) (s0 >> 8);
317 s[2] = (unsigned char) ((s0 >> 16) | (s1 << 5));
318 s[3] = (unsigned char) (s1 >> 3);
319 s[4] = (unsigned char) (s1 >> 11);
320 s[5] = (unsigned char) ((s1 >> 19) | (s2 << 2));
321 s[6] = (unsigned char) (s2 >> 6);
322 s[7] = (unsigned char) ((s2 >> 14) | (s3 << 7));
323 s[8] = (unsigned char) (s3 >> 1);
324 s[9] = (unsigned char) (s3 >> 9);
325 s[10] = (unsigned char) ((s3 >> 17) | (s4 << 4));
326 s[11] = (unsigned char) (s4 >> 4);
327 s[12] = (unsigned char) (s4 >> 12);
328 s[13] = (unsigned char) ((s4 >> 20) | (s5 << 1));
329 s[14] = (unsigned char) (s5 >> 7);
330 s[15] = (unsigned char) ((s5 >> 15) | (s6 << 6));
331 s[16] = (unsigned char) (s6 >> 2);
332 s[17] = (unsigned char) (s6 >> 10);
333 s[18] = (unsigned char) ((s6 >> 18) | (s7 << 3));
334 s[19] = (unsigned char) (s7 >> 5);
335 s[20] = (unsigned char) (s7 >> 13);
336 s[21] = (unsigned char) (s8 >> 0);
337 s[22] = (unsigned char) (s8 >> 8);
338 s[23] = (unsigned char) ((s8 >> 16) | (s9 << 5));
339 s[24] = (unsigned char) (s9 >> 3);
340 s[25] = (unsigned char) (s9 >> 11);
341 s[26] = (unsigned char) ((s9 >> 19) | (s10 << 2));
342 s[27] = (unsigned char) (s10 >> 6);
343 s[28] = (unsigned char) ((s10 >> 14) | (s11 << 7));
344 s[29] = (unsigned char) (s11 >> 1);
345 s[30] = (unsigned char) (s11 >> 9);
346 s[31] = (unsigned char) (s11 >> 17);
347}
348
349
350
351/*
352Input:
353 a[0]+256*a[1]+...+256^31*a[31] = a
354 b[0]+256*b[1]+...+256^31*b[31] = b
355 c[0]+256*c[1]+...+256^31*c[31] = c
356
357Output:
358 s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
359 where l = 2^252 + 27742317777372353535851937790883648493.
360*/
361
362void sc_muladd(unsigned char *s, const unsigned char *a, const unsigned char *b, const unsigned char *c) {
363 int64_t a0 = 2097151 & load_3(a);
364 int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
365 int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
366 int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
367 int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
368 int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
369 int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
370 int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
371 int64_t a8 = 2097151 & load_3(a + 21);
372 int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
373 int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
374 int64_t a11 = (load_4(a + 28) >> 7);
375 int64_t b0 = 2097151 & load_3(b);
376 int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
377 int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
378 int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
379 int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
380 int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
381 int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
382 int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
383 int64_t b8 = 2097151 & load_3(b + 21);
384 int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
385 int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
386 int64_t b11 = (load_4(b + 28) >> 7);
387 int64_t c0 = 2097151 & load_3(c);
388 int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
389 int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
390 int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
391 int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
392 int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
393 int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
394 int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
395 int64_t c8 = 2097151 & load_3(c + 21);
396 int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
397 int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
398 int64_t c11 = (load_4(c + 28) >> 7);
399 int64_t s0;
400 int64_t s1;
401 int64_t s2;
402 int64_t s3;
403 int64_t s4;
404 int64_t s5;
405 int64_t s6;
406 int64_t s7;
407 int64_t s8;
408 int64_t s9;
409 int64_t s10;
410 int64_t s11;
411 int64_t s12;
412 int64_t s13;
413 int64_t s14;
414 int64_t s15;
415 int64_t s16;
416 int64_t s17;
417 int64_t s18;
418 int64_t s19;
419 int64_t s20;
420 int64_t s21;
421 int64_t s22;
422 int64_t s23;
423 int64_t carry0;
424 int64_t carry1;
425 int64_t carry2;
426 int64_t carry3;
427 int64_t carry4;
428 int64_t carry5;
429 int64_t carry6;
430 int64_t carry7;
431 int64_t carry8;
432 int64_t carry9;
433 int64_t carry10;
434 int64_t carry11;
435 int64_t carry12;
436 int64_t carry13;
437 int64_t carry14;
438 int64_t carry15;
439 int64_t carry16;
440 int64_t carry17;
441 int64_t carry18;
442 int64_t carry19;
443 int64_t carry20;
444 int64_t carry21;
445 int64_t carry22;
446
447 s0 = c0 + a0 * b0;
448 s1 = c1 + a0 * b1 + a1 * b0;
449 s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0;
450 s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0;
451 s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0;
452 s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0;
453 s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0;
454 s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0;
455 s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1 + a8 * b0;
456 s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0;
457 s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0;
458 s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0;
459 s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1;
460 s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2;
461 s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + a10 * b4 + a11 * b3;
462 s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + a11 * b4;
463 s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5;
464 s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6;
465 s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7;
466 s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8;
467 s20 = a9 * b11 + a10 * b10 + a11 * b9;
468 s21 = a10 * b11 + a11 * b10;
469 s22 = a11 * b11;
470 s23 = 0;
471 carry0 = (s0 + (1 << 20)) >> 21;
472 s1 += carry0;
473 s0 -= carry0 << 21;
474 carry2 = (s2 + (1 << 20)) >> 21;
475 s3 += carry2;
476 s2 -= carry2 << 21;
477 carry4 = (s4 + (1 << 20)) >> 21;
478 s5 += carry4;
479 s4 -= carry4 << 21;
480 carry6 = (s6 + (1 << 20)) >> 21;
481 s7 += carry6;
482 s6 -= carry6 << 21;
483 carry8 = (s8 + (1 << 20)) >> 21;
484 s9 += carry8;
485 s8 -= carry8 << 21;
486 carry10 = (s10 + (1 << 20)) >> 21;
487 s11 += carry10;
488 s10 -= carry10 << 21;
489 carry12 = (s12 + (1 << 20)) >> 21;
490 s13 += carry12;
491 s12 -= carry12 << 21;
492 carry14 = (s14 + (1 << 20)) >> 21;
493 s15 += carry14;
494 s14 -= carry14 << 21;
495 carry16 = (s16 + (1 << 20)) >> 21;
496 s17 += carry16;
497 s16 -= carry16 << 21;
498 carry18 = (s18 + (1 << 20)) >> 21;
499 s19 += carry18;
500 s18 -= carry18 << 21;
501 carry20 = (s20 + (1 << 20)) >> 21;
502 s21 += carry20;
503 s20 -= carry20 << 21;
504 carry22 = (s22 + (1 << 20)) >> 21;
505 s23 += carry22;
506 s22 -= carry22 << 21;
507 carry1 = (s1 + (1 << 20)) >> 21;
508 s2 += carry1;
509 s1 -= carry1 << 21;
510 carry3 = (s3 + (1 << 20)) >> 21;
511 s4 += carry3;
512 s3 -= carry3 << 21;
513 carry5 = (s5 + (1 << 20)) >> 21;
514 s6 += carry5;
515 s5 -= carry5 << 21;
516 carry7 = (s7 + (1 << 20)) >> 21;
517 s8 += carry7;
518 s7 -= carry7 << 21;
519 carry9 = (s9 + (1 << 20)) >> 21;
520 s10 += carry9;
521 s9 -= carry9 << 21;
522 carry11 = (s11 + (1 << 20)) >> 21;
523 s12 += carry11;
524 s11 -= carry11 << 21;
525 carry13 = (s13 + (1 << 20)) >> 21;
526 s14 += carry13;
527 s13 -= carry13 << 21;
528 carry15 = (s15 + (1 << 20)) >> 21;
529 s16 += carry15;
530 s15 -= carry15 << 21;
531 carry17 = (s17 + (1 << 20)) >> 21;
532 s18 += carry17;
533 s17 -= carry17 << 21;
534 carry19 = (s19 + (1 << 20)) >> 21;
535 s20 += carry19;
536 s19 -= carry19 << 21;
537 carry21 = (s21 + (1 << 20)) >> 21;
538 s22 += carry21;
539 s21 -= carry21 << 21;
540 s11 += s23 * 666643;
541 s12 += s23 * 470296;
542 s13 += s23 * 654183;
543 s14 -= s23 * 997805;
544 s15 += s23 * 136657;
545 s16 -= s23 * 683901;
546 s23 = 0;
547 s10 += s22 * 666643;
548 s11 += s22 * 470296;
549 s12 += s22 * 654183;
550 s13 -= s22 * 997805;
551 s14 += s22 * 136657;
552 s15 -= s22 * 683901;
553 s22 = 0;
554 s9 += s21 * 666643;
555 s10 += s21 * 470296;
556 s11 += s21 * 654183;
557 s12 -= s21 * 997805;
558 s13 += s21 * 136657;
559 s14 -= s21 * 683901;
560 s21 = 0;
561 s8 += s20 * 666643;
562 s9 += s20 * 470296;
563 s10 += s20 * 654183;
564 s11 -= s20 * 997805;
565 s12 += s20 * 136657;
566 s13 -= s20 * 683901;
567 s20 = 0;
568 s7 += s19 * 666643;
569 s8 += s19 * 470296;
570 s9 += s19 * 654183;
571 s10 -= s19 * 997805;
572 s11 += s19 * 136657;
573 s12 -= s19 * 683901;
574 s19 = 0;
575 s6 += s18 * 666643;
576 s7 += s18 * 470296;
577 s8 += s18 * 654183;
578 s9 -= s18 * 997805;
579 s10 += s18 * 136657;
580 s11 -= s18 * 683901;
581 s18 = 0;
582 carry6 = (s6 + (1 << 20)) >> 21;
583 s7 += carry6;
584 s6 -= carry6 << 21;
585 carry8 = (s8 + (1 << 20)) >> 21;
586 s9 += carry8;
587 s8 -= carry8 << 21;
588 carry10 = (s10 + (1 << 20)) >> 21;
589 s11 += carry10;
590 s10 -= carry10 << 21;
591 carry12 = (s12 + (1 << 20)) >> 21;
592 s13 += carry12;
593 s12 -= carry12 << 21;
594 carry14 = (s14 + (1 << 20)) >> 21;
595 s15 += carry14;
596 s14 -= carry14 << 21;
597 carry16 = (s16 + (1 << 20)) >> 21;
598 s17 += carry16;
599 s16 -= carry16 << 21;
600 carry7 = (s7 + (1 << 20)) >> 21;
601 s8 += carry7;
602 s7 -= carry7 << 21;
603 carry9 = (s9 + (1 << 20)) >> 21;
604 s10 += carry9;
605 s9 -= carry9 << 21;
606 carry11 = (s11 + (1 << 20)) >> 21;
607 s12 += carry11;
608 s11 -= carry11 << 21;
609 carry13 = (s13 + (1 << 20)) >> 21;
610 s14 += carry13;
611 s13 -= carry13 << 21;
612 carry15 = (s15 + (1 << 20)) >> 21;
613 s16 += carry15;
614 s15 -= carry15 << 21;
615 s5 += s17 * 666643;
616 s6 += s17 * 470296;
617 s7 += s17 * 654183;
618 s8 -= s17 * 997805;
619 s9 += s17 * 136657;
620 s10 -= s17 * 683901;
621 s17 = 0;
622 s4 += s16 * 666643;
623 s5 += s16 * 470296;
624 s6 += s16 * 654183;
625 s7 -= s16 * 997805;
626 s8 += s16 * 136657;
627 s9 -= s16 * 683901;
628 s16 = 0;
629 s3 += s15 * 666643;
630 s4 += s15 * 470296;
631 s5 += s15 * 654183;
632 s6 -= s15 * 997805;
633 s7 += s15 * 136657;
634 s8 -= s15 * 683901;
635 s15 = 0;
636 s2 += s14 * 666643;
637 s3 += s14 * 470296;
638 s4 += s14 * 654183;
639 s5 -= s14 * 997805;
640 s6 += s14 * 136657;
641 s7 -= s14 * 683901;
642 s14 = 0;
643 s1 += s13 * 666643;
644 s2 += s13 * 470296;
645 s3 += s13 * 654183;
646 s4 -= s13 * 997805;
647 s5 += s13 * 136657;
648 s6 -= s13 * 683901;
649 s13 = 0;
650 s0 += s12 * 666643;
651 s1 += s12 * 470296;
652 s2 += s12 * 654183;
653 s3 -= s12 * 997805;
654 s4 += s12 * 136657;
655 s5 -= s12 * 683901;
656 s12 = 0;
657 carry0 = (s0 + (1 << 20)) >> 21;
658 s1 += carry0;
659 s0 -= carry0 << 21;
660 carry2 = (s2 + (1 << 20)) >> 21;
661 s3 += carry2;
662 s2 -= carry2 << 21;
663 carry4 = (s4 + (1 << 20)) >> 21;
664 s5 += carry4;
665 s4 -= carry4 << 21;
666 carry6 = (s6 + (1 << 20)) >> 21;
667 s7 += carry6;
668 s6 -= carry6 << 21;
669 carry8 = (s8 + (1 << 20)) >> 21;
670 s9 += carry8;
671 s8 -= carry8 << 21;
672 carry10 = (s10 + (1 << 20)) >> 21;
673 s11 += carry10;
674 s10 -= carry10 << 21;
675 carry1 = (s1 + (1 << 20)) >> 21;
676 s2 += carry1;
677 s1 -= carry1 << 21;
678 carry3 = (s3 + (1 << 20)) >> 21;
679 s4 += carry3;
680 s3 -= carry3 << 21;
681 carry5 = (s5 + (1 << 20)) >> 21;
682 s6 += carry5;
683 s5 -= carry5 << 21;
684 carry7 = (s7 + (1 << 20)) >> 21;
685 s8 += carry7;
686 s7 -= carry7 << 21;
687 carry9 = (s9 + (1 << 20)) >> 21;
688 s10 += carry9;
689 s9 -= carry9 << 21;
690 carry11 = (s11 + (1 << 20)) >> 21;
691 s12 += carry11;
692 s11 -= carry11 << 21;
693 s0 += s12 * 666643;
694 s1 += s12 * 470296;
695 s2 += s12 * 654183;
696 s3 -= s12 * 997805;
697 s4 += s12 * 136657;
698 s5 -= s12 * 683901;
699 s12 = 0;
700 carry0 = s0 >> 21;
701 s1 += carry0;
702 s0 -= carry0 << 21;
703 carry1 = s1 >> 21;
704 s2 += carry1;
705 s1 -= carry1 << 21;
706 carry2 = s2 >> 21;
707 s3 += carry2;
708 s2 -= carry2 << 21;
709 carry3 = s3 >> 21;
710 s4 += carry3;
711 s3 -= carry3 << 21;
712 carry4 = s4 >> 21;
713 s5 += carry4;
714 s4 -= carry4 << 21;
715 carry5 = s5 >> 21;
716 s6 += carry5;
717 s5 -= carry5 << 21;
718 carry6 = s6 >> 21;
719 s7 += carry6;
720 s6 -= carry6 << 21;
721 carry7 = s7 >> 21;
722 s8 += carry7;
723 s7 -= carry7 << 21;
724 carry8 = s8 >> 21;
725 s9 += carry8;
726 s8 -= carry8 << 21;
727 carry9 = s9 >> 21;
728 s10 += carry9;
729 s9 -= carry9 << 21;
730 carry10 = s10 >> 21;
731 s11 += carry10;
732 s10 -= carry10 << 21;
733 carry11 = s11 >> 21;
734 s12 += carry11;
735 s11 -= carry11 << 21;
736 s0 += s12 * 666643;
737 s1 += s12 * 470296;
738 s2 += s12 * 654183;
739 s3 -= s12 * 997805;
740 s4 += s12 * 136657;
741 s5 -= s12 * 683901;
742 s12 = 0;
743 carry0 = s0 >> 21;
744 s1 += carry0;
745 s0 -= carry0 << 21;
746 carry1 = s1 >> 21;
747 s2 += carry1;
748 s1 -= carry1 << 21;
749 carry2 = s2 >> 21;
750 s3 += carry2;
751 s2 -= carry2 << 21;
752 carry3 = s3 >> 21;
753 s4 += carry3;
754 s3 -= carry3 << 21;
755 carry4 = s4 >> 21;
756 s5 += carry4;
757 s4 -= carry4 << 21;
758 carry5 = s5 >> 21;
759 s6 += carry5;
760 s5 -= carry5 << 21;
761 carry6 = s6 >> 21;
762 s7 += carry6;
763 s6 -= carry6 << 21;
764 carry7 = s7 >> 21;
765 s8 += carry7;
766 s7 -= carry7 << 21;
767 carry8 = s8 >> 21;
768 s9 += carry8;
769 s8 -= carry8 << 21;
770 carry9 = s9 >> 21;
771 s10 += carry9;
772 s9 -= carry9 << 21;
773 carry10 = s10 >> 21;
774 s11 += carry10;
775 s10 -= carry10 << 21;
776
777 s[0] = (unsigned char) (s0 >> 0);
778 s[1] = (unsigned char) (s0 >> 8);
779 s[2] = (unsigned char) ((s0 >> 16) | (s1 << 5));
780 s[3] = (unsigned char) (s1 >> 3);
781 s[4] = (unsigned char) (s1 >> 11);
782 s[5] = (unsigned char) ((s1 >> 19) | (s2 << 2));
783 s[6] = (unsigned char) (s2 >> 6);
784 s[7] = (unsigned char) ((s2 >> 14) | (s3 << 7));
785 s[8] = (unsigned char) (s3 >> 1);
786 s[9] = (unsigned char) (s3 >> 9);
787 s[10] = (unsigned char) ((s3 >> 17) | (s4 << 4));
788 s[11] = (unsigned char) (s4 >> 4);
789 s[12] = (unsigned char) (s4 >> 12);
790 s[13] = (unsigned char) ((s4 >> 20) | (s5 << 1));
791 s[14] = (unsigned char) (s5 >> 7);
792 s[15] = (unsigned char) ((s5 >> 15) | (s6 << 6));
793 s[16] = (unsigned char) (s6 >> 2);
794 s[17] = (unsigned char) (s6 >> 10);
795 s[18] = (unsigned char) ((s6 >> 18) | (s7 << 3));
796 s[19] = (unsigned char) (s7 >> 5);
797 s[20] = (unsigned char) (s7 >> 13);
798 s[21] = (unsigned char) (s8 >> 0);
799 s[22] = (unsigned char) (s8 >> 8);
800 s[23] = (unsigned char) ((s8 >> 16) | (s9 << 5));
801 s[24] = (unsigned char) (s9 >> 3);
802 s[25] = (unsigned char) (s9 >> 11);
803 s[26] = (unsigned char) ((s9 >> 19) | (s10 << 2));
804 s[27] = (unsigned char) (s10 >> 6);
805 s[28] = (unsigned char) ((s10 >> 14) | (s11 << 7));
806 s[29] = (unsigned char) (s11 >> 1);
807 s[30] = (unsigned char) (s11 >> 9);
808 s[31] = (unsigned char) (s11 >> 17);
809}
diff --git a/3rd_party/ed25519/sc.h b/3rd_party/ed25519/sc.h
new file mode 100644
index 0000000..e29e7fa
--- /dev/null
+++ b/3rd_party/ed25519/sc.h
@@ -0,0 +1,12 @@
1#ifndef SC_H
2#define SC_H
3
4/*
5The set of scalars is \Z/l
6where l = 2^252 + 27742317777372353535851937790883648493.
7*/
8
9void sc_reduce(unsigned char *s);
10void sc_muladd(unsigned char *s, const unsigned char *a, const unsigned char *b, const unsigned char *c);
11
12#endif
diff --git a/3rd_party/ed25519/seed.c b/3rd_party/ed25519/seed.c
new file mode 100644
index 0000000..cf252b8
--- /dev/null
+++ b/3rd_party/ed25519/seed.c
@@ -0,0 +1,40 @@
1#include "ed25519.h"
2
3#ifndef ED25519_NO_SEED
4
5#ifdef _WIN32
6#include <windows.h>
7#include <wincrypt.h>
8#else
9#include <stdio.h>
10#endif
11
12int ed25519_create_seed(unsigned char *seed) {
13#ifdef _WIN32
14 HCRYPTPROV prov;
15
16 if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
17 return 1;
18 }
19
20 if (!CryptGenRandom(prov, 32, seed)) {
21 CryptReleaseContext(prov, 0);
22 return 1;
23 }
24
25 CryptReleaseContext(prov, 0);
26#else
27 FILE *f = fopen("/dev/urandom", "rb");
28
29 if (f == NULL) {
30 return 1;
31 }
32
33 if(fread(seed, 1, 32, f)){}
34 fclose(f);
35#endif
36
37 return 0;
38}
39
40#endif
diff --git a/3rd_party/ed25519/sha512.c b/3rd_party/ed25519/sha512.c
new file mode 100644
index 0000000..cb8ae71
--- /dev/null
+++ b/3rd_party/ed25519/sha512.c
@@ -0,0 +1,275 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
10 */
11
12#include "fixedint.h"
13#include "sha512.h"
14
15/* the K array */
16static const uint64_t K[80] = {
17 UINT64_C(0x428a2f98d728ae22), UINT64_C(0x7137449123ef65cd),
18 UINT64_C(0xb5c0fbcfec4d3b2f), UINT64_C(0xe9b5dba58189dbbc),
19 UINT64_C(0x3956c25bf348b538), UINT64_C(0x59f111f1b605d019),
20 UINT64_C(0x923f82a4af194f9b), UINT64_C(0xab1c5ed5da6d8118),
21 UINT64_C(0xd807aa98a3030242), UINT64_C(0x12835b0145706fbe),
22 UINT64_C(0x243185be4ee4b28c), UINT64_C(0x550c7dc3d5ffb4e2),
23 UINT64_C(0x72be5d74f27b896f), UINT64_C(0x80deb1fe3b1696b1),
24 UINT64_C(0x9bdc06a725c71235), UINT64_C(0xc19bf174cf692694),
25 UINT64_C(0xe49b69c19ef14ad2), UINT64_C(0xefbe4786384f25e3),
26 UINT64_C(0x0fc19dc68b8cd5b5), UINT64_C(0x240ca1cc77ac9c65),
27 UINT64_C(0x2de92c6f592b0275), UINT64_C(0x4a7484aa6ea6e483),
28 UINT64_C(0x5cb0a9dcbd41fbd4), UINT64_C(0x76f988da831153b5),
29 UINT64_C(0x983e5152ee66dfab), UINT64_C(0xa831c66d2db43210),
30 UINT64_C(0xb00327c898fb213f), UINT64_C(0xbf597fc7beef0ee4),
31 UINT64_C(0xc6e00bf33da88fc2), UINT64_C(0xd5a79147930aa725),
32 UINT64_C(0x06ca6351e003826f), UINT64_C(0x142929670a0e6e70),
33 UINT64_C(0x27b70a8546d22ffc), UINT64_C(0x2e1b21385c26c926),
34 UINT64_C(0x4d2c6dfc5ac42aed), UINT64_C(0x53380d139d95b3df),
35 UINT64_C(0x650a73548baf63de), UINT64_C(0x766a0abb3c77b2a8),
36 UINT64_C(0x81c2c92e47edaee6), UINT64_C(0x92722c851482353b),
37 UINT64_C(0xa2bfe8a14cf10364), UINT64_C(0xa81a664bbc423001),
38 UINT64_C(0xc24b8b70d0f89791), UINT64_C(0xc76c51a30654be30),
39 UINT64_C(0xd192e819d6ef5218), UINT64_C(0xd69906245565a910),
40 UINT64_C(0xf40e35855771202a), UINT64_C(0x106aa07032bbd1b8),
41 UINT64_C(0x19a4c116b8d2d0c8), UINT64_C(0x1e376c085141ab53),
42 UINT64_C(0x2748774cdf8eeb99), UINT64_C(0x34b0bcb5e19b48a8),
43 UINT64_C(0x391c0cb3c5c95a63), UINT64_C(0x4ed8aa4ae3418acb),
44 UINT64_C(0x5b9cca4f7763e373), UINT64_C(0x682e6ff3d6b2b8a3),
45 UINT64_C(0x748f82ee5defb2fc), UINT64_C(0x78a5636f43172f60),
46 UINT64_C(0x84c87814a1f0ab72), UINT64_C(0x8cc702081a6439ec),
47 UINT64_C(0x90befffa23631e28), UINT64_C(0xa4506cebde82bde9),
48 UINT64_C(0xbef9a3f7b2c67915), UINT64_C(0xc67178f2e372532b),
49 UINT64_C(0xca273eceea26619c), UINT64_C(0xd186b8c721c0c207),
50 UINT64_C(0xeada7dd6cde0eb1e), UINT64_C(0xf57d4f7fee6ed178),
51 UINT64_C(0x06f067aa72176fba), UINT64_C(0x0a637dc5a2c898a6),
52 UINT64_C(0x113f9804bef90dae), UINT64_C(0x1b710b35131c471b),
53 UINT64_C(0x28db77f523047d84), UINT64_C(0x32caab7b40c72493),
54 UINT64_C(0x3c9ebe0a15c9bebc), UINT64_C(0x431d67c49c100d4c),
55 UINT64_C(0x4cc5d4becb3e42b6), UINT64_C(0x597f299cfc657e2a),
56 UINT64_C(0x5fcb6fab3ad6faec), UINT64_C(0x6c44198c4a475817)
57};
58
59/* Various logical functions */
60
61#define ROR64c(x, y) \
62 ( ((((x)&UINT64_C(0xFFFFFFFFFFFFFFFF))>>((uint64_t)(y)&UINT64_C(63))) | \
63 ((x)<<((uint64_t)(64-((y)&UINT64_C(63)))))) & UINT64_C(0xFFFFFFFFFFFFFFFF))
64
65#define STORE64H(x, y) \
66 { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \
67 (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \
68 (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \
69 (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); }
70
71#define LOAD64H(x, y) \
72 { x = (((uint64_t)((y)[0] & 255))<<56)|(((uint64_t)((y)[1] & 255))<<48) | \
73 (((uint64_t)((y)[2] & 255))<<40)|(((uint64_t)((y)[3] & 255))<<32) | \
74 (((uint64_t)((y)[4] & 255))<<24)|(((uint64_t)((y)[5] & 255))<<16) | \
75 (((uint64_t)((y)[6] & 255))<<8)|(((uint64_t)((y)[7] & 255))); }
76
77
78#define Ch(x,y,z) (z ^ (x & (y ^ z)))
79#define Maj(x,y,z) (((x | y) & z) | (x & y))
80#define S(x, n) ROR64c(x, n)
81#define R(x, n) (((x) &UINT64_C(0xFFFFFFFFFFFFFFFF))>>((uint64_t)n))
82#define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39))
83#define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41))
84#define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7))
85#define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6))
86#ifndef MIN
87 #define MIN(x, y) ( ((x)<(y))?(x):(y) )
88#endif
89
90/* compress 1024-bits */
91static int sha512_compress(sha512_context *md, unsigned char *buf)
92{
93 uint64_t S[8], W[80], t0, t1;
94 int i;
95
96 /* copy state into S */
97 for (i = 0; i < 8; i++) {
98 S[i] = md->state[i];
99 }
100
101 /* copy the state into 1024-bits into W[0..15] */
102 for (i = 0; i < 16; i++) {
103 LOAD64H(W[i], buf + (8*i));
104 }
105
106 /* fill W[16..79] */
107 for (i = 16; i < 80; i++) {
108 W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16];
109 }
110
111/* Compress */
112 #define RND(a,b,c,d,e,f,g,h,i) \
113 t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
114 t1 = Sigma0(a) + Maj(a, b, c);\
115 d += t0; \
116 h = t0 + t1;
117
118 for (i = 0; i < 80; i += 8) {
119 RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0);
120 RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1);
121 RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2);
122 RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3);
123 RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4);
124 RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5);
125 RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6);
126 RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7);
127 }
128
129 #undef RND
130
131
132
133 /* feedback */
134 for (i = 0; i < 8; i++) {
135 md->state[i] = md->state[i] + S[i];
136 }
137
138 return 0;
139}
140
141
142/**
143 Initialize the hash state
144 @param md The hash state you wish to initialize
145 @return 0 if successful
146*/
147int sha512_init(sha512_context * md) {
148 if (md == NULL) return 1;
149
150 md->curlen = 0;
151 md->length = 0;
152 md->state[0] = UINT64_C(0x6a09e667f3bcc908);
153 md->state[1] = UINT64_C(0xbb67ae8584caa73b);
154 md->state[2] = UINT64_C(0x3c6ef372fe94f82b);
155 md->state[3] = UINT64_C(0xa54ff53a5f1d36f1);
156 md->state[4] = UINT64_C(0x510e527fade682d1);
157 md->state[5] = UINT64_C(0x9b05688c2b3e6c1f);
158 md->state[6] = UINT64_C(0x1f83d9abfb41bd6b);
159 md->state[7] = UINT64_C(0x5be0cd19137e2179);
160
161 return 0;
162}
163
164/**
165 Process a block of memory though the hash
166 @param md The hash state
167 @param in The data to hash
168 @param inlen The length of the data (octets)
169 @return 0 if successful
170*/
171int sha512_update (sha512_context * md, const unsigned char *in, size_t inlen)
172{
173 size_t n;
174 size_t i;
175 int err;
176 if (md == NULL) return 1;
177 if (in == NULL) return 1;
178 if (md->curlen > sizeof(md->buf)) {
179 return 1;
180 }
181 while (inlen > 0) {
182 if (md->curlen == 0 && inlen >= 128) {
183 if ((err = sha512_compress (md, (unsigned char *)in)) != 0) {
184 return err;
185 }
186 md->length += 128 * 8;
187 in += 128;
188 inlen -= 128;
189 } else {
190 n = MIN(inlen, (128 - md->curlen));
191
192 for (i = 0; i < n; i++) {
193 md->buf[i + md->curlen] = in[i];
194 }
195
196
197 md->curlen += n;
198 in += n;
199 inlen -= n;
200 if (md->curlen == 128) {
201 if ((err = sha512_compress (md, md->buf)) != 0) {
202 return err;
203 }
204 md->length += 8*128;
205 md->curlen = 0;
206 }
207 }
208 }
209 return 0;
210}
211
212/**
213 Terminate the hash to get the digest
214 @param md The hash state
215 @param out [out] The destination of the hash (64 bytes)
216 @return 0 if successful
217*/
218 int sha512_final(sha512_context * md, unsigned char *out)
219 {
220 int i;
221
222 if (md == NULL) return 1;
223 if (out == NULL) return 1;
224
225 if (md->curlen >= sizeof(md->buf)) {
226 return 1;
227 }
228
229 /* increase the length of the message */
230 md->length += md->curlen * UINT64_C(8);
231
232 /* append the '1' bit */
233 md->buf[md->curlen++] = (unsigned char)0x80;
234
235 /* if the length is currently above 112 bytes we append zeros
236 * then compress. Then we can fall back to padding zeros and length
237 * encoding like normal.
238 */
239 if (md->curlen > 112) {
240 while (md->curlen < 128) {
241 md->buf[md->curlen++] = (unsigned char)0;
242 }
243 sha512_compress(md, md->buf);
244 md->curlen = 0;
245 }
246
247 /* pad upto 120 bytes of zeroes
248 * note: that from 112 to 120 is the 64 MSB of the length. We assume that you won't hash
249 * > 2^64 bits of data... :-)
250 */
251while (md->curlen < 120) {
252 md->buf[md->curlen++] = (unsigned char)0;
253}
254
255 /* store length */
256STORE64H(md->length, md->buf+120);
257sha512_compress(md, md->buf);
258
259 /* copy output */
260for (i = 0; i < 8; i++) {
261 STORE64H(md->state[i], out+(8*i));
262}
263
264return 0;
265}
266
267int sha512(const unsigned char *message, size_t message_len, unsigned char *out)
268{
269 sha512_context ctx;
270 int ret;
271 if ((ret = sha512_init(&ctx))) return ret;
272 if ((ret = sha512_update(&ctx, message, message_len))) return ret;
273 if ((ret = sha512_final(&ctx, out))) return ret;
274 return 0;
275}
diff --git a/3rd_party/ed25519/sha512.h b/3rd_party/ed25519/sha512.h
new file mode 100644
index 0000000..a34dd5e
--- /dev/null
+++ b/3rd_party/ed25519/sha512.h
@@ -0,0 +1,21 @@
1#ifndef SHA512_H
2#define SHA512_H
3
4#include <stddef.h>
5
6#include "fixedint.h"
7
8/* state */
9typedef struct sha512_context_ {
10 uint64_t length, state[8];
11 size_t curlen;
12 unsigned char buf[128];
13} sha512_context;
14
15
16int sha512_init(sha512_context * md);
17int sha512_final(sha512_context * md, unsigned char *out);
18int sha512_update(sha512_context * md, const unsigned char *in, size_t inlen);
19int sha512(const unsigned char *message, size_t message_len, unsigned char *out);
20
21#endif
diff --git a/3rd_party/ed25519/sign.c b/3rd_party/ed25519/sign.c
new file mode 100644
index 0000000..199a839
--- /dev/null
+++ b/3rd_party/ed25519/sign.c
@@ -0,0 +1,31 @@
1#include "ed25519.h"
2#include "sha512.h"
3#include "ge.h"
4#include "sc.h"
5
6
7void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key) {
8 sha512_context hash;
9 unsigned char hram[64];
10 unsigned char r[64];
11 ge_p3 R;
12
13
14 sha512_init(&hash);
15 sha512_update(&hash, private_key + 32, 32);
16 sha512_update(&hash, message, message_len);
17 sha512_final(&hash, r);
18
19 sc_reduce(r);
20 ge_scalarmult_base(&R, r);
21 ge_p3_tobytes(signature, &R);
22
23 sha512_init(&hash);
24 sha512_update(&hash, signature, 32);
25 sha512_update(&hash, public_key, 32);
26 sha512_update(&hash, message, message_len);
27 sha512_final(&hash, hram);
28
29 sc_reduce(hram);
30 sc_muladd(signature + 32, hram, private_key, r);
31}
diff --git a/3rd_party/ed25519/verify.c b/3rd_party/ed25519/verify.c
new file mode 100644
index 0000000..32f988e
--- /dev/null
+++ b/3rd_party/ed25519/verify.c
@@ -0,0 +1,77 @@
1#include "ed25519.h"
2#include "sha512.h"
3#include "ge.h"
4#include "sc.h"
5
6static int consttime_equal(const unsigned char *x, const unsigned char *y) {
7 unsigned char r = 0;
8
9 r = x[0] ^ y[0];
10 #define F(i) r |= x[i] ^ y[i]
11 F(1);
12 F(2);
13 F(3);
14 F(4);
15 F(5);
16 F(6);
17 F(7);
18 F(8);
19 F(9);
20 F(10);
21 F(11);
22 F(12);
23 F(13);
24 F(14);
25 F(15);
26 F(16);
27 F(17);
28 F(18);
29 F(19);
30 F(20);
31 F(21);
32 F(22);
33 F(23);
34 F(24);
35 F(25);
36 F(26);
37 F(27);
38 F(28);
39 F(29);
40 F(30);
41 F(31);
42 #undef F
43
44 return !r;
45}
46
47int ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key) {
48 unsigned char h[64];
49 unsigned char checker[32];
50 sha512_context hash;
51 ge_p3 A;
52 ge_p2 R;
53
54 if (signature[63] & 224) {
55 return 0;
56 }
57
58 if (ge_frombytes_negate_vartime(&A, public_key) != 0) {
59 return 0;
60 }
61
62 sha512_init(&hash);
63 sha512_update(&hash, signature, 32);
64 sha512_update(&hash, public_key, 32);
65 sha512_update(&hash, message, message_len);
66 sha512_final(&hash, h);
67
68 sc_reduce(h);
69 ge_double_scalarmult_vartime(&R, h, &A, signature + 32);
70 ge_tobytes(checker, &R);
71
72 if (!consttime_equal(checker, signature)) {
73 return 0;
74 }
75
76 return 1;
77}
© 2009-2020 sukimashita.com - Generated by cgit - Icons from Tango - Uses Google Analytics